skip to Main Content

Privacy Policy

What is the purpose of this notice?

To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (GDPR).

What we need

Maynard Johns will be what’s known as the “Controller” of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). This does however include name, address, e-mail, telephone number, financial information.

Why we need it

We need to know your basic personal data in order to provide services to you. We will not collect any personal data from you we do not need to provide and oversee this service to you.
What we do with it

We only ever use your personal data with your consent, or where it is necessary:

  • to enter into, or perform, a contract with you
  • to comply with a legal duty
  • to protect your vital interests
  • for our own (or a third party’s) lawful interests, provided your rights don’t override these.

In any event, we’ll only use your information for the purpose or purposes it was collected for (or for closely related purposes).

We may process personal information for certain legitimate business purposes, which include some or all of the following:

  • where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications
  • for the benefit of our customers to identify and prevent fraud
  • to enhance the security of our network and information systems
  • to better understand how people interact with our websites
  • to provide postal communications which we think will be of interest to you
  • to determine the effectiveness of promotional campaigns and advertising.

Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.

When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.  Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so please email [email protected] . Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

Where we keep it

We are based in the UK and we store our data within the EU. Some organisations which provide services to us may transfer personal data outside of the EU, but we will only allow them to do if your data is adequately protected.

For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).

How long we keep it

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we’ll keep a record of your preference not to be e-mailed).

We continually review what information we hold and delete what is no longer required. We never store payment card information. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be seven years, dependant on our reason for holding your personal data as identified in our specific Privacy Statements below.

What are your rights?

We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

  • the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
  • the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
  • the right to have inaccurate data rectified
  • the right to object to your data being used for marketing or profiling; and
  • where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

Different ways we process data

The different data we may request, hold and process will also vary depending on the reason you have provided us with your data. For the primary categories we have developed specific Privacy Statements that can be found at the bottom of the page. These are for:

  • Clients of Maynard Johns
  • Employees of Maynard Johns
  • Job Applicants

Changes to this privacy notice

The Company reserves the right to update or amend this privacy notice at any time. We may also notify you about the processing of your personal information in other ways.

Contact

If you have any questions about this privacy notice or how we handle your personal information, please contact our data compliance manager as follows: Ann Holland, 37 Mill Street, Bideford, EX39 4BS, 01237 472071, [email protected].

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

Privacy Statement for Clients

PURPOSE OF THIS NOTICE

This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).

Please note that full details regarding out provision of services to clients will be enclosed the indiviudal Letters of Engagement between the company and each client which are provided to the client and signed by the client prior to the provision of any services.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

 ABOUT US

Jane Maynard Limited (trading as Maynard Johns, “we”, “us”, “our” and “ours”) is an accountancy and tax advisory firm. We are registered in England and Wales as a limited company under number: 4796045 and our registered office is at 37 Mill Street, Bideford, EX39 2JJ.

For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

We have appointed a data compliance manager . Our data compliance manager is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact you can do so using the contact details noted at paragraph 12 (Contact Us), below.

HOW WE MAY COLLECT YOUR PERSONAL DATA

We obtain personal data about you, for example, when:

  • you request a proposal from us in respect of the services we provide;
  • you OR your employer OR our clients engages us to provide our services and also during the provision of those services;
  • you contact us by email, telephone, post or social media (for example when you have a query about our services); or
  • from third parties and/or publicly available resources (for example, from your employer or from Companies House).

THE KIND OF INFORMATION WE HOLD ABOUT YOU

The information we hold about you may include the following:

  • your personal details (such as your name and/or address);
  • details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
  • details of any services you have received from us;
  • our correspondence and communications with you;
  • information about any complaints and enquiries you make to us;
  • information from research, surveys, and marketing activities;
  • Information we receive from other sources, such as publicly available information, information provided by your employer OR our clients

HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU

We may process your personal data for purposes necessary for the performance of our contract with you OR your employer OR our clients and to comply with our legal obligations.

We may process your personal data for the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Situations in which we will use your personal data

We may use your personal data in order to:

  • carry out our obligations arising from any agreements entered into between you OR your employer OR our clients and us (which will most usually be for the provision of our services);
  • carry out our obligations arising from any agreements entered into between our clients and us (which will most usually be for the provision of our services) where you may be a subcontractor, supplier or customer of our client;
  • provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes;
  • seek your thoughts and opinions on the services we provide; and
  • notify you about any changes to our services.

In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

Data retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.
  • Change of purpose
  • Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

DATA SHARING

Why might you share my personal data with third parties?

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

Which third-party service providers process my personal data?

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, administration services, marketing services and banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.

TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

When we share data, it may be transferred to, and processed in, countries other than the UK – such as to the United States, where some third party data hosting provider’s servers are located. These countries may have laws different to the UK. Where we disclose personal data to a third party in another country, we ensure those third parties have safeguards in place to ensure your personal data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where there are approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).

DATA SECURITY

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
  • If you want to exercise any of the above rights, please email our data protection point of contact Ann Holland – [email protected]

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email our data protection point of contact [email protected]

Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

CHANGES TO THIS NOTICE

Any changes we may make to our privacy notice in the future will be updated on out website www.maynardjohns.co.uk.

CONTACT US

If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please contact our data compliance manager, Ann Holland on 01237 472071 or email [email protected]

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time.

Privacy Statement for Employees

Introduction

The Company collects and processes personal information, or personal data, relating to its employees, workers and contractors to manage the working relationship. This personal information may be held by the Company on paper or in electronic format.

The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your working relationship with the Company. We are required under the GDPR to notify you of the information contained in this privacy notice.

This privacy notice applies to all current and former employees, workers and contractors. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.

The Company has appointed a data compliance manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Ann Holland, 37 Mill Street, Bideford, [email protected], 07951 042045.

Data protection principles

Under the GDPR, there are six data protection principles that the Company must comply with.

These provide that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to those purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
  6. Processed in a way that ensures appropriate security of the data.

The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?

Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.

The Company collects, uses and processes a range of personal information about you. This includes (as applicable):

  • your contact details, including your name, address, telephone number and personal e-mail address
  • your emergency contact details/next of kin
  • your date of birth
  • your gender
  • your marital status and dependants
  • the start and end dates of your employment or engagement
  • recruitment records, including personal information included in a CV, any application form, cover letter, interview notes, references, copies of proof of right to work in the UK documentation, copies of qualification certificates, copy of driving licence and other background check documentation
  • the terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, written statement of employment particulars, casual worker agreement, consultancy agreement, pay review and bonus letters, statements of changes to employment or engagement terms and related correspondence
  • details of your skills, qualifications, experience and work history, both with previous employers and with the Company
  • your professional memberships
  • your salary, entitlement to benefits and pension information
  • your National Insurance number
  • your bank account details, payroll records, tax code and tax status information
  • any disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence
  • appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set
  • training records
  • annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence
  • any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence
  • information obtained through electronic means, such as swipecard or clocking-in card records
  • information about your use of our IT systems, including usage of telephones, e-mail and the Internet
  • photographs

The Company may also collect, use and process the following special categories of your personal information (as applicable):

  • information about your health, including any medical condition, whether you have a disability in respect of which the Company needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence being taken), medical reports and related correspondence
  • information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
  • information about criminal convictions and offences.

 How do we collect your personal information?

The Company may collect personal information about employees, workers and contractors in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).

We will also collect additional personal information throughout the period of your working relationship with us. This may be collected in the course of your work-related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.

Your personal information may be stored in different places, including in your personnel file, in the Company’s HR management system and in other IT systems, such as the e-mail system.

Why and how do we use your personal information?

We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:

  • where we need to do so to perform the employment contract, casual worker agreement, consultancy agreement or contract for services we have entered into with you
  • where we need to comply with a legal obligation
  • where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.

We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).

We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you as its employee, worker or contractor; pursuing our business by employing (and rewarding) employees, workers and contractors; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on employees, workers and contractors. We believe that you have a reasonable expectation, as our employee, worker or contractor, that we will process your personal information.

The purposes for which we are processing, or will process, your personal information are to:

  • enable us to maintain accurate and up-to-date employee, worker and contractor records and contact details (including details of whom to contact in the event of an emergency)*
  • run recruitment processes and assess your suitability for employment, engagement or promotion*
  • comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
  • comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
  • maintain an accurate record of your employment or engagement terms
  • administer the contract we have entered into with you
  • make decisions about pay reviews and bonuses
  • ensure compliance with your statutory and contractual rights
  • ensure you are paid correctly and receive the correct benefits and pension entitlements, including liaising with any external benefits or pension providers or insurers
  • ensure compliance with income tax requirements, e.g. deducting income tax and National Insurance contributions where applicable
  • operate and maintain a record of disciplinary, grievance and capability procedures and action taken
  • operate and maintain a record of performance management systems
  • record and assess your education, training and development activities and needs
  • plan for career development and succession
  • manage, plan and organise work
  • enable effective workforce management
  • operate and maintain a record of annual leave procedures
  • operate and maintain a record of sickness absence procedures
  • ascertain your fitness to work
  • operate and maintain a record of maternity leave, paternity leave, adoption leave, shared parental leave, parental leave and any other type of paid or unpaid leave or time off work
  • ensure payment of SSP or contractual sick pay
  • ensure payment of other statutory or contractual pay entitlements, e.g. SMP, SPP, SAP and ShPP
  • meet our obligations under health and safety laws
  • make decisions about continued employment or engagement
  • operate and maintain a record of dismissal procedures
  • provide references on request for current or former employees, workers or contractors
  • prevent fraud
  • monitor your use of our IT systems to ensure compliance with our IT-related policies
  • ensure network and information security and prevent unauthorised access and modifications to systems
  • ensure effective HR, personnel management and business administration, including accounting and auditing
  • ensure adherence to Company rules, policies and procedures
  • monitor equal opportunities
  • enable us to establish, exercise or defend possible legal claims

 Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

What if you fail to provide personal information?

If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights.

Why and how do we use your sensitive personal information?

We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law allows us to.

Some special categories of personal information, i.e. information about your health or medical conditions and trade union membership, and information about criminal convictions and offences, is processed so that we can perform or exercise our obligations or rights under employment law or social security law and in line with our data protection policy. Information about health or medical conditions may also be processed for the purposes of assessing the working capacity of an employee or medical diagnosis, provided this is done under the responsibility of a medical professional subject to the obligation of professional secrecy, e.g. a doctor, and again in line with our data protection policy.

We may also process these special categories of personal information, and information about any criminal convictions and offences, where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.

The purposes for which we are processing, or will process, these special categories of your personal information, and information about any criminal convictions and offences, are to:

  • assess your suitability for employment, engagement or promotion
  • comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
  • comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
  • administer the contract we have entered into with you
  • ensure compliance with your statutory and contractual rights
  • operate and maintain a record of sickness absence procedures
  • ascertain your fitness to work
  • manage, plan and organise work
  • enable effective workforce management
  • ensure payment of SSP or contractual sick pay
  • meet our obligations under health and safety laws
  • make decisions about continued employment or engagement
  • operate and maintain a record of dismissal procedures
  • ensure effective HR, personnel management and business administration
  • ensure adherence to Company rules, policies and procedures
  • monitor equal opportunities

Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring and in line with our data protection policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.

We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.

Change of purpose

We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.

Who has access to your personal information?

Your personal information may be shared internally within the Company, including with members of the HR department, payroll staff, your line manager, other managers in the department in which you work and IT staff if access to your personal information is necessary for the performance of their roles.

The Company may also share your personal information with third-party service providers (and their designated agents), including:

  • external organisations for the purposes of conducting pre-employment reference and employment background checks
  • payroll providers
  • benefits providers and benefits administration, including insurers
  • pension scheme provider and pension administration
  • occupational health providers
  • external IT services
  • external auditors
  • professional advisers, such as lawyers and accountants

The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

How does the Company protect your personal information?

The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our data compliance manager.

Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.

For how long does the Company keep your personal information?

The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.

The Company will generally hold your personal information for the duration of your employment or engagement. The exceptions are:

  • any personal information supplied as part of the recruitment process will not be retained if it has no bearing on the ongoing working relationship
  • personal information about criminal convictions and offences collected in the course of the recruitment process will be deleted once it has been verified through a DBS criminal record check, unless, in exceptional circumstances, the information has been assessed by the Company as relevant to the ongoing working relationship
  • it will only be recorded whether a DBS criminal record check has yielded a satisfactory or unsatisfactory result, unless, in exceptional circumstances, the information in the criminal record check has been assessed by the Company as relevant to the ongoing working relationship
  • if it has been assessed as relevant to the ongoing working relationship, a DBS criminal record check will nevertheless be deleted after [six months] or once the conviction is “spent” if earlier (unless information about spent convictions may be retained because the role is an excluded occupation or profession)
  • disciplinary, grievance and capability records will only be retained until the expiry of any warning given (but a summary disciplinary, grievance or performance management record will still be maintained for the duration of your employment).

Once you have left employment or your engagement has been terminated, we will generally hold your personal information for one year after the termination of your employment or engagement, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to [six years] to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. We will hold payroll, wage and tax records (including salary, bonuses, overtime, expenses, benefits and pension information, National Insurance number, PAYE records, tax code and tax status information) for six years after the termination of your employment or engagement. Overall, this means that we will “thin” the file of personal information that we hold on you one year after the termination of your employment or engagement, so that we only continue to retain for a longer period what is strictly necessary.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.

In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

Your rights in connection with your personal information

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  • request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
  • request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
  • restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
  • object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
  • data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our data compliance manager. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data compliance manager. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Transferring personal information outside the European Economic Area

The Company will not transfer your personal information to countries outside the European Economic Area.

Automated decision making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.

We do not envisage that any employment decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes.

Privacy Statement for Job Applicants

Introduction

 As part of any recruitment process, the Company collects and processes personal information, or personal data, relating to job applicants. This personal information may be held by the Company on paper or in electronic format.

The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during the recruitment process. We are required under the GDPR to notify you of the information contained in this privacy notice.

This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.

The Company has appointed a data compliance manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Ann Holland, [email protected], 01237 472 071, 37 Mill Street, Bideford.

Data protection principles

Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to those purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
  6. Processed in a way that ensures appropriate security of the data.

The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?

Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.

The Company collects, uses and processes a range of personal information about you during the recruitment process. This includes (as applicable):

  • your contact details, including your name, address, telephone number and personal e-mail address
  • personal information included in a CV, any application form, cover letter or interview notes
  • references
  • information about your right to work in the UK and copies of proof of right to work documentation
  • copies of qualification certificates
  • copy of driving licence
  • other background check documentation
  • details of your skills, qualifications, experience and work history with previous employers
  • information about your current salary level, including benefits and pension entitlements
  • your professional memberships

The Company may also collect, use and process the following special categories of your personal information during the recruitment process (as applicable):

  • whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process
  • information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
  • information about criminal convictions and offences.

 How do we collect your personal information?

The Company collects personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from current and former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS). Other than employment agencies, the Company will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so.

You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process.

Your personal information may be stored in different places, including on your application record, in the Company’s HR management system and in other IT systems, such as the e-mail system.

Why and how do we use your personal information?

We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:

  • where we need to do so to take steps at your request prior to entering into a contract with you, or to enter into a contract with you
  • where we need to comply with a legal obligation
  • where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.

We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to take steps at your request to enter into a contract with you, or to enter into a contract with you, and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.

The purposes for which we are processing, or will process, your personal information are to:

  • manage the recruitment process and assess your suitability for employment or engagement
  • decide to whom to offer a job
  • comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
  • comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
  • ensure compliance with your statutory rights
  • ensure effective HR, personnel management and business administration
  • monitor equal opportunities
  • enable us to establish, exercise or defend possible legal claims

Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

 What if you fail to provide personal information?

If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.

Why and how do we use your sensitive personal information?

We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law allows us to.

Some special categories of personal information, i.e. information about your health, and information about criminal convictions and offences, is processed so that we can perform or exercise our obligations or rights under employment law and in line with our data protection policy.

We may also process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.

The purposes for which we are processing, or will process, health information and information about any criminal convictions and offences, are to:

  • assess your suitability for employment or engagement
  • comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
  • comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
  • ensure compliance with your statutory rights
  • ascertain your fitness to work
  • ensure effective HR, personnel management and business administration
  • monitor equal opportunities

Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our data protection policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.

We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.

Change of purpose

We will only use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied.

However, if your job application is unsuccessful, the Company may wish to keep your personal information on file for in case there are future suitable employment opportunities with us. We will ask for your consent before we keep your personal information on file for this purpose. Your consent can be withdrawn at any time.

Who has access to your personal information?

Your personal information may be shared internally within the Company for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team, managers in the department which has the vacancy and IT staff if access to your personal information is necessary for the performance of their roles.

The Company will not share your personal information with third parties during the recruitment process unless your job application is successful and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:

  • external organisations for the purposes of conducting pre-employment reference and employment background checks
  • the DBS, to obtain a criminal record check
  • former employers, to obtain references
  • professional advisors, such as lawyers

We may also need to share your personal information with a regulator or to otherwise comply with the law.

We may share your personal information with third parties where it is necessary to steps at your request to enter into a contract with you, or to enter into a contract with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

How does the Company protect your personal information?

The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our data compliance manager.

Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.

For how long does the Company keep your personal information?

The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.

If your application for employment or engagement is unsuccessful, the Company will generally hold your personal information for six months after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. If you have consented to the Company keeping your personal information on file for in case there are future suitable employment opportunities with us, the Company will hold your personal information for a further one year after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.

If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.

In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

Your rights in connection with your personal information

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  • request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  • request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
  • request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
  • restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
  • object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
  • data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our data compliance manager. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data compliance manager. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

Transferring personal information outside the European Economic Area

The Company will not transfer the personal information of job applicants to countries outside the European Economic Area.

Automated decision making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.

We do not envisage that any recruitment decisions will be taken about you based solely on automated decision-making, including profiling.

Visit us in our Bideford office or give us a call!

Telephone 01237 472071

Back To Top