STAFF PRIVACY NOTICE
Last updated: 11 November 2021
1 The Purpose of this Document
1.1 We take your privacy seriously. You can find out more here about your privacy rights and how we gather, use and share personal data about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (EU) 2016/679.
1.2 It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information. We will update this notice if we make any significant changes affecting how we use your personal data, and if so we will contact you to let you know about the change.
2 About us
2.1 We are what is known as the ‘controller’ of personal data we gather and use. When we say ‘we’ or ‘us’ in this notice, we mean Loyalty Angels Limited. Use of the term ‘Group’ refers to any other companies that may relevant such as subsidiaries.
2.2 This notice does not form part of your contract and it may be amended at any time.
3 Your Privacy Rights
3.1 You have various rights in respect of the personal data we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, please contact our General Counsel, David Camp, on firstname.lastname@example.org.
3.2 Right to object: You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. Please contact us as noted above, providing details of your objection.
3.3 Access to your personal data: You can request access to a copy of your personal data that we hold, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You
can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
3.4 Consent: Most of the time, we won’t need your consent to use your personal data as we will be using it only to fulfil our obligations and exercise our rights as an employer. However, where you have given us your consent to use personal data, you can withdraw your consent at any time.
3.5 Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.
3.6 Erasure: You can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
3.7 Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
3.8 Restriction: You can ask us to restrict the personal data we use about you where you have asked for it to be erased or where you have objected to our use of it.
3.9 No automated-decision making: Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out automated decision-making in the course of you working with us, but we will notify you in advance if this changes.
3.10 Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
4 What Kinds of Personal Data we Use
4.1 In the course of our working relationship with you, we will collect, store, and use the following categories of personal data about you:
· personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
· date of birth;
· marital status and dependants;
· next of kin and emergency contact information;
· national insurance number;
· bank account details, payroll records and tax status information;
· salary, annual leave, pension and benefits information;
· start date;
· location of employment or workplace;
· identification information (including a copy of driving licence, passport and utility bills);
· recruitment information (including copies of right to work documentation, references and other information included in a cv or cover letter or as part of the application process);
· employment records (including job titles, work history, working hours, training records and professional memberships);
· information about your financial history (e.g. credit reference agency search or bankruptcy search), if relevant to your role;
· absence information;
· compensation history;
· performance information;
· disciplinary and grievance information;
· CCTV footage and other information obtained through electronic means such as swipe card records; and
· information about your use of our information and communications systems.
4.2 Some kinds of personal data are given special protection by the law – these are called ‘special categories of personal data’. We will sometimes collect, store and use the following types of special categories of personal data:
· information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
· trade union membership;
· information about your health, including any medical condition, health and sickness records;
· genetic information and biometric data (for example, photographs and images captured by our CCTV system); and
· information about your criminal convictions and offences (for example, DBS and DVLA checks).
5 How We Gather your Personal Data
We will obtain your personal data in different ways:
· directly from you, for example when you fill out an application;
· during the application and recruitment process, from an employment agency or background check provider, your former employers and credit reference agencies; and
· from monitoring emails, internet and telephone usage and when we use CCTV in line with our Staff Monitoring Policy and CCTV Policy.
6 How We Use your Personal Data
6.1 To summarise, we process your personal data for the following key purposes:
· primarily, so that we can fulfil our contractual obligations and legal obligations to you (for example, to pay you and provide benefits to you) and to exercise our legal rights; and
· to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests, or where necessary to protect the interests of you or others (for example, monitoring misuse of our IT systems or tracking our vehicles).
6.2 More detail about how we use your personal data, as well as the categories of personal data involved, is set out in the Appendix.
7 How We Use Particularly Sensitive Personal Data
7.1 Special protection is given to certain kinds of personal data that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or offences.
7.2 We use this personal data primarily to comply with our legal obligations (including in respect of health and safety), for equal opportunity monitoring, to manage sickness and administer your benefits. Where employees drive our vehicles, we carry out DVLA checks which may reveal past criminal convictions.
7.3 More detail about how we use special categories of personal data and information about criminal convictions, as well as the categories of personal data involved, is set out in the Appendix.
8 If You Fail to Provide Personal Data
In some cases, if you fail to provide information when requested, we may not be able to perform the contract we have entered into with you fully (such as paying you or providing benefits), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our staff).
9.1 It is necessary for us monitor our staff in various ways in order to ensure safety and security and protect our staff and to be able to run our business in a prudent manner. We monitor our staff in the following ways:
· staff may be captured by CCTV systems, we use for security and disciplinary purposes;
· reviewing use of email, website visits and use of social media;
· monitoring excessive use of company telephones for personal reasons (please see our Acceptable Use Policy);
· monitoring when a member of staff has entered or tried to enter into a controlled access area and at what time;
· drug and alcohol testing;
· vehicle tracking;
· DVLA check; and
· equality monitoring.
9.2 We process personal data obtained through such monitoring in accordance with our Staff Monitoring Policy and only carry these activities to the extent it is necessary and proportionate and it is permitted by law (please see the Appendix for more information).
9.3 If you have any concerns in relation to monitoring, please speak to the General Counsel.
10 Our Legal Basis for Using your Personal Data
10.1 We only use your personal data where it is permitted by the laws that protect your privacy rights. To find out more about the legal bases we rely on to use your personal data, please see the Appendix.
10.2 We do not need your consent to use your personal data where the law otherwise allows us to use it. In limited circumstances, we may approach you for your consent to allow us to process certain personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can consider whether you with to consent. You may withdraw your consent at any time.
11 Sharing your Personal Data With Others
11.1 We will share your personal data with third parties where required by law, or where it is necessary to administer the working relationship with you or where we have a legitimate interest. We will only share your personal data to the extent needed for those purposes.
11.2 We share personal data for these purposes with:
· Group companies, for example if you transfer from one company to another within the Group; and
· external providers such as payroll, pension administration, benefits provision, occupational health and IT services.
12 Data Retention
12.1 We will never retain your personal data for any longer than is necessary for the purposes we need to use it for and in accordance with our Data Retention Policy.
12.2 Generally, we keep your employment records for six years after you stop working with us, except certain health records which we are recommended by the Health & Safety Executive (HSE) to hold for 40 years. We will hold pension information for up to six years from the end of the scheme. In some circumstances, we will hold personal data for longer where necessary for active or potential legal proceedings, or to resolve or defend claims.
13 Transfers Outside the UK
We may need to transfer your personal data outside the UK to other service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area.
14 Right to Complain
You can make a complaint to us by contacting the General Counsel, David Camp at email@example.com or to the data protection supervisory authority – in the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/.