Staff Privacy Policy

1. Scope of the Policy

This Staff Privacy Policy applies to all employees, workers, contractors, and consultants. It covers how the Company collects, uses, stores, and protects personal data in the course of employment or engagement.

2. Data We Collect

We may collect the following categories of personal data:
Personal Identification Data: Name, address, date of birth, gender, national insurance number, and contact details.
Employment Data: Employment contracts, job titles, work history, performance records, and training data.
Payroll and Financial Information: Bank account details, tax information, and salary records.
Sensitive Data: Health information, details of disabilities, and equal opportunities monitoring data (e.g., race, ethnicity, religion, or sexual orientation).
IT and Communication Data: Access logs, emails, and usage data on Company systems and devices.

3. Purpose of Data Processing

The Company processes personal data for the following purposes:
Managing payroll, pensions, and benefits.
Fulfilling employment contracts.
Complying with legal obligations (e.g., tax and employment laws).
Monitoring performance and managing training or development needs.
Ensuring workplace safety and security.
Supporting equal opportunities and diversity initiatives.

4. Legal Basis for Processing

We process employee personal data based on the following lawful grounds:
Performance of a Contract: To fulfil the terms of your employment or engagement.
Legal Obligations: To comply with statutory requirements (e.g., tax reporting, health and safety).
Legitimate Interests: For efficient business operations, such as workforce management and security.
Consent: For specific purposes, such as using images for marketing, where explicit consent is required.

5. Sharing Your Data

We may share your data with third parties, such as:
Payroll providers and pension administrators.
Government bodies, such as HMRC or regulatory authorities.
IT service providers for system maintenance and support.
Legal or professional advisors when necessary.
All third parties are required to safeguard your data and use it only for the purposes agreed upon.

6. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal or regulatory requirements. After this period, your data will be securely deleted or anonymised.

7. Your Rights

Under data protection laws, you have the following rights:
Access: Request a copy of your personal data.
Rectification: Request corrections to inaccurate or incomplete data.
Erasure: Request deletion of your data in certain circumstances.
Restriction: Request to limit the processing of your data.
Data Portability: Request your data in a machine-readable format.
Objection: Object to the processing of your data based on legitimate interests.
Withdraw Consent: Withdraw consent for data processing where applicable.
To exercise your rights, please contact legal@eternalengagements.co.uk.

8. Data Security

We implement robust security measures to protect your personal data from unauthorised access, loss, or disclosure. These measures include secure servers, data encryption, and access controls. All employees with access to personal data are trained on data protection responsibilities.

9. Reporting Breaches

If you suspect a data breach, report it immediately to the Legal Compliance Department. We will investigate and take appropriate action, including notifying the Information Commissioner’s Office (ICO) if necessary.

10. Contact Information

If you have questions or concerns about this policy or your personal data, please contact with our Legal Compliance Department at legal@eternalengagements.co.uk.
If you are not satisfied with our response, you may contact the ICO, the UK’s supervisory authority, via their website: https://ico.org.uk/.

11. Policy Review

This policy is reviewed annually to ensure compliance with legal and regulatory requirements. Any updates will be communicated to all staff.
Last Updated:11/2024