Privacy Policy

This privacy policy sets out how Rainbow Pay Ltd uses and protects any information that you give us. We aim to keep our privacy policy straightforward and transparent.

Rainbow Pay Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

Rainbow Pay Ltd may occasionally change or update this page. Where possible, we will notify you of these changes.


We keep several categories of personal data in order to carry out effective and efficient processes. We keep this data on our secure Client Relationship Manager (CRM).

Specifically, we hold the following types of data:

 - Full Name
 - Contact Information (telephone numbers, email addresses, home and business postal addresses)
 - Employment Information (Current status, address, industry, contract value, tax rate)
 - Banking Details (Bank name, account details) - Proof of Identity/Security Information (Proof of Address, Passport Copy, NI Number)


“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


We are required by law to give employees the personal data (including sensitive personal data/ special category data) about them that we record, keep and process. We will not sell, appoint, distribute or lease any personal information unless authorised or have a legitimate reason to do so. All data is kept secure and encrypted and will not be disclosed to any unauthorised third party.

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

• Internal record keeping ensuring our records are up-to-date and accurate.
• To fulfil contractual obligations.
• You may receive periodic mailings/telephone calls from us with information on services or news, If you have requested such information from us, and have not subsequently opted out of receiving the communication. We will use the contact details that you have provided for these communications.

We will keep a record of any requests to stop receiving information from us to ensure that we do not communicate with you in the future, unless you tell us that you want to hear from us again.


Under the (GDPR) you have the following rights:

Information Right - The right to receive the information contained in this policy and our data collection forms about the way we process your personal data.
Personal Data Access Right - The right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
Personal Data Correction Right - You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
Personal Data Erasure Right - Known as the Right to be forgotten. In certain circumstances you may request that we erase your personal data held by us.
Personal Data Restriction Right - You have the right to restrict the way we process your personal data in certain circumstances, for example if: you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
Data Processing Objection Right - You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests or on the performance of a task in the public interest.
Data Breach - Any data breach will be reported in the first instance to the Data Protection Officer. Data breaches of any client data will also be reported to the agency and individual data subject in the first instance. A full investigation and assessment of the breach will determine action required. Once the breach itself has been resolved, all the necessary parties will be notified.
Data Portability Right - You have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances.

For further information on your individual rights, please view our Individual Rights Policy.


Rainbow Pay Ltd will not sell, distribute or lease your personal information to third parties unless we have your permission or have a legitimate interest to do so.


We will hold your information for a period of ten years from the end of your relationship with us. However, this can vary depending on situations and circumstances.


You have the right to lodge a complaint about any use of your information with the Information Commissioners Office, the UK data protection regulator. If you do have any complaints about how we may be handling your data, please contact us to resolve the issue.

If you also believe that any information we are holding on you is incorrect or incomplete, please get in touch with our Data Protection Officer –

Name: Sunil Lekhi
Address: 40 Caversham Road, Reading, RG1 7EB