Staff Privacy Notice
1.1 – As your employer, Longhurst Group (‘the Group’) needs to collect and process your personal identifiable information to fulfill its contractual obligations with you, along with meeting legal and regulatory requirements. This Privacy Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using your information fairly and in accordance with the requirements of the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018.
1.2 – We take your privacy seriously and this Privacy Notice explains the types of personal identifiable information we collect, use and store, and the reason why we do this. You or someone else may provide the personal information we process about you.
1.3 – By reading this Notice, you will understand what to expect when we process your personal information and the rights you have in relation to your information. This Notice applies to applicants, all current and former employees, including Staff, Directors, and Non-Executive Directors, volunteers, and apprentices, named emergency contacts, next of kin and your dependants.
1.4 – If you have any questions about how we use your personal information, the Group’s Data Protection Officer, Gregory Rogers, can be contacted at firstname.lastname@example.org or by telephone on 01205 592 027.
1.5 – This notice applies from 25 May 2018 and replaces any previous notices that we have published about how we collect, use and store your personal information for employment purposes. If we make any significant changes affecting how we use your personal identifiable information, we will make changes to this Privacy Notice, and we will contact you to inform you of these changes.
2.1 – Longhurst Group (‘the Group’) is a company limited by guarantee and registered with the Regulator of Social Housing (RSH). Where we refer to ‘we’ or ‘us’ in this Privacy Notice, we are referring to Longhurst Group and its subsidiaries.
2.2 – Longhurst Group is the Group parent of three subsidiaries, two of which are required to be registered with the Information Commissioner. Service delivery within the Group is governed and controlled by a series of intra group agreements that clearly set out the services to be provided by each company, we well as their rights and responsibilities and ensures the smooth running of the Group.
|Company Name||Information Commissioner Registration Number|
|Keystone Developments (LG) Limited||Z7833811|
As your employer, the Longhurst Group is the ‘data controller’ or ‘data processor’ for your information. A data controller decides how your information is used. A data Processor carries out the processing on the instructions of the data controller.
3.1 – We use a variety of personal identifiable information depending on your role with us. For example, colleagues, Board members or volunteers.
3.2 – Personal Information
- Contact details – name, address, email, home, and mobile telephone numbers;
- Age – date of birth;
- Identification – information to allow us to check your identity and your right to work in the UK;
- Photographs – information to record your identity and to use on staff name badges, information boards and, with your agreement, for publicity;
- National Insurance numbers – for pay and tax purposes;
- Financial Information – details of your salary, your bank account, pensions and benefits
- Details of your qualifications, skills, experience, interests and employment history, including start and end dates with previous employers, and within the Group;
- Employment details – your job title, role description, your contract and terms and conditions of employment, current employment status and details of any secondary employment or other positions you hold;
- References – from other employers and personal referees;
- Assessments of ‘fitness’ to hold an Executive or Non-Executive Director position.
Attendance at work records – including the nature, reasons and length of absence, records of attendance including time sheets with start/finish times;
- Performance Management records – including meeting notes of ‘one to one’ supervisory meetings, performance appraisal documents, details of capability processes and meetings, and related correspondence;
- Training records;
- Disciplinary and/or grievance records – including reports, outcomes, sanctions and related correspondence;
- Declarations of Interest – including other positions or responsibilities held, details of third parties with whom you have a connection, or a conflict of interest;
- Driver and vehicle records – including driving licence, vehicle maintenance checks, and driving convictions;
- CCTV recordings – for anyone on our premises or in our housing schemes;
- Telephone recordings – if you call our Service Centres or Income teams or you are a member of staff working in these areas;
- Audio recordings – in an emergency situation where a member of staff is at risk of harm or abuse;
- Geo-location data through lone working devices and company mobile phones;
- On-line computer identification (IP address) – when you access HR job application systems on line or our websites;
We may also collect the following information for other named drivers of company owned vehicles (eg your spouse or partner). This is required if you wish someone else to drive your company vehicle.
- Driving licence
- Details of driving offences.
We also collect details of your representatives and/or next of kin. You should check with your next of kin/representatives that they are happy for you to share this information with us.
- Contact details – address, phone numbers, e-mail address
- Relationship to you.
3.3 – Special categories of data
We also collect protected special category data:
- Medical or health information – including known disabilities, requirements for special adjustments, information from GPs or occupational health, sick notes, and any other associated correspondence
- Convictions – for roles where a Disclosure and Barring Service (DBS) check is required or for colleagues driving for business purposes;
- Equality Monitoring information – including ethnicity, nationality, sexual orientation, religious or similar beliefs
- Trade union membership status.
3.4 – You are asked to supply your personal identifiable information so that we can enter into a contract with you, ensure that obligations under a contract are fulfilled and to meet some of our legal or regulatory duties. Examples of why we use, store and collect your personal information include:
- To enter into, or ensure contractual obligations are fulfilled
- To keep you up to date about relevant employment benefits that are available to you
- To correctly pay you and deduct tax and National Insurance
- Comply with health and safety law
- Comply with the Companies Act
- Ensure the security and integrity of our ICT systems
- Prevent or detect fraud, theft or other misconduct
- For equality and regulatory reports and returns.
If you do not provide certain information when requested, this may mean that we cannot proceed with your application or fulfil the terms of the employment contract that you have entered into (for example, being able to pay you or providing an employment related benefit).
4.1 – Most of the time, the personal information we hold about you is information which you have provided to us yourself. Examples include:
- Job application forms or CVs
- Supplying copies of identity documents (eg passport, driving licence) at the start and periodically during your employment
- Directly from you during interviews, meetings, assessments
- From electronic systems used by you during your application and employment
- From CCTV and lone working monitoring devices which can record your location as well as conversations, for the prevention and detection of crime and to ensure the safety and security of our staff.
4.2 – We may also obtain information from third parties, such as previous employers, referees, the Disclosure and Barring Service for criminal records checks, your doctor, occupational health or other health professionals, government agencies (eg HMRC/DWP/Courts/DVLA). We also obtain information from your Line Manager and other colleagues.
5.1 – It is important that the personal information we hold about you is accurate and up to date. You must keep us informed if your personal information changes during your employment with us.
- Information on your use of our electronic systems such as e-mail, website, software applications and network files.
To enter into a contract of employment and to maintain our contractual obligations
- Contact details, employment history, educational details and qualifications, skills and references to assess your suitability for employment
- Details collected as part of any assessment for Directorships and Non-Executive Director positions as required by the Companies Act 2006
- Identification documents to prove your right to work in the UK
- Records from the Data and Barring service where this is required for your role
- Sickness records and information about your health and wellbeing, in order to assess you are fit for work, to ensure compliance with health and safety legislation
- Disability details to ensure compliance with health and safety legislation and to make reasonable adjustments to enable you to carry out your role
- Equality and diversity information – we collect this with your consent to monitor our obligation under the Equality Act 2010
We use your personal and special identifiable information in this way because it is necessary to meet the conditions set out in the contract/ agreement with you and/or to meet our legal or regulatory obligations or because we have your consent.
To manage and administer your employment under a contract with us
- Contact details
- Your salary and contract/or other formal agreement with us
- National Insurance number for payment and taxation purposes
- Sickness records and information about your health and wellbeing, in order to assess you are fit for work, to ensure compliance with health and safety legislation and where necessary to make reasonable adjustments to enable you to carry out your role
- Disability details to ensure compliance with health and safety legislation and to make reasonable adjustments to enable you to carry out your role
- With your consent, next of kin, or representative details to be able to contact them in an emergency such as where you are taken ill
- Details of driving offences to ensure that employees driving on our behalf are legally able to do so
- Details of performance appraisals or disciplinary records
- Training records and assessments to ensure compliance with company policies and support career development
- CCTV, telephone recordings, and location details and audio recording from lone working devices to manage employee conduct and performance
- Details of other positions or directorships held, potential conflict of interest, details of relationships to other staff or Board members.
We use your personal and special identifiable information in this way because it is necessary to meet the conditions set out in the contract/ agreement with you and/or to meet our legal and regulatory obligations and/or where it is fair for us to do so.
To carry out our duties under health and safety and to support employees
- Risk assessments including specific risk assessment for employees with a disability
- Lone working records – colleagues can activate their location and make voice recordings to protect themselves at work from verbal or physical assault
- Telephone recordings for protecting and monitoring staff in relation to verbal abuse
CCTV is in operation in our offices for the purposes of staff and public safety and for the prevention and detection of crime
We use your personal and special identifiable information in this way because it is necessary to meet the conditions set out to meet our legal and regulatory obligations in relation to health and safety, and/or for the prevention or detection of crime and/or where it is fair for us to do so.
To control and protect the Group’s ICT systems and to protect the company’s interests
- Security profile information based on your name and/or role or department to manage access and security of our ICT systems
- Where necessary, and in accordance with our ICT policies, and the Telecommunications (Lawful Business Practice), (interception of Communications) Regulations 2000, monitor access and usage of our ICT systems, including the internet, social media and email to manage employee conduct and/or to prevent fraud or other crime
We use your personal and special identifiable information in this way because it is necessary to meet our legal and regulatory obligations (complying with data protection legislation) and where it is in our legitimate interest to do so.
To monitor the Group’s performance
- We may use your name and contact details to carry out market research or employee satisfaction surveys to help us understand how we are performing and to meet our goals and objectives
- Telephone recordings for training and quality purposes
- Your personal details in relation to things like location and travel, salary, attendance, reasons for absence, training completion and costs, to perform statistical analysis to help us target and prioritise resources
We undertake this processing because it relates to your contract, to fulfill legal and regulatory obligations and/or because it is in our legitimate interests to do so.
To keep you informed
- Your name and position, and e-mail address (private and/or work), telephone number to communicate with you for operational purposes. We may communicate with you by text, email or post
- As above, to provide information about employee benefits
- We will either use our legitimate interest or obtain your consent before marketing other goods or services to you.
We use your personal information in this way in order to fulfill the requirements of the contract between us and because it is in our legitimate interests to do so.
To meet legal and regulatory requirements
- Analysing equality and diversity information to ensure our compliance with the Equality Act and employment law
- Tax, national insurance and pension details to ensure we meet our legal obligations
- To comply with court orders to provide information and to implement financial orders such as money judgements.
- To provide information to police and other statutory authorities such HMRC and DWP for the prevention and detection of crime and for the purposes of identifying fraud
- To meet monitoring and regulatory requirements of organisations. Examples of this are the Health and Safety Executive, Regulator of Social Housing, Care Quality Commission.
7.1 – We only use your personal identifiable information where that is permitted by the laws that protect your privacy rights. This will be where:
- we need to use the information to comply with our legal obligations
- we need to use the information to perform a contract with you and/or
- it is fair to use the personal identifiable information either in our interests or someone else’s interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services, market to you, or collaborate with others to improve our services;
- to protect your vital interests or those of others
- where we need to seek your consent (if consent is needed).
7.2 – Where we have your consent, you have the right to withdraw it.
7.3 – Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
- we have a legal obligation to do so (for example to protect vulnerable people)
- it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises)
- necessary in relation to employment including assessing medical fitness for work
- it is in the substantial public interest
- it is necessary for the establishment, exercise or defence of legal claims
- it is necessary for the prevention or detection of crime
- it is necessary for insurance purposes
- you have specifically given us ‘affirmative’ consent to use the information.
8.1 – We will share your personal information within Longhurst Group (including member companies) as part of recruitment and where we need to do so to fulfill our contractual and employment obligations, promote relevant products, services, and events to you. We will also share information with others to meet or enforce a legal obligation. In some circumstances, this could include sharing information with our legal representatives, insurers, or the police for the prevention and detection of crime, such as fraud. We may also share your information where it is fair and reasonable for us to do so.
8.2 – Where we have a lawful basis for doing so, we will not always require your consent to share your information. For example where we have a legal obligation or in relation to your employment contract. We may also share information without your consent when ordered to do so by a court, to prevent or detect crime, and to protect an individual from harm.
We may share your information with the following:
- Department for Work and Pensions (DWP)
- HM Revenue and Customs (HMRC)
- Disclosure and Barring Service (DBS)
- Companies House
- Education and Skills Funding Agency
- Police forces
- Your pension provider
- Occupational health teams or other medical professionals
- Providers of employee benefit packages
- Our insurers to manage claims
- Internal or External Auditors
- Training and conference providers
- Prospective employers through references
- Third parties providing services on our behalf. For example:
- mailing companies distributing letters/information to you on our behalf
- research companies carrying out employee satisfaction surveys
- IT suppliers hosting or supplying a service or applications to us
- Internally within the People Services, Payroll, Training, Finance or ICT teams, and your Line Manager
The Group is required by law to share your personal information with any gaining organisation under TUPE when transferring a contract.
Longhurst Group will never sell your personal information to third party organisations for marketing purposes.
9.1 – We may need to transfer your information outside the UK to companies, service and software providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area, such as the USA.
We will only do this where appropriate safeguards are in place to protect your information. For example, in the USA, Privacy Shield. Where we do this any personal identifiable information will be limited and we will communicate to you where it is stored.
The Group currently uses MailChimp and Survey Monkey who both store data in the USA, but who are both protected by Privacy Shield.
10.1 – How long we keep your personal information for will depend on your relationship with us. Please ask if you require more information.
11.1 – We will normally only communicate information to you, which is relevant to your employment, including employment related benefit packages, and the work of the business. Where we do undertake direct marketing, this will normally be where it is fair and reasonable for us to do so.
In other circumstances, we will need your consent before marketing goods and services to you.
11.2 – Where you have given us consent to receive marketing, you can withdraw consent, at any time. In these cases, please e-mail email@example.com
12.1 – We will inform you if we use automated decision-making. For example, sometimes it is used by some recruitment organisations to determine your suitability for a role, by matching your details against the job description or personal specification. This is done to help ensure that decisions are made accurately, fairly and efficiently. If a decision is made about you in this way, you have the right to challenge the validity of the decision and to request that it is personally reviewed.
13.1 – From 25 May 2018, you have eight rights relating to the use and storage of your personal identifiable information. These are:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
13.2 – In brief, you have the right to be informed who is obtaining and using your personal identifiable information, how this information will be retained, shared and secured and what lawful grounds will be used to obtain and use your personal identifiable information. You have the right to object to how we use your personal identifiable information in certain circumstances.
13.3 – You also have the right to obtain a copy of the personal identifiable information we hold about you. If you wish to make a subject access request, please contact the Group Data Protection Officer by telephone or e-mail firstname.lastname@example.org. We will normally have one calendar month in which to deal with your request.
13.4 – In addition, you can ask us to correct inaccuracies, delete or restrict personal identifiable information or to ask for some of your personal identifiable information to be provided to someone else. You can make a complaint if you feel Longhurst Group is using your personal identifiable information unlawfully and/or holding inaccurate, inadequate or irrelevant personal identifiable information which if used may have a detrimental impact on you and/or has an impact on your rights.
13.5 – If you have any questions about any of your rights in this Privacy Notice, please contact our Mandatory Data Protection Officer, Diane Raphael by e-mail at:
13.6 – You can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office, at ico.org.uk
Getting in touch
If you need to speak to us about any data protection matters, please contact our Data Protection Officer:
Group Data Protection Officer, Longhurst Group, Leverett House, Endeavour Park, Boston, Lincolnshire PE21 7TQ
Alternatively, you can find more information by visiting the Information Commissioner’s website:
You can contact the Information Commissioner by e-mail, through their website, or in writing at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113 (local rate)