Latest Review/Update: 2019

Version: 1

 

 

1. Overview
2. Who collects the information
3. Data protection principles
4. About the information we collect and hold
5. How we collect the information
6. Why we collect the information and how we use it
7. How we may share information
8. Where information will be held
9. How long we keep your information
10. Further information
11. Your rights to correct, access your information and ask for it to be erased (subject to request)
12. Keeping your personal information secure
13. How to complain

 

 

1. Overview

This policy explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your employment and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this policy and any other similar policy notices we may provide to you from time to time when we collect or process personal information about you.

 

2. Who collects the information

MBA Group Ltd (‘Company’) is a ‘data controller’ and gathers and uses certain information about you.

 

3. Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection (Employment) Policy.

 

4. About the information we collect and hold

4.1 We may collect the following information during your employment:

 

  • Your name contact details (i.e. address, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and home and mobile phone numbers);
  • Information collected during the recruitment process that we retain during your employment;
  • Employment contract information;
  • Details of salary and benefits, bank/building society, National Insurance and tax information, your age;
  • Details of your spouse/partner and any dependants;
  • Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information;
  • A copy of your driving licence
  • Details of your pension arrangements, and all information included in these and necessary to implement and administer them;
  • Information in your sickness and absence records (including sensitive personal information regarding your physical and/or mental health);
  • Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs;
  • Criminal records information, including the results of Disclosure and Barring Service (DBS) checks
  • Credit checks
  • Information on grievances raised by or involving you;
  • Information on conduct and/or other disciplinary issues involving you;
  • Details of your appraisals and performance reviews;
  • Details of your performance management/improvement plans (if any);
  • Details of your time and attendance records;
  • Information about your work output;
  • Information in applications you make for other positions within our organisation;
  • Information about your use of our IT, communication and other systems, and other monitoring information;
  • Details of your use of business-related social media, such as LinkedIn;
  • Your use of public social media only in very limited circumstances, to check specific risks for specific function within our organisation; you will be notified separately if this is to occur); and
  • Details in references about you that we give to others;
  • CCTV images.

4.2 Certain of the categories above may not apply to you if you are an agency worker, independent contractor, freelancer, volunteer, work experience, intern.

 

5. Why we collect the information and how we use it

5.1 We may collect this information from you, your personnel records, the Home Office, pension administrators, your doctors, from medical and occupational health professionals, from our insurance benefit administrators, the DBS, other employees, consultants and other professionals we may engage, e.g. to advise us generally and/or in relation to any grievance, conduct appraisal or performance review procedure, door entry access control, your photograph for your security card, HR , Payroll  and time and attendance, system;  automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephone, voicemail and mobile phone records.

 

6. Why we collect the information and how we use it

6.1     We will typically collect and use this information for the following purposes (other purposes that may also apply are explained in our Data Protection (Employment) Policy):

 

  • For the performance of a contract with you, or to take steps to enter into a contract;
  • For compliance with a legal obligation (e.g. our obligations to you as your employer under employment protection and health safety legislation, and under statutory codes of practice, such as those issued by ACAS); and
  • For the purposes of our legitimate interests or those of a third party (such as a benefits provider), but only if these are not overridden by your interests, rights or freedoms.

6.2 Further information on the monitoring we undertake in the workplace and how we do this is available from the MBA Documents System - Information Security Policies or from the IT Department.

 

6.3 We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.

 

The HR Department retains an Employee Data Schedule which provides a full justification for the personal information MBA processes. 

 

7. How we may share information

7.1 We may also need to share some of the above categories of personal information with other parties, such as external contractors, auditors or our professional advisers. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with regulators as required to comply with the law.

 

8. Where information will be held

8.1 Information will be held at MBA sites and where relevant third-party agencies, service providers, representatives and agents as described above. (We may transfer information internationally if it ever became necessary including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above. We have security measures in place to look to ensure that there is proper security for information we hold (including those measures detailed in our Information Security Policies.

 

9. How long we keep your information

9.1 We keep your information during and after your employment for no longer than is necessary for the purposes for which we process the personal information. Further details on this are available in MBA’s Data Retention (Employment) Policy. 

 

10. Further information

10.1     Further information can be obtained from The HR Department who retains an Employee Data Schedule. The Employee Data Schedule provides full details of the personal information MBA processes. 

 

11. Your rights to correct, access your information and ask for it to be erased (subject to request)

In accordance with the Data Protection Act 2018, if you would like to make a subject access request in relation to the information we hold relating to you, or if you have any questions about this notice, please contact Toni Castiglione, HR Manager or Sadie Cole, HR Assistant, who can be contacted as follows:

 

Toni Castiglione

HR Manager

DL: 020 8376 4460

Email; tcastiglione@mba-group.com

 

Sadie Cole

HR Assistant

DL: 020 8376 4464

Email: scole@mba_group.com  

 

12. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to access the information. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

13. How to complain

We hope that the Human Resources Department can resolve any query or concern you raise about the use of your information. If not, you can contact the Information Commissioner at ico.org.uk/concerns/, or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.