THE MCGINNIS GROUP PRIVACY AND DATA PROTECTION NOTICE
This Privacy and Data Protection Notice (this Notice) is intended to ensure that you are aware of what personal data The Mc Ginnis Group (MGG, we, us, our) holds in relation to you, and how we use that data as data controller.
Please read the following carefully to understand our use of your personal data.
This Notice applies to you, whether you are a current (or former) employee, partner, worker, intern, agency worker, consultant, individual contractor or director. It also applies to third parties whose information you provide to us in connection with our relationship with you (for example, in respect of emergency contact information). Please ensure that you provide a copy of this Notice to any third parties whose personal data you provide to us.
Where we refer to 'employee personal data' or 'employment' in this Notice, we do so for convenience only. This notice does not form part of any contract of employment or other contract to provide services. It applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) by us. We may update this Notice at any time and will notify you in writing of any changes.
What is Personal Data?
'Personal Data' is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information.
We will collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Marital status and dependants.
- Next of kin and emergency contact information.
- National Insurance number.
- Bank account details, payroll records and tax status information.
- Salary, annual leave, pension and benefits information.
- Start date.
- Location of employment or workplace.
- Copy of driving licence.
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
- Employment records (including job titles, work history, working hours, training records and professional memberships).
- Compensation history.
- Performance information.
- Disciplinary and grievance information.
- CCTV footage
- Information about your use of our information and communications systems.
Purpose and Basis for Processing
We will hold, process and may disclose personal data provided by you for the following purposes:
- Recruitment/appointment including assessing your job application;
- Providing you with building and IT access;
- Payroll and finance including paying salary, reimbursing expenses and other payments;
- Keeping attendance and working time records;
- Performance appraisals and management of performance; and
- Administering employment termination.
- This processing of your data is necessary to process job applications submitted by, or on your behalf, and for performance of your contract of employment (or engagement).
- Monitoring and promotion of equal opportunities, including the review of gender breakdown and progression;
- Monitoring use of IT and communications in accordance with our IT, email and internet policy;
- Provision of references;
- Investigating and responding to complaints from personnel, clients, business partners, regulators; and
- Maintaining emergency contact details.
- This processing of your data is necessary for our legitimate business interest in managing our business, provided our interest is not overridden by your interest.
- Managing health and safety at work and incident reporting;
- Compliance with our regulatory (for example disclosing tax data to the Inland Revenue) and professional requirements; and
- Defending, responding or conducting legal proceedings.
- This processing of your data is necessary in order for us to comply with any legal or regulatory obligations.
Special Categories of Personal Data
Certain categories of your personal data are regarded as 'special' including information relating to an individual's:
- Physical or mental health;
- Religious, philosophical or political beliefs;
- Trade union membership;
- Ethnic or racial origin;
- Biometric or genetic data; and
- Sexual orientation.
We only process such data where necessary for the purpose of carrying out the obligations, and exercising specific rights, of MGG or of an employee under employment law or for the assessment of your working capacity.
We will only process data relating to your criminal convictions or involvement in criminal proceedings when permitted by law, or where provided voluntarily by you.
In principle, we do not rely on your consent for data use. We may, however, from time to time, (i) ask for your consent to use your personal data for a specific purpose; and/or (ii) process your personal data (including "special data") in order to protect your vital interests or the interests of another. If we do so, we will provide you with full details of the data that we would like and the reason we need it. We will also inform you about the fact that you can revoke your consent at any time and how you should do that. You should be aware that withholding your consent will never have an impact on your employment with us or otherwise negatively affect you.
Where you do not provide us with your Personal Data
If you do not provide us with your personal data we may not be able to process your job application, suitability for a particular role, your pay or other benefits, comply with our legal obligations or manage our business. We will tell you when we ask for information which is a statutory or contractual requirement or needed to comply with our legal obligations. Security and Storage of Personal Data We securely store your personal data in a centralised database, with controlled access to such database. Access to personal data (including special data) in both electronic and paper form is restricted to members of the HR Team, Accounts Team, Managers and employees who have a legitimate and justifiable reason to view such data.
Recipients of Your Personal Data
We may disclose your personal data to companies in The McGinnis Group including, without limitation, for the following reasons: in order to run processes, carry out group wide reporting, or take decisions about hiring or promotion.
It may be necessary from time to time for us to disclose personal data to third parties or agents, including without limitation to the following:
- Third parties to assist in the administration, processing and management of certain activities pertaining to past, current and prospective employees;
- Individuals or companies employed by MGG to carry out specific services, functions or consultancy work including external reference agencies and other financial institutions;
- Relatives or legal representatives of past, current and prospective employees;
- Regulatory bodies to whom we are obliged or required to disclose information;
- Insurance or assurance companies and health insurance providers or trade unions;
- Legal and medical practitioners;
- Pension providers;
- Potential purchasers or bidders;
- Relevant Government departments and agencies;
- HR employment consultants;
- Health and Safety consultants;
- Training companies;
- Auditors; and
- Accountancy companies.
Other support service providers necessary to assist MGG with the above;
We will inform you in advance if we intend to further process or disclose your personal data for a purpose other than the purposes set out above. We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of such data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied.
Transfer of Personal Data outside the EEA The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), for the purposes described above. We will ensure suitable safeguards are in place to protect the privacy and integrity of your personal data in such circumstances. You can obtain information and a copy of documentation pertaining to these safeguards from firstname.lastname@example.org, where applicable.
Data will be stored for as long as required to satisfy the purpose for which the data was collected and used, unless a longer period is necessary for our legal obligations or for the exercise or defence of legal claims.
Statutory retention periods apply to certain records. As statutory retention periods can vary depending on the type of data, please refer to our data retention policy to find out more. Our retention practices are reviewed and updated from time to time in line with legal requirements and best practice.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com in writing.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If you wish to exercise any of your rights in this regard please contact firstname.lastname@example.org. We will respond to your request as soon as practicable. We may request proof of identification to verify your request.