Privacy Notice – Staff

1. Overview

Tailored Plumbing and Heating (UK) Limited trading as Tailored Plumbing and Heating (UK) Limited is a company registered in England and Wales (Company Number 08280211) registered office at Office 123a, 299-307 Kirkdale, Sydenham, London, SE26 4QD (the Company).
We take the security and privacy of data seriously and are committed to complying with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the UK GDPR in respect of data privacy and security. We respect your personal data and our use of your personal data is subject to the relevant UK and EU legislation.

2. Controller

The Company obtains, keeps and uses information about you for a number of specific lawful purposes. The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. The Company is registered with ICO. Our registration number is ZA908663.

3. Scope and Purpose

This privacy notice aims to give you information on how the Company collects and processes your personal data when we employ or engage you. It applies to employees, workers, interns, apprentices, volunteers and agency workers and contractors collectively referred to as Staff. The Company processes personal data about current and former Staff for a number of specific lawful purposes which are set out in this privacy notice.

Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share information about you. It also explains your rights in relation to your information and how to contact us or supervisory authorities in the event you have a complaint.

It is important that you read this privacy notice together with any other privacy notices we may provide on specific occasions. This privacy notice supplements the other notices and is not intended to override them. We are required to notify you of this information under the data protection legislation.

This policy applies to all data, whether it is stored electronically, on paper in a filing system or on other materials.

This privacy notice does not form a part of your contract.

4. Changes to this policy

We will review and update this notice regularly in accordance with our data protection obligations. We will circulate any new or modified policies or notices in relation to your data when it is adopted. It is important that you read and understand this notice before you share with us any personal data.

5. Data protection principles

When processing your data, the Company will comply with the following data protection principles:

  • We will process personal information lawfully, fairly and in a transparent manner.
  • We will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes.
  • We will only process the personal information that is adequate, relevant and necessary for the relevant purposes.
  • We will keep accurate and up to date personal information and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay.
  • We will keep personal information in a form which permits identification of data subjects (you) for no longer than is necessary for the purposes for which the information is processed.
  • We will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

6. How we define processing

The Company will process your personal data (including special categories of personal data and criminal offense data) in accordance with legal obligations.
‘Processing’ means any operation which is performed on personal data such as collection, recording, organisation, structuring, storage, adaption, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, destruction or erasure.
This includes processing personal data which forms part of a filing system and any automated processing.

7. What data (information) we collect

The Company processes information about you ‘data subject’ for a number of specific lawful purposes and we seek to ensure that our data collection and processing is always proportionate. Given the nature of our business we may collect personal data, sensitive personal data and on some occasions a criminal offense data.
The Company processes information about you ‘data subject’ for a number of specific lawful purposes and we seek to ensure that our data collection and processing is always proportionate. Given the nature of our business we may collect Personal Data, Special Categories of Data and on some occasions a Criminal Conviction Data.
‘Personal data’ is information which relates to a living person who can be identified from that data (data subject) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

‘Special Categories of Personal Data’ is sometimes referred to as ‘sensitive personal data’ or ‘sensitive information’ and it includes information about your race, ethnic origin, politics, religious and philosophical beliefs, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
‘Criminal Conviction Data’ is data relating to criminal convictions and offences, including data relating to criminal allegations, investigations and proceedings, information about penalties conditions or restrictions placed on an individual as part of the criminal justice process, civil measures which may lead to a criminal penalty if not adhered to. Criminal Conviction Data includes information relating to the absence of convictions.

8. Categories of Data

We have grouped data into the following categories:

Identity Data which includes first name, maiden name, last name, marital status, title, date of birth, gender, national insurance number, nationality and immigration status

1.1 Contact Data which includes your addresses, email addresses and telephone numbers.

1.2 Family Data which includes next of kin details including name, relationship and contact information, details of the spouse/partner and any data relating to any dependents, details of the beneficiaries under the death benefit policy.

1.3 Recruitment Data which includes any information that candidate provides on their application form, CV, cover letter, during the interviews, assessments, email exchanges and telephone conversations. Employment data may include employment history, qualifications, education and training details, hobbies and interests, practice areas and title, number of years post qualification, notes from interviews, pre-engagement verification of details, references and details of former employers, reasons for leaving previous employment.

1.4 Membership Data which includes information about membership of any professional bodies.

1.5 Contractual Data which includes information about agreements, collective agreements, details of payments and other benefits agreed, details of start date and date of continuous employment.

1.6 Transactional Data includes information in respect of records of payments made, records of advances, loans, season tickets, expense records, bank account numbers, payroll and wage records, PAYE records, tax information,

1.7 Record Data includes information about data protection consents, annual leave records, records in relation to hours worked (workers, interns, volunteers), details on overtime, details on bonuses and other benefits in kind, details in relation to resignations, terminations and retirement, agreement termination undertakings, records in connection with working time, working time opt out, maternity, paternity, shared parental, adoption leave (and other family related records) which include details about payments, dates of leave, certificates and other related information

1.8 Employment data includes information about annual assessment reports, disciplinary records, grievance records, performance improvement plans, information on conduct issues, information in respect of complaints and feedback, appraisals, performance management/improvement plans, image, in photographic form, applications for internal vacancies and related decisions

1.9 Compliance Data includes information about induction records, training records, signed policies, records to show compliance, such as health assessment records

1.10 Special Category Data includes information about racial or ethnic origin, religious or philosophical beliefs, sex and sexual orientation, religious or similar beliefs, information about health, accident records (regarding accident, death or injury in connection with work), occupational health records, ID such as passport, national identity card or driver license

1.11 Criminal Conviction Data includes information about criminal activity, allegations, investigations, proceedings, information relating to the absence of convictions, personal data about penalties, conditions or restrictions placed on an individual as part of the criminal justice process, civil measures which may lead to a criminal penalty if not adhered to.

1.12 Monitoring Records includes telephone recordings, email records and records of work carried out, feedback and customer complaints, CCTV recordings, information about use of our IT, communication and other systems, details of use of business-related social media, such as LinkedIn, use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation).

1.13 Litigation Data includes information relating to employment tribunal or court claims, without prejudice discussions, settlement agreements.

9. Basis for processing data

We have set out in the Schedule below what data we collect, where and how we obtain the data from, the purpose of collecting it, how we will use it and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate, what happens if you do not provide the information and who we may share it with and why.

We have to have a valid lawful basis in order to process your personal data. We will generally process your personal data in the following circumstances:

  • We need this information in order to take steps at your request prior to entering into a contact with you or for the performance of a contract to which you are a party
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Where we process your information under this lawful basis, we will specify legitimate interests accordingly
  • Where we need to comply with a legal or regulatory obligation that we are subject to
  • Where you have provided us consent. Generally, we do not rely on consent as a legal basis for processing your personal data but may in certain circumstances request for your explicit
    consent to process your data. If we do so, we will advise you on the purpose of that data collection, how we will process it and will request your explicit and clear consent for us to process that data for that purpose. Where we rely on your consent to process your data, you will be able to withdraw your consent at any time.

It is important that you are aware that where we process your data for the purposes of entering into a contract with you, our legitimate interest or to comply with our legal obligations once you have submitted your data to us, we can process your data for these purposes without your consent (without prejudice to your other rights).

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data, where more than one ground has been set out below.

If we have lawful basis to collect your Personal Data and you refuse to provide it, we may be unable to enter into a contract with you.

10. Special Categories of Personal Data

The Company may from time to time need to process sensitive personal information. We may only use information relating to sensitive information where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with our Data Protection Policy.

We will only process sensitive personal information if:

  • We have a lawful basis for doing so; and
  • One of the special conditions for processing sensitive information applies.

The lawful bases of processing sensitive personal data if it is necessary for the performance of a contract, to comply with our legal obligations and legitimate business interests (to maintain records, to process correct pay, to show we have treated you fairly). For example, we may process your sensitive personal information:

  • Your race, ethnic origin, religion, sexual orientation or gender to monitor equal opportunities (data will usually be anonymised) and to ensure that we comply with our legal obligations under employment law.
  • Your sickness absence, health and medical conditions to monitor your absence, assess your fitness for work, to pay you benefits, to comply with our legal obligations under employment law including to make reasonable adjustments or to look after your health and safety.
  • Your trade union membership to pay any subscriptions and to comply with our legal obligations in respect of trade union members.
  • Your biometric data to comply with our legal obligations by checking that you have the right to work in the UK (e.g., by retaining a copy of your ID)

The special condition is:

  • Processing is necessary for the establishment, exercise or defence of legal claims.
  • The processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the Controller or the Data Subject in connection with employment, social security or social protection.
  • The processing is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained.

The Company will not carry out automated decision-making (including profiling) based on any individual’s sensitive personal information.

If we have lawful basis to collect such information and you refuse to provide it, we may be unable to enter into a contract with you (for example your ID).

We have in place an Appropriate Policy Document, a copy of which can be obtained from the CCO and have put safeguards in place which we are required by law to maintain when processing such data.

11. Criminal Conviction Data

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided, we do so in line with our data protection policy. In some circumstances we may be required to hold information about criminal convictions.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will process your

Criminal offence data if:

  • We have a lawful basis for doing so as set out in paragraph above; and
  • One of the special conditions for processing criminal information applies.

The lawful basis of processing criminal record data is so that we can ensure that can enter into a contact with you, to comply with our legal obligations and for our legitimate business interests (to protect our clients, to maintain appropriate records).

The special conditions are:

  • The processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the Controller or the Data Subject in connection with employment, social security or social protection.
  • The processing is necessary for the purposes of complying with, or assisting other persons to comply with, a regulatory requirement which involves a person taking steps to establish whether another person has (i) committed an unlawful act, or (ii) been involved in dishonesty, malpractice or other seriously improper conduct

We are entitled to carry out a criminal record check in order to satisfy ourselves that there is nothing in your criminal conviction history, which makes you unsuitable for the role. For example, because your being able to be assigned to the role, or your membership in the professional body is subject to a clear criminal record and/or given the nature of our business and our duty to clients, the roles within our firm require a high degree of trust and integrity since it involves dealing with finances and highly sensitive and confidential data.

If we have lawful basis to collect such information and you refuse to provide it, we may be unable to enter into a contract with you.

We have in place an Appropriate Policy Document, a copy of which can be obtained from the Information Manager and have put safeguards in place which we are required by law to maintain when processing such data.

12. Purpose and Legitimate Business Interests

The Company collects and processes data about staff for various purposes. The Company process information for:

The Company collects and processes personal data about staff for the following purposes:

1.14 Carrying out recruitment practice*
1.15 Maintaining appropriate records*
1.16 Detecting and preventing fraud and other unlawful acts*
1.17 To comply with contractual obligations such as process correct pay
1.18 To comply with employment law, immigration law, health and safety law, tax law and other laws which affect us comply with regulatory obligations
1.19 To comply with corporate governance obligations*
1.20 To ensure good practice*
1.21 To ensure safe working practices*
1.22 To ensure compliance with our insurer requirements*
1.23 For business development purposes*
1.24 To monitor safety issues and conduct*
1.25 For reasons of substantial public interest (to protect clients) *
1.26 To protect our networks, and personal data of employees, consultants, customers/clients, against unauthorised access or data leakage*
1.27 To ensure our business policies, such as those concerning security and internet use, are adhered to*
1.28 Dor the purpose of administering and protecting the business and the Company website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data*
1.29 For the purposes of business reorganisation or restructuring exercise*
1.30 For operational reasons, such as maintaining records, recording transactions, training and quality control*
1.31 To ensure that commercially sensitive information is kept confidential*
1.32 For security vetting and investigating complaints and allegations of criminal offences*
1.33 To prevent unauthorised access and modifications to our systems*
1.34 As part of investigations by regulatory bodies, or in connection with legal proceedings or requests*
1.35 To monitor and manage staff access to our systems and facilities and to record staff absences*
1.36 To check that restrictions on activities that apply after the employment or engagement has ended (post-termination restrictions or restrictive covenants) are being complied with*
1.37 For security vetting and investigating complaints and allegations of criminal offences*
1.38 As part of investigations by regulatory bodies, or in connection with legal proceedings or requests*
1.39 Monitoring compliance with our policies and contractual obligations*
1.40 The processing is necessary for the establishment, exercise or defence of legal claims
1.41 To decide whether to employ (or engage) someone*
1.42 To decide how much to pay, and the other terms of contract*
1.43 To check employees legal right to work*
1.44 To carry out the contract between us including where relevant, its termination*
1.45 Training and reviewing performance*
1.46 To decide whether to promote the employee*
1.47 To decide whether and how to manage performance, absence or conduct issues*
1.48 For training and monitoring purposes*
1.49 To carry out a disciplinary or grievance investigation or procedure in relation to employee or someone else*
1.50 To determine whether we need to make reasonable adjustments to workplace or role because of disability*
1.51 To monitor diversity and equal opportunities*
1.52 To monitor and protect the security (including network security) of the Company, our other staff, customers and others*
1.53 To monitor and protect the health and safety of the employee, our other staff, customers and third parties
1.54 To pay and provide pension and other benefits in accordance with the contract between us
1.55 Paying tax and national insurance
1.56 To provide a reference upon request from another employer*
1.57 To pay trade union subscriptions
1.58 To answer questions from insurers in respect of any insurance policies which relate to employment*
1.59 Running our business and planning for the future*
1.60 To defend the Company in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure*

Purposes listed above which have an asterisk beside them are processed for our legitimate business interests.

13. Where and how we obtain this information

We may collect this information from you, your personnel records, the Home Office, share scheme administrators, pension administrators, your doctors, from medical and occupational health professionals we engage and from our insurance benefit administrators, the DBS, your trade union, other employees, consultants and other professionals we may engage, e.g. to advise us generally and/or in relation to any grievance, conduct appraisal or performance review procedure, our clients, case management systems, automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephones, voicemail, mobile phone records and relevant websites.

We may also receive information from professional bodies, regulators, form banks, HMRC, ACAS, referees and publicly available sources.

14. Who we share the information with

We routinely share your personal data with relevant personnel within our Company but on a strictly need to know basis and third parties, listed in the Schedule. We may also need to share some of the above categories of personal information with other parties, such as external contractors and our professional advisers and with potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulators or as required to comply with the law.

We may share some limited information with our clients, our regulators, our professional advisers, our insurers, accountants and auditors, banks, HMRC, Department for Work and Pensions, Home Office, ACAS, external service suppliers, representatives and agents (e.g. software providers), third parties, such as pension administrators and benefit providers, any third party if such disclosure is needed to protect your vital interests or the vital interests of others (i.e. with your next of kin or emergency services), any third party with your consent (e.g. when you request us for a reference), any third party without your consent (where we are obligated by law to do so), courts and tribunals or your representatives.

It is important that you note that if we share your information with a third party who is another data controller, then that data controller will be responsible for determining how your data will be processed and we have no control over their processing activity (e.g. HMRC, bank, pension administrator). If a third party is a data controller, they must provide you with details on how they will process your data.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may disclose your data in order to enforce our contractual rights against you or to defend legal claims. We may also disclose your data to protect our rights, property and safety, or the rights, property and safety of others or to prevent fraud.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations before we share any data.

We may share personal data relating to your participation in any share plans operated by a group company with third party administrators, nominees, registrars and trustees for the purposes of administering the share plans.

15. International Transfers

We do not knowingly share your information with third parties who are based outside the UK. If it becomes necessary for us to share your personal data outside the UK, we will notify you. These transfers are subject to special rules under UK GDPR.

The following countries to which we may transfer Personal Data have been assessed by the UK as providing an adequate level of protection for Personal Data: All countries of EEA, Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection.

Except for the countries listed above, countries outside the UK do not have the same data protection laws as the United Kingdom. We will, however, ensure the transfer complies with data protection law and all Personal Data will be secure. Our standard practice is to use standard data protection contract clauses which have been approved. To obtain a copy of those clauses please contact Information Manager.

16. Data Security

Information may be held at our offices and third-party agencies, service providers, representatives and agents. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

17. Data Retention

We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. We generally keep your personal data so that we can respond to any questions, respond to complaints or claims made by you or on your behalf, show that we treated you fairly, keep records required by law, prevent fraud, comply with our regulatory requirements or protect our confidential information. When it is no longer necessary to retain your personal data, we will delete it securely.

Details of retention periods for different aspects of your personal information are available in our Data Retention Policy which is available from the Information Manager. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

18. Your Rights

Right to be Informed about the collection and use of your personal data. This Privacy Notice together with documents referred to herein provides you with this information.

Right to Access (Subject Access Request) to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If you wish to exercise this right:

  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

For more information about your right to access your personal data, please see Data Subject Rights Policy.

Request Correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. In certain circumstances we may refuse a request for correction.

Request Erasure of your personal information. In certain circumstances you have the right to have ask for some but not all of the information we hold and process to be erased (the right to be forgotten). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to Processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request Restriction of Processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the Transfer of your personal information to another party.

Rights in Relation to Automated Decision Making and Profiling your personal data. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

If you want to exercise any of the above-mentioned rights, please contact CCO by telephone or in writing. We will respond to your request within one calendar month.

19. Your queries and complaints

Erol Tumburi, who is our Information Manager is responsible for overseeing the questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our Information Manager by emailing to info@tailoredplumbing.co.uk, by calling on 0208 676 7878 or by writing to Office 123a, 299-307 Kirkdale, Sydenham, London, SE26 4QD.

We hope that our Information Officer can resolve any query or concern you raise about our use of your information. However, if you feel that we have failed to address your concerns appropriately, you can contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

BLOG

REVIEWS

TAILORED PLUMBING & HEATING (UK) LTD

299-307 kirkdale
Office 123A
Sydenham
London
SE26 4QD

0208 676 7878
info@tailoredplumbing.co.uk

Company Number: 08280211
VAT Number: 331006560

Request Quote or Call 0208 676 7878