Company Policies

Privacy Notice

Procentia is committed to protecting your personal data and being transparent about how we collect, use, and store it in compliance with North America’s various data laws and regulations, the UK General Data Protection Regulation (UK GDPR), and the UK Government’s Data Protection Act 2018.

This Privacy Notice explains how we process personal data, the legal bases for processing, and your rights. 

Procentia has attained a SOC 2 Type II report for its US business. The Service Organisation Control (SOC) 2 Type II is an auditing procedure designed to ensure that service providers securely manage data to protect the interests and privacy of their clients. Achieving a SOC 2 Type II report means that we have undergone a rigorous evaluation of our processes, controls, and systems and have met the stringent criteria set by the American Institute of CPAs (AICPA).

Website Visitors 

What Personal Data Do We Collect?

We may collect the following information when you interact with our website: 

  • Name, job title, and company. 
  • Contact details, including phone number and email address. 
  • Technical data, such as IP address, location, and browsing preferences. 
  • Any other data provided through surveys, feedback forms, or special offers. 

Purpose and Legal Basis for Processing

We process this data for: 

  • Internal record-keeping (Legitimate Interest). 
  • Improving our products and services (Legitimate Interest). 
  • Sending promotional emails about new products, offers, or relevant updates (Consent or Legitimate Interest where applicable). 
  • Conducting market research through email, phone, or surveys (Consent). 
  • Customising the website experience based on your interests (Legitimate Interest). 

You have the right to withdraw consent at any time by contacting us at SecurityandCompliance@procentia.co.uk

Job Applicants 

What Personal Data Do We Collect?

We collect and process personal data as part of the recruitment process, which may include: 

  • Name, address, email, and telephone number. 
  • Qualifications, skills, experience, and employment history. 
  • Salary expectations and benefits information. 
  • Eligibility to work in the relevant country. 
  • Disability status for reasonable adjustment considerations. 
  • Criminal records checks (where required by law or for specific roles). 

We may collect this data via application forms, CVs, identity documents, interviews, online tests, and references from previous employers. Criminal record checks are only carried out after a job offer is made, and you will be informed in advance. 

Purpose and Legal Basis for Processing

We process personal data during recruitment for: 

  • Assessing candidate suitability and making hiring decisions (Legitimate Interest & Contractual Necessity). 
  • Compliance with legal obligations, such as eligibility to work verification (Legal Obligation). 
  • Monitoring diversity and equal opportunities (Legal Obligation & Public Interest). 
  • Conducting criminal record checks (Legal Obligation & Legitimate Interest where applicable). 

If your application is unsuccessful, we will retain your data for six months for potential future opportunities, with your consent. CVs submitted speculatively may also be retained for this purpose. You can withdraw consent at any time. 

Data Sharing

Your data will only be shared internally with recruiters, interviewers, hiring managers, and IT staff when necessary. If you are offered a job, we may share relevant data with former employers for reference checks and with the relevant Federal organizations for criminal record checks, where required. 

We do not sell or share your data with third parties for marketing purposes. 

Third-Party Data Processors

We may engage third-party service providers for cloud hosting, analytics, payroll processing, or IT support. These third parties are bound by data protection agreements to ensure compliance with data protection regulations. 

International Data Transfers 

If your data is transferred outside North America, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your privacy rights. 

Automated Decision-Making and Profiling 

If we use automated decision-making in our recruitment or marketing processes, we will inform you in advance, provide details about the logic involved, and offer the right to request human intervention. 

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience. Please refer to our Cookie Policy for details on how we use cookies, how to manage your preferences, and how we obtain consent where required. 

Data Breach Notification

We have security measures in place to prevent data breaches. If a breach occurs that poses a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours and, where necessary, inform affected individuals. 

Data Retention 

  • Unsuccessful job applications: Retained for six months after the recruitment process. 
  • Successful applicants: Transferred to personnel records and retained in line with the employee privacy policy. 
  • Website visitor data: Retained for as long as necessary to fulfil the stated purposes, unless required for legal or regulatory obligations. 
  • Marketing data: Retained for as long as you remain engaged with our communications. If you do not interact with our emails for 12 months, we will remove you from our mailing lists unless you opt in again. 

After the retention period, your data will be securely deleted or anonymized. 

Your Rights

Under data protection regulations, you have the right to: 

  • Access: Request a copy of your personal data. 
  • Rectification: Request correction of inaccurate or incomplete data. 
  • Erasure: Request deletion of your data when no longer necessary. 
  • Restriction: Request limited processing of your data in certain circumstances. 
  • Object: Object to processing based on legitimate interests. 
  • Data Portability: Request transfer of your data in a machine-readable format. 

To exercise your rights, contact us at SecurityandCompliance@procentia.co.uk.

If you believe your data protection rights have been violated, you can lodge a complaint with the Federal Trade Commission (FTC): https://www.ftc.gov

Data Security 

We implement robust technical and organisational measures to protect your data against unauthorized access, loss, misuse, or disclosure. Only authorized personnel with a legitimate need to process your data have access. 

Failure to Provide Data 

You are not required to provide personal data; however, failure to do so may prevent us from processing job applications, responding to inquiries, or providing requested services. 

Changes to This Privacy Notice 

We may update this notice periodically to reflect changes in legal requirements or our data processing practices. Any significant changes will be communicated via our website or direct notifications where applicable. 

Last updated:  07/05/2025

Modern Slavery and Human Trafficking Policy

Procentia is committed to the prevention, deterrence, and detection of any criminal offense and will not tolerate any form of slavery or human trafficking either internally or externally with our suppliers that would contravene North America’s various laws and regulations, and Section 54, Clause 5 of the UK Government’s Modern Slavery Act.

We operate an integrated management system that is certified to ISO 27001. The management system includes our process for supplier approval and through this process we intend, so far as is reasonably practicable, to ensure that our supply chain is free from slavery and human trafficking.

We have taken steps to meet our statutory obligations, ensuring that acts of slavery or human trafficking are not evident in our business or our supply chain, but acknowledge that we cannot control the actions of suppliers or individuals outside of our operation.

We check that our suppliers meet their legal obligations and expect them to do likewise.

We confirm the eligibility of each of our employees to work in North America, and confirm with each supplier that they also have a Modern Slavery Policy.

The additional steps we will take to achieve and strengthen our compliance with North America’s various laws and regulations, and Section 54, Clause 5 of the UK Government’s Modern Slavery Act.

  • continue to only purchase through approved, reputable companies;
  • adapt our supplier approval system to include a specific request for objective evidence of compliance with
    North America’s various laws and regulations, and Section 54, Clause 5 of the UK Government’s Modern Slavery Act;
  • react to information and recommendations from Government and industry bodies, to deliver an appropriate
    and effective response to modern slavery;
  • ensure all employees will receive appropriate training to identify the signs of slavery and human trafficking
    and associated risks;
  • cease trading with any supplier that has been identified to us as being involved or connected to slavery or
    human trafficking.