Privacy statement for employees
The purpose of this statement is to make you aware of how we will handle your personal data.
During the course of our activities we will process personal data (which may be held on paper, electronically, or otherwise) about our staff or other people who work for or on behalf of us and we recognise the need to store and use it in an appropriate and lawful manner, in accordance with UK data protection law. The purpose of this statement is to make you aware of how we will handle your personal data.
2.1 "Personal data" means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. Some of this data, such as medical details and details of gender, race and ethnic origin, will be regarded as sensitive personal data.
2.2 The Society may occasionally ask you for your consent to use your personal data. However, on a day-to-day basis it will usually process personal data because it is necessary to do so:
2.3 The Society only processes your personal data on these grounds because it needs to. Without your personal data, it would not be able to employ you or perform its obligations under your employment contract.
2.4 When processing data on the basis of its or a third party’s legitimate interests, these interests will typically relate to the operation and administration of the Society’s business, including the safety of the people and property involved in the business. For example, the Society monitors staff to ensure compliance with the Society’s IT systems and to protect its networks and systems.
2.5 Whenever the Society processes personal data for a particular purpose, it shall ensure that the processing is adequate, proportionate and not excessive for that purpose.
3.1 The personal data processed by the Society will include special categories of personal data (also known as “sensitive personal data”) such as:
Sensitive personal data will typically be processed because:
4.1 The Society may make your personal data available to any person within the Society and to persons who provide products or services to the Society (such as advisers and payroll administrators), regulatory authorities, potential purchasers/investors and as may be required by law.
4.2 Your personal data may be transferred to business contacts outside the European Economic Area where necessary in order for the Society to carry out its business (for example, if the Society uses a supplier such as a cloud storage provider outside the European Economic Area). However, the Society shall not transfer personal data outside of the European Economic Area unless there are appropriate safeguards in accordance with applicable data protection law (or an exception applies where the law allows such transfers, for example it is necessary in order to establish, pursue or defend a legal claim). Where the transfer is made on the basis of there being appropriate safeguards, these will either involve the use of contracts approved by the European Union, or result from a European Union decision (such as a decision that a country provides adequate protection for your rights, or the use of an approved data transfer scheme or code of conduct).
4.3 Data will not be disclosed to anyone else other than our authorised employees, agents, contractors or advisors (except as required by law) unless you expressly authorise disclosure.
4.4 Every effort will be made to ensure that data about you is not retained for longer than is necessary for the purpose(s) for which it is obtained and that the data held is accurate and up-to-date. It is in your own interest to tell your line manager if your personal circumstances change, for example, if you move house.
5.1 Under applicable data protection law you have certain rights in relation to your personal data. These include:
5.2 If you would like further information on your rights or wish to exercise them, please contact firstname.lastname@example.org.
5.3 Please keep in mind that there are exceptions to the rights above and, though the Society will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you believe that your data protection or privacy rights have been infringed, you should raise the matter in the first instance with your line manager. If you are not happy with our response, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
5.4 References in this part to “processing” means: obtaining, recording, holding or carrying out any operation on information and data it holds about you, including the organisation, adaptation or alteration of such information or data, retrieval, consultation or use of information or data, the disclosure of such information or data by transmission, dissemination or otherwise making it available to a third party, or the alignment, combination, blocking, erasure or destruction of any such information or data.
Any breach of this statement will be taken seriously and may result in disciplinary action.