FAIR PROCESSING NOTICE
Introduction
Beck & Pollitzer Group and our associated companies (the "Company", "we", "our" or "us") hold and process data on all current and former employees, workers, individual contractors, contingent workers, applicants, interview candidates, interns, agency workers, consultants, directors, members (i.e. partners), and third parties whose information you provide to us in connection with the employment relationship (e.g. next-of-kin, emergency contact information and/or dependents). ("staff" or "you" or "your").
We take your data protection rights and our legal obligations seriously. Your personal data will be treated in a secure and confidential manner and only as set out below.
The following Fair Processing Notice describes the categories of personal data we may process, how your personal data may be processed and how your privacy is safeguarded in the course of our relationship with you. It is intended to comply with our obligations to provide you with information about the Company's processing of your personal data under privacy laws. It does not form part of your contract of employment or engagement.
If you have any questions regarding the processing of your personal data or if you believe your privacy rights have been violated, please contact your local Human Resources contact or, where applicable, your data protection lead – Please contact Human Resources should you need the name of the Data Protection Lead where applicable If you are aware of an unauthorised disclosure of data, please refer to the reporting requirements in the Global Privacy Policy on our website.
Processing of personal data
The Company collects and processes your personal data for the purposes described in this Fair Processing Notice. As set out in our Global Privacy Policy, personal data means any information describing or relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
The relevant associated company of the Company identified in your employment contract or contract for services will be the data controller of your personal data. In addition, where processing of personal data is undertaken by other associated companies of the Company for their own independent purposes, these associated companies may be joint controllers of your personal data.
What data do we process?
Personal data
We may collect various types of personal data about you for the purposes described in this Fair Processing Notice including:
· Staff related data: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, gender, nationality, second nationality, civil/marital status, date of birth, age, home contact details (e.g. address, telephone number, e-mail), national ID number, immigration and eligibility to work data, languages spoken; next-of-kin/dependent contact information;
· Data related to your engagement with the Company: work contact details (e.g. address, telephone number, e-mail), work location default hours, default language, time zone and currency for location, your worker ID and various system IDs, your performance review information, your work biography, your reporting line, your employee/contingent worker type, your hire/contract begin and end dates, your cost centre, your job title and job description, your working hours and patterns, whether you are full or part time; your termination/contract end date; the reason for termination; your last day of work; exit interviews, references, status (active/inactive/terminated); position title; the reason for any change in job and date of change; your benefit coverage start date;
· Recruitment data: qualifications, references, CV and application, interview and assessment data, vetting and verification information;
· Regulatory data: records of your registration with any applicable regulatory authority, your regulated status and any regulatory references;
· Remuneration and benefits data: your remuneration information (including salary/hourly plan/contract pay information as applicable, allowance, bonus and merit plans), bank account details, grade, social security number, tax information, third party benefit recipient information;
· Leave information: absence records (including dates and categories of leave/time-off), holiday dates and information related to family leave;
· HR processes data: allegations, investigations and proceeding records and outcomes, colleague and manager feedback, appraisals, talent programmes, formal and informal performance management processes, flexible working processes, restructure and redundancy plans, consultation records, selection and redeployment data, health and safety audits, risk assessments, incident reports, data relating to training and development needs or training received;
· Monitoring data (to the extent permitted by applicable laws): Closed Circuit television footage, system and building login and access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters; and
· Employee claims, complaints and disclosures data - termination arrangements and payments, subject matter of employment based litigation and complaints, employee involvement in incident reporting and disclosures.
Certain additional information may be collected where this is necessary and permitted by local applicable laws.
Special categories of personal data
To the extent permitted by applicable laws the Company may also collect and process a limited amount of personal data falling into special categories, sometimes called “sensitive personal data”. This term includes information relating to such matters as racial or ethnic origin, religious beliefs, physical or mental health (including details of accommodations or adjustments), certain maternity/adoption information, trade union membership, sexual orientation, information regarding sexual life, biometric data, genetic data, criminal records and information regarding criminal offences or proceedings.
How does the Company collect data?
The Company collects and records your personal data from a variety of sources, but mainly directly from you. You will usually provide this information directly to your managers or local Human Resources contact or your participation in HR processes, emails you send or through verbal information which may be recorded). In addition, further information about you will come from your managers or Human Resources.
We may also obtain some information from third parties, for example, references from a previous employer, medical reports from external professionals, tax authorities, benefit providers or where we employ a third party to carry out a background check (where permitted by applicable law).
In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, Closed Circuit television, telephone logs and recordings and email and Internet access logs), if and to the extent permitted by applicable laws. In these circumstances, the data may be collected by the Company or a third party provider of the relevant service. This type of data is generally not accessed on a routine basis but access is possible. Access may occur, for instance, in situations where the Company is investigating possible violations of Company policies such as those relating to travel and expense reimbursement, use of the telephone system and the Internet, or employee conduct generally, or where the data are needed for compliance or billing purposes. More frequent access to such data may occur incidental to an email surveillance program, if and to the extent permitted by applicable laws.
Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated. Failure to provide any mandatory information will mean that we cannot carry out certain HR processes. For example, if you do not provide us with your bank details, we will not be able to pay you. In some cases it may mean that we are unable to continue with your employment or engagement as the Company will not have the personal data we believe to be necessary for the effective and efficient administration and management of our relationship with you.
Apart from personal data relating to yourself, you may also provide the Company with personal data of third parties, notably your dependents and other family members, for purposes of HR administration and management, including the administration of benefits and to contact your next-of-kin in an emergency. Before you provide such third party personal data to the Company you must first inform these third parties of any such data which you intend to provide to the Company and of the processing to be carried out by the Company, as detailed in this Fair Processing Notice.
What is the purpose for which data are processed?
Your personal data are collected and processed for various business purposes, in accordance with applicable laws and any applicable collective bargaining agreements. Data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g., in investigations or disciplinary proceedings).
We may collect and process your personal data for various purposes, including:
a. Recruitment, training, development, promotion, career and succession planning and business contingency planning;
b. Appropriate vetting for recruitment and team allocation including, where relevant and appropriate credit checks, right to work verification, identity fraud checks, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and professional qualifications;
c. Providing and administering remuneration, benefits and incentive schemes and reimbursement of business costs and expenses and making appropriate tax and social security deductions and contributions;
d. Allocating and managing duties and responsibilities and the business activities to which they relate, including business travel;
e. Identifying and communicating effectively with staff;
f. Managing and operating appraisal, conduct, performance, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions;
g. Consultations or negotiations with representatives of staff;
h. Conducting surveys for benchmarking and identifying improved ways of working and employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results);
i. Processing information about absence or medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and conduct related management processes;
j. For planning, managing and carrying out restructuring or redundancies or other change programmes including appropriate consultation, selection, alternative employment searches and related management decisions;
k. Complying with reference requests where the Company is named by the individual as a referee;
l. Operating email, IT, internet, social media, HR related and other company policies and procedures. To the extent permitted by applicable laws, the company carries out monitoring of the Company's IT systems to protect and maintain the integrity of the Company's IT systems and infrastructure; to ensure compliance with the Company's IT policies and to locate information through searches where needed for a legitimate business purpose;
m. Satisfying its regulatory obligations to supervise the persons employed or appointed by it to conduct business on its behalf, including preventing, detecting and investigating a wide range of activities and behaviours, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities;
n. Protecting the private, confidential and proprietary information of the Company, its employees, its clients and third parties;
o. Complying with applicable laws and regulation (for example maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulation to which the Company is subject in the conduct of its business);
p. Monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws;
q. Planning, due diligence and implementation in relation to a commercial transaction or service transfer involving the Company that impacts on your relationship with the Company for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules;
r. For business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images;
s. To operate the relationship with third party customer and suppliers including the disclosure of relevant vetting information in line with the appropriate requirements of regulated customers to those customers, contact or professional CV details or photographic images for identification to clients or disclosure of information to data processors for the provision of services to the Company;
t. Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances;
u. To support HR administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement;
v. To change access permissions;
w. To provide technical support and maintenance for HR information systems;
x. To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you;
y. To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country;
z. Other purposes permitted by applicable laws, including legitimate interests pursued by the Company where these are not overridden by the interests or fundamental rights and freedoms of staff.
Additional information regarding specific processing of personal data may be notified to you locally or as set out in applicable policies.
In particular, additional details of IT monitoring and management of confidential information are set out in the Company's specific policies.
Legal bases for processing
Processing personal data
Where applicable data protection laws require us to process your personal data on the basis of a specific lawful justification, we generally process your personal data under one of the following bases:
- the processing is necessary for the legitimate interests pursued by the Company (being those purposes described in the section above), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
- the processing is necessary for compliance with a legal obligation to which the Company is subject; or
- the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract.
We may on occasion process your personal data for the purpose of the legitimate interests pursued by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Processing special categories of personal data or sensitive data
The sensitive or special categories of personal data that may be processed by the Company are set out in this Fair Processing Notice.
Where applicable data protection laws require us to process such special categories of personal data on the basis of a specific lawful justification, we process the same under one of the following bases:
- the processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or the Company in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
- the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
- the processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency); or
- the processing is necessary for the establishment, exercise or defence of legal claims.
This may include the following, although this is not an exhaustive list:
- documentation such as work permits, details of residency, proof of citizenship will be processed to assess and review eligibility to work for the Company in the jurisdiction in which you work;
- your racial or ethnic origin, religion, philosophical or political belief, sexual orientation or disability status may be used for the collection of statistical data subject to local laws, or where required to record such characteristics to comply with equality and diversity requirements of applicable local legislation or to keep the Company’s commitment to equal opportunity under review;
- health and medical information may be used to comply with employment, health and safety or social security laws. For example to provide statutory incapacity or maternity benefits, avoid breaching legal duties to you, to ensure fair and lawful management of your employment, avoid unlawful termination of your employment, to administer the Company’s private medical and long term disability schemes, to make reasonable accommodations or adjustments and avoid unlawful discrimination or dealing with complaints arising in this regard;
- trade union membership may be recorded to ensure that you receive any relevant rights that you may have in connection with any Trade Union membership, as required to enable us to meet our obligations under employment law;
- information regarding your racial or ethnic origin, religion, philosophical or political belief, sexual orientation, sexual life and sexual orientation may be used in the event of a complaint under the Company's grievance, whistleblowing, anti-bullying and harassment or similar policies where such characteristics or information are relevant to the particular complaint, in order to comply with employment law obligations.
We may seek your consent to certain processing which is not otherwise justified under one of the above bases. If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from the Company.
Processing data relating to criminal convictions and offences
Personal data relating to criminal convictions and offences will only be processed where authorised by applicable laws.
For example:
- a criminal record check may be carried out on recruitment or transfer where authorised by applicable laws; or
- an allegation of a criminal offence or conviction arising during your relationship with the Company may be processed where required or authorised. For example, where we have a legal or regulatory requirement to report an offence or applicable laws authorise the Company to process information about the offence for the purpose of making decisions regarding your relationship with the Company.
Automated decision making and profiling
Beck and Pollitzer Group do not use any automated decision making and profiling tools.
Retention of personal data
The Company endeavours to ensure that personal data are kept as current as possible and that irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable. However, some personal data may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
We will generally retain your personal data only so long as it is required for purposes for which it was collected. This will usually be the period of your employment/contract with us plus the length of any applicable statutory limitation period following your departure, although some data, such as pension information, may need to be kept for longer. We may keep some specific types of data, for example, tax records, for different periods of time, as required by applicable law.
Access to data
Within the Company, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to:
- local, regional and global Human Resources, including managers and team members;
- local, regional and executive management responsible for managing or making decisions in connection with your relationship with the Company or when involved in an HR process concerning your relationship with the Company (including, without limitation, staff from Compliance, Legal, Employee Relations and Information Security);
- system administrators; and
- where necessary for the performance of specific tasks or system maintenance by staff in the Company teams such as the Finance and IT Department and the Global HR team.
Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other employees. The security measures in place within the Company to protect your data are set out below.
Your personal data may also be accessed by third parties whom we work together with (including companies that provide benefits on our behalf) and their associated companies and sub-contractors) for providing us with services, such as hosting, supporting and maintaining the framework of our HR information systems.
Personal data may also be shared with certain interconnecting systems such as local payroll and benefits systems. Data contained in such systems may be accessible by providers of those systems, their associated companies and sub-contractors.
Examples of third parties with whom your data will be shared include tax authorities, regulatory authorities, the Company's insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of the Company's benefits programs. The Company expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.
Where these third parties act as a "data processor" (for example a payroll provider) they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes. In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services.
In addition, we may share personal data with national authorities in order to comply with a legal obligation to which we are subject. This is for example the case in the framework of imminent or pending legal proceedings or a statutory audit.
Security of data
The Company uses a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.
The Company is committed to protecting the security of the personal data you share with us. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.
A number of the measures that we use to protect information are set out in the Global Privacy Policy which sets out the applicable Company policies, and is available on our website
If you are in possession of personal data of any kind (e.g. data collected in emails, address books, Excel spreadsheets or contained in curricula vitae or elsewhere) you must ensure that the data are kept in a safe place where unauthorised access cannot occur. Where data is retained in hard copy, storage in a locked drawer or cabinet, accessible only to authorised individuals, is generally the most effective means of securing the data. Where data is kept in electronic form, appropriate password protection and appropriately secured areas should be used.
Transfer of Personal Data
From time to time your personal data (including special categories of personal data) will be transferred to associated companies of the Company to process for the purposes described in this Fair Processing Notice.
These associated companies may be located within the European Union and elsewhere in the world. Personal data may also be transferred to third parties, as set out above.
As a result, your personal data may be transferred to countries outside of the country in which you work to countries whose data protection laws may be less stringent than yours.
The Company will ensure that appropriate or suitable safeguards are in place to protect your personal information and that transfer of your personal information is in compliance with applicable data protection laws. Where required by applicable data protection laws, the Company has ensured that service providers (including other Company associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant Company exporter. You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting your local Human Resources.
Your rights
Right to access, correct and delete your personal data
The Company aims to ensure that all personal data are correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address and bank accounts) are notified to the Company so that we can ensure that your data is up-to-date.
You have the right to request access to any of your personal data that the Company may hold, and to request correction of any inaccurate data relating to you. You furthermore have the right to request deletion of any irrelevant data we hold about you.
To correct/update certain information, you will need to contact your local Human Resources.
- Data portability - where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal data is processed by automatic means, you have the right to receive all such personal data which you have provided to the Company in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to restriction of processing - you have the right to restrict our processing of your personal data where:
- you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the data;
- where we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
- where you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether the Company has compelling legitimate grounds to continue processing.
Where personal data is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise or defence of legal claims.
- Right to withdraw consent - where you have provided us with your consent to process data, you have the right to withdraw such consent at any time. You can do this by (i) in some cases deleting the relevant data from the relevant HR system, where available (although note that in this case it may remain in back-ups and linked systems until it is deleted in accordance with our data retention policy) or (ii) contacting your local Human Resources contact.
- Right to object to processing justified on legitimate interest grounds - where we are relying upon legitimate interest to process data, then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the processing of your personal data infringes applicable law.
For further information regarding your rights, or to exercise any of your rights, please contact your local Human Resources contact or data protection lead.
Additional Fair Processing Notices
We may undertake certain processing of personal data which are subject to additional Fair Processing Notices and we shall bring these to your attention where they engage.
Notice of changes
The Company may change or update this Fair Processing Notice at any time.
Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated the Fair Processing Notice so that you know which information we process and how we use this information. This Fair Processing Notice was last updated and reviewed on 21th May 2018.