Data Protection Privacy Notice
This non-contractual notice explains what personal data (personal information) we hold about you, how we collect it, and how we use and may share personal information during your employment and after it ends. Please ensure that you read this notice and any other similar notice we may provide to you from time to time.
Who collects the personal information
The Temporary Work Agency is a ‘data controller’ and gathers and uses certain personal information about you.
Data protection principles
The data protection principles which we will apply when gathering and using personal information are set out in our Data Protection Policy in our handbook.
About the personal information we collect
A table summarising the personal information we collect and hold, how and why we do so, how we use it and with whom it may be shared is below.
Personal information may be shared with other parties, such as group companies and/or affiliated companies, external contractors and our professional advisers (e.g. legal and financial advisors), HR advisors and payroll providers, and potential purchasers of some or all of our business or on a re-structuring. The recipient of the personal information will be bound by confidentiality obligations. We may also be required to share some personal information to comply with the law. We seek to ensure that our personal information collection and processing is always proportionate. We will notify you of any material changes to personal information we collect or to the purposes for which we collect and process it.
Where personal information may be held
Personal information may be held at our offices and third-party agencies, service providers, representatives and agents as described above and in cloud based IT services. In the event that we use cloud based IT services, personal information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in the UK. We have security measures in place to seek to ensure that there is appropriate security for personal information we hold.
How long we keep your personal information
We keep personal information during and after your employment for no longer than is necessary and in the majority of cases for no more than 6 years after the end of your employment.
Your rights to correct and access your personal information and to ask for it to be erased
Please contact our Data Protection Contact if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some, but not all, of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing personal information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Criminal records information
We may carry out Disclosure and Barring Service (DBS) checks (including requesting a criminal record certificate, enhanced criminal record certificate or a search of the children’s or adults’ barred list) where we feel that a DBS check if proportionate and relevant for your role. A record that the DBS check was completed and whether it was satisfactory will be kept; however, the check itself will usually be disposed of securely unless we feel it is relevant to the ongoing employment relationship, in which case it will be kept securely for six months (unless relevant for regulatory inspections in which case it will be retained until the next inspection).
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
Key to table below
Access – to monitor/manage staff access to our systems and to record staff absences
GEP – to maintain employment records and for good employment practice
Insurance – to comply with the terms of our insurance
LO – to ensure compliance with legal and/or regulatory obligations
Medical Professional – your doctors and other medical/occupational health professionals
Policies – to ensure compliance with our policies, such as EOP and sickness absence
Protect – to protect our networks and personal data of employees and customers/clients
PTC – to enter into/perform the contract
Personnel – relevant managers, HR, professional advisors, payroll and consultants
SA – for staff administration
SPI – for reasons of substantial public interest (e.g. equal opportunities, prevention and/or detection of unlawful acts)
SWP – to ensure safe working practices
|The information we collect||How we collect the information||Why we collect the information (including legitimate interest)||How we use and may share the information|
|Your name, contact details (including emergency contact), other employment records ☐||From you||PTC, GEP||PTC, SA|
Share: Personnel, the agency you are on assignment with for the purpose of an audit, TipJar Ltd to provide free access to the employee rewards platform.
|Financial details (e.g. salary, benefits, bank, NI, tax information), your spouse/partner, dependants, your age ☐||From you||PTC, GEP||PTC|
Share: Personnel, HMRC, our bank, the agency you are on assignment with for the purpose of an audit
|Your qualifications and any professional status ☐||From you||PTC, GEP||PTC|
Share: Personnel, clients (if required)
|Your nationality and immigration status and information from related documents (e.g. passport) ☐||From you, the Home Office (if required)||PTC, GEP||PTC|
Share: Personnel, the Home Office (if required)
|A copy of your driving licence if required by your role ☐||From you, the DVLA portal||PTC, GEP, Insurance||PTC|
Share: Personnel, our insurers, any penalties/banning check provider
|Pension arrangements and all information necessary to implement and administer them ☐||From you, pension administrators||PTC||PTC|
Share: Personnel, pension administrators, HMRC
|Sickness and absence records (including sensitive personal information regarding your physical and/or mental health) ☐||From you, Medical Professionals, any insurance benefit administrators||PTC, GEP and SWP||PTC, LO|
Share: Personnel, Medical Professionals, any insurance benefit administrators*
|Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs||From you||LO, SPI||SPI and Policies*|
|Trade Union (TU) membership||From you, your TU||PTC, GEP||PTC|
Share: Personnel, your TU
|Information on grievances & conduct issues||From you, other employees, consultants, any interested third parties||PTC, LO, GEP, SWP||PTC|
Share: Personnel, any interested third parties (if appropriate)
|Details of your performance (e.g. appraisals)||From you, other employees, consultants||PTC, LO, GEP, SWP||PTC|
|Time and attendance records (including biometric data where the system requires this*)||From you, any time recording system||PTC, access||PTC|
|Your use of our systems and your actions in and around the work place||Websites, applications, other technical systems (e.g. CCTV, phone, email, internet)||PTC, Access, Protect, Policies, operational reasons, statistical analysis||See adjacent column|
Share: Personnel, any interested third parties
|Your use of public social media (only in very limited circumstances to check specific risks for specific functions within our organisation) and any business related social media (e.g. LinkedIn)||Websites, applications||PTC, protect our external reputation, adherence to restrictions and policies||See adjacent column|
|Photographs||From you||ID documents, marketing||PTC, promote the company|
Share: website, promotional material
|Details in references about you that we give to others||From your personnel records, other employees||PTC, LO, GEP||To provide a reference|
Share: Personnel and the recipient(s) of the reference
|Criminal records information, including the results of DBS checks ☐||From you, the DBS||PTC, LO, SPI||LO|
Share: Personnel, DBS, other regulatory authorities (if required)
You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked ‘☐’ above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits and to administer statutory payments such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, make these payments or provide these benefits.
* Further details on how we handle sensitive personal information are set out in our Data Protection Policy in our handbook