Data controller: Zest Care Homes Limited
Zest Care Homes Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
Zest Care Homes Limited “The Company” collects, stores and processes personal data relating to its employees in order to manage the employment relationship. This privacy notice sets down how the Company collects and uses personal information about you during and after your working relationship with us.
This privacy notice applies to current and former employees, workers and contractors. This notice does not form part of a contract of employment or any contract to provide services and may be updated at any time.
The Company is committed to protecting the privacy and security of your personal information. The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.
- Data Protection Principles
The Company will comply with data protection law. This means that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely.
- What Information Does The Company Collect And Process?
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This includes:
- Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
- date of birth;
- the terms and conditions of your employment;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Company;
- information about your remuneration, including entitlement to benefits such as pensions;
- details of your bank account, tax status and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- copy of driving licence;
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, training you have participated in, performance improvement plans and related correspondence;
- CCTV footage and other information obtained through electronic means e.g. swipe card records.
We may also collect, store and use the following special categories of more sensitive personal information:
- information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments;
- details of trade union membership;
- information about your criminal record; and
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
The Company collects this information in a variety of ways. For example, data is collected through the application and recruitment process and during work-related activities throughout the period of working for us.
In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers , information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in the Company’s HR systems and in other IT systems (including the Company’s email system).
- Why Does The Company Process Personal Data?
The Company needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract.
In addition, the Company needs to process data to ensure that we are complying with our legal obligations, for example, we are required to check an employee’s entitlement to work in the UK and it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a particular role.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship.
- Situations In Which We Will Use Your Personal Information
Situations in which we will process your personal information are listed below:
In order to:
- make decisions about recruitment and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of whom to contact in the event of an emergency), and records of employee contractual and statutory rights;
- check you are legally entitled to work in the UK;
- gather evidence for, and keep a record of, disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- pay you and, in the case of employees, make deductions for tax and National Insurance;
- make decisions about salary reviews and compensation;
- operate and keep a record of employee performance and related processes;
- keep records of training and development requirements;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- ascertain your fitness to work;
- operate and keep a record of other types of leave (such as maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- deal with legal disputes involving you or other employees, workers and contractors;
- facilitate equal opportunities monitoring in the workplace; and
- to provide a safe working environment for you and to prevent and detect any crime using CCTV.
- If You fail to Provide Personal Information
If you do not prove certain information when requested, the Company may not be able to perform the contract we have entered into with you, such as paying you or providing a benefit. You may also have to provide the Company with data in order to exercise statutory rights, for example in relation to statutory leave entitlements.
- Change of Purpose
The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
- How We Use Sensitive Personal Information
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (for example, in relation to employees with disabilities and for health and safety purposes).
The Company uses other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or philosophical belief, this is done for the purposes of meaningful equal opportunities monitoring or reporting.
Data used by the Company for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
- Information About Criminal Convictions
We envisagethat we will hold information about criminal convictions through the enhanced DBS checks we undertake.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We will use information about criminal convictions to determine whether it is appropriate to offer you employment or continue your employment given the vulnerable client groups we work with.
- Automated Decision-Making and Profiling
Our employment decisions are not based solely on automated decision-makinghoweverin communal areas and in certain private bedrooms (where explicit written consent is received) we use a monitored CCTV system to monitor changes in behaviour, activities or other changing information to ensure the safety and well-being of you, our service users and their visitors along with the prevention and detection of crime.
- For How Long Do You Keep Data?
The Company will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements. The periods for which your data is held after the end of employment is six years.
- Who Has Access to Data?
Your information will be shared internally, including with the home manager/ deputy manager, the legal/payroll team at head office and supporting administrative staff.
The Company shares your data with third parties where required by law, where it is necessary in order to administer the working relationship with you or where we have another legitimate interest in doing so. The following services are carried out by third party service providers: Cloudview process and store the data from the monitored CCTV system. The Company may also share your data with other third parties, for example, in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company will not transfer your data to countries outside the European Economic Area.
- How Does The Company Protect Data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Details of these measures are available on request.
When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Details of these measures are available from Sophie Peart, Legal Manager.
- Your Duty to Inform Us of Changes
It is important that the personal information we hold about you is accurate and current. Please be sure to keep us informed if your personal information changes during your time working with us.
- Your Rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (known as a “data subject access request”);
- require the Company to change incorrect or incomplete data;
- request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
- ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.
If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact Sophie Peart, Data Protection Officer at email@example.com on 01325 288803 or at 2nd Floor, 16 High Street, Yarm, Cleveland TS15 9AE.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office.