Ant-Ligature Shop Limited is commited to protectng the privacy and security of your personal informaton. This privacy notce describes how we collect and use personal informaton about you during and afer your working relatonship with us, in accordance with the General Data Protecton Regulaton (GDPR).
It applies to all employees, workers and contractors.
Ant-Ligature Shop Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal informaton about you. We are required under data protecton legislaton to notfy you of the informaton contained in this privacy notce. This notce applies to current and former employees, workers and contractors. This notce does not form part of any contract of employment or other contract to provide services. We may update this notce at any time.
It is important that you read this notce, together with any other privacy notce we may provide on specifc occasions when we are collectng or processing personal informaton about you, so that you are aware of how and why we are using such informaton.
Data protection principles
We will comply with data protecton law. This says that the personal informaton we hold about
you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatble with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we hold about you
Personal data, or personal informaton, means any informaton about an individual from which that person can be identfed. It does not include data where the identty has been removed (anonymous data). There are “special categories” of more sensitve personal data which require a higher level of protecton.
Situations in which we will use your personal information
We need all the categories of informaton in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligatons. In some cases we may use your personal informaton to pursue legitmate interests of our own or those of third partes, provided your interests and fundamental rights do not override those interests. The situatons in which we will process your personal informaton are listed below. [We have indicated by [asterisks] the purpose or purposes for which we are processing or will process your personal informaton, as well as indicatng which categories of data are involved.]
- Making a decision about your recruitment or appointment.
- Determining the terms on which you work for us.
- Checking you are legally enttled to work in the UK.
- Paying you and, if you are an employee, deductng tax and Natonal Insurance contributons.
- Providing the following benefts to you: [LIST].
- Liaising with your pension provider.
- Administering the contract we have entered into with you.
- Business management and planning, including accountng and auditng.
- Conductng performance reviews, managing performance and determining performance requirements.
- Making decisions about salary reviews and remuneraton.
- Assessing qualifcatons for a partcular job or task, including decisions about promotons.
- Gathering evidence for possible grievance or disciplinary hearings.
- Making decisions about your contnued employment or engagement.
- Making arrangements for the terminaton of our working relatonship.
- Educaton, training and development requirements.
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
- Ascertaining your ftness to work.
- Managing sickness absence.
- Complying with health and safety obligatons.
- To prevent fraud.
- To monitor your use of our informaton and communicaton systems to ensure compliance with our IT policies.
- To ensure network and informaton security, including preventng unauthorised access to our computer and electronic communicatons systems and preventng malicious sofware distributon.
- To conduct data analytcs studies to review and beter understand employee retenton and atriton rates.
- Equal opportunites monitoring.
Some of the above grounds for processing will overlap and there may be several grounds which justfy our use of your personal informaton.
If you fail to provide personal information
If you fail to provide certain informaton when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a beneft), or we may be prevented from complying with our legal obligatons (such as to ensure the health and safety of our workers).
Change of purpose
We will only use your personal informaton for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatble with the original purpose. If we need to use your personal informaton for an unrelated purpose, we will notfy you and we will explain the legal basis which allows us to
do so. Please note that we may process your personal informaton without your knowledge or
consent, in compliance with the above rules, where this is required or permited by law.
How we use particularly sensitive personal information
“Special categories” of partcularly sensitve personal informaton require higher levels of
protecton. We need to have further justfcaton for collectng, storing and using this type of
personal informaton. We have in place an appropriate policy document and safeguards which we
are required by law to maintain when processing such data. We may process special categories of
personal informaton in the following circumstances:
- In limited circumstances, with your explicit writen consent.
- Where we need to carry out our legal obligatons or exercise rights in connecton with employment.
- Where it is needed in the public interest, such as for equal opportunites monitoring [or in relaton to our occupatonal pension scheme].
Less commonly, we may process this type of informaton where it is needed in relaton to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the informaton public. [We may also process such informaton about members or former members in the course of legitmate business actvites with the appropriate safeguards.]
Our obligations as an employer
We will use your partcularly sensitve personal informaton in the following ways:
- We will use informaton relatng to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
- We will use informaton about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your ftness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absenceand to administer benefts.
- We will use informaton about your race or natonal or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientaton, to ensure meaningful equal opportunity monitoring and reportng.
- [We will use trade union membership informaton to pay trade union premiums, register the status of a protected employee and to comply with employment law obligatons.]
Do we need your consent?
We do not need your consent if we use special categories of your personal informaton in accordance with our writen policy to carry out our legal obligatons or exercise specifc rights in the feld of employment law. In limited circumstances, we may approach you for your writen consent to allow us to process certain partcularly sensitve data. If we do so, we will provide you with full details of the informaton that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a conditon of your contract with us that you agree to any request for consent from us.
Information about criminal convictions
We may only use informaton relatng to criminal convictons where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligatons and provided we do so in line with our [data protecton policy
Less commonly, we may use informaton relatng to criminal convictons where it is necessary in relaton to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the informaton public.
We may also process such informaton about members or former members in the course of
legitmate business actvites with the appropriate safeguards.
We [envisage OR do not envisage] that we will hold informaton about criminal convictons. [We will only collect informaton about criminal convictons if it is appropriate given the nature of the role and where we are legally able to do so.] [Where appropriate, we will collect informaton about criminal convictons as part of the recruitment process or we may be notfed of such informaton directly by you in the course of you working for us.] [We will use informaton about criminal convictons and offences in the following ways:
[We are allowed to use your personal informaton in this way [to carry out our obligatons [SPECIFY] OR [SET OUT OTHER LAWFUL BASIS]]. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data].
Automated decision-making takes place when an electronic system uses personal informaton to
make a decision without human interventon. We are allowed to use automated decision-making
in the following circumstances:
Where we have notfed you of the decision and given you 21 days to request a reconsideraton.
- Where it is necessary to perform the contract with you and appropriate measures are in place
- to safeguard your rights.
- In limited circumstances, with your explicit writen consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision on the basis of any partcularly sensitve personal informaton, we must have either your explicit writen consent or it must be justfed in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a signifcant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notfed you.
We do not envisage that any decisions will be taken about you using automated means, however we will notfy you in writng if this positon changes.
We may have to share your data with third partes, including third-party service providers and other enttes in the group.
We require third partes to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal informaton outside the EU.
If we do, you can expect a similar degree of protecton in respect of your personal informaton.
Why might you share my personal information with third parties?
We will share your personal informaton with third partes where required by law, where it is
necessary to administer the working relatonship with you or where we have another
legitmate interest in doing so.
Which third-party service providers process my personal information?
“Third partes” includes third-party service providers (including contractors and designated agents) and other enttes within our group. [The following actvites are carried out by third-party service providers: [payroll, pension administraton, benefts provision and administraton, IT services] OR The following third-party service providers process personal informaton about you for the following purposes: [NAME PROVIDERS AND THE ACTIVITY THEY CARRY OUT]].
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other enttes in the group are required to take appropriate security measures to protect your personal informaton in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specifed purposes and in accordance with our instructons.
When might you share my personal information with other entities in the group?
We will share your personal informaton with other enttes in our group [as part of our regular reportng actvites on company performance, in the context of a business reorganisaton or group restructuring exercise, for system maintenance support and hostng of data.
What about other third parties?
We may share your personal informaton with other third partes, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal informaton with a regulator or to otherwise comply with the law.
We have put in place measures to protect the security of your informaton. Details of these measures are available upon request.
Third partes will only process your personal informaton on our instructons and where they have agreed to treat the informaton confdentally and to keep it secure. We have put in place appropriate security measures to prevent your personal informaton from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In additon, we limit access to your personal informaton to those employees, agents, contractors and other third partes who have a business need to know. They will only process your personal informaton on our instructons and they are subject to a duty of confdentality. [Details of these measures may be obtained from [POSITION].]
We have put in place procedures to deal with any suspected data security breach and will notfy you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will only retain your personal informaton for as long as necessary to fulfl the purposes we collected it for, including for the purposes of satsfying any legal, accountng, or reportng requirements. [Details of retenton periods for different aspects of your personal informaton are available in our retenton policy which is available from [[POSITION] OR [THE
INTRANET/PROVIDE LINK]]. To determine the appropriate retenton period for personal data, we consider the amount, nature, and sensitvity of the personal data, the potental risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal informaton so that it can no longer be associated with you, in which case we may use such informaton without further notce to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal informaton in accordance with [our data
retenton policy OR applicable laws and regulatons].
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal informaton we hold about you is accurate and current. Please keep us informed if your personal informaton changes during your working relatonship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal informaton (commonly known as a “data subject access request”). This enables you to receive a copy of the personal informaton we hold about you and to check that we are lawfully processing it.
- Request correction of the personal informaton that we hold about you. This enables you to have any incomplete or inaccurate informaton we hold about you corrected.
- Request erasure of your personal informaton. This enables you to ask us to delete or remove personal informaton where there is no good reason for us contnuing to process it. You also have the right to ask us to delete or remove your personal informaton where you have exercised your right to object to processing (see below).
- Object to processing of your personal informaton where we are relying on a legitmate interest (or those of a third party) and there is something about your partcular situaton which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal informaton for direct marketng purposes.
- Request the restriction of processing of your personal informaton. This enables you to ask us to suspend the processing of personal informaton about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal informaton to another party.
If you want to review, verify, correct or request erasure of your personal informaton, object to the processing of your personal data, or request that we transfer a copy of your personal informaton to another party, please contact [POSITION] in writng.
No fee usually required
You will not have to pay a fee to access your personal informaton (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatvely, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specifc informaton from you to help us confrm your identty and ensure your right to access the informaton (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal informaton is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collecton, processing and transfer of your personal informaton for a specifc purpose, you have the right to withdraw your consent for that specifc processing at any tme. To withdraw your consent, please contact [POSITION]. Once we have received notfcaton that you have
withdrawn your consent, we will no longer process your informaton for the purpose or purposes you originally agreed to, unless we have another legitmate basis for doing so in law.
Data protection officer
[We have appointed a [data protecton officer (DPO) OR data privacy manager] to oversee compliance with this privacy notce. If you have any questons about this privacy notce or how we handle your personal informaton, please contact the [DPO OR data privacy manager]. You have the right to make a complaint at any tme to the Informaton Commissioner’s Office (ICO), the UK supervisory authority for data protecton issues.]
Changes to this privacy notice
We reserve the right to update this privacy notce at any tme, and we will provide you with a new privacy notce when we make any substantal updates. We may also notfy you in other ways from tme to tme about the processing of your personal informaton.
If you have any questions about this privacy notice, please contact [POSITION AND CONTACT DETAILS].
I,___________________________ (employee/worker/contractor name), acknowledge that on _________________________ (date), I received a copy of Ant-Ligature Shop’s Limited’s Privacy Notce for employees, workers and contractors and that I have read and understood it.