Employee Privacy Notice
1. How your information will be used
1.1. As your employer, the Company needs to keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
1.2 As a company pursuing software development and sales activities, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes.
Purposes of processing personal data include:
- Human resources and personnel management. This purpose includes human resource management activities carried out as part of recruitment or the performance of an employment contract, and includes on boarding, termination of employment, scheduling and recording time, performance, compensation and benefits, and training.
- Compliance with local and EU Member State Law. This purpose refers to the processing of personal data as necessary to fulfil a legal obligation to which the Company is subject. Its purpose is to ensure compliance with the law by the Company including but not limited to the prevention of crimes and the disclosure of personal data to government institutions and supervisory authorities, including tax and labour authorities, in relation thereto.
- Business process execution and internal management. This purpose addresses activities such as travel and expenses, managing company assets, IT services, information security, conducting internal audits and investigations, legal or business consulting, and preparing for or engaging in dispute resolution.
We will never process your data where these interests are overridden by your own interests.
1.3 Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.4
1.4 The sort of information we hold includes your application form or resume and references, your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records. A list of all the information held in our Employee Data Protection Policy can be requested and is available on the intranet.
1.5 You will, of course, inevitably be referred to in many company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company. You should refer to the Privacy and Personal Data Protection Policy which can be requested and is available on the intranet.
1.6 Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, health insurance or life insurance policies.
1.7 Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency.
1.8 Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
1.9 We do not use automated decision making but perform profiling in limited circumstances including determining behavioural group profiles. Behavioural Assessments are completed using Predictive Index Behavioural and Cognitive online assessments (“PI”) and Gabriel Institute behavioural assessments (“Gabriel”). These processes assist the recruiting manager in improving the efficiency of the candidate selection process and increases the odds of making a better hiring decision. The PI and Gabriel assessments each are a single data point in the selection process helping to assess which candidate will be best suited to the job vacancy in terms of technical skills, teamability and culture fit and is never used to directly eliminate someone from the candidate pool. Gabriel is not currently applicable for EU residents (Data Subjects) under the GDPR.
1.10 If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
2. Transfers to Third Parties
2.1 Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external payroll provider, pension or health insurance schemes.
2.2 We may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business.
3. Cross-Border Data Transfers
The Company’s business processes increasingly go beyond the borders on one country. This globalisation demands not only the availability of communications and information systems across the Company, but also the worldwide Processing and use of information within the Company. Consequently, employee’s data may be subject to cross border data transfers, in particular to Australia, United States of America, South Africa, United Arab Emirates for which the Company has legal entities (for which no adequacy decision by the European Commission has been issued) based on standard data protection clauses adopted by the European Commission (hereinafter referred to as “Data Transfer Agreements”) as well as other suitable safeguards recognized by the General Data Protection Regulation. In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. The employee may request a copy of the Data Transfer Agreements or information on the other applicable safeguards.
Your personal data will be stored for no longer than necessary considering the purposes of the processing activities. The retention period will not exceed 7 years or the criteria used for determining how long your data will be stored for is available in Data Retention Policy.
5. Your Rights
5.1 Under the General Data Protection Regulation (GDPR) and in certain countries you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
5.2 If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
5.3 You have the right to lodge a complaint to the Information Commissioners’ Office (www.ico.org.uk) if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
5.4 If you have any concerns as to how your data is processed you can contact:
HR Department: firstname.lastname@example.org