This notice and any other document referred to in it, sets out the basis on which we will process any personal data we collect about our employees. It does not form part of any employee’s contract of employment and may be amended at any time.
We take our data protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from other data and information in our possession).
Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual.
Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
1. As your employer, the Company needs to keep and process information about you for normal employment purposes. The information we hold and process will be used for our business management and administrative use only. Access to your information will be restricted only to those who have a reasonable need to access it. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
2. As a company pursuing contract cleaning activities for our clients, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, investigate disputes, administrative purposes or report potential crimes. The nature of our legitimate interests are to manage and retain your employment information and general correspondence with clients, suppliers, and colleagues in order to administer our business and protect our legal position in the event of legal proceedings, even after you have left. We also may use your details to contact you to offer you work after you have left, however you can withdraw your permission for us to do this at any time. We will never process your data where these interests are overridden by your own interests.
3. Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees, or TUPE transfer records.
4. The sort of information we hold includes your application form and references, your contract of employment and any amendments to it; copies of Immigration and right to work documentation including passports; TUPE records; photographic image for identification and security ID badge; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.
5. You will, of course, inevitably be referred to in many company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company.
6. Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.
7. Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
8. In addition, we may monitor computer and telephone/mobile telephone use and keep recordings of answer phone messages that you leave on our or our client’s telephone systems. We may also keep records of your attendance and hours of work at our client’s premises by way of our clocking in and out system. We do this where necessary to fulfill our contractual obligations to our clients, to protect the legitimate interests of our business and to protect our legal position in the event of legal proceedings.
9. We operate a clocking in and out system at our head office for health and safety purposes (attendance register in case of fire, availability of first aid staff) and also operate a CCTV system at head office for safety and security.
10. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, or with your consent. For instance we may need to pass on certain information in order to pay you; to our automatic enrolment pension provider to enroll you and make contributions; Department of Work and Pensions for benefit purposes or compliance with orders; Home Office for immigration enquiries; or HMRC for taxation. We may share your name or other information with our clients for security purposes such as the issue of ID badges, keys, fobs or passes at our client’s premises.
11. In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
12. In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. If we do we will ask your permission or take measures such as having contractual restrictions in place to ensure your data remains confidential and secure.
13. We do not use automated decision making (including profiling).
14. Personal data will be held for terms as detailed in schedule 1 below.
15. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
16. We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data, and information access authorisation controls. We use third party IT service providers to support our IT requirements and maintain our security, who may have access to data but are prohibited from processing, using or retaining it other than for the purpose of IT maintenance and support for the company.
17. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data; to restrict processing, object to processing as well as in certain circumstances the right to data portability.
18. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
19. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
Identity and contact details of controller and data protection contact
20. Swift Office Cleaning Services Ltd (company registration number 4595752) is the controller of data for the purposes of the DPA and GDPR.
21. If you have any concerns as to how your data is processed you can contact:
Data Protection Compliance at firstname.lastname@example.org
or you can write to:
Data Protection Compliance, Swift Office Cleaning Services Ltd, Swift House, Riverway, Harlow, Essex, CM20 2DW
We reserve the right to change this notice at any time and may review and update it regularly. This privacy notice was last updated on 18th May 2018. The latest copy of this notice and our Data Protection Policy can be found on our website http://swiftcleaning.co.uk/ or you can write to the address above for a paper copy.