Our recruitment process during COVID-19 Learn More

Privacy Policy

This non-contractual notice explains what personal data (personal information) we hold about you, how we collect it, and how we use and may share personal information during your employment and after it ends. Please ensure that you read this notice and any other similar notice we may provide to you from time to time.

Who collects the personal information

The Company is a ‘data controller’ and gathers and uses certain personal information about you.

Data protection principles

The data protection principles which we will apply when gathering and using personal information are that:

  • we will process personal information lawfully, fairly and in a transparent manner;
  • we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
  • we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
  • we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay;
  • we will keep personal information for no longer than is necessary for the purposes for which the information is processed; and
  • we will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

About the personal information we collect

A table summarising the personal information we collect and hold, how and why we do so, how we use it and with whom it may be shared is below. 

Personal information may be shared with other parties, such as group companies and/or affiliated companies, external contractors and our professional advisers (e.g. legal and financial advisors), HR advisors and payroll providers, and potential purchasers of some or all of our business or on a re-structuring. The recipient of the personal information will be bound by confidentiality obligations. We may also be required to share some personal information to comply with the law. We seek to ensure that our personal information collection and processing is always proportionate. We will notify you of any material changes to personal information we collect or to the purposes for which we collect and process it.       

Where personal information may be held

Personal information may be held at our offices and third-party agencies, service providers, representatives and agents as described above and in cloud based IT services. In the event that we use cloud based IT services, personal information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in the UK. We have security measures in place to seek to ensure that there is appropriate security for personal information we hold.

How long we keep your personal information

We keep personal information during and after your employment for no longer than is necessary and in the majority of cases for no more than 6 years after the end of your employment.

Your rights to correct and access your personal information and to ask for it to be erased

Please contact our Data Protection Contact Tricia Scott, Regional Operations Manager if (in accordance with applicable law) you would like to correct or request access to personal information that we hold or if you have any questions about this notice. You also have the right to ask our Data Protection Contact for some, but not all, of the personal information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing personal information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at ico.org.uk/concerns/or telephone: 0303 123 1113for further information about your rights and how to make a formal complaint.

Key to table below

  • Access – to monitor/manage staff access to our systems and to record staff absences
  • GEP– to maintain employment records and for good employment practice
  • Insurance- to comply with the terms of our insurance
  • LO– to ensure compliance with legal and/or regulatory obligations
  • Medical Professional– your doctors and other medical/occupational health professionals
  • Policies– to ensure compliance with our policies, such as EOP and sickness absence
  • Protect – to protect our networks and personal data of employees and customers/clients
  • PTC– to enter into/perform the contract
  • Personnel– relevant managers, HR, professional advisors, payroll and consultants
  • SA– for staff administration
  • SPI- for reasons of substantial public interest(e.g. equality opportunities)
  • SWP– to ensure safe working practices
The information we collect How we collect the information Why we collect the information (including legitimate interest) How we use and may share the information
Your name, contact details (including emergency contact), other employment records ☐ From you PTC, GEP  PTC, SA Share: Personnel  (name also shared with clients or customers and potential clients and customers)
Financial details (e.g. salary, benefits, bank, NI, tax information), your spouse/partner, dependants and your age ☐ From you PTC, GEP  PTC Share: Personnel, HMRC, our bank
Your qualifications and any professional status ☐ From you PTC, GEP   PTC Share: Personnel, clients (if required)
Your nationality and immigration status and information from related documents (e.g. passport) ☐ From you, the Home Office (if required) PTC, GEP  PTC Share: Personnel, the Home Office (if required)
A copy of your driving licence if required by your role ☐ From you, the DVLA portal  PTC, GEP, Insurance PTC Share: Personnel, our insurers, any penalties/banning check provider
Pension arrangements and all information necessary to implement and administer them ☐ From you, pension administrators  PTC PTC Share: Personnel, pension administrators, HMRC
Sickness and absence records (including sensitive personal information regarding your physical and/or mental health) ☐ From you, Medical Professionals, any insurance benefit administrators PTC, GEP and SWP PTC, LO Share: Personnel, Medical Professionals, any insurance benefit administrators*
Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs From you LO, SPI  SPI and Policies*
Trade Union (TU) membership  From you, your TU PTC, GEP PTC Share: Personnel, your TU
Information on grievances & conduct issues  From you, other employees, consultants, any interested third parties  PTC, LO, GEP, SWP PTC Share: Personnel, any interested third parties (if appropriate)
Details of your performance (e.g. appraisals)  From you, other employees, consultants PTC, LO, GEP, SWP PTC Share: Personnel 
Time and attendance records (including biometric data where the system requires this*) From you, any time recording system PTC, access  PTC Share: Personnel 
Your use of our systems and your actions in and around the work place Websites,applications, other technical systems (e.g. CCTV, phone, email, internet)  PTC, Access, Protect,       Policies, operational reasons, statistical analysis See adjacent column Share: Personnel, any interested third parties
Your use of public social media (only in very limited circumstances to check specific risks for specific functions within our organisation) and any business related social media (e.g. LinkedIn) Websites, applications PTC, protect our external reputation, adherence to restrictions and policies See adjacent column Share: Personnel 
Photographs From you  ID documents, marketing  PTC, promote the company Share: website, promotional material
Details in references about you that we give to others From your personnel records, other employees PTC, LO, GEP To provide a reference Share: Personnel and the recipient(s) of the reference


You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked ‘☐’ above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits and to administer statutory payments such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, make these payments or provide these benefits.

*Sensitive Personal Information

Before processing any sensitive personal information, staff must notify the Data Protection Contact of the proposed processing, in order that the Data Protection Contact may assess whether the processing complies with the special conditions for processing sensitive personal information.