Privacy and cookie policy


KIRK is committed to protecting employee’s privacy with regards to their personal data. Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media, will be safeguarded ensuring that we comply with the EU General Data Protection Regulation (GDPR) 2018.  We are also committed to ensuring compliance with regard to transportation and destruction of personal information. We fully endorse and adhere to the principles of data protection as set out in the GDPR. These principles state that personal data must be:


  • Fairly and lawfully processed in a transparent way
  • Collected and processed for valid purposes and not in any other way which would be incompatible with those purposes
  • Adequate, relevant and not excessive
  • Accurate and kept up to date
  • Not kept for longer than necessary
  • Processed in line with the data subject’s rights
  • Kept securely
  • Not transferred to a country which does not have adequate data protection laws.


The Company will ensure that we achieve the above principles in the following way:


  • Observing the conditions regarding the fair collection and use of personal data
  • Meet obligations to specify the purposes for which personal data is used
  • Only collecting and holding necessary personal data to the extent that it is needed to fulfil operational needs or to comply with any legal or regulatory requirements
  • Ensuring the quality of personal data used
  • Applying strict checks to determine the length of time personal data is held
  • Ensuring that the rights of individuals about whom the personal data is held, can be fully exercised under the Regulation
  • Ensuring that data is held securely and only accessed by authorised personnel
  • Taking appropriate security measures to safeguard personal data
  • Ensuring that personal data is not transferred abroad without suitable safeguards.


When the Company collects any personal data from you, you will be informed why the data is being collected and what it is intended to be used for.  Where the Company collects sensitive data, appropriate steps will be taken to ensure that explicit consent is taken to hold, use and retain the information. Sensitive personal data includes information about a persons’ racial or ethnic origin, health or about the committing of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings.  Sensitive personal data can only be processed under strict conditions and will usually require your express consent.


Under the GDPR, you may at any time request a viewing of the personal data held on your file. To do this you must submit a request for the information you would like to see. If your details are inaccurate do not hesitate to ask us to amend them. It is our duty to provide this information to you within one month of your request, although we will endeavour to do so as early as possible.