Privacy Policy

Privacy Policy 

1. About us 

At Pastel Solutions Ltd (Pastel) we believe in a people first approach to delivering business solutions. To help us achieve this, we need to process varying amounts of personal data on our employees, contractors, business partners, suppliers, website visitors and members of the public. 

Pastel is committed to protecting your privacy and complying with the UK Data Protection Act 2018, UK and the General Data Protection Regulation (collectively referred to as the UK GDPR). We will monitor and update this policy to reflect changes in these and all other relevant current and future data protection legislation. 

Ensuring transparency of all and any data collection is important to us at Pastel. We will be open about what information we are collecting. Security at Pastel is paramount, and we believe in protecting the confidentiality and security of information we collect about you; this includes current and prospective clients and members of the public. This Privacy Notice is intended to bring to your attention our practices relating to the collection, processing and disclosure of personal information. 

This notice is intended to inform those visitors, not directly employed by Pastel how we use their data, how we use personal data of employees is detailed within our internal Employee Privacy Notice. 

We may update this Privacy Notice from time to time, and any new Privacy Policy will automatically be effective when it is published on the website. You should therefore return here regularly to view our most up to date Privacy Policy. Feel free to print a copy for your records. 

For the purposes of this Privacy Notice, the term “personal information” refers to personal information relating directly or indirectly to an identifiable person. 

Our website is owned and operated by Pastel Solutions Ltd; registered in England under company registration number 08697159. We are registered with the UK Information Commissioner's Office under registration number ZA149127. 

2. Personal data we collect 

To facilitate the interactions between us and your interest in Pastel, we may collect and process the following data about you: 

Some of the information we collect about you may include your sensitive personal data as defined in the GDPR (please see section 5 below for more details). 

When anyone visits our website, we also store information about the way you interact with our website through the use of cookies. This helps us to make sure it is the best possible experience for you. Find out more about the way we use cookies below. 

  1. Sharing your data with credit reference agencies

 In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at

4. How we collect your personal data 

In the main we will collect your personal data directly from yourself, however, your information may be received from third parties such as your employer, a personal representative or recruitment company. We may collect your personal data when you contact us through our website, by telephone, post, email or through any other means. Your image may be captured if you visit any of our sites or offices and if it is necessary to issue you with a temporary pass card. 

We may use publicly accessible information to verify information we are provided with and to manage and expand our business. 

5. Sensitive personal data 

The GDPR provides a definition for special category data, more commonly referred to as “sensitive personal data”. This relates to information concerning an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences. 

In recruitment some sensitive data may be requested on a purely voluntary and anonymous basis for equality monitoring purposes. 

6. How we use personal data for our lawful basis 

We will use the information held about you for the purposes for which it was provided to us as stated at the point of collection (or as may be obvious in the context of collection). Your personal data will be used by us in the following ways: 

We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties. 

In order to process your personal data, we must have a lawful reason, the main lawful reasons Pastel utilise to process your personal information are: - 

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on. 

NB. You can object to processing on any of these bases at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see “Your rights” below. 

7. Recruitment 

If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We will remind you of these privacy terms if you apply for a job with us. For some positions we may ask some pre-qualification questions, such as do you have a driving licence, however no automated decision making takes place during the recruitment process. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment, employment is subject to satisfactory references. 

During the recruitment process you will be invited to provide special category information about yourself including details of your religion, sexuality and ethnic origin. This is wholly voluntary and will purely be used for statistical purposes to assist with our equal opportunities ambition. For some positions you may be invited to take a psychometric test to assist us with our decision making, this is not mandatory and will be performed with your explicit consent. 

If you apply to work with us through a third party, such as a recruitment agency, please also check their privacy policy before proceeding and please note, some recruitment websites utilise location services to offer you local vacancies, this information is held by the recruitment agency and not Pastel. Pastel have an active social media presence, Pastel do utilise LinkedIn and other business networking channels to identify potential candidates and approaches to individuals via these channels will be undertaken in line with the platform terms of business. 

We do not encourage unsolicited approaches either directly from individuals or from third parties, however, if an unsolicited approach is made please ensure all parties have read and understood this privacy policy. 

We may retain details of candidates who may be of interest to us, either now or in the future, usually for a period of 12 months; on the anniversary of your application, you will be invited to extend the retention period further. We are happy to delete your information sooner, just contact us using the contact details below or email [email protected] 

We may use third parties to consider potential hires. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you. These background checks may require a 3rd party to contact you and obtain information. 

8. Your rights 

You have the following rights under the General Data Protection Regulation (GDPR): Right to be informed 

Right to access your personal data 

Right to have your information corrected 

Right to erasure 

Right to restrict processing 

Right to data portability 

Right to object - You have the right to object to the following things: 

Rights related to automated decision-making including profiling 

Please note that these rights may be subject to some conditions and exceptions. To exercise any of these rights and make such a request, please use the contact details provided below. 

You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office whose contact details can be found at the bottom of this notice or directly, here: 

Marketing communications and social media 

If you have given permission, we may contact you by mail, telephone and email about our products and services and invitations to events which may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by clicking the “Unsubscribe” option in any of the marketing communications we send you or by contacting us by email or telephone. 

Pastel has a presence on social media including on Twitter and LinkedIn. You should view their privacy policies to understand how they may process your personal data. Please remember that when you share information publicly on the website, for example a comment on a blog post it may be indexable by search engines, including Google, which may mean that the information is made public. 

9. Disclosure of your information 

It may be necessary to disclose or share your personal data with either internal and external parties. We will only do this where it is strictly necessary for example in connection with our legitimate business activities, to enforce our policies, comply with our legal obligations or in the interests of security, public interest or law enforcement. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority. We may also disclose data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests. 

We share your information with third parties who help deliver our products and services to you. Examples include hosting our web servers, analysing data, providing marketing and legal assistance, access control services, CCTV monitoring and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose. 

We may also share your personal data: 

If we or any part of our organisation is sold, or some of its assets transferred to a third party, your personal information, as a valuable asset, may also be transferred to the acquirer, even if they are not in the same line of business as us. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. Potential purchasers and their advisors may have limited access to data as part of the sale process. However, use of your personal information will remain subject to this Privacy Policy. 

Similarly, your personal information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration. 

10. Cookies, other information-gathering technologies and links to other sites 

Our website may, from time to time, contain links to other websites, mainly those of our partners and clients, but also those of other third parties. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before either agreeing to their terms or before you submit any personal data to these websites or use them. 

To allow our site to operate we use cookies which are simply small text files placed on your computer when you visit this website. 

We also use Google Analytics to gather statistics on site usage and this is managed by way of consented cookies. There are more details in our cookie policy and Google’s own privacy policy. Google may aggregate data they collect from their various services including Google Analytics, Google Translate, Google Maps and YouTube. Pastel has no control over Google’s data collection. You should look at Google’s privacy policy Privacy Policy – Privacy & Terms – Google for details of their data collection practices. 

We shall ask for your permission before we use any non-essential cookies by way of our cookie banner when you first arrive at the site. 

If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure. 

Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data. 

11. Security 

We have put in place security measures that we consider to be reasonable to protect the security of your personal information and keep it confidential and to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We review these measures regularly to make sure they remain appropriate. While no system is completely secure, we believe the measures implemented by Pastel reduce our vulnerability to security problems to a level appropriate to the type of data involved. We cannot guarantee the security of any third-party application you may use to transmit your data (for example, internet browsers). 

12. For how long we will keep your information 

We will keep your personal information for at least as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal, regulatory and professional obligations. As a rule of thumb, we will keep your personal information for as long as is necessary, including: 

The data we collect. Reason to keep this data and retention period – how long we will keep it: 

Recruitment information 

Client information 


Financial Information


Email broadcasting

13. Where is your information processed? 

We endeavour to process your personal data within the UK, or EEA, however, any transfer of your data will be subject to a European Commission approved contract or agreement which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach. 

If we transfer your personal data outside of the UK or EEA, we will take steps to ensure that your privacy rights continue to be protected in compliance with applicable data protection law and this Privacy Policy. 

14. Contact us 

If you have any further questions about the way we manage your data, you wish to activate any of your rights or have a complaint regarding our data protection practices you can contact the Pastel Protection Officer using any of the channels below: 

Pastel Solutions Ltd is a public limited company registered in England under company registration number 08697159. Registered with the UK Information Commissioner's Office under registration number ZA149127. Information Commissioner’s details 

Should you remain unsatisfied you can contact the appropriate data protection regulator listed below. UK Information Commissioner: Tel: +44(0)303 123 1113 or visit ICO website -