Privacy Policy for Employees

Adeva Partners Ltd  Privacy Notice for Employees

Registered address: 73 Cornhill, London, EC3V 3QQ

This privacy notice was updated on 14th March 2022 and is effective immediately. It tells you everything you need to know about how Adeva Partners Ltd process, control and protect your personal data and the rights that you have in relation to that data. This privacy statement is regularly updated to reflect any changes in the way we handle your personal data or any changes to applicable laws.

Introduction

Adeva Partners is committed to protecting and respecting your privacy.

In this privacy notice, we set out how we collect and use your personal data before, during and after your working relationship with Adeva Partners. It applies to potential, current and former employees, workers and contractors and it does not form part of any employment contract or any other services contract with us.

All personal data is collected, stored and processed in accordance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations (PECR).

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

We may update this notice at any time, and we may provide you with additional privacy notices from time to time.

Data Protection Principles

We will comply with data protection law including the 7 principles of GDPR which are:

  1. Personal data shall be processed lawfully, fairly and in a transparent manner.
  2. Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and where necessary kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in a way that ensures it is appropriately secure.
  7. Adeva has put in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal Data That We Process

Personal data means any information about an individual from which that person can be identified. It does not include anonymous data where the identity has been removed.

There are “special categories” of more sensitive personal data which require a higher level of protection such as your ethnicity and religious beliefs.

We will collect, store, and use the following categories of personal data about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of birth
  • Gender
  • Marital status and dependants
  • Next of kin and emergency contact information
  • National Insurance number
  • Bank account details, payroll records and tax status information
  • Salary, annual leave, pension and benefits information
  • Start date
  • Location of employment or workplace
  • Copy of passport
  • Recruitment information (including copies of right to work documentation, references, credit history and other information included in a CV or cover letter or as part of the application process)
  • Employment records (including job titles, work history, working hours, training records and professional memberships)
  • Details of your existing and previous salary
  • Performance information
  • Disciplinary and grievance information
  • Photographs and video and audio recordings

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences.

How We Collect Your Personal Data

We collect personal data about you through the recruitment process, either directly from you or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

When you started your employment with us, you provided us with certain personal data such as your bank account details and emergency contact information.

We may collect further personal data about you in the course of your employment.

How We Use Your Personal Data

We will only process your personal data if we have a lawful ground for processing such data. Most commonly, we will use your personal information in the following circumstances:

  1. Where we need to perform the employment contract between us or any other contract between us
  2. Where we need to comply with a legal obligation
  3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal data in the following situations, but these are not likely:

  • Where we need to protect your interests (or someone else’s interests)
  • Where it is needed in the public interest or for official purposes.

Purposes For Which We Process Your Personal Data

We will process your personal data for the following purposes:

  • Making a decision about your recruitment or appointment
  • Determining the terms on which you work for us
  • Checking you are legally entitled to work in the UK
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions
  • Providing the certain benefits to you
  • Liaising with your pension provider (if applicable)
  • Administering the contract we have entered into with you
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining performance requirements
  • Making decisions about salary reviews and compensation
  • Assessing qualifications for a particular job or task, including decisions about promotions
  • Gathering evidence for possible grievance or disciplinary hearings
  • Making decisions about your continued employment or engagement
  • Making arrangements for the termination of our working relationship
  • Training and development requirements
  • Dealing with legal disputes involving you, or other employees, workers and contractors
  • Ascertaining your fitness to work
  • Managing sickness absence
  • Complying with health and safety obligations
  • To prevent fraud
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies
  • To ensure network and information security, including preventing unauthorised access to our electronic communications systems and preventing malicious software distribution
  • Equal opportunities monitoring.
  • To meet obligations under our contracts with our clients e.g. share your details and qualifications with them as part of their due diligence requirements

If you decide not to provide us with certain personal data that we have requested, we may not be able to perform contracts between us (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.

We may from time to time use your personal data without your knowledge or consent where this is required or permitted by law.

Transfers to Third Parties

We may have to share your personal data with third parties, including third-party service providers for example because it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Third party providers may carry out the following services: payroll, pension administration, benefits provision and administration, IT services. If applicable, we may share your personal information with a regulator or to otherwise comply with the law.

We require third parties to respect the security of your data and to treat it in accordance with the law. They must act only in accordance with our instructions, and they agree to keep your personal data confidential and secure. We have data protection agreements in place with these parties.

Transfers Outside of the EEA

We may transfer your personal information outside the EEA. If we do, you can expect a similar degree of protection in respect of your personal information.

Where we transfer your personal data to countries where there is no adequacy decision by the ICO in respect of that country, we will put in place certain measures to ensure that your personal data does receive an adequate level of protection, such as contractual clauses that have been approved by the ICO.

Sensitive Data

In the event that we should hold any sensitive data, “Special categories” of sensitive personal data require higher levels of protection than non-sensitive data. In order to process such sensitive data we need to have further justification. We may process special categories of personal data in the following circumstances:

  • In limited circumstances, with your explicit written consent
  • Where we need to carry out our legal obligations or exercise rights in connection with employment
  • Where it is needed in the public interest, such as for equal opportunities monitoring

Occasionally, we may process sensitive personal data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We will use your sensitive personal data in the following ways:

  • In relation to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws
  • In relation to your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits
  • In relation to your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Criminal Convictions

We may only process data relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations to our clients.

Rarely, we may use your personal data relating to criminal convictions where necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Rights of Access, Correction, Erasure, and Restriction

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal information changes.

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

In all cases you must provide us with evidence of your identity before we will respond to a subject access request. We would prefer if your request sent to us in an email (see contact information below). We may contact you to confirm the details of your request it in order ensure that we provide the detail that you require.

You will not have to pay a fee to access your personal data or to exercise any of the other rights under data protection laws. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Right to Withdraw Consent: In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email us (see contact information below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact Us

Please contact us at gdpr@adevapartners.com if you have any questions about how we protect your personal data or if you wish to exercise your rights in relation to your personal data.

If you wish to make a complaint about our use of your data you have the right to contact the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (Telephone: +44 (0)303 123 1113 or https://ico.org.uk).