Data controller: Titon Hardware Limited
Data Protection Contact: [email protected]
Titon Hardware Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
Titon Hardware Limited (“The Company”) collects, stores and processes personal data relating to its employees in order to manage the employment relationship. This privacy notice sets out how the Company collects and uses personal information about you during and after your working relationship with us.
This privacy notice applies to current and former employees. This notice does not form part of a contract of employment or any contract to provide services and may be updated at any time.
The Company is committed to protecting the privacy and security of your personal information. The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.
Data Protection Principles
The Company will comply with data protection law. This means that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
- Relevant to the purposes we have told you about and limited to those purposes only;
- Accurate and kept up to date;
- Kept only for such time as is necessary for the purposes we have told you about; and
- Kept securely.
What Information Does The Company Collect And Process?
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This may include:
- Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
- date of birth; copies of birth certificate, marriage certificate, passport
- the terms and conditions of your employment;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Company;
- information about your remuneration, including entitlement to benefits such as pensions;
- details of your bank account, tax status and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts [limited to names, phone number and relationship only];
- information about your nationality and entitlement to work in the UK;
- driving licence number.
- details of your schedule (days of work and working hours) and attendance at work;
- details of periods of leave taken by you, including holiday, sickness absence, compassionate leave, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, training you have participated in, performance improvement plans and related correspondence;
- CCTV footage and other information obtained through electronic means e.g. swipe card records.
We may also collect, store and use the following special categories of more sensitive personal information:
- information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments;
- records of health/vaccination status;
- your doctor’s surgery address and phone number.
The Company collects this information in a variety of ways. The majority of data is provided by you as part of our recruitment process and during work-related activities throughout the period of working for us.
In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers. Basic health related information (such as hearing and lung function) that is required by the Company for Health and Safety purposes is provided by the Company’s occupational healthcare service providers.
Data is stored in a range of different places, including in your personnel file, in the Company's HR systems and in other IT systems (including the Company's email system).
Why Does The Company Process Personal Data?
The Company needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract.
In addition, the Company needs to process data to ensure that we are complying with our legal obligations, for example, we are required to check an employee's entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship.
Situations In Which We Will Use Your Personal Information
Situations in which we will process your personal information are listed below:
In order to:
- make decisions about recruitment and promotion processes;
- make decisions about health and safety matters and risk;
- maintain accurate and up-to-date employment records and contact details (including details of whom to contact in the event of an emergency), and records of employee contractual and statutory rights;
- check you are legally entitled to work in the UK;
- gather evidence for, and keep a record of, disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- pay you and make deductions for tax and National Insurance;
- make decisions about salary reviews and compensation;
- operate and keep a record of employee performance and related processes;
- keep records of training and development requirements;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- ascertain your fitness to work;
- operate and keep a record of other types of leave (such as maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- deal with legal disputes involving you or other employees, workers and contractors; and
- facilitate equal opportunities monitoring in the workplace.
If You fail to Provide Personal Information
If you do not provide certain information when requested, the Company may not be able to perform the contract we have entered into with you, such as paying you or providing a benefit. You may also have to provide the Company with data in order to exercise statutory rights, for example in relation to statutory leave entitlements.
Change of Purpose
The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
How We Use Sensitive Personal Information
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (for example, in relation to employees with disabilities and for health and safety purposes).
The company will always ask for consent when requesting information about an employee’s health or medical conditions. Other special category information such as personal data about your ethnic origin, religion or belief, sexual orientation etc may be requested, again the company will always ask for consent. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so. Consent can be withdrawn at any time.
Our employment decisions are not based solely on automated decision-making.
For How Long Do You Keep Data?
The Company will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements, or where the law dictates.
After your employment with the Company ends, we will only keep your personal information for the minimum period required by law. Whilst certain basic information such as Name and Address, National Insurance number and employment dates will be kept ad infinitum for insurance purposes, the remaining data will be deleted between there and four years after you leave.
Who Has Access to Data?
Your information will be shared internally with the minimum number of people, which will normally be the HR Department, the Finance Department, Health & Safety Department and, where appropriate with Management.
The Company shares your data with third parties where required by law, where it is necessary in order to administer the working relationship with you or where we have another legitimate interest in doing so. The following services are carried out by third party service providers:
- External HR Consultancy
- Company HR System
- Company pension scheme administration,
- Payroll administration for overseas employees,
- Insurance services
- Banking services
- Company credit card administration,
- Group life assurance administration,
- Healthcare services,
- Administration of childcare vouchers and
- Company car leasing schemes.
The Company may also share your data with other third parties, for example, in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company will not transfer your data to countries outside the European Economic Area unless required to by law.
How Does The Company Protect Data?
The Company takes the security of your personal data seriously. The Company has internal policies, procedures and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions/agreements, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Your Duty to Inform Us of Changes
It is important that the personal information we hold about you is accurate and current. Please be sure to keep us informed if your personal information changes during your time working with us.
As a data subject, you have a number of rights:
- That you will be informed that your personal data is being processed by the company. This is laid out in this policy and the employee privacy notice.
- The right to access your data.
- The right to have your personal data rectified if it is incorrect or incomplete.
- The right to have your personal data erased or deleted where there is no compelling reason or lawful ground for its continued processing.
- The right to restrict data processing where there is no compelling reason or lawful ground for its continued processing.
- The right to object to the processing of your personal data.
- The right to have your personal data moved e.g. movement of pension or payroll data to another provider
- Where the company uses automated profiling or automated decision you have the right to ask that the assessment is performed by a human.
If you would like to exercise any of these rights, or you have any questions about the privacy notice, please contact the Data Protection Contact as above.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner.