Privacy policy

ADROC LIMITED Privacy Policy

Last updated: 02/04/2026

AdRoc is a technical delivery and capability partner to private and public sector organisations. We deliver outcomes through statement of work (SOW) engagements, consultancy services, and the provision of specialist capability to support digital, data and technology delivery.

This privacy policy explains how AdRoc collects, uses, stores and shares personal information. It applies where AdRoc acts as a data controller for personal information relating to candidates, consultants, contractors, client contacts, supplier contacts, website users and other business contacts.

AdRoc is a company incorporated in England and Wales with registered company number 07760482 and registered office at 10 Western Road, Romford, Essex, RM1 3JT (“AdRoc, “we”, “us” or “our”).

This policy reflects the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

 

Processing on behalf of clients

Where AdRoc processes personal data on behalf of a client, the client will typically act as Data Controller and AdRoc will act as Data Processor.

Processing is carried out strictly in accordance with the relevant contract, statement of work, data processing agreement, client policies and documented client instructions.

For statement of work engagements, the specific personal data processed, purpose of processing, duration, categories of data subjects, and retention or deletion requirements are defined within the relevant SOW or data processing annex and may vary between engagements.

Personal data processed in this context may include names, contact details, addresses, dates of birth, qualifications, right to work information, references, employment history, and other information required to support onboarding, delivery, reporting, compliance and statutory obligations.

Consultants and contractors engaged through AdRoc act under AdRoc’s authority and must process personal data only in accordance with AdRoc and client instructions.

Client data must not be used for any unauthorised purpose, must not be shared with unauthorised parties, and must not be accessed or processed outside the United Kingdom unless explicitly authorised under the relevant contract or client instructions.

Any suspected or actual personal data breach or security incident involving client data must be reported and managed in accordance with applicable contractual and client reporting requirements.

Where required, AdRo will maintain appropriate records and provide reasonable cooperation to clients, auditors and regulators to demonstrate compliance with applicable data protection, security and contractual obligations.

Where AdRoc engages third-party providers to support delivery, this will be done only where permitted by the relevant contract and subject to appropriate contractual safeguards.

 

Overview

We respect your right to privacy. Our aim is to ensure that our collection and use of personal information is lawful, fair, transparent and appropriate to the services we provide.

This policy explains:

  • what personal data we collect
  • how and why we use it
  • our lawful bases
  • how we share it
  • how long we keep it
  • your rights
  • how to contact us

 

What we do

We support organisations in delivering complex technical outcomes through:

  • delivery teams and capability provision
  • consultancy and advisory services
  • SOW-based delivery and outcome ownership

We also connect individuals with opportunities where their skills support these delivery outcomes.

 

The personal information we collect

We may collect personal data directly from you or from third-party sources such as job boards, professional networking platforms, referrals, client systems or publicly available sources.

 

Candidates, consultants and contractors

We collect only the information necessary to support delivery, engagement and compliance. This may include:

  • name, address, contact details
  • CV, skills, qualifications and experience
  • right to work and identity information
  • availability, rate expectations
  • contract and onboarding data
  • timesheets, billing and payment information
  • references and emergency contacts
  • vetting, screening or background checks where required
  • communications with you
  • publicly available professional information

 

Client and business contacts

We may collect:

  • name, role and organisation
  • work contact details
  • details of requirements, services or delivery needs
  • communications and feedback

 

Website users

We may collect:

  • IP address, browser and device information
  • usage data and pages visited
  • form submissions
  • cookie and analytics data

 

How we use your personal information

We process personal data for the following purposes:

  • delivering technical capability and consultancy services
  • matching individuals to suitable delivery opportunities
  • managing contracts, onboarding, billing and payments
  • maintaining business relationships
  • ensuring compliance with legal and contractual obligations
  • improving our services and systems
  • ensuring security and preventing fraud

 

Lawful basis for processing

We rely on the following lawful bases:

  • Legitimate interests – to operate and improve our services, match capability to client needs, and manage relationships
  • Contract – to enter into and deliver contractual arrangements
  • Legal obligation – to comply with legal, regulatory and compliance requirements
  • Consent – where required, for example for certain marketing or specific checks

We ensure that our legitimate interests are balanced against your rights and freedoms.

 

Special category and criminal offence data

We process sensitive data only where necessary and lawful. This may include:

  • right to work and identity checks
  • vetting, background or security checks
  • legal or regulatory requirements

Where consent is required, you may withdraw it at any time, although this may affect our ability to provide services.

 

How we share personal information

We may share data with:

  • clients and delivery partners
  • managed service providers and intermediaries
  • umbrella or personal service companies
  • screening and compliance providers
  • IT and cloud service providers
  • regulators or authorities where required

All sharing is limited to what is necessary and subject to appropriate safeguards.

 

International transfers

We primarily operate in the United Kingdom.

Where personal data is transferred outside the UK, appropriate safeguards will be implemented in accordance with UK data protection law.

For client-controlled data, international transfers or access outside the UK will only occur where explicitly authorised.

 

Data retention

We retain personal data only as long as necessary for business, legal and contractual purposes.

Typical retention periods:

  • candidate and consultant records: up to 24 months from last meaningful contact
  • contract and financial records: retained as required by law

Where we process data on behalf of a client, retention, return and deletion are governed by the relevant contract, SOW and client instructions.

 

Security

We implement appropriate technical and organisational measures, including:

  • access controls and least privilege
  • role-based permissions
  • multi-factor authentication
  • secure cloud platforms
  • encryption where appropriate
  • monitoring and incident response processes

 

Your rights

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion (where applicable)
  • restrict processing
  • object to processing
  • request data portability

You have the right to object to processing based on legitimate interests and an absolute right to object to direct marketing.

We will respond to requests within one month unless an extension is permitted.

To exercise your rights, contact: info@adrocgroup.com

 

Complaints

If you have concerns about how we use your personal data, please contact us first so we can investigate and respond.

You also have the right to complain to the UK Information Commissioner’s Office:

https://ico.org.uk/concerns/

 

Cookies

We use cookies to operate and improve our website.

Non-essential cookies are used only where consent has been obtained where required.

You can manage your preferences through your browser or cookie settings.

 

Changes to this policy

We may update this policy from time to time to reflect changes in law, regulation or our services.