Britcon (UK) Ltd is committed to protecting the privacy of our employees. In this policy we explain how and why we collect your information and what we do with it.
Collecting Personal Information
We may collect data from you in a variety of ways: -
- Information that you provide by filling in forms;
- Supplied in written correspondence, including email;
- Supplied during telephone conversations;
- Monitoring of email, internet and telephone usage in accordance with our Acceptable Use Policy.
We may also obtain information from third parties, if this is permitted by law. We may also use legal public sources to obtain information about you. This information will only be sourced in accordance with the General Data Protection Regulation (GDPR).
Why we Collect Personal Data
We collect and process your personal data only for those reasons allowed by law. These reasons include: -
- In order that we may comply with any legal obligation we have;
- In order that we comply with our duties and exercising our rights under a contract with you;
- In pursuit of our legitimate interests;
- Where we have your consent to the processing.
In practice, this means the information we will normally hold and use, will be the following categories of data: -
- Personal contact data details, e.g. name, address, telephone numbers;
- Date of Birth
- Personal characteristics and health data, e.g. gender, sickness records, health and safety records;
- Marital status and information on dependants;
- Payroll records, e.g. NI number, bank account details, tax status and coding;
- Employment records, e.g. start date, job title, work history, working hours, holiday records and training records;
- Remuneration information, e.g. salary, pension and benefits;
- Recruitment and identification records, e.g. CV, references, copy passport & driving licence and right to work documentation;
- HR records, e.g. performance, disciplinary and grievance information;
- CCTV footage and other information obtained through electronic means, e.g. swipe cards and ANR;
- Information on the use our information and communication systems.
This is not exhaustive and other information may be held, but only if we have a legal right to do so.
Where the data is particularly sensitive, specifically health status, racial or ethnic origin, political, religious or similar beliefs, sexual orientation, genetic or biometric identifiers, or trade union membership, the legal reasons we are allowed to hold your data for are more limited and will be one of the following: -
- You have given explicit consent;
- Comply with our legal obligations in respect of your health and safety;
- Comply with our legal obligations as your employer;
- Reason of substantial public interest;
- Establishment, exercise or defence of legal claims.
In addition, we may need information on criminal convictions when conducting background checks from the Disclosure and Barring Service.
If you not wish to provide your personal data despite us having a legal basis to hold and process it then we may be unable to satisfy the terms of our contract with you, such as paying you or providing the benefits to which you are entitled. It may also prevent us from complying with our legal obligations such as ensuring your health and safety. In these cases this will have serious consequences and mean we are unable to continue your employment with us.
We will keep information about you confidential and secure. We will never share personal data with any third party unless we have a lawful basis for doing so. We will never share your data with third parties for marketing purposes.
When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security policies.
Personal data held by us may be transferred to: -
- Regulatory authorities like HMRC and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures;
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so;
- Third party organisations that provide applications/ functionality, data processing or IT services to us, to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based accounting software, identity verification, data, data back-up, security and storage services;
- Third party organisations that otherwise assist us in providing goods, services or information within our lawful basis for doing so but will never include sharing data for marketing purposes;
- Auditors, other professional advisers and pension administrators.
Retention of Personal Data
We only ever retain personal information for as long as is necessary and we have retention policies in place to meet these obligations. We hold personal information for the duration of your employment with us and then for a further period after you have left our employment. This period will vary dependant on the nature of the information and our legal, tax, health and safety and accounting requirements. For example, we are legally required to hold all payroll records for seven years.
We take the security of all the data we hold very seriously. We use a range of measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
It is our policy only to hold your data within the EEA.
You have the right to access any personal information that we process about you and to request information about: -
- What personal data we hold about you.
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has/will be disclosed to;
- How long we intend to store your personal data for;
- If we did not collect the data directly from you, information about the source.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible. If there is a valid reason for not doing so, you will be notified. If you would like your personal data to be removed or the use to be amended, you have the right to request: -
- That your personal data be erased (deleted) from our records;
- That the use of your personal data to be restricted in accordance with data protection laws;
- To be opted out of any direct marketing from us (the marketing material will provide details on how to unsubscribe);
- To be informed about any automated decision-making that we use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
We will inform you if your request is possible under current regulations and inform you to what extent your request has been processed. Where we are under legal obligation to retain your information, we will clarify the requirements around the extent of data as well as the duration we will continue to hold your personal data.
If you would like to make a request around the processing of your personal data, please contact us at firstname.lastname@example.org*.
Further details, questions, or complaints
We hope we have provided you with plenty of information around the processing of your personal data that we undertake and the rights you have over it, however if you have any additional questions or would like more details around any of the points listed above, please contact us at email@example.com*.
If you are not happy with this notice, believe we have processed your data in an unfair or unjust way or are non-compliant with the relevant data protection laws and you wish to raise a complaint, please contact us and we will carefully consider your complaint and respond to you. You also have the right to lodge a complaint with the supervisory authority the Information Commissioners Office (www.ico.org.uk).
*If you don’t have access to email, please contact the HR department