As your Employer, Euramax Solutions Limited (referred to in this document as ‘The Company’) collects, stores and processes your personal data in order to meet our commitments as an Employer. The Company is committed to being transparent about how we collect and use your data and to meeting our Data Protection obligations.
What information does The Company collect?
The Company collects and processes a range of information about you. This includes:
- title, name, address, telephone number(s) and email address, including emergency contact details, and telephone number(s);
- right to work in the UK documents;
- date of birth;
- bank details;
- national Insurance number and P45/P46/P60 information;
- salary rates and payroll records;
- equality, diversity and inclusion information;
- medical information accident investigations/reports, and health surveillance data;
- terms and conditions of your employment, including offer letter, contract of employment and variations to contracts;
- HR records relating to items such as start date, job description, training, PPE records, appraisals, performance reviews, disciplinary file, absence and sickness; and
- Closed-Circuit Television (CCTV) imagery.
And any other relevant information in relation to your ongoing employment at Euramax Solutions Limited.
The Company may collect this information in a variety of ways. For example, data might be collected through the new starter process or via a notification from you detailing a change of personal data.
The Company seeks information from third parties with your consent only.
Why does The Company collect your personal data?
The Company needs to collect your personal data in order to fulfil our responsibilities as an Employer. For example, to process payroll information and make regular salary payments to you, in accordance with your Contract of Employment.
In some cases, The Company needs to process your data to ensure we comply with our legal obligations such as reporting your income information to HMRC.
In other cases, The Company has a legitimate interest in processing personal data. For example, The Company uses CCTV cameras in communal working environments in order to aid in any Health & Safety incidents where investigations occur or where preventative measures can be put in place, as well as for site security purposes. See section 6 for further information.
Data Protection and Information Security
The aim of The Company is to ensure the management of personal data including the filing, retention and disposal of data is conducted to ensure compliance with the Data Protection Acts.
The various Data Protection Acts, lay down strict rules about the way in which personal data and sensitive personal data is collected, accessed, used and disclosed. The Data Protection Acts apply equally to photographic, audio, microform and electronic media that are used to store records as well as the more traditional paper or card records. To comply with the principles of the Data Protection Acts, records containing personal data will be:
- stored appropriately having regard to the sensitivity and confidentiality of the material recorded;
- retrievable and auditable;
- retained only for as long as is necessary; and
- disposed of appropriately to ensure that data protection rights and copyrights are not breached and to prevent the data falling into the hands of unauthorised persons
The Company’s IT systems are password protected with restricted controlled access as part of our ICT Procedures. Our servers, PC’s and files are all held in lockable offices and / or server rooms with restricted access. Our data is backed up to Managed Service Providers (MSP) who are equally complaint in regards to access control (both physical and logical) appropriate to the holding of personal data. They are controlled and measured under a non-disclosure agreement contract with The Company.
Information held on ADP’s cloud portal, such as HR and Payroll information are restricted through controlled access with constant review. Information held within the portal is in accordance with your timesheet profile requirements and the requirements stated by the HMRC.
Levels of access to personal data throughout the company is dependent upon the roles and responsibilities of each individual employee, ensuring that access is limited to only relevant data.
Data Retention and Disposal
The Company will hold and retain your personal data for the duration of your employment and where necessary we will hold certain information about you after you have left, such as; your right to work documentation, pension, salary record, accident investigation/reports, health and safety (training) records. The periods for which your data is held after this will be in accordance with statutory retention periods, but shall not be held longer than is necessary. Reasons for longer retention will include:
- Accident Reports (at work) may be held for a greater period of time;
- records containing information relevant to legal action that has been started or is in contemplation of commencing within the statute of limitations; and
- records relating to individuals or providers of services who are judged unsatisfactory. The individuals may include employees or subcontractors who have been the subject of serious disciplinary action.
The Company uses CCTV imagery to provide a safe and secure environment for all employees, for visitors (including customers, suppliers and contractors) and to protect The Company’s property. For Health & Safety and/or security reasons, CCTV data is retained for 30 days, however where legal or disciplinary proceedings exceed this timeframe, data may be held longer, but not longer than is necessary.
Cameras are located at strategic points throughout the business premises, so that they only cover communal or public areas and have been sited so that they provide clear images. No camera focuses, or will focus, on toilets or changing rooms. Appropriate signs are prominently displayed in all areas covered by CCTV in order to make you and visitors aware when entering an area covered by CCTV.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require The Company to change incorrect or incomplete data;
- require The Company to delete or stop processing your data if the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where The Company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact your direct line manager who will be able to deal with your request.
If you believe that The Company has not complied with your Data Protection rights, you can complain to the Information Commissioner.
What if you do not want to provide personal data?
The Company aims to hold only the necessary personal data which is limited to personal data required to fulfil our ability to employ you and the responsibilities this comes with. You have some obligations to provide The Company with data in order to comply with statutory law and without this The Company would not be able to employ you.
Your acknowledgement and consent
I confirm that I have received and have been informed, via the Privacy Notice, that Euramax Solutions Limited (referred to in this document as ‘The Company’) collects, stores and processes my personal data in order to fulfil its duties as my employer and meet its Data Protection obligations.