Broadland Guarding Services – Privacy Notice – Employee’s
Data Controller: Broadland Guarding Services, Delta House, Vulcan Road North,
Data Protection Officer: Responsible person, Robb Eldridge, email@example.com, 01603 484884
The Company collects and processes personal data relating to its employees to manage the employment relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the Company collect? The Company collects and processes a range of information about you. This includes items such as your:
- Name, Address, Contact Details, email addresses, telephone number date of birth, gender
- Terms and conditions
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
- details of your bank account and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record;
- details of your schedule (days of work and working hours) and attendance at work;
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- details of trade union membership; and
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
The Company collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in the organisation’s HR management systems and in other IT systems including the organisation’s email system.
The Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law. In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the organisation to:
- run recruitment and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- respond to and defend against legal claims; and
- maintain and promote equality in the workplace
Where the Company relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedom of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations such as those in relation to employees with disabilities and for health and safety purposes. Information about trade union membership is processed to allow the Company to operate check-off for union subscriptions.
Where the Company processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purpose of equal opportunities monitoring. Data that the Company uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
Who has access to data? Your information will be shared internally, including with members of the HR and recruitment team (including payroll), line mangers, Control Room staff and other Company managers with which you work. The IT staff will have access to some data as necessary for the performance of their roles.
The Company shares your data with third parties in order to, obtain pre-employment references from other employers, obtain employment background checks from third party providers, and obtain necessary criminal records checks from the Disclosure and Barring Service. The Company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
If employed on the Dodds contact your data may be transferred to the United States for the purpose of vetting, security and other contractual reasons. The US Department of Defence has strict rules on the handling of personnel data and will not release the information to a third party without approval.
How does the Company protect data?
The Company takes the security of your data seriously and has internal policies and controls to ensure data is not lost, accidently destroyed, misused or disclosed and the information is accessed by employees only in the performance of their duties. Any personal information is stored securely and will be held only as long as necessary or as guidelines and regulations dictate.
Storage/Access of Material
All media is stored at the Company Headquarters building located at Vulcan Road North, Norwich, NR6 6AQ. The building is manned 24/7 as our Control Room is located on the 1st floor. Access to the building is either by FOB or the building entry buzzer which is controlled by our on duty Controller. There are secondary entrance doors for both the ground and 1st floors also requiring FOBs or manual buzzer release. All visitors are required to be escorted. Offices located on either the ground or 1st floors are kept locked outside of normal business hours. These offices are locked by key or combination lock. Office keys and the combination numbers are issued only to appropriate personnel. Spare keys and the ground floor entrance combination are held in the Control Room in sealed envelopes. Access to these offices is controlled and spare keys/combos must be signed for when the seal is broken.
All hard copy items are kept locked in offices with controlled access. Archive material is kept in our designated archive room. This room is kept locked with controlled access by only HR or Senior Management personnel. The room has a log which must be filled in when it is accessed.
Digital material is held on either desktop or laptop systems which are stored in offices. The servers are located on the 1st floor. Access to this is restricted to authorised personnel. This space also requires a log to be filled in when accessed.
All hard copy or digital media is retained as per British Standards or other regulatory guidelines. Information is held no longer than necessary; once information is no longer required it is either shredded on site or sent to a authorised site for secure disposal.
The below table is a guideline to Company retention held in any format (i.e. Paper/Digital). Files are to be reviewed on a regular basis and information destroyed/deleted as per guidelines. Destruction/deletion should be logged with documentation signed off by the HR Manager. The HR Manager should keep Senior Management updated on the review and destruction/deletion of material at Management Board meetings. This procedure will become part of the Company Audit process.
|Accounts / Invoices / Supplier Documentation|
|Payments – Cash Book or records of payments made||6 years|
|Invoice – Revenue||6 years|
|Petty Cash Records||6 years|
|Bank Statements||6 years|
|Remittance Advices||6 years|
|Correspondence re donations||6 years|
|Bank reconciliations||6 years|
|Receipts Cash Book||10 years|
|Annual accounts & annual review||Permanently|
|Income Tax records (i.e. P45, people leaving)||6 years||This is plus current year.|
|P6 – Notice of Tax Code||6 years||This is plus current year.|
|P11D – Annual Return of employees / directors expenses & benefits||6 years||This is plus current year.|
|P60 (Certificate of pay & tax deducted)||6 years||This is plus current year.|
|Notice of Tax Code Change||6 years||This is plus current year.|
|Annual return of taxable pay & tax deducted||6 years||This is plus current year.|
|Records of Pension deductions||6 years||This is plus current year.|
|Payroll & payroll control account||6 years||This is plus current year.|
|Policies||3 years||After Lapse|
|Claims Correspondence||3 years||After settlement|
|Employers Liability Insurance Certificates||Forty Years|
|Accident Reports & relevant correspondence.||3 years||After settlement|
|Employee Personnel Records|
|Wages & Salary records||6 years||Plus current year|
|Expense accounts/records||6 years||Plus current year|
|Staff Personnel charts||6 years||After employment ceases|
|Details of Medical Schemes||Permanently|
|Accident Reports||3 years||After last entry or end of investigation if later|
|Redundancy details, calculations of payments, notification||6 years||After employment has ceased|
|Applications for Jobs (where candidate is unsuccessful) – Unsuccessful Interviews||1 year||After notifying the unsuccessful candidate|
|Vetting records||7 years||BS7858:2012 section 9|
|Sickness records||3 years||After end of each tax year for Statutory Sick Pay|
|Statutory Maternity Pay records, calculations of other medical evidence||3 years||After end of tax year in which maternity ends|
|Training Records||6 years||After Leaving|
|DBS Documents||6 months||Per Dodds Contract all DBS held will be kept until staff member leaves. All other DBS documents will be destroyed after 6 months per guidelines.|
|Health & Safety Records|
|Accident Reports / Books||3 years||Once Completed|
|Health & Safety Records||3 years||Personal injury actions must generally be commenced within 3 years of injury.|
|Employers Liability Insurance Certificates||Forty Years|
|Accident Reports & relevant correspondence.||3 years||After settlement|
|MB/Directors Meeting Minutes||Permanently|
|Contracts with customers/clients, suppliers or agents||6 years.||After the expiration or termination of the contract|
|Daily Occurrence Books||7 years||After the expiration or termination of the contract|
The Company will hold your personal data for the duration of your employment. The periods for which your data is held after the end of employment are set out by regulations and guidelines which we are required to adhere to.
Your right to request access to your information. As the data subject you have a number of rights. You can:
- Access or obtain a copy of your data on written request
- Require the Company to change incorrect or incomplete data
- Require the Company to delete or stop processing your data, for example when data is no longer necessary to fulfil our contact of services
- Ask the Company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the Companies legitimate grounds for processing data.
If you would like to exercise any of these, please contact R. Eldridge whose details are listed in this document.
If you believe the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You have some obligations under your employment contract to provide the Company with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under implied duty of good faith. You may also have to provide the Company with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide data may mean that you are unable to exercise your statutory rights.
Certain information, such as contract details, right to work in the UK and payment details, have to be provided to enable the Company to enter a contact of employment with you. If you do not provide other information, this will hinder the Companies’ ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Automated decision making.
Employment decisions are not based solely on automated decision making.