Privacy Notice For Staff
Data controller (“the Company”): Pureprint Group Limited, Crowson House, Bolton Close, Bellbrook Industrial Estate, Uckfield, East Sussex, TN22 1PH
As part of its employment activities the Company collects, stores and processes personal information relating to its current, prospective and former employees, workers (including agency workers), casual staff and contractors. This privacy notice explains how and why the Company processes employment data and how it complies with the requirement to undertake lawful, fair and transparent processing.
Personal data will always be stored securely and only used in a way that data protection legislation allows. The Company takes its data protection responsibilities very seriously and has appointed a Data Protection Officer to oversee compliance with this privacy notice
What information are we using?
The Company collects and uses a range of personal information about you in order to carry out its employer obligations. This may include (as applicable):
- your contact details, including your name, address, telephone number and personal e-mail address
- your emergency contact details/next of kin
- your date of birth
- your marital status and dependants
- employment records (including CV, references, professional memberships, background checks, proof of eligibility to work in the UK)
- the terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, pay review and bonus letters, statements of changes to employment or engagement terms and related correspondence
- pension information
- your National Insurance number
- your bank account details, payroll records, tax code and tax status information
- any disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence
- appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set
- training records
- annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence
- any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence
- information obtained through electronic means, such as access control card or clocking-in/out records
- information about your use of our IT systems, including usage of telephones, e-mail and the Internet
- medical information (physical and mental health)
- personal demographics (including gender, race, ethnic origin ,sexual orientation, religion)
- Information about criminal convictions and offences.
How do we collect your personal information?
The Company may collect personal information about employees, workers and contractors in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).
How do we use your personal information?
The purposes for which we are processing, or will process, your personal information are:
- Staff administration and management
- Payroll administration and management
- Recruitment processes
- Compliance with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
- Health administration and services
- Accounting and auditing
- Performance management and monitoring
- Education and training
- Employer obligations under health and safety laws
- Providing references on request for current or former employees, workers or contractors
- Fraud prevention or the detection and prevention of crime
- Monitoring your use of our IT systems to ensure compliance with our IT-related policies
- Ensuring network and information security and preventing unauthorised access and modifications to systems
- To enable us to establish, exercise or defend possible legal claims
Your personal information may be held by the Company on paper or in electronic format. Please be assured that our staff are trained to protect your confidentiality and privacy. Your information is never sold for direct marketing purposes and is not processed outside the European Economic Are (EEA).
Lawful basis for processing your information
We will only use your personal information when the law allows us to, in one or more of the following circumstances:
- as part of your employment contract, casual worker agreement, consultancy agreement or contract for services
- where we need to comply with a legal obligation (such as providing information to a pension provider)
- where it is necessary for our legitimate interests (or those of a third party (e.g. use of CCTV cameras)
Who has access to your personal information?
Your personal information may be shared internally within the Company, including with members of the HR department, your line manager, other managers in the company in which you work and IT staff if access to your personal information is necessary for the performance of their roles.
The Company may also share your personal information with third-party service providers (and their designated agents), including:
- external organisations for the purposes of conducting pre-employment reference and employment background checks
- benefits providers and benefits administration, including insurers
- pension scheme provider and pension administration
- occupational health providers where necessary
- external IT services
- external auditors
- professional advisers, such as lawyers and accountants
The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from Bridget Tucker.
Where your personal information is shared with third-party service providers, we require all third parties to implement appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
For how long does the Company keep your personal information?
The Company will retain your information for 6 years following termination of your employment unless statutory retention periods require us to keep it longer. A full list of retention periods applicable to personnel files is available on request.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right:
- to be informed why, where and how we use your information
- to ask for access to your information
- to ask for your information to be corrected if it is inaccurate or incomplete
- to ask for your information to be deleted or removed where there is no need for us to continue processing it
- to ask us to restrict the use of your information
- to ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
- to object to how your information is used
- to challenge any decisions made without human intervention (automated decision making)
If you wish to exercise any of these rights, please contact Bridget Tucker by email firstname.lastname@example.org
If you have a complaint about the use of your information please contact our Data Protection Officer:
Janis Dear email@example.com
You can also contact the ICO for further information or to make a complaint:
Information Commissioner’s Office
Cheshire SK9 5AF
Phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.