Lawful Basis for Processing Personal Data
We must have a lawful basis to process personal data as well as outlining the purposes for which that processing takes place.
Our lawful basis (bases) for processing personal data will be;
- Where the processing is carried out in accordance with a contractual obligation between you and us.
- With your consent.
- Where we are required to fulfil a legal requirement.
- Where the processing is required to protect the vital interests of the data subject or of another natural person.
What Type(s) of Information We May Collect
- Personal details which will include your name (including any middle names) or any other name you may have been previously known by, your date of birth, your contact details including your home address and any former addresses, telephone numbers, email addresses, your marital status, and other identifiers such as your passport and driving licence numbers (including the retention of copies of such documents).
- Sensitive information, (categorised under GDPR as special categories of information) such as health information as part of our obligations to ensure your health and welfare within the work environment.
- Bank account details and payment card details for the purposes of making or receiving payments, paying salaries, and complying with our obligations to tax authorities.
- Your employment history, qualifications, and details from any references you may provide to enable us to establish your suitability for employment with us.
- Financial information required to ensure our compliance with any obligations under Proceeds of Crime legislation.
What Processing of Personal Data We May Do
We will collect and process information about you in the following circumstances:
Information you provide to us:
- When you apply for a position of employment (part-time, full-time, agency, or temporary) to assess your suitability for the position.
- When you enquire about or purchase any of our products or services to provide that product or service to you.
- When you send an email, letter, fax or telephone us for any reason to allow us to respond to you.
Information we may gain because of the relationship between you and us:
- We may record telephone conversations both to and from us.
- Website activity including cookies and IP addresses.
Information we gain from other sources about you:
- Credit Reference Agencies.
- Fraud Prevention Agencies.
- Medical Practitioners.
- Electoral Roll.
- Government agencies.
- To comply with any legal obligation as a consequence of a lawful order of a court of law or other competent authority.
- To share with other business functions within our group of companies.
- To share with third parties who we may employ to support the delivery of any of our services or products to you.
- We will not share your data for the purposes of direct marketing.
Why Your Information Will be Processed
- Where the processing is carried out in accordance with a contractual obligation between you and us.
- Where we are required to fulfil a legal requirement.
- Where the processing is required to protect the vital interests of the data subject or of another natural person.
- Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- We will also process your information to ensure that our requirement to document our processing activity for the purposes of audit, either internally or externally, complies with
Subject Access Requests
You have a right to obtain a copy of personal data we hold. You have the right to obtain:
- Confirmation from us that we are processing your personal data.
- A copy of your personal data.
- Any other supplementary information, which will include:
- the purposes of our processing;
- the categories of personal data concerned;
- the recipients or categories of recipient we disclose the personal data to;
- our retention period for storing your personal data or, our criteria for determining how long we will store it;
- the existence of your right to request rectification, erasure or restriction or to object to such
- processing;
- the right to lodge a complaint with the ICO or another supervisory authority;
- information about the source of the data, where it was not obtained directly from the
- individual;
- the existence of automated decision-making (including profiling); and
- the safeguards we provide if we transfer personal data to a third world country or international organisation.
Fees for Processing a Subject Access Request (SAR)
Fees for making a subject access request will not be payable, unless the following circumstances apply:
- The request is manifestly unfounded;
- The request is excessive;
- Additional copies of data already provided under a subject access request are requested.
Your Right to Rectification
Where you believe that personal data we hold is inaccurate you have the right to have the errors rectified. If this is the case, please contact the Office Manager with details of the errors and we will have the errors amended and notify you when this change has been processed. We will complete this change within one calendar month.
In certain circumstances we may disagree that data we hold is inaccurate, and where you disagree with this decision you may make a complaint to the ICO, or the appropriate supervisory authority.
Your Right to Erasure
You may make a request for your data to be erased from our systems. This is not an absolute right as there may be reasons why we are unable to erase your data. Please contact our Office Manager for further guidance.
Your Right to Restrict Processing
You may request us to restrict the processing of your personal data in certain circumstances. This is not an absolute right therefore please contact our Office Manager for further information.
Your Right to Object to the Processing of Personal Data
You have several rights where you can object to the processing of personal data:
- You have an absolute right to stop your data being used for direct marketing purposes;
- Other circumstances in the processing of your personal data can be objected to. For further information refer to the website of the Information Commissioners Office (ico.org.uk).
Data Protection Officer
We have taken the decision not to appoint a Data Protection Officer due to the limited amount of personal information we may collect. However, any information that is collected will still be kept in a secure environment and will be overseen by our Office Manager.
Complaints
If you have any cause for complaint in the way your data is processed, then please contact our Office Manager detailed above at your earliest opportunity.
You may also make a complaint to the local supervisory authority, e.g in the UK this is the Information Commissioners Office (ICO who can be contacted at ico.org.uk
Disposal of Documents Containing Personal Data
Hard Copy (Paper) Documents;
- Paper documents containing personal data must NOT be disposed of by placing in a wastepaper basket. They MUST be placed in the confidential waste cabinets. On collection by an appointed sub-contractor, the documents will be safely and securely shredded and destroyed.
- Legal documents shall be disposed of in accordance with the requirements laid down by the relevant regulatory bodies.
- Shredding must be used to dispose of 'contract' or 'consent' documents.
Electronic Documents & End of Life Devices;
- Documents should be deleted when they are no longer required.
- When an existing device is to be re-used by a new/different employee, all personal data
- must be deleted from the device prior to being assigned.
- All end of life devices and hard disks will be sent to an external company for certified
- data deletion and destruction/re-use of the particular device.