This Privacy Notice (this Notice) is intended to ensure that you are aware of what Personal Data Northstone (NI) Limited (Northstone, we, us, our) holds in relation to you, and how we use that data.
Please read the following carefully to understand our use of your Personal Data.
This Notice applies to you, whether you are an employee, worker, agency worker, or consultant. It also applies to third parties whose information you provide to us in connection with your employment (for example, in respect of emergency contact information). Please ensure that you provide a copy of this Notice to any third parties whose Personal Data you provide to us.
We may update this Notice at any time and will notify you in writing of any changes.
What is Personal Data?
'Personal Data' is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information.
We will collect, store, and use Personal Data about you, which can include the following:
- Personal contact details such as name, title, address, telephone numbers, and personal email address.
- Date of birth.
- Marital status and dependants.
- Next of kin and emergency contact information.
- National Insurance number.
- Bank account details, payroll records and tax status information.
- Salary, wage, annual leave, pension and benefits information.
- Employment start date.
- Location of workplace.
- Photographic I.D.
- Copy of driving licence.
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
- Employment records (including job titles, work history, working hours, training records and professional memberships).
- Personal performance information.
- Any disciplinary and grievance information.
- CCTV footage and other information obtained through electronic means such as swipe card records.
- Information about your use of our IT and communication systems.
What is Sensitive Personal Data?
Certain categories of your Personal Data are regarded as 'Sensitive Personal Data' in that the data is particularly sensitive. We will only process sensitive Personal Data relating to you when permitted by law, or where provided voluntarily by you. Examples include information regarding:
- Physical or mental health;
- Ethnic or racial origin; and
- Biometric or genetic data.
Please note that the above lists of Personal Data and Sensitive Personal Data are not exhaustive.
Purpose and Basis for Processing
We have set out above, examples of the Personal Data and Sensitive Personal Data that we may hold, process and disclose about you.
Below are some of the purposes for which we hold this Personal Data and Sensitive Personal Data:
Type of Personal Data being processed:
Reason for the processing the Personal Data
- Recruitment/appointment including assessing job applications;
- Administering general terms of employment.
- Providing employment benefits, including in some cases pensions and medical benefits
- Payroll and finance including paying salary, reimbursing expenses and other payments;
- Keeping attendance and working time records;
- Performance appraisals and management of performance;
- Sharing your Personal Data with travel agencies and travel companies and accommodation providers in certain circumstances; and
- Providing you with security access to our buildings and IT systems.
- This processing is necessary for recruitment purposes and for the performance of your contract of employment.
- Monitoring use of IT and communications in accordance with our IT, email and internet policy;
- Monitoring and promotion of equal opportunities, including the review of gender breakdown and progression;
- Provision of references;
- Investigating and responding to complaints from personnel, clients, business partners, regulators;
- Maintaining emergency contact details; and
- Marketing purposes (for example photographs or data in Company magazine).
- This processing is necessary for our legitimate business interest in managing our business, provided our interest is not overridden by your interest.
- Managing health and safety at work and incident reporting;
- Compliance with our regulatory (for example disclosing tax data to the Inland Revenue) and professional requirements; and
- Defending, responding or conducting legal proceedings.
- This processing is necessary in order for us to comply with any legal or regulatory obligations.
- Physical or mental health;
- Ethnic or racial origin; and
- Biometric or genetic data.
- This processing is necessary in order for the performance of your contract of employment; necessary for our legitimate business interest in managing our business; and for us to comply with any legal or regulatory obligations.
Please note that the list of purposes set out above is not exhaustive.
While we do not rely on your consent to use your Personal Data on a day to day basis, there may be times when we use your Personal Data for a purpose other than that for which the data was originally collected. In these circumstances we will seek your consent, providing you with full details of the data that we would like to use and the reasons for using it. If you do consent, you will be able to revoke your consent at any time.
Where you do not provide us with your Personal Data
You have a right not to provide us with your Personal Data or revoke your consent at any time. However this may prevent us from performing the general terms of your employment contract, for example, processing your pay or other benefits; complying with our legal obligations and managing our business.
Security and Storage of Personal Data
All Personal Data stored within our IT systems are stored securely and with controlled access to such systems. Access to Personal Data (including Sensitive Personal Data) in both electronic and paper form is restricted to members of the HR Department and employees who have a legitimate and justifiable reason to view such data.
Recipients of Your Personal Data
It is necessary for us to disclose your Personal Data for the purposes of the general performance of your contract of employment. Such third parties will include:
- Insurance or assurance companies;
- Health insurance providers;
- Regulatory bodies to whom we are obliged or required to disclose information;
- Legal and medical practitioners;
- Pension providers;
- Relevant Government departments and agencies including HMRC;
- Training providers; and
- Client bodies.
We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of your Personal Data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied.
Transfer of Personal Data outside the EEA
If we transfer and store Personal Data to a destination outside the European Economic Area (EEA), we will only do so for the purposes described above. We will ensure suitable safeguards are in place to protect the privacy and integrity of your Personal Data in such circumstances.
We will only store your Personal Data for as long as required to satisfy the purpose for which the data was collected and used, unless a longer period is necessary for our legal obligations or for the exercise or defence of legal claims.
Our retention practices are reviewed and updated from time to time in line with legal requirements and best practice. For further information on our data retention practices, please contact your HR Department for a copy of our Data Retention Policy.
Your duty to inform us of any changes to your Personal Data
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes by contacting your HR Department.
Your rights in connection with Personal Data
Under certain circumstances, by law you have the right to:
- Request accessto your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasureof your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no legitimate reason for us continuing to process it.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party.
If you wish to access your Personal Data or exercise any of your above rights in this regard please contact your HR Department in writing. We will respond to your request as soon as practicable.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Do you have to pay a fee to access your Personal Data?
There will be no fee to access your Personal Data (or to exercise any of your other rights). However, we may refuse to comply with your request in circumstances where your request for access is clearly unfounded or excessive, or we can rely on a particular statutory exemption.
If you require any further clarification regarding this Notice, please contact: Denise Geddis, Data Protection Officer at: firstname.lastname@example.org.