Skip to content Skip to sidebar Skip to footer

Staff Privacy Notice

CategoryInformation Security/GDPR
Version1.0
  

Document Control

OrganisationNewell & Wright
TitleStaff Privacy Notice
AuthorRob Bielby
FilenameStaff Privacy Notice V1.0
OwnerMike Barley, Maxine Hardman
SubjectData Compliance How the staff and the business protects data
Review date30/04/2025

Revision History

Revision DateVersion NumberRevised ByDescription of Revision
26/03/2024V1.0Rob BielbyInitial Draft
03/05/2024V1.1Mike BarleyFinal
    
    
    
    
    
    

Document Distribution

This document will be distributed to:

NameJob TitleEmail Address / Location
All employees of Newell & Wright  
   
   
   
   
   

Table of Contents

Introduction

Staff Privacy Notice. 4

How do we get your information. 4

What personal data we process and why. 5

Information relating to your performance and training. 6

Information relating to monitoring. 6

Information relating to your health and wellbeing and other special category data. 6

Lawful basis for processing your personal data. 6

Special category data. 7

Criminal convictions and offences. 7

How long we keep your personal data. 7

Data Sharing. 7

Do we use any data processors?. 7

Transfers of personal data. 8

Whistleblowers. 8

Equal opportunities monitoring. 8

Workforce Development and Planning. 8

Occupational health. 8

Trade Union Membership. 8

Monitoring of staff 9

Security clearance. 9

Security passes. 9

CCTV. 9

Requests for references. 9

Annex A – Data Processors. 9

DataProcessor   Purpose    Privacy Notice. 10-11

Staff Privacy Notice

As an employer Newell & Wright must meet its contractual, statutory and administrative obligations. We are committed to ensuring that the personal data of our employees is handled in accordance with the principles set out in the Commissioner’s Guide to Data Protection.

This privacy notice tells you what to expect when Newell & Wright collects personal information about you. It applies to all employees, ex-employees, agency staff, contractors, secondees and non-executive directors. However, the information Newell & Wright process about you will vary depending on your specific role and personal circumstances.

Newell & Wright is the controller for this information unless this notice specifically states otherwise. Details of our Data Protection Officer can be found here. This notice should be read in conjunction with our global privacy notice and our other corporate policies and procedures. When appropriate, we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.

In this notice

  • How do we get your information
  • What personal data we process and why
  • Lawful basis for processing your personal data
  • How long we keep your personal data
  • Data sharing
  • Do we use any data processors
  • Your rights in relation to this processing
  • Transfers of personal data
  • Further information

How do we get your information

We get information about you from the following sources:

  • Directly from you.
  • From an employment agency.
  • From your employer if you are a secondee.
  • From referees, either external or internal.
  • From security clearance providers.
  • From Occupational Health and other health providers.
  • From Pension administrators and government departments, for example tax details from HMRC.
  • From your Trade Union if applicable.
  • From providers of staff benefits.
  • Occasionally CCTV images are captured by our landlords on or taken using our own CCTV systems.

What personal data we process and why

We process the following categories of personal data:

Information related to your employment

We use the following information to carry out the contract we have with you, provide you access to business services required for your role and manage our human resources processes. We will also use it for our regulatory purposes in our role as a supervisory authority.

  • Personal contact details such as your name, address, contact telephone numbers (landline and mobile) and personal email addresses.
  • Your date of birth, gender and NI number.
  • A copy of your Drivers licence, passport or similar photographic identification and /or proof of address documents.
  • Marital status.
  • Next of kin, emergency contacts and their contact information.
  • Employment and education history including your qualifications, job application, employment references, right to work information and details of any criminal convictions that you declare.
  • Location of employment.
  • Details of any secondary employment, political declarations, conflict of interest declarations or gift declarations.
  • Security clearance details including basic checks and higher security clearance details according to your job.
  • Any criminal convictions that you declare to us.
  • Your responses to staff surveys if this data is not anonymised.
  • Information related to your salary, pension and loans.

We process this information for the payment of your salary, pension and other employment related benefits.

We also process it for the administration of statutory and contractual leave entitlements e.g.

  • holiday or maternity leave.
  • Information about your job role and your employment contract including your start and leave dates, salary (including grade and salary band), any changes to your employment contract, working pattern (including any requests for flexible working).
  • Details of your time spent working and any overtime, expenses or other payments claimed, including details of any loans such as for travel season tickets.
  • Details of any leave including sick leave, holidays, special leave etc.
  • Pension details including membership of both state and occupational pension schemes (current and previous).
  • Your bank account details, payroll records and tax status information.
  • Trade Union membership for the purpose of the deduction of subscriptions directly from salary.
  • Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay. This includes forms applying for the relevant leave, copies of MATB1 forms/matching certificates and any other relevant documentation relating to the nature of the leave you will be taking.

Information relating to your performance and training

We use this information to assess your performance, to conduct pay and grading reviews and to deal with any employer / employee related disputes. We also use it to meet the training and development needs required for your role.

  • Information relating to your performance at work e.g. probation reviews, performance development reviews, promotions.
  • Grievance and dignity at work matters and investigations to which you may be a party or witness.
  • Disciplinary records and documentation related to any investigations, hearings and warnings/penalties issued.
  • Whistleblowing concerns raised by you, or to which you may be a party or witness.
  • Information related to your training history and development needs.

Information relating to monitoring

We use this information to assess your compliance with corporate policies and procedures and to ensure the security of our premises, IT systems and employees.

  • Information about your access to data held by us for the purposes of criminal enforcement if you are involved with this work.
  • Information derived from monitoring IT acceptable use standards.
  • Photos and CCTV images.

Information relating to your health and wellbeing and other special category data

We use the following information to comply with our legal obligations and for equal opportunities monitoring. We also use it to ensure the health, safety and wellbeing of our employees.

  • Health and wellbeing information either declared by you or obtained from health checks, eye examinations, occupational health referrals and reports, sick leave forms, health management questionnaires or fit notes i.e. Statement of Fitness for Work from your GP or hospital.
  • Accident records if you have an accident at work.
  • Details of any desk audits, access needs or reasonable adjustments.
  • Information you have provided regarding Protected Characteristics as defined by the Equality Act and s.75 of the Northern Ireland Act for the purpose of equal opportunities monitoring. This includes racial or ethnic origin, religious beliefs, disability status, and gender identification and may be extended to include other protected characteristics.

Lawful basis for processing your personal data

Depending on the processing activity, we rely on the following lawful basis for processing your personal data under the GDPR:

  • Article 6(1)(b) which relates to processing necessary for the performance of a contract.
  • Article 6(1)(c) so we can comply with our legal obligations as your employer.
  • Article 6(1)(d) in order to protect your vital interests or those of another person.
  • Article 6(1)(e) for the performance of our public task.
  • Article 6(1)(f) for the purposes of our legitimate interest.

Special category data

Where the information we process is special category data, for example your health data, the additional bases for processing that we rely on are:

  • Article 9(2)(b) which relates to carrying out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights.
  • Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent.
  • Article 9(2)(f) for the establishment, exercise or defence of legal claims.
  • Article 9(2)(j) for archiving purposes in the public interest.

In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018. This relates to the processing of special category data for employment purposes. Our Safeguards Policy provides further information about this processing.

Criminal convictions and offences

We process information about staff criminal convictions and offences. The lawful basis we rely on to process this data are:

  • Article 6(1)(e) for the performance of our public task. In addition, we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).
  • Article 6(1)(b) for the performance of a contract. In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1.

Our Safeguards Policy provides further information about this processing.

How long we keep your personal data

For information about how long we hold your personal data, see our retention schedule.

Data Sharing

In some circumstances, such as under a court order, we are legally obliged to share information. We may also share information about you with third parties including government agencies and external auditors.

For example, we may share information about you with HMRC for the purpose of collecting tax and national insurance contributions. Additionally, we are required under the Public Records Act 1958 (as amended) to transfer records to the National Archives (TNA) for permanent preservation. Some of these records may include the personal data of our current and former employees. Full consideration will be given to Data Protection and Freedom of Information legislation when making decisions about whether such records should be open to the public.

Do we use any data processors?

Yes – a list of our current data processors can be found at Annex A. Your rights in relation to this processing:

As an individual you have certain rights regarding our processing of your personal data, including a right to lodge a complaint with the Information Commissioner as the relevant supervisory authority.

For more information on your rights, please see ‘Your rights as an individual’.

Transfers of personal data

We don’t routinely transfer staff personal data overseas but when this is necessary, we ensure that we have appropriate safeguards in place.

Whistleblowers

Newell & Wright  has a policy and procedure in place to enable its current staff and ex-employees to have an avenue for raising concerns about malpractice.  If you wish to raise a concern please refer to ‘Speak up’ – Newell & Wright  whistleblowing policy and procedure. Information in this context is processed by us because it is necessary for our compliance with our legal obligations under the Public Interest Disclosure Act 1998 and The Public Interest Disclosure (Northern Ireland) Order 1998.

Although every effort will be taken to restrict the processing of your personal data and maintain confidentiality whether this is possible will be dependent on the nature of the concern and any resulting investigation.

Equal opportunities monitoring

Equal opportunities information provided by job applicants is attached to the relevant application when you apply for a role at the Newell & Wright.  This information is not made available to any staff outside our recruitment team (including hiring managers) in a way which can identify you. This information is anonymised after six months and retained for reporting purposes only.

Workforce Development and Planning

Our Workforce and Development and Planning department use online learning platforms such as Civil Service Learning for the facilitation of its work-related courses. Links to their privacy notices can be found in Annex A. We will share some information about you with these providers both prior to you joining Newell & Wright and during your employment to ensure you have the necessary access to complete training required for your role. We will also share information about you with our training providers. For example, this will include information such as your name, contact details and job role. When necessary, we will also share information about any dietary or access requirements that you might have when you attend training events.

Occupational health

During your employment you may be referred to occupational health following a request to HR by you or your line manager. This may result in a face-to-face consultation, a telephone appointment with an occupational healthcare professional and/or a medical report from a GP or our specialists.

The information you provide will be held by Newell & Wright’s Health Management partner, who will give us a fit to work certificate or a report with recommendations. A link to their privacy notice can be found in Annex A.

Trade Union Membership

There are no recognised unions at Newell & Wright but if there were then Newell & Wright would be Data Controllers for the personal information connected to any union membership.

Monitoring of staff

Some of our CCTV systems, at our premises are auditable and can be monitored, though we don’t do so routinely. We are committed to respecting individual users’ reasonable expectations of privacy concerning the use of our systems and equipment.  However, we reserve the right to log and monitor such use in line with our CCTV policy.  Any targeted monitoring of staff will take place within the context of our disciplinary procedures.

Security clearance

Basic security checks and / or advanced checks based on your role in line with the Baseline Personnel Security Standards and the Government Security Policy Framework are carried out by HMRC on our behalf.

Security passes

All staff are issued with a security pass that displays their name and photograph. Staff pass details (names and photographs) are held on a standalone machine controlled by Mike Barley and Josh Ashton and can only be accessed by them. Photographs are uploaded to Newell & Wright ‘s security card system by MB or JA. Should you lose your pass you will need to inform MB or JA for it to be cancelled. When you leave Newell & Wright your details are deleted as soon as possible from this system.

CCTV

We operate CCTV inside Newell & Wright premises to monitor access to certain areas of the office. Further information is available in our CCTV policy.

Additionally, staff working in Newell & Wright vehicles may be filmed by CCTV which is owned and operated by CameraMatics or owners of the premises or yards where vehicles are delivering or parked. Newell & Wright is not necessarily the data controller for this information.

Requests for references

If you leave, or are thinking of leaving, we may be asked by your new or prospective employers to provide a reference. For example we may be asked to confirm the dates of your employment or your job role. If you are still employed by us at the time the request for a reference is received we will discuss this with you before providing this.

Annex A – Data Processors

Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. Our current data processors are listed below and the list is updated when necessary.

DataProcessor   Cameramatics      Purpose   CCTV Management    Privacy Notice Yes          Privacy notice link   https://www.cameramatics.com/privacy-policy/    
CAP-ITIT ConsultantsNo 
WestfieldHealth CareYeshttps://www.westfieldhealth.com/about-us/trust/privacy-policy  
ProaktiveInsurance Brokers HR ConsultantsYeshttps://www.proaktive.co.uk/privacy-policy  
Civil Service LearningWork Related CoursesYeshttps://learn.civilservice.gov.uk/privacy  
Collingwood HealthOccupational HealthYeshttps://collingwoodhealth.com/privacy-notice/  
AvivaInsurersYeshttps://www.aviva.co.uk/services/about-our-business/products-and-services/privacy-policy/  
Pen UnderwritingInsurersYeshttps://www.penunderwriting.co.uk/privacy-policy  
QBE InsuranceInsurersYeshttps://www.qbe.com/privacy-policy  
Zurich InsuranceInsurersYeshttps://www.zurich.co.uk/privacy