The Company collects and processes personal data (including sensitive personal data) relating to its employees or potential employees. In doing so, the Company acts as a data controller.
Collection and use of personal data
The Company collects and processes a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number, date of birth and gender;
- The terms and conditions of your employment, details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Company;
- Information about your remuneration, including entitlement to benefits such as pensions;
- Details of your bank account and national insurance number;
- Information about your marital status, next of kin, dependants and emergency contacts, information about your nationality and entitlement to work in the UK and information about your criminal record;
- Details of your schedule (days of work and working hours) and attendance at work, details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence, assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence;
- Equal opportunities monitoring information including information about your ethnic origin, sexual orientation and religion or belief.
The Company needs to process personal data to operate and meet its obligations under your employment contract. The legal bases we rely upon are:
- The Company is allowed to process personal data for the performance of a contract with an individual or in order at the request of the individual to enter into a contract. The Company needs to process your data in order to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefit and pension entitlements.
- In some cases, the Company needs to process personal data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
- In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the Company to:
- Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- Operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- Operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- Obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the Company complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- Provide references on request for current or former employees; and
- Respond to and defend against legal claims.
Who has access to data?
Where appropriate and in accordance with UK laws and requirements, we may share or process your personal data and/or sensitive personal data with the following categories of recipients:
- Any of our group companies;
- Individuals and organisations who hold information related to your reference or application for a role with, including but not limited to current, past or prospective employers;
- Tax, audit or other authorities, when required by law or other regulations or requirements to share this data;
- Third party service providers who perform functions for us to enable us to offer our services (including professional advisers such as lawyers, auditors and accountants, technical support functions, third party payroll and billing services, outsourced IT providers and IT consultants carrying out testing and development work on our IT systems).
- Third parties including employment businesses involved in the provision of services.
- Third parties providing services such as checking references, qualifications, eligibility or criminal convictions, to the extent that these checks are appropriate and in accordance with UK law.
Your personal data may be required by law and/or a contractual requirement and/or a requirement necessary to enter into a contract. If it is required, you are obliged to provide the personal data and if you do not the consequences of failure to provide the data are:
- We may no longer be able to employ you;
- Payments to you may be delayed.
The Company may transfer only the information you provide to us to countries outside the European Economic Area (‘EEA’) only for the purposes of providing you the Company’s services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
How does the Company protect data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its authorised employees in the performance of their duties.
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical measures to ensure the security of data.
For how long does the Company keep data?
The Company will retain your personal and sensitive personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
We must keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
Please be aware that you have the following data protection rights:
- The right to be informed about the personal data the Company processes on you;
- The right of access to the personal data the Company processes on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Where you have consented to the Company processing your personal and sensitive personal data you have the right to withdraw that consent at any time. Please see below for contact details.
If you wish to complain about this privacy notice or any of the procedures set out in it, or act on any of your rights set out above please write to:
Sandbeck Umbrella Data Protection Team
Unit 15 Abbey Court
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.