Ant-Ligature Shop Limited is commited to protectng the privacy and security of your personal informaton. This privacy notce describes how we collect and use personal informaton about you during and afer your working relatonship with us, in accordance with the General Data Protecton Regulaton (GDPR).It applies to all employees, workers and contractors.Ant-Ligature Shop Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal informaton about you. We are required under data protecton legislaton to notfy you of the informaton contained in this privacy notce. This notce applies to current and former employees, workers and contractors. This notce does not form part of any contract of employment or other contract to provide services. We may update this notce at any time.It is important that you read this notce, together with any other privacy notce we may provide on specifc occasions when we are collectng or processing personal informaton about you, so that you are aware of how and why we are using such informaton.
We will comply with data protecton law. This says that the personal informaton we hold aboutyou must be:
Personal data, or personal informaton, means any informaton about an individual from which that person can be identfed. It does not include data where the identty has been removed (anonymous data). There are “special categories” of more sensitve personal data which require a higher level of protecton.Situations in which we will use your personal informationWe need all the categories of informaton in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligatons. In some cases we may use your personal informaton to pursue legitmate interests of our own or those of third partes, provided your interests and fundamental rights do not override those interests. The situatons in which we will process your personal informaton are listed below. [We have indicated by [asterisks] the purpose or purposes for which we are processing or will process your personal informaton, as well as indicatng which categories of data are involved.]
Some of the above grounds for processing will overlap and there may be several grounds which justfy our use of your personal informaton.
If you fail to provide personal information
If you fail to provide certain informaton when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a beneft), or we may be prevented from complying with our legal obligatons (such as to ensure the health and safety of our workers).
Change of purpose
We will only use your personal informaton for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatble with the original purpose. If we need to use your personal informaton for an unrelated purpose, we will notfy you and we will explain the legal basis which allows us todo so. Please note that we may process your personal informaton without your knowledge orconsent, in compliance with the above rules, where this is required or permited by law.
How we use particularly sensitive personal information
“Special categories” of partcularly sensitve personal informaton require higher levels ofprotecton. We need to have further justfcaton for collectng, storing and using this type ofpersonal informaton. We have in place an appropriate policy document and safeguards which weare required by law to maintain when processing such data. We may process special categories ofpersonal informaton in the following circumstances:
Less commonly, we may process this type of informaton where it is needed in relaton to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the informaton public. [We may also process such informaton about members or former members in the course of legitmate business actvites with the appropriate safeguards.]
We will use your partcularly sensitve personal informaton in the following ways:
Do we need your consent?We do not need your consent if we use special categories of your personal informaton in accordance with our writen policy to carry out our legal obligatons or exercise specifc rights in the feld of employment law. In limited circumstances, we may approach you for your writen consent to allow us to process certain partcularly sensitve data. If we do so, we will provide you with full details of the informaton that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a conditon of your contract with us that you agree to any request for consent from us.
Information about criminal convictions
We may only use informaton relatng to criminal convictons where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligatons and provided we do so in line with our [data protecton policyOR [POLICY]].Less commonly, we may use informaton relatng to criminal convictons where it is necessary in relaton to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the informaton public.We may also process such informaton about members or former members in the course oflegitmate business actvites with the appropriate safeguards.We [envisage OR do not envisage] that we will hold informaton about criminal convictons. [We will only collect informaton about criminal convictons if it is appropriate given the nature of the role and where we are legally able to do so.] [Where appropriate, we will collect informaton about criminal convictons as part of the recruitment process or we may be notfed of such informaton directly by you in the course of you working for us.] [We will use informaton about criminal convictons and offences in the following ways:[We are allowed to use your personal informaton in this way [to carry out our obligatons [SPECIFY] OR [SET OUT OTHER LAWFUL BASIS]]. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data].
Automated decision-making takes place when an electronic system uses personal informaton tomake a decision without human interventon. We are allowed to use automated decision-makingin the following circumstances:
Where we have notfed you of the decision and given you 21 days to request a reconsideraton.
If we make an automated decision on the basis of any partcularly sensitve personal informaton, we must have either your explicit writen consent or it must be justfed in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a signifcant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notfed you.We do not envisage that any decisions will be taken about you using automated means, however we will notfy you in writng if this positon changes.
We may have to share your data with third partes, including third-party service providers and other enttes in the group.We require third partes to respect the security of your data and to treat it in accordance with the law.We may transfer your personal informaton outside the EU.If we do, you can expect a similar degree of protecton in respect of your personal informaton.Why might you share my personal information with third parties?We will share your personal informaton with third partes where required by law, where it isnecessary to administer the working relatonship with you or where we have anotherlegitmate interest in doing so.
Which third-party service providers process my personal information?
“Third partes” includes third-party service providers (including contractors and designated agents) and other enttes within our group. [The following actvites are carried out by third-party service providers: [payroll, pension administraton, benefts provision and administraton, IT services] OR The following third-party service providers process personal informaton about you for the following purposes: [NAME PROVIDERS AND THE ACTIVITY THEY CARRY OUT]].
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other enttes in the group are required to take appropriate security measures to protect your personal informaton in line with our policies.We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specifed purposes and in accordance with our instructons.
When might you share my personal information with other entities in the group?
We will share your personal informaton with other enttes in our group [as part of our regular reportng actvites on company performance, in the context of a business reorganisaton or group restructuring exercise, for system maintenance support and hostng of data.
What about other third parties?
We may share your personal informaton with other third partes, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal informaton with a regulator or to otherwise comply with the law.
We have put in place measures to protect the security of your informaton. Details of these measures are available upon request.Third partes will only process your personal informaton on our instructons and where they have agreed to treat the informaton confdentally and to keep it secure. We have put in place appropriate security measures to prevent your personal informaton from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.In additon, we limit access to your personal informaton to those employees, agents, contractors and other third partes who have a business need to know. They will only process your personal informaton on our instructons and they are subject to a duty of confdentality. [Details of these measures may be obtained from [POSITION].]We have put in place procedures to deal with any suspected data security breach and will notfy you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?We will only retain your personal informaton for as long as necessary to fulfl the purposes we collected it for, including for the purposes of satsfying any legal, accountng, or reportng requirements. [Details of retenton periods for different aspects of your personal informaton are available in our retenton policy which is available from [[POSITION] OR [THEINTRANET/PROVIDE LINK]]. To determine the appropriate retenton period for personal data, we consider the amount, nature, and sensitvity of the personal data, the potental risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.In some circumstances we may anonymise your personal informaton so that it can no longer be associated with you, in which case we may use such informaton without further notce to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal informaton in accordance with [our dataretenton policy OR applicable laws and regulatons].
Your duty to inform us of changesIt is important that the personal informaton we hold about you is accurate and current. Please keep us informed if your personal informaton changes during your working relatonship with us.Your rights in connection with personal informationUnder certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal informaton, object to the processing of your personal data, or request that we transfer a copy of your personal informaton to another party, please contact [POSITION] in writng.
No fee usually requiredYou will not have to pay a fee to access your personal informaton (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatvely, we may refuse to comply with the request in such circumstances.
What we may need from youWe may need to request specifc informaton from you to help us confrm your identty and ensure your right to access the informaton (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal informaton is not disclosed to any person who has no right to receive it.
Right to withdraw consentIn the limited circumstances where you may have provided your consent to the collecton, processing and transfer of your personal informaton for a specifc purpose, you have the right to withdraw your consent for that specifc processing at any tme. To withdraw your consent, please contact [POSITION]. Once we have received notfcaton that you havewithdrawn your consent, we will no longer process your informaton for the purpose or purposes you originally agreed to, unless we have another legitmate basis for doing so in law.
Data protection officer[We have appointed a [data protecton officer (DPO) OR data privacy manager] to oversee compliance with this privacy notce. If you have any questons about this privacy notce or how we handle your personal informaton, please contact the [DPO OR data privacy manager]. You have the right to make a complaint at any tme to the Informaton Commissioner’s Office (ICO), the UK supervisory authority for data protecton issues.]
Changes to this privacy noticeWe reserve the right to update this privacy notce at any tme, and we will provide you with a new privacy notce when we make any substantal updates. We may also notfy you in other ways from tme to tme about the processing of your personal informaton.