Please select the privacy notice you require from the list below
Privacy Policy
Visitor Privacy Notice
Supplier Privacy Notice
Subsidiary Privacy Notice
Employee Privacy Notice
Customer Privacy Notice
Recruitment Privacy Notice
Privacy Policy
Who we are
The pages on the website (‘the Website’) are published by Dotsquares Limited, a company registered in Registered in England & Wales with company registration number 4381390, whose registered address is at Fifth Floor Intergen House, 65-67 Western Road, Hove, East Sussex, BN3 2JQ, on behalf of Hanovia Ltd, a company registered in England and Wales with company registration number 1473077, whose registered address is at Hanovia Ltd, 780-781 Buckingham Avenue, Slough, Berkshire SL1 4LA (‘Hanovia’).
We respect your right to privacy and will process personal
information you provide only in accordance with the General Data
Protection Regulation 2018, the Privacy and Electronic Communications
(EC Directive) Regulations 2003 and other applicable privacy laws.
The information collected and how it is used
We will not collect any information about individuals, except where it is specifically and knowingly provided by them.
When you visit our Website, we collect some basic information such as your browser type, IP address, internet service provider’s domain name, which pages you accessed on the site, and when. Details of cookies that we use on the Website can be found on the Cookie notice.
We use this information to provide you with and maintain the quality of the Website and to analyse the use of the Website in order to help guide improvements. Personally identifiable information is not automatically collected.
If you register with this website for information, you will need to provide your name and email address.
This data is held on our central CRM system and is backed up on internal IT server, hosted in the UK. Email campaigns are managed through a third-party vendor ‘MailChimp’ using our Office 365 system. All IT servers have the SSL certifications in place and meet the GDPR and International community specification for holding data and are audited on a regularly basis to maintain the highest level of security. The information will not be used for any other purpose; it will be stored securely and will not be shared with third parties. By registering you consent to this use of your name and email address. In the event of a breech on our systems, all contacts will be notified by our IT department. If you have any concerns or would like to get further clarification on our data hold and use policy, please contact us on gdpr@hanovia.com
Third-party use of information
We will not disclose, sell or rent your personal information to any third party except when a required to do so by applicable law, by government body or law enforcement agency. If you do consent but later change your mind, you may contact us to ask for any such activity to stop.
Internal transfers
We may transfer the personal information that is collected from you to third-party data processors located in countries that are outside of the European Economic Area in connection with the above purposes. Please be aware that countries which are outside the European Economic Area may not offer the same level of data protection as the United Kingdom, although the collection, storage and use of your personal data will continue to be governed by this privacy policy.
Security
Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that the security of any personal information that you transfer over the Internet to us cannot be guaranteed.
Your rights
You have the following rights:
- the right to be provided with copies of personal information that we hold about you at any time, subject to a fee specified by law;
- the right to ask us to update and correct any out-of-date or incorrect personal information held about you free of charge; and
- the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please write to the Data Protection Officer at Hanovia (as appropriate) at the addresses specified above.
Third-party sites
The Website may contain links to other websites operated by third parties. Please note that this privacy policy applies only to the personal information that Hanovia collect through the Website and we cannot be responsible for personal information that third parties may collect, store and use through their website. You should always read the privacy policy of each website you visit carefully.
Visitor Privacy Statement
Our name/contact details are Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA
Please contact us on 01753 515300 or email gdpr@hanovia.com if you have any questions relating to this privacy policy.
What data do we collect?
We may collect the following information:
- Your name, company and car registration details in our visitors book;
- Your name and email to log onto our wireless internet
- Your image on our CCTV coverage of the site
- Additional personal information in the event of an incident that we are required to record in our accident book or other Health & Safety documentation.
How do we use your data?
- To protect or as part of an investigation into attempts to gain unauthorised access or damage to our property
- Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
International Transfers
Sometimes it is necessary for us to share your data outside of the European Economic Area. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
How long will we keep your data for?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
How do we protect your data?
We are committed to keeping your personal data safe and secure. Our security measures include:
- Encryption of electronic data.
- Security controls which protect our IT infrastructure from external attacks and unauthorised access.
- Internal policies limiting access to the data.
- Internal policies setting out our data security approach and training for employees.
What are your rights?
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- no longer have any legal reason to retain it (the right of erasure);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using/holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability)
If you wish to exercise any of the above rights, you can email us at gdpr@hanovia.com or write to: The Data Protection Officer, Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA.
Legal Basis for processing personal data
We collect and use your personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below) ;or
- complying with our legal obligations
Our legitimate interests
The normal legal basis for processing your data, is that it is necessary for the legitimate interests of the Company, including: –
- protecting customers, suppliers, employees and other individuals and maintaining their safety, health and welfare
- complying with our legal and regulatory obligations
- handling customer and supplier contacts, queries, complaints or disputes
Updating our privacy policy
We will update this privacy policy as required, indicating the date of change. This policy was last updated on July 23rd, 2018.
Supplier Privacy Statement
Our name/contact details are Hanovia Ltd, 780 Buckingham Avenue, Slough SL1 4LA.
Please contact us on 01753 515300 or email gdpr@hanovia.com if you have any questions relating to this privacy policy.
What data do we collect?
We may collect the following information:
- Your name, contact address, email address, telephone numbers (including mobile numbers)
- Your location
How do we use your data?
- To authenticate you as a Supplier of the Company and contact you regarding legitimate commercial matters;
International Transfers
Sometimes it is necessary for us to share your data outside of the European Economic Area. This will typically happen if you are based, or are visiting, a country outside the EEA. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
How long will we keep your data for?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
How do we protect your data?
We are committed to keeping your personal data safe and secure. Our security measures include:
- Encryption of electronic data
- Security controls which protect our IT infrastructure from external attacks and unauthorised access.
- Internal policies limiting access to the data
- Internal policies setting out our data security approach and training for employees
What are your rights?
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using/holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability)
If you wish to exercise any of the above rights, you can email us at gdpr@hanovia.com or write to:
The Data Protection Officer, Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA.
Legal Basis for processing personal data
We collect and use your personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below); or
- complying with our legal obligations
Our legitimate interests
The normal legal basis for processing your data, is that it is necessary for the legitimate interests of the Company, including: –
- protecting customers, suppliers, employees and other individuals and maintaining their safety, health and welfare
- complying with our legal and regulatory obligations
- handling customer and supplier contacts, queries, complaints or disputes
Updating our privacy policy
We will update this privacy policy as required, indicating the date of change. This policy was last updated on July 23rd, 2018.
Subsidiary Privacy Statement
Our name/contact details are Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA
Please contact us on 01753 515300 or email gdpr@hanovia.com if you have any questions relating to this privacy policy.
What data do we collect?
We may collect the following information:
- Your name, contact address, email address, telephone numbers (including mobile numbers)
- Your location
How do we use your data?
- To authenticate you as an authorised user of the Company’s or Group’s systems
- To identify which systems you should have access to
International Transfers
Sometimes it is necessary for us to share your data outside of the European Economic Area. This will typically happen if you are based, or are visiting, a country outside the EEA. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
How long will we keep your data for?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
How do we protect your data?
We are committed to keeping your personal data safe and secure. Our security measures include:
- Encryption of electronic data
- Security controls which protect our IT infrastructure from external attacks and unauthorised access.
- Internal policies limiting access to the data
- Internal policies setting out our data security approach and training for employees.
What are your rights?
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using/holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability)
If you wish to exercise any of the above rights, you can email us at gdpr@hanovia.com or write to: The Data Protection Officer, Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA.
Legal Basis for processing personal data
We collect and use your personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below);or
- complying with our legal obligations
Our legitimate interests
The normal legal basis for processing your data, is that it is necessary for the legitimate interests of the Company, including: –
- protecting customers, suppliers, employees and other individuals and maintaining their safety, health and welfare
- complying with our legal and regulatory obligations
- handling customer and supplier contacts, queries, complaints or disputes
Updating our privacy policy
We will update this privacy policy as required, indicating the date of change. This policy was last updated on July 23rd, 2018.
Employee Privacy Notice
Introduction
This privacy statement explains how the Company collects and processes personal information, or personal data, relating to its employees, workers and contractors to manage the working relationship. This personal information may be held by the Company on paper or in electronic format.
We are required under the GDPR to notify you of the information contained in this privacy notice. This privacy notice applies to all current and former employees, workers and contractors. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
Who are we?
The Company is the data controller (contact details at the end of this notice). This means we decide how your personal data is processed and for what purposes
What information does the Company collect and from what sources?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.
The Company collects, uses and processes a range of personal information about you. It may include, but is not limited to:
- your contact details, including your name, address, telephone number and personal e-mail address
- your emergency contact details/next of kin including contact names, title, addresses, personal telephone numbers and personal email addresses (which could include details of your relationship to them and your marital status or sexual orientation)
- your date of birth
- your gender
- your nationality
- your marital status and dependants
- the start and end dates of your employment or engagement*
- recruitment records, including personal information included in a CV, any application form, cover letter, interview notes, references, copies of proof of right to work in the UK documentation, passport, copies of qualification certificates, copy of driving licence and other background check documentation
- the terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, written statement of employment particulars, casual worker agreement, consultancy agreement, pay review and bonus letters, statements of changes to employment or engagement terms and related correspondence
- details of your skills, qualifications, experience and work history, both with previous employers and with the Company
- your professional memberships
- your salary, entitlement to benefits and pension information
- your National Insurance number
- your bank account details, payroll records, tax code and tax status information
- any disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence
- appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set (Talent management)
- training records
- annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence
- any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence
- information obtained through electronic means, such as swipecard or clocking-in system records
- information about your use of our IT systems, including usage of telephones, e-mail and the Internet*
- photographs, typically used internally only for ID cards, company announcements, organisation charts, first aid charts and the company intranet
- your social networking profiles and/or internet profiles whether professional or personal
- information about your performance including meetings (whether internally or with customers), appraisals, pay rises, promotions and complaints (whether made by you or about you)
- information about expense claims (which may include information about your location on a specific date)
- details of leave for family or personal reasons (e.g. maternity, paternity, shared parental or adoption leave)
- information for insurance purposes (including information about other people connected to you such as family members) whether that insurance is taken out by us for our own benefit or to provide a benefit to you
- driving licence, car registration, car insurance details
- information on your membership of, or being a representative of, a trade union
- health and safety incidents
- monitoring on diversity (including, for example, age, race/ethnicity, religion, whether you have a disability, sexual orientation, gender identity and marital status)
- communications with and information held by those responsible for managing you and others working with you: for example, timekeeping, ability, teamwork, attitude, work allocation, and attendance at work-related social events
- information about your health, including any medical condition, whether you have a disability in respect of which the Company needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence being taken), medical reports and related correspondence*
- ascertain your fitness to work
The information shown in bold is or could include “special categories” of personal information. Under data protection laws, “special categories” of personal information (previously known as sensitive personal data) includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person and information concerning a person’s health, sex life or sexual orientation. Information concerning criminal convictions is placed in a similar category. This information is particularly sensitive and we will therefore only process this information where absolutely necessary: we will ensure it is only seen by those who have to see it; and will keep it secure. By law we are required to have a policy document outlining how we protect such information and how long the information is held for. Our policy document on this information will be reviewed from time to time.
How do we collect your personal information?
The Company may collect personal information about employees, workers and contractors in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from former employers, information from background check providers, and in certain situations information from credit reference agencies.
We will also collect additional personal information throughout the period of your working relationship with us. This may be collected in the course of your work-related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.
Your personal information may be stored in different places, including in your personnel file, in the Company’s HR management system and in other IT systems, such as the e-mail system.
What is the legal basis for processing my personal data?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
- where we need to do so to perform the employment contract, casual worker agreement, consultancy agreement or contract for services we have entered into with you
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.
- We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
- Where we have your explicit consent. Note that this only relates to use of the biometric hand scanner, (for timekeeping, overtime and wage processing)
How does the Company use my personal data?
The Company may use your data to:
- enable us to maintain accurate and up-to-date employee, worker and contractor records and contact details (including details of whom to contact in the event of an emergency)
- run recruitment processes and assess suitability for employment, engagement or promotion
- comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work
- comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
- maintain an accurate record of your employment or engagement terms
- administer the contract we have entered into with you
- make decisions about pay reviews and bonuses
- ensure you are paid correctly and receive the correct benefits and pension entitlements, including liaising with any external benefits or pension providers or insurers
- ensure compliance with income tax requirements, e.g. deducting income tax and National Insurance contributions where applicable
- operate and maintain a record of disciplinary, grievance and capability procedures and action taken
- operate and maintain a record of performance management systems
- record and assess your education, training and development activities and needs
- plan for career development and succession
- enable effective workforce management
- operate and maintain a record of absence procedures
- ascertain your fitness to work
- operate and maintain a record of maternity leave, paternity leave, adoption leave, shared parental leave, parental leave and any other type of paid or unpaid leave or time off work
- ensure payment of SSP or contractual sick pay
- ensure payment of other statutory or contractual pay entitlements, e.g. SMP, SPP, SAP and ShPP
- meet our obligations under health and safety laws
- make decisions about continued employment or engagement
- operate and maintain a record of dismissal procedures
- provide references on request for current or former employees, workers or contractors
- prevent fraud
- monitor your use of our IT systems to ensure compliance with our IT-related policies
- ensure network and information security and prevent unauthorised access and modifications to systems
- ensure effective HR, personnel management and business administration, including accounting and auditing
- Business metrics, eg diversity, leavers, sickness absence etc.
- ensure adherence to Company rules, policies and procedures
- monitor equal opportunities
- enable us to establish, exercise or defend possible legal claims
What if you fail to provide personal information?
If you fail to provide certain personal information which we need in order to perform our contract with you, to protect our legitimate interests or to comply with a legal obligation, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights
Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
Sharing my personal data
Your personal data will be treated as strictly confidential and will only be shared with the following:
- with our Employees (line managers/leaders), agents and/or professional advisors;
- with other companies within the current and future HALMA Group, in respect of employees who are seconded, in respect of senior leadership team and for talent management purposes only; Where this happens, we have a data sharing agreement in place.
- with other approved third-party contractors who provide services to us, e.g. benefit providers, outsourced payroll processor; Occupational health provider, external IT providers, a detailed list is available from the GDPR owner.
- External Audit bodies
- where we are under a legal obligation to do so, for example where we are required to share information under statute, to prevent fraud and other criminal offences or because of a Court Order for example HRMC, the police.
- external auditors
- professional advisers, such as lawyers and accountants
We may also need to share your personal information with a regulator or to otherwise comply with the law.
We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How long do we keep your personal data?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
The Company will generally hold your personal information for the duration of your employment or engagement.
Once you have left employment or your engagement has been terminated, we will hold your personal information for 6 years after the termination of your employment or engagement.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
Your biometric data is immediately and irretrievably deleted when your employment or engagement comes to an end.
Transferring my personal data outside the EEA
Sometimes it is necessary for us to share your data outside of the European Economic Area. This will typically happen if you are based, or are visiting, a country outside the EEA. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact our GDPR owner. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
Withdrawal of consent
In the event that the company uses biometric data to monitor attendance. If you have provided your consent to the processing of your biometric data for the purposes of the clocking in/out scanner (which is used to process any overtime payments owed), you have the right to withdraw your consent to this at any time. If wish you to withdraw your consent, you should contact our GDPR owner. If you withdraw your consent we will irretrievably delete from our systems any and all biometric data held; however, this will mean that we will be unable to process any overtime payments owed to you.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact our GDPR Owner who will investigate the matter, (contact details below). Alternatively, you can complete the GDPR complaints form that can be obtained from the Senior Secretary.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO), www.ico.org.uk
Contact details
Hanovia Ltd, 780-781 Buckingham Avenue, Slough, SL1 4LA. If you have any questions regarding this privacy statement please contact Companies GDPR owner at gdpr@hanovia.com or 01753 515 300 or www.hanovia.com
Customer Privacy Statement
Our name/contact details are Hanovia Ltd, 780 Buckingham Avenue, Slough SL1 4LA
Please contact us on 01753 515300 or email gdpr@hanovia.com if you have any questions relating to this privacy policy
What data do we collect?
We may collect the following information:
- Your name, contact address, email address, telephone numbers (including mobile numbers)
- Your location
How do we use your data?
- To authenticate you as a Customer of the Company and contact you regarding legitimate commercial matters;
International Transfers
Sometimes it is necessary for us to share your data outside of the European Economic Area. This will typically happen if you are based, or are visiting, a country outside the EEA. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
How long will we keep your data for?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
How do we protect your data?
We are committed to keeping your personal data safe and secure. Our security measures include:
- Encryption of electronic data
- Security controls which protect our IT infrastructure from external attacks and unauthorised access.
- Internal policies limiting access to the data
- Internal policies setting out our data security approach and training for employees.
What are your rights?
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using/holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability)
If you wish to exercise any of the above rights, you can email us at gdpr@hanovia.com or write to: The Data Protection Officer, Hanovia Ltd, 780 Buckingham Avenue, Slough, SL1 4LA.
Legal Basis for processing personal data
We collect and use your personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below); or
- complying with our legal obligations
Our legitimate interests
The normal legal basis for processing your data, is that it is necessary for the legitimate interests of the Company, including: –
- protecting customers, suppliers, employees and other individuals and maintaining their safety, health and welfare
- complying with our legal and regulatory obligations
- handling customer and supplier contacts, queries, complaints or disputes
Updating our privacy policy
We will update this privacy policy as required, indicating the date of change. This policy was last updated on July 23rd, 2018.
Recruitment Privacy Notice
Introduction
As part of any recruitment process, we collect and processes personal information, or personal data, relating to job applicants. This personal information may be held by us on paper or in electronic format.
The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during the recruitment process. We are required under the GDPR to notify you of the information contained in this privacy notice.
This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.
Who are we?
The Company is the data controller (contact details at the end of this notice). This means we decide how your personal data is processed and for what purposes.
What are the Data Protection Principles?
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.
The Company collects, uses and processes a range of personal information about you during the recruitment process. This includes (as applicable):
- your contact details, including your name, address, telephone number and personal e-mail address
- personal information included in a CV, any application form, cover letter or interview notes
- references
- date of birth
- confirmation of your right to work in the UK and any conditions on it OR your identity documents to comply with right to work checks required by law
- details of your skills, qualifications, experience and work history with previous employers
- information about your current salary level, including benefits and pension entitlements
- your professional memberships
- login and password details related to online application process
- contact details of current and/or former employers
- current work contact details including telephone numbers, and email addresses
- education records, training records and records of qualifications and achievements
- social networking profiles and/or internet profiles whether professional or personal
- job title and job duties with current and/or former employers
- details of salary and reward package and notice period with current and/or former employers
- reason for leaving previous employment(s)
- whether previously applied for a position or worked for us or any of our group organisations before, or whether you are related to anyone who works for us
- the contact details, occupation and position of referees
- information gathered from reference requests – this could include information about absence; any disciplinary investigations and proceedings, whether or not any disciplinary action was taken; details of any grievance investigations or complaints raised by you, or by a third party about you, whether or not any action was taken; your performance, attitude and personality
- payroll, tax and national insurance information
- hobbies, interests outside work and achievements
- information on any disability and/or reasonable adjustments that would be required to enable you to attend an interview
- monitoring on diversity (including, for example, age, race/ethnicity, religion, whether you have a disability, sexual orientation, gender identity and marital status)
- your photograph
- details of your driving licence;
- psychometric testing
- digital data on your activity on business-related social networking sites and information about you from media articles in the public domain
How do we collect your personal information?
The Company collects personal information about you during the recruitment process either directly from you or sometimes from a third party such as an employment agency or sometimes from internet searches (e.g. LinkedIn, Facebook, twitter etc). We may also collect personal information from other external third parties, such as references from current and former employers and information from background check providers. Other than employment agencies, we will only seek personal information from third parties during the recruitment process once an offer of employment has been made to you and we will inform you that we are doing so.
You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process.
Your personal information may be stored in different places, including on your application record, in our HR management system and in other IT systems, such as the e-mail system
Why, and how do we use your personal information and what is the legal basis for processing my personal data?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests. (Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration).
The purposes for which we are processing, or will process, your personal information are to:
- manage the recruitment process and assess your suitability for employment or engagement
- decide to whom to offer a job
- ensure compliance with your statutory rights
- ensure effective HR, personnel management and business administration
- monitor equal opportunities
- enable us to establish, exercise or defend possible legal claims
What if you fail to provide personal information?
If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.
Change of purpose
We will use your personal information for the purposes for which we collected it, i.e. for the recruitment exercise for which you have applied, however if your application for employment or engagement is successful, the personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.
Who has access to your personal information?
Your personal information may be shared internally within the Company for the purposes of the recruitment exercise, including with members of the HR department, members of the recruitment team and managers in the department which has the vacancy.
We will not share your personal information with third parties during the recruitment process unless your job application is successful, and we make you an offer of employment or engagement. At that stage, we may also share your personal information with third parties (and their designated agents), including:
- external organisations for the purposes of conducting pre-employment reference and employment background checks
- current or former employers, to obtain references
- professional advisors, such as lawyers
- Occupational health for the purpose of employment health questionnaires.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
How does the Company protect your personal information?
We have put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
We also have in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office and you of a suspected breach where we are legally required to do so.
How long do we keep your personal data?
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.
If your application for employment or engagement is unsuccessful, we will generally hold your personal information for one year after the end of the relevant recruitment exercise
If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with the privacy notice for employees, workers and contractors.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
Transferring your personal data outside the EEA
Sometimes it is necessary for us to share your data outside of the European Economic Area. This will typically happen if you are based, or are visiting, a country outside the EEA. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact our GDPR owner (contact details below) or the HR Department. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact our GDPR Owner who will investigate the matter (contact details below). Alternatively, you can complete the GDPR complaints form that can be obtained from the Senior Secretary (Julie.cole@hanovia.com)
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO), www.ico.org.uk
Contact details
The Company has a GDPR owner, who is responsible for being our point of contact for all GDPR related enquiries or questions. If you have any questions regarding this privacy statement please contact them at gdpr@hanovia.com or 01753 515300 or 780-1 Buckingham Avenue, Slough, SL1 4LA.