Privacy and Protection Notice for Employees and Contractors
AKJ (“we”, “us”, “our”) are committed to protecting and respecting your privacy in accordance with the current data protection legislation (“Legislation”). For the purposes of the Legislation, the Data Controller is the relevant employing entity. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. Below is a summary of the main ways in which we process your personal data.
It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
We will comply with data protection law. This says that the personal information we hold about you must be:
(a) Used lawfully, fairly and in a transparent way.
(b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
(c) Relevant to the purposes we have told you about and limited only to those purposes.
(d) Accurate and kept up to date.
(e) Kept only as long as necessary for the purposes we have told you about.
(f) Kept securely.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.
2. Information we may Collect or Receive About you
We collect and process personal data that you provide by filling in forms, via websites, over the phone, through email or via third parties such as recruitment agents, credit reference agencies and previous employers. This includes the following categories of data:
- General identification and contact information: Name; date of birth, address; e-mail and telephone number; personal identification number or similar identity number, gender, marital status, and sex.
- Financial information and account details: bank account number and account details; credit history and credit score (if we have a justifiable basis for processing such data); income; and other financial information.
- Sensitive information: We may process the following sensitive information about you; (a) data concerning health such as current or former physical or mental or medical condition and medical history; (b) criminal conviction information.
2.1 Specific Information concerning “Sensitive” Information
Sensitive data, such as information relating to health or criminal convictions, may be required by us for the specific purposes of undertaking heath assessments, sickness administration, fulfilling our obligations as employers, assessing suitability to work, or for pre- engagement or ongoing screening purposes. The provision of such information may be conditional for us to be able to meet our legal and regulatory obligations, or we may ask for your explicit consent. Withholding such information, or withdrawing your consent, may result in us not being able to offer, or continue with, engagement.
Where such information is provided to us, it will only be used for the specific purposes set out above and will be treated securely and in line with this notice.
2.2 Information relating to Third Parties provided by the Employee or Contractor
Where you provide us with information relating to other individuals (e.g. family members in connection with an emergency contact or for health insurance), it is your responsibility to ensure the accuracy of the information and to ensure that the individual is aware that their information has been provided, and the way in which it will be processed by us.
2.3 Telephone conversations
All your telephone conversations and electronic communications using our equipment between us and between you and our clients and third party service providers may be recorded and retained by us, and must be recorded where those conversations or communications, result or may result in the conclusion of a contract in accordance with all relevant statutory or other regulatory requirements, including the Securities Trading Act, General Data Protection Regulation 2016/679 and (in the case of information provided under the Fourth Money Laundering Directive (and all Regulations that implement those provisions)) for such period specified from time to time in that Directive and applicable Regulations. Such records shall constitute conclusive evidence of the conversations, recorded. A copy of the recordings of such conversations and communications will be available to you on request for a period of five (5) years and, where requested by the FCA or other competent authority, for a period of seven (7) years.
3. How we use Your Information
We use the personal data we hold about you in the following ways and for the legal purposes set out below:
4. Disclosure of Your Personal Data
Your personal data will be disclosed to the extent required for the purposes listed above, to members of the Board, finance deespartment or to other employees who have a legitimate need for the data.
Your personal data may be disclosed in response to requests from third parties who request due diligence from us for regulatory or contractual reasons.
Your personal data may also be disclosed to prospective buyers of parts of our businesses, service providers of outsourced services or other agencies/companies who provide services to us, who are under a duty of confidentiality.
Your personal data may be disclosed, where you have provided consent, in response to requests from third parties such as your bank, mortgage lender or prospective employers.
Occasionally we may disclose, or be required to disclose, your personal data in response to requests from a Court, tribunal, regulatory body, law Enforcement or other Government bodies, or otherwise as part of an investigation or litigation process.
5. Use of Third Party Service Providers
Significant amounts of our services are carried out by third parties under contractual arrangements. We may be required to disclose your data to the service provider to enable them to provide the service. A non-exhaustive list of such services is set out below:
- Hosting and maintenance of computer systems;
- Email monitoring and internet access (to the extent permitted by applicable laws);
- Recruitment including pre-engagement screening;
- Tax administration;
- Legal services;
- Travel administration; and
- As a key part of the contractual arrangements between us and our third party service providers, the service provider is required to maintain appropriate levels of security and confidentiality in respect of your personal data, and to only use it as instructed by us
6. International Transfers of Data
We permit your personal data to be transferred to countries outside the EU and even the EEA for legitimate business needs or to comply with legal or regulatory obligations. Where this occurs, we will take all steps necessary to ensure that it is treated in accordance with this notice and the relevant data protection regulations. If we do, you can expect a similar degree of protection in respect of your personal information.
7. Your Rights
You have the following rights with respect of our processing of your personal data:
(a) Request copy of personal data we hold about you – You may request access to the personal data that we store about you;
(b) Erasure of personal data – Under certain circumstances, such as when you have revoked your previously given consent and there is no other legal ground available for us to process your personal data, you may request to have your personal data erased. In some cases, we may have the right to retain certain personal data despite your request of erasure;
(c) Correction - You have the right to request the correction of incomplete or incorrect personal data;
(d) Right to restriction and object to future processing - You are, under certain circumstances, entitled to restrict the processing of your personal data to only comprise storage of the personal data;
(e) Right to data portability - When personal data is processed on the basis of your consent or on the basis that the processing is necessary in order to perform under a contract with you, and provided that the personal data have been provided or generated by you, you are entitled to receive a copy of your personal data in a common machine-readable format;
(f) Rights in relation to automated decision-making, including profiling - You have the right to not be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects you. This right does not apply if the decision-making is necessary in order to perform under a contract with you, if the decision-making is permitted under applicable law or if you have provided your explicit consent;
(g) Refuse or change your marketing preferences – You may at any time ask us not to use your data for marketing purposes or change your preferences for marketing;
(h) Complaints to the supervisory authority – You are welcome to contact us with any enquiries and complaints that you may have regarding the processing of your personal data. You also have the right to lodge complaints pertaining to the processing of your personal data to the local Data Protection Authority.
8. How Long Will You Use my Information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
9. Data Security
We ensure appropriate security measures are in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
10. Changes to Your Privacy Notice
This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.
11. Further Information
Further information on privacy management or how you exercise your rights and any questions regarding this notice, or our use of your data, should be directed to your manager or [email protected]