LAST UPDATED: 4.12.19
In order to comply with its contractual, statutory, and management obligations and responsibilities, the “company” (Order Line Ltd/SkyNet Ltd) is required to process personal data relating to its employees, including ‘sensitive’ personal data, as defined in the Data Protection Act 1998 (the “Act”) which includes information relating to health, racial or ethnic origin, and criminal convictions.
All such data will be processed in accordance with the provisions of the Act, the staff handbook as well as the staff data policy shown here. For the purposes of the Act, the term ‘processing’ includes the initial collection of personal data, the holding and use of such data, as well as access and disclosure, through to final destruction. In certain circumstances, the provisions of the company permit to process an employee’s personal data, and, in certain circumstances, sensitive personal data, without their explicit consent. Further information on what data is collected and the purposes for which it is processed is given below.
The company’s contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll; bank account; postal address; sick pay; leave; maternity pay; and pension and emergency contacts.
The company's statutory responsibilities are those imposed on the company by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring.
The company’s management responsibilities are those necessary for the organisational functioning of the company. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; health and safety; security, including company-operated CCTV; e-mail address and telephone number; swipe cards; and criminal convictions.
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual life; and criminal allegations, proceedings or convictions. In certain limited circumstances, the Act permits the company to collect and process sensitive personal data without requiring the explicit consent of the employee.
(a) The company will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service (or other bodies), and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.
(b) Save in exceptional circumstances, the company will process data about an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding the company’s equal opportunities policies and related provisions.
(c) Data about an employee’s possible criminal convictions will be held as necessary
In order to perform its contractual and management responsibilities, the company may, from time to time, need to share an employee’s personal data with one or more colleges. In such cases, the college or colleges will be required to process the data in accordance with the provisions of the Act.
For the performance of the employment contract, the company is required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil its statutory responsibilities, the company is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Your personal details maybe shared with the 3rd parties such as outsourced contractors including Payroll, Bookkeeping, Accountants, Health and Safety consultants, and so on.
The Act requires the company to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is the responsibility of the individual employee to inform the company of any changes to the personal data that they have supplied to it during the course of their employment.
Under the Act, it is possible for individuals to request access to any of their personal data held by the company, subject to certain restrictions. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to the company’s H.R Dept.