Personal Data Processing
GDPR Record of Personal Data Processing
Processing Ref | N/A | Date of Review | 22.05.2018 | ||
Nature of Activity | Human Resources | ||||
Function | Human Resources | ||||
Description of functions carried out | Managing and supporting Human Resource activities for
|
Data Controller / Data Processor Details
Data Controller | The Company | ||
Details of any Joint Data Controllers | N/A | ||
Details of any contracts in place | N/A | ||
Details of any Data Processors | Pension provider, HMRC. | ||
Details of any Data Processor Agreements | Agreement in place with pension provider. |
Processing Purpose Details
Description of the purpose (reason) for processing personal data | Administration and maintenance of employee records and the activities required for the support and management of our current and former workers, applicants and Elected members, including:
Administration and maintenance of employee records and the activities required for the support and management of them for our commercial clients, including:
| ||
Basis for the processing of the personal data | Processing basis 1: Processing is necessary in order to meet our duties as an employer (Article 6 1 c compliance with a legal obligation and Article 9 2 b carrying out obligations and exercising specific rights in relation to employment). The main employment law statutes are:-Equal Pay Act 1970; Health & Safety at Work etc. Act 1974; Rehabilitation of Offenders Act 1974; Trade Union and Labour Relations (Consolidation) Act 1992; Employment Tribunals Act 1996; Employment Rights Act 1996; Public Interest Disclosure Act 1998; National Minimum Wage Act 1998; Employment Relations Act 1999; Employment Act 2002; Employment Relations Act 2004; Disability Discrimination Act 2005; Immigration, Asylum and Nationality Act 2006; and Equalities Act 2010 Payroll information is processed in accordance with HM Revenue and Customs regulations and standards. In addition, there is a substantial amount of secondary legislation in the form of regulations which contain further provisions and may be supported by Codes of Practice. Processing basis 2: Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 1 b re contract of employment or for the provision of a service to commercial client.) Processing basis 3: Processing necessary for compliance with a legal obligation. Processing basis 4: Processing is necessary for a legitimate interest of the company. Processing basis 5: Necessary to protect the vital interests of the data subject. | ||
Link to privacy noticeand/or Link to awareness raising materials | Prospective workers are informed about the processing of their personal data through information included in the recruitment form and process.Workers are informed about the processing of their personal data through information included in the contract of employment / letter of engagement / letter leaving and at the point of collection when appropriate through internal policies.Privacy Notices are in place for the processing of the personal data of workers when this is done as part of a commercial contract. For the provision of training to individuals not employed by the Company at point of registration it is explained to the individual what personal data is required from them for the purpose of providing the training and levying the appropriate charge. | ||
Details of any Privacy Impact Assessments carried out | N/A | ||
Does the processing involve automated decision making, including profiling | Yes. Automated decision making takes place with regards to Vehicle tracking and employees timesheets. | ||
Is personal data used for direct marketing purposes | No |
Details of Personal Data Processing
Categories of data subjects |
| ||
Categories of personal data being processed |
We also process special categories of personal data:
| ||
Source of the personal data | Personal data will be received from a wide range of sources to support recruitment, ongoing employment, training, leavers and pension activities including the data subject, their representative, next of kin or other family member, other workers, referees, educators and examining bodies, health professionals, partner agencies, Pension Schemes, Police Vetting, Courts and law enforcement bodies, HM Revenue and Customs. | ||
How is the personal data collected? | Through established activities linked to the recruitment, employment, training, termination and pension rights of the data subject or commercial contracts. | ||
When is the personal data collected? | Through established activities linked to the recruitment, employment, training, termination and pension rights of the data subject or commercial contracts. | ||
Estimate of the number of records held | Fewer than 50. | ||
Retention period(s) in place for the personal data | See Human Resources Retention Schedule which is based on national guidance and business need. |
Recipients of Personal Data (in the UK)
Categories of the recipients of the personal data |
At the explicit request of the data subject:
To support TUPE arrangements the minimum necessary personal data and special categories of personal data will be passed to the new employer transferee. | ||
Safeguards in place for the transfer of the personal data | Any disclosure or transfer of personal data / special categories of personal data will be in full compliance with the General Data Protection Regulation and established Company processes. | ||
Details of any Information Sharing Agreements in place | Not Applicable |
Recipients of Personal Data (outside of the UK)
Categories of the recipients of the personal data | Not Applicable | ||
Details of any transfers of personal data outside of the UK – to a third country or to an international organisation | Not Applicable | ||
Safeguards in place for the transfer of the personal data | Not Applicable | ||
Details of any Information Sharing Agreements in place | Not Applicable |
Processing Measures in Place
Technical and organisational measures in place for data security and protection | Secure IT – AVG Internet anti-virus software. | ||
Format information is held in | Electronic and paper files. | ||
Systems data is held on | TheCompany processes personal data using automated means. This includes electronic drives, Sage payroll, Sage Accounts, HMRC Online, Pensions, Email, DVLA Licencing, Worktops Database, |
Any Additional Information
None |