We use your personal information throughout the employment relationship that we have with you. This includes a number of different processing activities throughout your employment.
This notice should be read in conjunction with the Overview.
What processing activities do you undertake that include my personal information?
We undertake processing activities that are designed to ensure that our business operations and staff are protected, which involves monitoring the behaviour of our staff and their activity.
These processing activities include:
- Ensuring network and information security, including prevention of unauthorised access to our computer and electronic communications systems and prevention of malicious software distribution.
- Monitoring use of our information and communication systems to ensure compliance with our policies.
- Call recording.
- Monitoring the use of company-provided mobile telephones.
- Ensuring staff only access systems and locations that they have the correct permissions for.
- Understanding and evaluating specific behaviours of our staff that may pose a threat to our business and staff, which in some cases involves automated processing.
- Investigations into security and/or compliance concerns, as appropriate.
What categories of personal information are included in these processing activities?
To run the processes set out above, we process Staff related data, Business information, Data related to your engagement with the Company, Vetting data, Leave information, HR processes data, Monitoring data (to the extent permitted by applicable laws) and Employment claims, complaints and disclosures data.
We may also process special categories of personal information and criminal records information.
What is the purpose of these activities?
We carry out these activities to protect our business from external and internal threats, to support our staff, and to identify and protect against criminal activity or breaches of company policy or procedures. We also need to do so to comply with industry security requirements laid down by the Government of the United Kingdom or similar security requirements imposed by governments in other jurisdictions in which the Company operates.
What are the legal grounds you rely on to carry these out?
This processing is necessary for the purpose of the legitimate interests pursued by the Company.
In some cases, the processing will be necessary to comply with legal obligations to which the Company is subject.
(See “What are the legal grounds for processing personal information?” in the Overview section).
What are the 'legitimate interests' referred to above?
The Company has a legitimate interest in ensuring that its business, clients, staff members, assets and systems are kept safe and secure from external and internal threats.
This includes:
- Protecting our assets and the integrity of our systems;
- Detecting and preventing loss of confidential information and proprietary information;
- Detecting and preventing criminal activity, including threats to national security;
- Ensuring compliance with export control laws and other similar legal requirements placed upon us;
- Ensuring compliance with applicable industry security requirements laid down by the Government of the United Kingdom or similar security requirements imposed by governments in other jurisdictions in which the Company operates; and
- Protecting the rights, freedoms and interests of individuals when working for the Company.
As this processing may include special categories of personal information or information relating to my criminal record, in addition to the above, what are the additional legal grounds you rely on to justify this processing?
This processing is necessary for reasons of substantial public interest. Particularly, the Company may need to process special categories of personal information to prevent and detect crimes, including fraud.
In some cases, this processing is needed for carrying out our employment law obligations. For example, complying with health and safety legislation.
(See “What are the legal grounds for processing special category personal information?” in the Overview section.)
To the extent that you did not get this personal information from me, how did you collect this information?
Some of the information processed in these activities may be generated by the Company. This would usually include by your line management, by Security, IM&T and Legal teams, and through your use of Company IT and systems (see “Where do you get my personal information from?” in the Overview section). Where applicable, personal information may be generated using automated processing, for example where we combine behaviours of our staff to detect possible risks.
In addition, we may work with business partners and suppliers to carry out this activity and as set out in this Notice. We may receive information from other sources as set out in this Notice (see “Where do you get my personal information from?” in the Overview section).
Who do you share this personal information with?
Your personal information is shared internally, as set out in this Notice (see “When do you share my personal information with others?” in the Overview section). This would usually include with the HR, Security and Legal teams, and your line management.
In addition, some of your personal information will be shared externally with any suppliers or partners as needed, external agencies (including the Police or other law enforcement, as appropriate) and as otherwise set out in this Notice (see “When you do you share my information with others?” in the Overview section).