Privacy Notice – Prospective, Current and Past Staff Members
Privacy Notice – Prospective, Current and Past Staff Members
Data controller: Tony Gee and Partners LLP, Hardy House, 140 High Street, Esher, Surrey KT10 9QJ
In addition, Tony Gee collects and processes data relating to the marketing and business operations of the company. Please refer to the separate Privacy Notice – Marketing and Business Operations.
What information does Tony Gee collect?
Tony Gee collects and processes a range of information about you. This includes some or all of the following:
- your full name, postal address, email address and telephone number(s);
- whether or not you are under age 18;
- information about your education, qualifications, skills, experience and employment history including start and end dates;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process;
- your nationality and information about your entitlement to work in the UK;
- information about your criminal record; and
- any other information that you may provide to us as part of your CV and covering letter.
For employees (in addition to the above)
- date of birth, gender and a staff profile photograph;
- the terms and conditions of your employment;
- proof of your qualifications, including certificates;
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
- details of your bank account and national insurance number;
- driving for work information including driving licence checks which will reveal any current convictions;
- information about your marital status, next of kin, dependants and emergency contacts;
- proof of your entitlement to work in the UK e.g. passport and work permit if applicable;
- details of your scheduled days of work and working hours and attendance at work, e.g. timesheet system;
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
- information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments or restrictions on type of work you can undertake (where limited by statute);
- drugs and alcohol test results;
- information to enable accident reporting;
- logging of computer system use, including monitoring aspects of communications sent and received; and
- equal opportunities monitoring information (optional and/or anonymous), including information about your ethnic origin, sexual orientation, health and religion or belief
How is the information collected?
Tony Gee collects this information in a variety of ways, for example, from CVs or resumes; through application forms; from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, we collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks permitted by law.
We may collect data from you through a cloud-based system. This data will be stored and processed within the UK or the EEA, and the information is not shared, sold to or accessed by parties outside Tony Gee except to operate the data collection and pass the information to Tony Gee for business operations purposes as set out in this notice.
Why does Tony Gee process personal data?
Tony Gee needs to process data to take steps at your request prior to entering into a contract with you. In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts.
Tony Gee has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. Tony Gee may also need to process data from job applicants to respond to and defend against legal claims.
Tony Gee processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
For some roles, Tony Gee is obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, Tony Gee may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
Tony Gee needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, we need to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefits, pension and insurance entitlements.
In some cases, Tony Gee needs to process data to ensure that it is complying with its legal obligations. For example, we are required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.
In other cases, Tony Gee has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows us to:
- run on boarding and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- operate and maintain an accurate record of employee skills, knowledge and experience to ensure suitable work is allocated to staff, and to permit us to demonstrate staff competence to clients;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that we comply with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- investigate and manage IT system performance;
- provide references on request for current or former employees;
- respond to and defend against legal claims; and
- maintain and promote equality in the workplace.
Where Tony Gee relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
Where Tony Gee processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes is anonymised and/or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
Who has access to data?
Data is stored in a range of different places, including in your personnel file, in the HR and payroll management systems and in other IT systems, including the Tony Gee email system.
Access to your personal data is permission controlled. Your information will be shared internally, including with members of the HR and payroll team, the Executive Board, managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles.
Tony Gee may share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
Tony Gee also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, the provision of outsourced IT services and software, and the provision of training and accreditation services.
Tony Gee may share limited personal data, such as name, job title, qualifications and experience with third parties in the process of winning work for the business. We will process such data as part of our statutory duty to ensure that designers working on projects are competent, and may share it to demonstrate this to clients. The information shared with third parties will be no more than that on the standard company corporate ‘CV’ documents (which a member of staff can view at any time), unless specific consent is obtained.
How does Tony Gee protect data?
Tony Gee takes the security of your data seriously. There are internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details are set out in the Data Protection and Retention Policy.
Where Tony Gee engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are under a duty of confidentiality. They are obliged to implement appropriate technical and organisational measures to try to ensure the security of data and to process it in accordance with your rights under the GDPR.
For how long does Tony Gee keep data?
If your application for employment is unsuccessful, Tony Gee may hold your data on file for the consideration of future employment opportunities. However you have a right to object to the processing of your data at any time, at which point your data will be deleted or destroyed securely.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained for the duration of your employment. The periods for which your data is held after the end of employment are set out in the Data Protection and Retention Policy.
As a data subject, you have a number of rights. You can:
- require Tony Gee to change incorrect or incomplete data;
- require Tony Gee to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- access and obtain a copy of your data on request;
- object to the processing of your data where Tony Gee is relying on its legitimate interests as the legal ground for processing; and
- ask Tony Gee to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override Tony Gee’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact HR [at] tonygee [dot] com.
If you believe that Tony Gee has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to Tony Gee during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
You have some obligations under your employment contract to provide Tony Gee with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide us with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable Tony Gee to enter a contract of employment with you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Recruitment processes and employment decisions are not based solely on automated decision-making.
What will we do if anything changes?
Changes to our Privacy Notice will be posted here. Where the changes are significant, we may also email those affected by the updates.
Last reviewed: September 2020