PRIVACY NOTICE FOR EMPLOYEES AND POTENTIAL EMPLOYEES OF SQUARE ONE – MAY 2018
Square One Resources Limited (“Square One”) is committed to protecting and respecting your privacy.
This policy sets out the basis on which your personal data will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how it will be treated by us.
For the purpose of the General Data Protection Regulations (the “Regulations”) the data controller is: Square One Resources Limited (company registration number 03110911) of 6 Devonshire Square, London, EC2M 4YE.
Square One are not required by the GDPR to have a Data Protection Officer, however, for any queries relating to your data, please direct your queries to Paul Savill, CFO, who will be able to deal with your query, or redirect to the appropriate person in Square One’s Data Protection team. Both Paul and the Team are contactable through the dedicated email address: email@example.com (or if you are an employee – just walk over or give us a call!).
DATA PRIVACY PRINCIPLES
The core data privacy principles below are the foundation of this policy:
Lawfulness, fairness and transparency
Square One shall process personal information fairly, and in accordance with this policy and applicable laws.
Square One will take all reasonable steps to ensure that personal information is accurate and complete and will rectify or erase any incorrect personal information without delay.
Square One will ensure that personal information collected is for specified, explicit and legitimate purposes and only to the extent necessary to fulfil those purposes.
Square One will only keep personal data for as long as is necessary to fulfil the purposes for which it was collected or to comply with applicable law/for tax purposes/for Government or regulatory requirements.
All personal information collected will be processed in a secure manner.
PURPOSE AND LAWFUL BASIS OF PROCESSING
This policy is intended to be relevant to those individuals that are looking to be/are/were employees of Square One. If this is not you, please refer to the relevant policy.
If this is the relevant policy for you, Square One will be acting as the employer and we will need to take those reasonable and legal steps to ensure that we comply with our obligations in that capacity. Our basis for “processing” your data will either be with your consent or in accordance with our legal obligations or legitimate business interests as your employer. These obligations will differ depending on what stage we are at with regard to your employment, but for reference, some categories have been set out below:
- In order to consider you for a position at Square One, we will need certain pieces of information from you at different stages of the process.
- At the initial stage (submission), information that we may process will include your contact details, CV and other information relating to your suitability for the particular role. This will have been provided to us with your consent. Without your consent to be submitted for a role with Square One, we will not accept any of your data from third parties (or you).
- If suitable, then we will be trying to get you in for an interview as soon as possible!
- If successful, we will need to send you a contract of employment and we may require further information from you, such as your address, email address and passport details.
- If you no longer wish to be considered for a role with Square One at any stage during these initial stages, you have the right to withdraw your consent and you can advise us how you want to handle any data we may hold (for example, if you simply decided that now wasn’t the right time to join, then we could keep your details for as long as you request, and contact you again in the future).
- Should you be unsuccessful this time with your application and you have not withdrawn your consent to us holding your data, we will retain your details for a period of approximately 5 years in the event that another suitable role becomes available.
- Firstly, congratulations and welcome to the family!
- You will have received a contract of employment together with a number of other standard documents that all employees are provided with.
- We will now require additional information from you either to comply with legal obligations on us as an employer or where it is reasonable for us to process such information in light of the employer-employee relationship. Some examples of such information are:
- A copy of your passport in line with local requirements.
- Your bank details and national insurance number.
- HR related records (appraisals, file notes) – for performance tracking to support your journey up the ranks!
- Medical records – in the event of an accident at work.
- Emergency contact details.
- Due to the fact that we may engage with other parties for certain aspects of your employment (such as pensions, insurance, etc.), we may need to forward relevant data to those parties. For the avoidance of doubt, we will only transfer data if it is reasonable and relevant to do so.
- Some information may be provided with your consent, but we will highlight these sections to you, which may include:
- Next of kin details.
- Diversity questionnaires.
- Dietary requirements (for the Christmas party for example!!)
- Where the employment relationship is terminated for whatever reason, most of your data will be deleted within a reasonable period of time, which in the ordinary course will be 12 months from such termination.
- Some data will be retained for longer, such as payment history, in order to comply with HMRC guidelines. At the time of drafting, guidelines would suggest that such data should be retained for 7 years.
- Some data may also be retained for a longer period of time in order to further legitimate business interests (for example, correspondence between you and a client or third parties). At the time of drafting, our policy is to retain such data for 6 years, unless there are extreme reasons for a longer period.
- Should there be additional grounds (for example, if there is an ongoing discussion with a client about a placement that you had made and the client is querying the services that the contractor provided) for a longer period of retention, then we will advise you of the same where this is reasonably practicable.
We will not transfer your data outside of the EEA, unless this is required by a third party, for example pension company or gym (as applicable). If this is the case, your prior consent will be obtained before any such transfer of your data. Where this does become necessary, we will inform you first. For the avoidance of doubt, we will only transfer your data outside of the EEA where we have made sure that appropriate safeguards are in place, including relevant contractual assurances being provided by the recipient in line with the Regulations. If required, we can provide you with copies of such assurances from the recipient.
Existence of data subjects rights
Under the Regulations, there are additional rights afforded to data subjects (i.e. you). For example, you may have the right:
- To be informed (which this Policy seeks to address);
- Of access to your data that we process and a copy thereof;
- To request rectification if data we hold is inaccurate;
- To be forgotten (subject to conditions);
- To request that the processing of data is restricted (subject to conditions);
- To request data be provided to you in a particular format (subject to conditions);
- To object to the processing of data (subject to conditions).
Automated decision making.
We are particular with our selection process. We take all reasonable steps to ensure that we have the right person join the team and will not rely on an “automated process” to determine who that is. We have a dedicated talent acquisition team that will review applications/CV’s/hand-written letters rather than a search engine.
Right to lodge a complaint
Please be assured that we will do all we can to ensure that your data is treated carefully, in accordance with this Policy and the Regulations. Should you feel that we have not done so at any stage, please let us know so that we can make the necessary adjustments or clarification. At first instance, if you send an email to firstname.lastname@example.org, we will aim to deal with your concerns as a matter of urgency. Should you feel that we have still not dealt with your concerns, or if you feel that it is serious enough, you have the right to make a complaint to the Information Commissioner. For further details, please see www.ico.org.uk.