(a) Your right to access your data.
You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period. The right to lodge a complaint with a supervisory authority. You may request a copy of your personal data.
The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
(b) Your right to rectification.
If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. For the purposes of the processing, where necessary you also have the right to have any incomplete personal data about you, completed.
(c) Your right to erasure.
In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following:
- it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed;
- you withdraw your consent to any processing which requires consent;
- the processing is for direct marketing purposes; and
- the personal data have been unlawfully processed.
However, we will only process it for other reasons:
- with your consent;
- in relation to a legal claim;
- for the protection of the rights of another natural or legal person; or
- for reasons of important public interest.
(d) Your right to restrict processing.
In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where:
- you do not think that the personal data we hold about you is accurate;
- your data is being processed unlawfully, but you do not want your data to be erased;
- it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and
- you have objected to processing, and are waiting for that objection to be verified.
Where processing has been restricted for one of these reasons, we may continue to store your personal data.
However, we will only process it for other reasons:
- with your consent;
- in relation to a legal claim;
- for the protection of the rights of another natural or legal person; or
- for reasons of important public interest.
(e) Your right to object to processing.
You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for:
- the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or
- the purposes of our legitimate interests or those of a third party.
If you make an objection, we will stop processing your personal information unless we are able to:
- demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or
- the processing is in relation to a legal claim.
(f) Your right to object to direct marketing.
You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will immediately stop processing your personal data for this purpose. Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
(g) Your right of complaining to a supervisory authority.
If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(h) Your right to withdraw consent.
To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
The personal data we hold for Staff
Personal data that we may collect, use, store and share (when appropriate) about staff includes, but is not restricted to:
- Contact details
- Date of birth and gender
- Next of kin and emergency contact numbers
- Salary, annual leave, pension and benefits information
- Bank account details, payroll records, National Insurance number and tax status information
- Recruitment information, including copies of right to work documentation, annual licenses from the competent authorities, if needed, references and other information included in a CV or cover letter or as part of the application process
- Qualifications and employment records, including work history, job titles, working hours, training records and professional memberships
- Outcomes of any disciplinary and/or grievance procedures
- Annual absence leaves and sick leaves as from the date of employment in our firm
- Copy of ID and driving licence, if required
- Data about the personnel’s use of the business’s information and communications system.
We may also collect, store and use information about the personnel that falls into “special categories” of more sensitive personal data. This includes information about:
- Health, including any medical conditions, and sickness records, which are absolutely necessary for the exercise of their jobs
Why we use this Staff data
The purpose of processing this data is to help us run the business, including to:
- Enable them to be paid
- Facilitate safe recruitment, as part of our safeguarding obligations towards our clients
- Support effective performance management
- Inform our recruitment and retention policies
- Allow better financial modelling and planning
- Enable disability monitoring
- Improve the management of workforce data across the sector
Our lawful basis for using this Staff data
We only collect and use personal information about staff when the law allows us to do that. Most commonly, we use it where we need to:
- Fulfil the employment contracts we have entered into
- Comply with a legal obligation
- Carry out a task in the public interest
Less commonly, we may also use personal information about staff where:
- The employee has given us consent to use it in a certain way
- We need to protect his/her vital interests (or someone else’s interests)
- We have legitimate interests in processing the data – for example, where:
- The employee has applied for another position and references are required as part of safer recruitment
Where the employee has provided us with consent to use the above mention data, he/she may withdraw this consent at any time. We will make this clear when requesting the consent, we will insure that the consent has been freely and explain how the employee can withdraw the consent if he/she wishes to do so.
Some of the reasons listed above for collecting and using personal information about the staff overlap, and there may be several grounds which justify the business’s use of this data.
Collecting this Staff information
While the majority of information we collect from the staff is mandatory, there is some information that the personnel can freely choose whether or not to provide to the firm.
Whenever we seek to collect information, we make it clear whether the employee must provide this information (and if so, what the possible consequences are of not complying), or whether he/she has a choice.
How we store this Staff data
We create and maintain an employment file for each staff member. The information contained in this file is kept secure and is only used for purposes directly relevant to his/her employment. A separate file containing the information on annual and sick leaves of the personnel is kept. The staff files are kept within a locked cupboard in the Director’s office. You are able to have access to your file at any time to ensure that all information about you is up to date.
Once your employment with us has ended, we will retain this file and delete the information in it in accordance with our retention policy which currently states that we will keep it for two years for reasons such as: fulfilling a reference request.