STAFF PRIVACY POLICY
1. GENERAL
1.1 Keeley & Co (“we” “us” “our”) are committed to protecting and respecting your privacy. For the purpose of data protection legislation, we are the data controller and we will process your data in accordance with articles 6(1)(b), 6(1)(c), 6(1)(f) and 9(1)(a) of the General Data Protection Regulation 2016 (“GDPR”). Please read the following carefully to understand our views and practices regarding your data and how we will treat it.
1.2 This policy applies to prospective, current and former employees, consultants, directors, secondees, casual workers, agency workers, volunteers and individuals on work experience (“Staff”). We will gather personal information and retain this for purposes directly relevant to your employment or engagement including but not limited to ensuring proper performance of your contract of employment/contract for services, for management, human resources and payroll purposes, as otherwise reasonably required for the purposes of our legitimate interests and compliance with applicable law.
2. YOUR DATA
2.1 For the purposes of this privacy policy, “Your Data” means any information about you from which you are personally identifiable, including without limitation: your name, gender, home address, email address and telephone number, your date of birth, emergency contacts; sick pay, pensions, bank details (where we pay you for your services) insurance and other benefits information; date of employment, work history, date(s) of promotion, training courses attended; and record of work absences, salary history, performance appraisals, disciplinary and grievance records, C.V. and information from third parties such as referees.
3. HOW WE COLLECT YOUR DATA
3.1 We may collect and process Your Data in the following circumstances:
3.1.1 when you register your interest in one of our advertised roles;
3.1.2 when you apply for a job with us;
3.1.3 when you become a Staff member or other personnel;
3.1.4 whenever you complete our voluntary surveys and equal opportunities monitoring forms that we use for research purposes; and
3.1.5 whenever you disclose Your Data to us, or we collect Your Data from you in any other way.
4. HOW WE USE YOUR DATA
4.1 We may use Your Data:
4.1.1 for general HR administration, including payroll and benefits, training and development, performance management, sickness and absence management, grievance and disciplinary procedures, equal opportunities monitoring and business continuity planning;
4.1.2 to maintain emergency contact and beneficiary details;
4.1.3 to prepare and/or receive references;
4.1.4 for monitoring and assessing compliance with our policies and procedures;
4.1.5 for promotional and marketing materials and activities (including photographs subject to obtaining your prior consent);
4.1.6 to investigate and respond to claims against us; and
4.1.7 to comply with applicable laws.
5. DISCLOSURE OF YOUR DATA TO THIRD PARTIES
5.1 Your full Data will only be viewed by directors but a finite amount of data will be seen by other staff. This comprises your name, telephone numbers and personal email in relation to our Disaster Recovery Plan and additionally your address, National Insurance number and date of birth for the purposes of logging your membership of our employee benefits schemes. Furthermore, if you choose to effect investments/policies through the firm then the normal information we need to log for you as a client will also be accessible to other staff in our client database system. In addition to this we may disclose Your Data to third parties including:
5.1.1 IT software providers that store data on our behalf;
5.1.2 to our professional advisers and third party organisations providing services to us including but not limited to payroll, pension, employment advice and health care services;
5.1.3 to a prospective employer of yours who requests a reference;
5.1.4 to a prospective buyer of some or all of our business or assets, in which case personal data including Your Data will also be one of the transferred assets;
5.1.5 to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share Your data in order to comply with any legal obligation;
5.1.6 to any central or local government department and other statutory or public bodies (such as HMRC, DWP).
5.2 We will not sell Your Data to other organisations without your approval.
6. HOW WE STORE YOUR PERSONAL DATA
6.1 All information you provide to us is stored on our secure servers. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
6.2 Occasionally, we may need to send personal data relating to you outside of the European Economic Area (‘EEA’). Where this is the case, we will ensure that adequate levels of protection approved by the European Commission are in place for security of the transfer of Your Data outside the EEA unless one of the derogations under GDPR applies.
7. RETENTION OF YOUR DATA
7.1 Your Data will be retained for as long as we believe is necessary to fulfill the purposes for which the personal information was collected. This includes for the purpose of meeting any legal, accounting or other reporting requirement or obligations, but in any event this will not exceed 10 years after the termination of your employment or engagement or 80 years if you were a client of Keeley & Co.
8. ACCESS TO, UPDATING, DELETING AND RESTRICTING USE OF YOUR DATA
8.1 Data protection legislation gives you the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of Your Data, please make a formal Subject Access Request to Luella.Keeley@keeleys.co.uk. We reserve the right to charge a reasonable fee to comply with your request.
8.2 You can also ask us to undertake the following:
8.2.1 update or amend Your Data if you feel this is inaccurate;
8.2.2 remove Your Data from our database entirely (subject to exemptions which may apply such as having a legitimate business interest to retain it);
8.2.3 send you copies of Your Data in a commonly used format and transfer Your Data to another entity where you have supplied data to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
8.2.4 restrict the use of Your Data so that it is only used for certain purposes.
8.3 Please send any requests relating to the above to Luella Keeley at Luella.Keeley@keeleys.co.uk specifying your name and the action you would like us to undertake.
9. CHANGES TO OUR PRIVACY POLICY
9.1 Any changes we may make to our privacy policy in the future will be posted on this page and updated in this Policy. We will notify you if there are any changes to this policy that materially affect how we collect, store or process Your Data. However we encourage you to check this policy from time to time for any changes.
10. CONTACT
10.1 If you have any questions, comments or requests regarding this policy or how we use Your Data please contact Luella Keeley at Luella.Keeley@keeleys.co.uk. This is in addition to your right to contact the Information Commissioners Office regarding any concerns or complaints you have at https://ico.org.uk/global/contact-us/.
Last updated: January 2023