This notice explains what personal data (information) we hold about you, how we collect it and how we use and may share information about you during your employment and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a 'privacy notice') and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
1. WHO COLLECTS THE INFORMATION
Dodd Group Holdings Limited ('Company') is a 'data controller' and gathers and uses certain information about you. This information is also used by our affiliated entities and group companies, namely Dodd Group Ltd, Dodd Group (Midlands) Limited, Dodd Group (South) Limited and Dodd Group (Eastern) Limited (our 'group companies') and so, in this notice, references to 'we' or 'us' mean the Company and our group companies.
2. DATA PROTECTION PRINCIPLES
We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection Policy (DGQMS0262).
3. ABOUT THE INFORMATION WE COLLECT AND HOLD
The table set out in Schedule 1 summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.
We may also need to share some of the categories of personal information set out in Schedule 1 with other parties, such as external contractors and our professional advisers and potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulators or as required to comply with the law.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
4. WHERE INFORMATION MAY BE HELD
Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our Data Protection Policy (DGMS0262), a copy of which is available on Doddnet or otherwise on request from our Data Protection Officer by email at gdpr@doddgroup.com.
5. HOW LONG WE KEEP YOUR INFORMATION
We keep your information during and after your employment or other engagement for no longer than is necessary for the purposes for which the personal information is processed. Further details on this are specified in Schedule 1. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
6. YOUR RIGHTS TO CORRECT AND ACCESS YOUR INFORMATION AND TO ASK FOR IT TO BE ERASED
Your duty to inform us of changes
6.1 It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
6.2 Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
6.3 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer by email at gdpr@doddgroup.com.
No fee usually required
6.4 You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
6.5 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
7. KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
8. HOW TO COMPLAIN
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
M. C. Farmer - Director
SCHEDULE 1
| The information we collect | How we collect the information | Why we collect the information | How we use and may share the information |
|---|---|---|---|
| Your name, contact details (ie address, home and mobile phone numbers, email address) and emergency contacts (ie name, relationship and home and mobile phone numbers) | From you |
To enter into/perform our contract with you Legitimate interest: to maintain employment records and good employment practice |
To enter into/perform our contract with you. Information shared with our payroll administrators "Baldwin & Co" and any other professional bodies that we may engage. Other Government agencies as required by law. |
| Details of salary and benefits, bank/building society, National Insurance and tax information, and your date of birth | From you |
To perform our contract with you, including making payments to you and providing benefits Legitimate interests: to maintain employment or other records and to comply with legal, regulatory and corporate governance obligations and good practice |
To ensure you receive the correct pay and benefits Information shared with our payroll administrators Baldwin & Co and with HM Revenue & Customs (HMRC). Other Government Agencies as required by law. Clients for open book contracts. |
| Details of your spouse/partner and any dependants | From you | To perform our contract with you including employment-related benefits, eg private medical insurance, life assurance and pension |
To ensure you receive the correct pay and benefits Information shared with our Life Insurance Provider |
| Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information | From you and, where necessary, the Home Office |
To enter into/perform our contract with you To comply with our legal obligations Legitimate interest: to maintain employment records |
To carry out right to work checks Information may be shared with the Home Office |
| A copy of your driving licence | From you |
To perform our contract with you To comply with our legal obligations To comply with the terms of our insurance |
To ensure that you have a valid driving licence Information may be shared with our insurer |
| Details of your pension arrangements, and all information included in these and necessary to implement and administer them | From you, from our pension administrators RT Hulme and (where necessary) from your own pension fund administrators |
To perform the employment contract including employment-related benefits To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice |
To administer your pension benefits AND/OR To comply with our auto-enrolment pension obligations Information shared with our pension administrators RT Hulme our Pension Providers "Standard Life" and with HMRC and any other Government Agencies as required by law |
| Information in your sickness and absence records (including sensitive personal information regarding your physical and/or mental health) | From you, from your doctors, from medical and occupational health professionals we engage and from our insurance benefit administrators J.I.B, UNEM |
To perform our contract with you including regarding any employment-related benefits To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good practice, to ensure safe working practices |
To maintain employment records, to administer sick pay entitlement, to follow our policies and to facilitate employment-related health and sickness benefits To comply with our legal obligations to you as your employer Information shared with your doctors, with medical and occupational health professionals we engage and with our insurance benefit administrators and our payroll administrators "Baldwin & Co" |
| Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs | From you | To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment) | To comply with our equal opportunities monitoring obligations and to follow our policies |
| Criminal records information, including the results of Disclosure and Barring Service (DBS) checks | From you and the DBS |
To perform our contract with you To comply with our legal obligations For reasons of substantial public interest (preventing or detecting unlawful acts, suspicion of terrorist financing or money laundering in the regulated sector and protecting the public against dishonesty) |
To carry out statutory checks Information shared with DBS and other regulatory authorities as required |
| Your trade union membership | From you or your trade union |
To perform our contract with you To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good practice |
For staff administration and to pay trade union premiums and register the status of a protected employee Information shared with your trade union |
| Information on grievances raised by or involving you | From you, from complainants, from witnesses and from managers or third parties we may engage in relation to investigating and/or presiding over the grievance procedure |
To perform the employment contract To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good practice |
For staff administration, to follow our policies and to deal with grievance matters Information shared with relevant employees or other complainants or witnesses, HR personnel and with employees or third parties we may engage |
| Information on conduct issues involving you | From you, from complainants, from witnesses and from managers or third parties we may engage in relation to investigating and/or presiding over a disciplinary procedure |
To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices |
For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary matters Information shared with relevant witnesses, HR personnel and with employees or third parties we may engage |
| Details of your appraisals and performance reviews | From you, from other employees and from third parties we may engage in relation to the appraisal/ performance review process |
To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices |
For staff administration and assessments, to follow our policies, to monitor staff performance Information shared with relevant managers, HR personnel and with third parties we may engage |
| Details of your performance management/improvement plans (if any) | From you, from other employees and from managers or third parties we may engage in relation to any performance management process |
To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices |
For staff administration and assessments, to follow our policies and to monitor staff performance Information shared with relevant managers, HR personnel and with third parties we may engage |
| Information regarding your work output | From timesheets submitted by you or reports submitted by your line manager |
To perform our contract with you Legitimate interests: to maintain work records |
For payroll and staff administration and assessments, to follow our policies and to monitor staff performance and attendance Information shared with relevant managers, HR personnel and with third parties we may engage, and with our payroll administrators Baldwin & Co |
| Information in applications you make for other positions within our organisation | From you |
To enter into/perform our contract with you To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good practice |
To process the application Information shared with relevant managers, HR personnel and with third parties we may engage |
| Information about your use of our IT, communication and other systems | Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephones, voicemail, mobile phone records. |
Legitimate interests: to monitor and manage staff access to our systems and facilities Information shared with relevant managers, HR personnel and with consultants we may engage to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage to ensure our business policies, such as those concerning security and internet use, are adhered to for operational reasons, such as maintaining employment records, recording transactions, training and quality control to ensure that commercially sensitive information is kept confidential to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with for security vetting and investigating complaints and allegations of criminal offences for statistical analysis to prevent unauthorised access and modifications to our systems as part of investigations by regulatory bodies, or in connection with legal proceedings or requests |
To protect and carry out our legitimate interests (see adjacent column) |
| Details of your use of business-related social media, such as LinkedIn | From relevant websites and applications |
Legitimate interests: to monitor and manage staff access to our systems and facilities to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage to ensure our business policies, such as those concerning security and internet use, are adhered to for operational reasons, such as maintaining employment records, recording transactions, training and quality control to ensure that commercially sensitive information is kept confidential to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with for security vetting and investigating complaints and allegations of criminal offences as part of investigations by regulatory bodies, or in connection with legal proceedings or requests |
To protect and carry out our legitimate interests (see adjacent column) Information shared with relevant managers, HR personnel and with consultants we may engage |
| Your use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation; you will be notified separately if this is to occur) | From relevant websites and applications |
Legitimate interests: to monitor and manage staff access to our systems and facilities to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage to ensure our business policies, such as those concerning security and internet use, are adhered to for operational reasons, such as maintaining employment records, recording transactions, training and quality control to ensure that commercially sensitive information is kept confidential to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with for security vetting and investigating complaints and allegations of criminal offences as part of investigations by regulatory bodies, or in connection with legal proceedings or requests |
To protect and carry out our legitimate interests (see adjacent column) Information shared with relevant managers, HR personnel and with consultants we may engage |
| Details in references about you that we give to others | From your personnel records, our other employees |
To perform the employment contract To comply with our legal obligations Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice |
To provide you with the relevant reference To comply with legal/regulatory obligations Information shared with relevant managers, HR personnel and the recipient(s) of the reference |
| If you drive a work vehicle that you have been notified is installed with a tracking device, the location and speed of your work vehicle (if private use of the vehicle is permitted, then only during working hours, unless the theft or otherwise loss of the vehicle is known or suspected) | From a tracking device |
Legitimate interests: to monitor and facilitate the efficient distribution of resources to ensure that our policies regarding vehicle use are complied with to maintain the security of vehicles and their contents and the safety of their operators |
To protect and carry out our legitimate interests (see adjacent column) Information shared with relevant managers, HR personnel and, if required, our insurers |
| Information regarding your academic and professional qualifications (Technical training) (Health & Safety Training) | From you and relevant training bodies |
Legitimate interests: to monitor and facilitate the efficient distribution of resources to verify the qualification information provided by you. |
To protect and carry out our legitimate interests to ensure correct job allocation to technical capability to ensure your continued health, safety & welfare. Information shared with clients relevant to specific projects. Information shared with potential clients at bid stage. |