Employee Data Privacy Notice

Page 1

TINGDENE – EMPLOYEE DATA PRIVACY NOTICE

Our business operates through a number of individual companies that form part of the Tingdene Group of companies based in the UK (each a Tingdene Company). Each of the following is a Tingdene Company: Tingdene Parks Limited, Tingdene Holiday Parks Limited, Tingdene Marinas Limited and Tingdene Boat Sales Limited. The Tingdene Company which is your employer is the ‘controller’ in relation to the processing activities described below. A ‘controller’ is an organisation that decides why and how your personal information is processed and is responsible for such processing.

Each of the Tingdene Companies (together referred to as “Tingdene” or the “Company” or “we” or “ us” ) takes its data protection responsibilities seriously. The Company adheres to the principles (as applicable) contained in the The General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and Data Protection Act 2018 (together called the “Data Protection Legislation”).

The Data Protection Champion (“DPC”) is responsible for ensuring compliance with and maintenance of this policy. That post is held by the company’s Chief Financial Officer (“CFO”), who, may be contacted by email CFO@tingdene.net, or by telephone to the company’s Head Office.

As a “data controller”, the Company is responsible for deciding how it processes personal data about you. The Company takes your privacy seriously and it is fully committed to protecting your personal data at all times. The Company will only process your personal data in accordance with applicable data protection laws, adhering to the principles (as applicable) contained in the GDPR.

This notice applies to current and former members of our workforce, including employees, workers, agency workers, and self-employed consultants who, for the purposes of this notice are collectively referred to as ‘employees’. The collective term of ‘employees’ does not in itself confer on you any employment status; your employment status will be identified from your contract of employment or engagement with the Company.

This notice does not form part of your contract of employment and and does not confer any contractual right on you or place any contractual obligations on us and the Company may amend it at any time to reflect any changes in the way in which it processes your personal data. The Company will communicate to you the updated privacy notice when we make any changes to the way we process your personal data.

The Company collects and processes personal data relating to its employees for various reasons, including to manage the working relationship. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

The kind of information we hold about you

“Personal data” is any information about a living individual from which they can be identified such as name, ID number, location data, any online identifier, or any factor specific to the physical, physiological, genetic, mental, economic or social identity of that person. It does not include data where any potential identifiers have been removed (anonymous data) or data held in an unstructured file.

There are “special categories” of more sensitive personal data which are more private in nature and therefore require a higher level of protection, such as genetic data, biometric data, sexual orientation, race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and health. For the purposes of this notice, personal data relating to criminal convictions, which also requires a higher level of protection, will also fall within the description of ‘special category’ personal data.

When we refer to “processing”, this means anything from collecting, using, storing, transferring, disclosing, altering or destroying personal data

What information does the Company collect?

The Company collects and processes a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number, date of birth and gender;

• the terms and conditions of your employment;

• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Company;

• information about your remuneration, including entitlement to benefits such as pensions or insurance cover;

• details of your bank account and national insurance number;

• information about your marital status, next of kin, dependents and emergency contacts;

• information about your nationality and entitlement to work in the UK;

• information about your criminal record, (Such checks are only carried out where permitted by law);

• details of your schedule (days of work and working hours) and attendance at work;

• details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;

• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;

• assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;

• information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments;

The Company collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; further information may be

obtained from your passport or other identity documents such as your driving licence; we may also collect further information from the forms completed by you at the start of or during your employment (such as benefit nomination forms) with the company. We will also collect data from our correspondence with you; through interviews, meetings and or other assessments.

In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law. Where we receive such information from these third parties, we will only use it in accordance with this notice and in line with our Data Protection Policy. In some cases, they will be acting as a controller of your personal data and therefore we advise you to read their privacy notice and/or data protection policy

Data is stored in a range of different places, including in your personnel file, in the Company’s Human Resources management systems and in other IT systems (including the Company’s email system).

Why does the Company process personal data?

The Company needs to process personal data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements.

In some cases, the Company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee's entitlement to work in the UK, to deduct tax, to comply with health and safety laws, to enable employees to take periods of leave to which they are entitled, and to respond to and defend legal claims. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.

In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the Company to:

• run recruitment and promotion processes;

• maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;

• operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;

• operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;

• operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the Company complies with duties in relation to leave entitlement;

• ensure effective general Human Resource and business administration;

• provide references on request for current or former employees;

• and • maintain and promote equality in the workplace.

Special Categories of Personal Data

We also collect, store and use some special categories of personal data, such as information about health or medical conditions, relying on a variety of different bases for lawful processing under the GDPR.

In some cases, this will enable us to perform our legal obligations in respect of employment, social security, and social protection law, in line with our Data Protection Policy. This may include:

• operating and keeping a record of absence and absence management procedures and other information relating to leaves of absence, which may include sickness absence or family related leaves;

• information relating to you involving allegations of unlawful discrimination, in order that an investigation may be conducted and appropriate action taken (if any) under our Disciplinary or Grievance Policies; or

• health information to assess and/or to comply with our obligations under employment, equal opportunities and health and safety legislation (for example a requirement to make reasonable adjustments to your working conditions).

In other cases, this processing will be for occupational health reasons or where we are assessing your working capability, subject to appropriate confidentiality safeguards. This may include information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits; sickness absence records, such as statement of fitness to work, reasons for absence and self-certification forms; and records of return to work interviews/meetings.

In some cases, processing is needed for statistical purposes in the public interest, such as for equal opportunities monitoring, in line with our Data Protection Policy. To ensure meaningful equal opportunities monitoring and reporting, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, and your sexual life or orientation.

In a few cases, we may need to process special categories personal data to establish, defend or exercise legal claims in an employment tribunal or any other court of law.

Who has access to data?

Your information will be shared internally, including with members of the Human Resources and Recruitment Team (including payroll), your Line Manager, Managers in the business area in which you work and IT employees if access to the data is necessary for performance of their roles.

The Company shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from thirdparty providers and obtain necessary criminal records checks from the Disclosure and Barring Service or the Criminal Records Bureau. The Company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.

The Company may share your data with legal and other professional advisors, IT System Providers, Government bodies such as HMRC, ONS, UK Visa & Immigration. We may also share your data with third parties in connection with payroll services, such as the company’s bankers and the BACS service to facilitate payment of payroll, private medical insurance providers and pensions administrators, both where applicable, and the company’s accounting software providers as part of the company’s processing of payroll and provision of on-line pay-slip services.

The organisation will not transfer your data to countries outside the European Economic Area.

How does the Company protect data?

The Company takes the security of your data seriously. The company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the Company engages third parties to process personal data on its behalf, it does so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

For how long does the Company keep data?

The Company’s Data Retention Policy sets out the Company’s principles for retention of employee information along with the default position in relation to how long the Company keeps specific employee information before it is deleted or destroyed.

Automated decision making / profiling

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Your rights

As a data subject, you have a number of rights. You can:

• have your personal data corrected where it is inaccurate;

• have your personal data erased where it is no longer required. Provided that we do not have any continuing lawful reason to continue processing your personal data, we will make reasonable efforts to comply with your request;

• have your personal data be transferred to another person in an appropriate format where we process that data in reliance on your consent and the processing is carried out by automated means;

• withdraw your consent to processing where this is our lawful basis for doing so;

• restrict the processing of your personal data where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings; and

• to object to the processing of your personal data, where we rely on legitimate business interests as a lawful reason for the processing of your data. You also have the right to object where we are processing your personal information for direct marketing purposes. We have a duty to investigate the matter within a reasonable time and take action where it is deemed necessary. Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.

If you would like to exercise any of these rights, please contact the DPC. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPC. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to. If you withdraw your consent, our use of your personal data before your withdrawal is still lawful.

If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner, but we would very much appreciate the opportunity to address with you directly your concerns prior to contact with the Information Commissioner. You can make a subject access request at any time, by writing to the Data Protection Champion (“DPC”), Tingdene (Parks, Holiday Parks, Marina’s Boat Sales) Limited, Bradfield Road, Finedon Road Industrial Estate, Wellingborough, Northamptonshire, NN8 4HB.

Your duties

We encourage you to ensure that the personal data that we hold about you is accurate and up to date by keeping us informed of any changes to your personal data. You can update your details by contacting your Line Manager.

What if you do not provide personal data?

Employees have obligations under their employment contract to provide the Company with data. In particular, employees are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. Employees may also be required to provide the Company with data in order to exercise their statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that employees are unable to exercise their statutory rights.

Certain information, such as contact details, employees right to work in the UK confirmation and payment details, have to be provided to enable the Company to enter a contract of employment. If employees do not provide other information, this will hinder

the Company’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.
Employee Data Privacy Notice by Tingdene Group - Issuu