What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that weuse during your employment with us is set out below.
How your information will be used
As your employer, LUX Technical needs to keep and process information about you for normal employment purposes. The information we hold, and process, will be used for our management and administrative use only.
We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully, and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends, and after you leave. This includes using information to enable us to:
- comply with the employment contract;
- comply with any legal requirements;
- pursue the legitimate interests of the Company; and
- protect our legal position in the event of legal proceedings.
If you do not provide this data, we may be unable, in some circumstances, to comply with our obligations and we will tell you about the implications of this decision.
As a Company pursuing technical production activities, we may sometimes need to process your data to perform the contract of employment such as your bank account details to pay you or records of your hours to make sure we pay you the correct amount. We also need to comply with our legal obligations such as minimum wage legislation or immigration law and we do need to pursue our legitimate business interests such as making management decisions about promotion and training needs or being able to defend ourselves against legal claims. We will never process your data where these interests are overridden by your own interests.
A large amount of the information we hold about you will have been provided by you. However, some of it may come from other sources, for example your manager, a previous employer as part of a TUPE transfer or external sources like references or employment agencies.
The information we hold would include:
- Your CV, career history and references to prevent fraudulent applications.
- Your contract of employment and any variations to it to be able to run the business effectively and defend ourselves against any legal claims.
- Your bank account details, and NI details to be able to pay you correctly.
- Proof of your entitlement to work in the UK to comply with Immigration law.
- Correspondence with or about you;
- Letters relating to pay increases;
- Letters to your mortgage company / letting agency / landlord;
- Information needed for payroll, pensions, benefits, and expenses;
- Contact and emergency contact details;
- Records of holidays;
- Sickness and other absence;
These are held to pay you correctly, to maintain up to date records and comply with minimum pay requirements.
- Records relating to your career history; training records, appraisals and other performance measures are held to pursue our business interests of maintaining customer standards by managing performance and ensuring training needs are identified.
- Where appropriate, and in accordance with the timescales stated therein; disciplinary and grievance records are kept to ensure acceptable conduct.
- Records of health and safety incidents are kept to comply with Health & Safety legislation.
During the course of your employment, you will inevitably be referred to in Company documents and communications that you and your colleagues carry out in your duties and the business of the Company. You should refer to the Data Protection Policy, which is available on People HR.
Where necessary, we may keep information relating to your health, which could include reasons for your absence(s) GP reports. This information will be used in order to comply with our Health and Safety and Occupational Health obligations. It will be used to consider how your health affects your ability to do your job and whether we need to make any adjustments to your role in accordance with the Equality Act 2010. We will also use the information about any absences to administer and manage statutory sick pay.
Where we have processed any information that you have given consent for us to do so, you have the right to withdraw that consent at any time.
We may transfer information about you to other LUX Technical companies for purposes connected with your employment or the management of the Company’s business.
To ensure the security of your data, we have in place the following safeguards:
- People HR
- Google Drive
- Locked personnel cabinets in the warehouse main office
Other than the circumstances detailed above, we will only disclose information about you to third parties if we are legally obliged to do so; or where we need to comply with our contractual duties to you. This could be passing on certain information to our Payroll, Pension and HR provider, Private Healthcare provider or our Insurers.
Personnel records will be stored for a period of 6 years after leaving LUX Technical.
If, in the future, we intend to process any of your personal data for a purpose, other than that which is was collected for, we will provide you with information on that purpose and any other relevant information.
Under the GDPR you have a number of rights regarding your personal data. You have the right to:
- to be informed about our collection and use of your personal data;
- request access to your personal data,
- the rectification of your personal data;
- erasure of your personal data;
- restrict processing of your personal data;
- object to processing of your personal data; and
- in certain circumstances, the right to data portability.
- rights relating to automated decision-making and profiling. We do not use your personal data in this way
If you have given consent to the processing of your data, you have the right at any time, to withdraw this consent. Withdrawing consent will not affect the lawfulness of the processing before your consent was withdrawn.
How you can access your personal data
If you want to know what personal data we have about you, you can ask for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email address below.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 21 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date wereceive your request. You will be kept fully informed of our progress.
You also have the right to lodge a complaint to the information Commissioners’ Office (ICO) if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
Identity and contact details of the controller and data protection officer
LUX Technical is the controller and processor of data for the purposes of the GDPR.
If you have any concerns as to how your data is processed, you can contact Olivia Clephane at the main office or at email@example.com.