Employee Privacy Policy

Progress:
0%
?
X

Please enter the full name of the employer. If the employer is a company please enter the name with the appropriate suffix (e.g. LTD or PLC).



Need personalised assistance?
At the end, you can choose to consult a lawyer.

Need
help?
Customise the template

________

Employee Privacy Statement

This privacy statement has been created by ________. It is essential that you read and consider this statement properly. The statement contains important information about:

  • who we are,
  • how and why we collect, store, use and share personal information,
  • your rights in relation to your personal information, and
  • how to contact us and supervisory authorities in the event that you have a complaint.


Who we are

________ (hereafter "we", "our" or "us") collects and gathers information in relation to you as an employee (hereafter "you" or "your") as a "Data Controller".


Types of information collected

1) Information collected from you

The personal information collected from you directly may include:

________

2) Sensitive personal information

We may collect and process information which is classed as sensitive information. Sensitive personal information includes any information which relates to the following:

    • your genetic information
    • your biometric information
    • your ethnic origin
    • your political opinions
    • your religious or philosophical beliefs
    • whether you belong to a trade union
    • your physical or mental health or condition
    • your sexual life.

Some examples of the specific types of personal sensitive information we process include:

________

3) Criminal information

We may collect and process information in respect of any criminal offences in relation to you. The purpose and lawful basis for which is set out in the relevant sections below. The types of personal information in this category include:

________

Full details of our procedure for processing criminal data can be found in our relevant policy document. This also contains information relating to the retention and erasure of this information. The policy document can be found at: ________.


Process under which your information may be collected

1) Personal information you provide to us

We will collect information which you provide to us directly.

2) Personal information from third parties

We may also collect information from the following sources:

________

3) Monitoring

Your personal information may be collected and processed through monitoring in the following manner:

________

Full details regarding our monitoring procedures can be found in our policy document. The policy document can be found at: ________.

4) Automated decision-making

You may be the subject of our automated decision-making processes. Automated decision-making means the use of personal information in order to make a decision which is undertaken by an electronic system (i.e the decision is not made by a human).

In any circumstance where are the subject of automated decision making, you always shall be notified that a decision has been made in this manner. You are able to make any request for that decision to be reviewed, or to be reconsidered via manual means within ONE month of that decision being made.


Use of your personal information

1) Processing your personal information

In general, your personal information will generally be processed for the following purposes:

________

Any sensitive information in relation to you will generally be processed for the following purposes:

________

Any criminal offence information in relation to you will generally be processed for the following purposes:

________

Any automated decision-making will generally take place in relation to the following matters:

________

Comprehensive details regarding the purposes of processing employee data are contained within our policy documents as entitled ________ which can be located at ________.

2) How we may share your personal information

The meaning of the term processing within this statement shall include the lawful sharing of your information with third parties.

In order to fulfil the above purposes, your personal information may be shared with the following third parties:

________

In order to fulfil the above purposes, sensitive personal information of employees may be shared with the following third parties:

________

In order to fulfil the above purposes, criminal personal information of employees may be shared with the following third parties:

________

Where any of your personal information is shared with any third party, we shall only permit them to process such information for our required purposes, under our specific instruction, and not for their own purposes. We are required to enter into a formal legal agreement to enable such sharing to take place.


How long your personal information will be kept

Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.

Comprehensive details regarding our retention periods for your personal data are contained within our policy documents entitled ________.


Lawful basis for the processing of your personal information

1) General lawful bases

We are required to comply with data protection laws when processing your personal information. We have defined above the general purposes for which we process your personal information. These purposes are justified by lawful processing conditions.

Therefore, we will only process your personal information for any one or a combination of the following lawful reasons:

    • Where it is necessary to enter into your employment contract or to perform obligations under the employment contract;
    • Where it is necessary in order to comply with a legal obligation;
    • Where it is necessary to ensure our own legitimate interests or the legitimate interests of a third party (provided that your own interests and rights do not override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you;
    • Where we need to protect your own vital interests (or the vital interests of another person); and/or
    • Where it is needed in the public interest (or where we are acting in our official functions), provided that the task or function has a clear basis in law.

In general, in order to meet the purposes we have described, we will usually process your personal information in order to enter into our employment contract with you and in order to carry out that contract.

2) Lawful bases applicable to sensitive information

We have explained above that we may process sensitive personal information in relation to you. We have defined above the general purposes for which we process your personal sensitive information. These purposes are justified by lawful conditions as set out by law. There are however additional conditions which apply to sensitive personal information.

We will therefore only process your sensitive personal information for any one or a combination of the following additional lawful reasons apply, which is are:

    • where it is necessary for employment, social security and social protection (and it is properly authorised by law);
    • where it is necessary for your vital interests or the interests of another person;
    • where the processing is carried out in the course of legitimate activities under a foundation, association or non-for-profit body with a political, philosophical, religious or trade union aim;
    • where the information is made publicly available by you;
    • where the processing is necessary for defending or establishing legal claims or court proceedings;
    • where the processing is necessary for substantial public interest;
    • where the information is necessary for medical or social care reasons;
    • where the information is necessary for reasons of public interests or in the area of public health;
    • where the information is necessary for scientific research, statistical purposes, historical research or archiving purposes in public interest.
    • In certain limited circumstances, where you have provided us with explicit consent.

In general, in order to meet the purposes we have described, we will usually process your sensitive information where:

it is necessary in order to comply with employment, social security and social protection legal requirements.

3) Lawful bases applicable to criminal information

We have explained above that we may process any criminal offence information in relation to you. We have defined above the general purposes for which we process any criminal information. These purposes are justified by lawful conditions as set out by law. There are however additional conditions which apply to criminal offence information.

We will therefore only process any criminal offence information in relation to you where any one or a combination of the following additional lawful reasons apply, which are:

    • where it is necessary in order to protect the public against dishonesty;
    • where it is necessary to protect the public against dishonesty.
    • where it is necessary to meet regulatory requirements relating to unlawful acts and dishonesty.

In general, in order to meet the purposes we have described, we will usually process any criminal information in relation to you in order to prevent and/or detect unlawful acts.

4) Lawful bases applicable to automated decision-making

We have explained above that you may be the subject of automated decision-making. We have defined above the general manner in which automated decision-making may take place. There are however conditions which apply to processing of your information where this is processed for the purposes of automated decision-making.

We will therefore only undertake automated decision-making where any one or a combination of the following additional lawful reasons apply, which are where:

    • it is necessary to enter into your employment contract or to perform obligations under the employment contract; or
    • in certain very limited circumstances, where we have your explicit consent; or where
    • it is required or authorised by law (and where that law also lays down suitable measures to safeguard your rights, freedoms and legitimate interests).


Keeping your information secure

We will ensure the proper safety and security of your personal information and have measures in place to do so. Details regarding the storage of your personal information can be found in our policy document: ________.

We are ISO 27001 certified. This certification assists us in ensuring the safety of your personal information.

We have proper procedures in place to deal with any data security breach, details of which can be found in our ________.


Use of your information outside of the United Kingdom

We have described above the purposes and lawful bases for which we process your personal information. In order to meet those needs, we may transfer your personal information outside of the United Kingdom.

Your personal information may be transferred to:

________

The recipient country or countries listed above have been deemed by the United Kingdom to have adequate protection in place in so that the security of your personal information can be maintained.

If you require any further information regarding the use of your personal information outside of the United Kingdom, or in relation to the measures in place to ensure the security of your personal information overseas, this can be found within our policy document as entitled ________ which can be located at ________.


Your rights

Under the UK General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

    • fair processing of information and transparency over how we use your use personal information
    • access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address
    • require us to correct any mistakes in your information which we hold
    • require the erasure of personal information concerning you in certain situations
    • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations
    • object at any time to processing of personal information concerning you for direct marketing
    • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
    • object in certain other situations to our continued processing of your personal information, or ask us to suspend the processing procedure in order for you confirm its assurance or our reasoning for processing it.
    • object to processing our your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to raise to an objection to this particular ground.
    • otherwise restrict our processing of your personal information in certain circumstances
    • claim compensation for damages caused by our breach of any data protection laws
    • in any limited circumstance where we rely upon your consent for processing personal information, you may withdraw this consent at any time.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individual's rights under the General Data Protection Regulations.

If you would like to exercise any of these rights please contact ________ via ________.


8255 828585222228

52 225 82585 8822 2588 228882 82 5222525 225252 (225 2552282: 55582, 85522 25822, 8558882) 282582 8222582 58 58822 252 5225888 82828.


8222858228 252825552

22 5222 2552 82 852 5282882 522 85252 25 8228252 225 55882 58252 255 582 22 2255 82225252822.

552 55 2222558 8525 2522282822 8225852822 5882 28828 225 58252 22 82522 5 822285822 8825 252 85225888252 552525822. 552 85225888252 552525822 82 252 528225 5822522 88 252 52225252822 822288882225.


Changes to the privacy policy

This privacy policy was published on ________ and last updated on ________.

We may change this privacy policy from time to time and will notify all employees of any changes by:

________


Contacting us

If you wish to contact us in relation to any aspect of this statement, or your personal information rights, please contact: ________ via ________.




This privacy policy is full and robustly endorsed at all levels by ________.



Signed: __________________________

(________)

Date: ___________________________




I ____________ (employee of ________), confirm I have been provided with a copy of this privacy statement which I have read and understood.

Signed: __________________________

Print name: _______________________

Date: ___________________________

See your document
in progress

________

Employee Privacy Statement

This privacy statement has been created by ________. It is essential that you read and consider this statement properly. The statement contains important information about:

  • who we are,
  • how and why we collect, store, use and share personal information,
  • your rights in relation to your personal information, and
  • how to contact us and supervisory authorities in the event that you have a complaint.


Who we are

________ (hereafter "we", "our" or "us") collects and gathers information in relation to you as an employee (hereafter "you" or "your") as a "Data Controller".


Types of information collected

1) Information collected from you

The personal information collected from you directly may include:

________

2) Sensitive personal information

We may collect and process information which is classed as sensitive information. Sensitive personal information includes any information which relates to the following:

    • your genetic information
    • your biometric information
    • your ethnic origin
    • your political opinions
    • your religious or philosophical beliefs
    • whether you belong to a trade union
    • your physical or mental health or condition
    • your sexual life.

Some examples of the specific types of personal sensitive information we process include:

________

3) Criminal information

We may collect and process information in respect of any criminal offences in relation to you. The purpose and lawful basis for which is set out in the relevant sections below. The types of personal information in this category include:

________

Full details of our procedure for processing criminal data can be found in our relevant policy document. This also contains information relating to the retention and erasure of this information. The policy document can be found at: ________.


Process under which your information may be collected

1) Personal information you provide to us

We will collect information which you provide to us directly.

2) Personal information from third parties

We may also collect information from the following sources:

________

3) Monitoring

Your personal information may be collected and processed through monitoring in the following manner:

________

Full details regarding our monitoring procedures can be found in our policy document. The policy document can be found at: ________.

4) Automated decision-making

You may be the subject of our automated decision-making processes. Automated decision-making means the use of personal information in order to make a decision which is undertaken by an electronic system (i.e the decision is not made by a human).

In any circumstance where are the subject of automated decision making, you always shall be notified that a decision has been made in this manner. You are able to make any request for that decision to be reviewed, or to be reconsidered via manual means within ONE month of that decision being made.


Use of your personal information

1) Processing your personal information

In general, your personal information will generally be processed for the following purposes:

________

Any sensitive information in relation to you will generally be processed for the following purposes:

________

Any criminal offence information in relation to you will generally be processed for the following purposes:

________

Any automated decision-making will generally take place in relation to the following matters:

________

Comprehensive details regarding the purposes of processing employee data are contained within our policy documents as entitled ________ which can be located at ________.

2) How we may share your personal information

The meaning of the term processing within this statement shall include the lawful sharing of your information with third parties.

In order to fulfil the above purposes, your personal information may be shared with the following third parties:

________

In order to fulfil the above purposes, sensitive personal information of employees may be shared with the following third parties:

________

In order to fulfil the above purposes, criminal personal information of employees may be shared with the following third parties:

________

Where any of your personal information is shared with any third party, we shall only permit them to process such information for our required purposes, under our specific instruction, and not for their own purposes. We are required to enter into a formal legal agreement to enable such sharing to take place.


How long your personal information will be kept

Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.

Comprehensive details regarding our retention periods for your personal data are contained within our policy documents entitled ________.


Lawful basis for the processing of your personal information

1) General lawful bases

We are required to comply with data protection laws when processing your personal information. We have defined above the general purposes for which we process your personal information. These purposes are justified by lawful processing conditions.

Therefore, we will only process your personal information for any one or a combination of the following lawful reasons:

    • Where it is necessary to enter into your employment contract or to perform obligations under the employment contract;
    • Where it is necessary in order to comply with a legal obligation;
    • Where it is necessary to ensure our own legitimate interests or the legitimate interests of a third party (provided that your own interests and rights do not override those interests). Wherever we rely upon this basis, details of the legitimate interests concerned shall be provided to you;
    • Where we need to protect your own vital interests (or the vital interests of another person); and/or
    • Where it is needed in the public interest (or where we are acting in our official functions), provided that the task or function has a clear basis in law.

In general, in order to meet the purposes we have described, we will usually process your personal information in order to enter into our employment contract with you and in order to carry out that contract.

2) Lawful bases applicable to sensitive information

We have explained above that we may process sensitive personal information in relation to you. We have defined above the general purposes for which we process your personal sensitive information. These purposes are justified by lawful conditions as set out by law. There are however additional conditions which apply to sensitive personal information.

We will therefore only process your sensitive personal information for any one or a combination of the following additional lawful reasons apply, which is are:

    • where it is necessary for employment, social security and social protection (and it is properly authorised by law);
    • where it is necessary for your vital interests or the interests of another person;
    • where the processing is carried out in the course of legitimate activities under a foundation, association or non-for-profit body with a political, philosophical, religious or trade union aim;
    • where the information is made publicly available by you;
    • where the processing is necessary for defending or establishing legal claims or court proceedings;
    • where the processing is necessary for substantial public interest;
    • where the information is necessary for medical or social care reasons;
    • where the information is necessary for reasons of public interests or in the area of public health;
    • where the information is necessary for scientific research, statistical purposes, historical research or archiving purposes in public interest.
    • In certain limited circumstances, where you have provided us with explicit consent.

In general, in order to meet the purposes we have described, we will usually process your sensitive information where:

it is necessary in order to comply with employment, social security and social protection legal requirements.

3) Lawful bases applicable to criminal information

We have explained above that we may process any criminal offence information in relation to you. We have defined above the general purposes for which we process any criminal information. These purposes are justified by lawful conditions as set out by law. There are however additional conditions which apply to criminal offence information.

We will therefore only process any criminal offence information in relation to you where any one or a combination of the following additional lawful reasons apply, which are:

    • where it is necessary in order to protect the public against dishonesty;
    • where it is necessary to protect the public against dishonesty.
    • where it is necessary to meet regulatory requirements relating to unlawful acts and dishonesty.

In general, in order to meet the purposes we have described, we will usually process any criminal information in relation to you in order to prevent and/or detect unlawful acts.

4) Lawful bases applicable to automated decision-making

We have explained above that you may be the subject of automated decision-making. We have defined above the general manner in which automated decision-making may take place. There are however conditions which apply to processing of your information where this is processed for the purposes of automated decision-making.

We will therefore only undertake automated decision-making where any one or a combination of the following additional lawful reasons apply, which are where:

    • it is necessary to enter into your employment contract or to perform obligations under the employment contract; or
    • in certain very limited circumstances, where we have your explicit consent; or where
    • it is required or authorised by law (and where that law also lays down suitable measures to safeguard your rights, freedoms and legitimate interests).


Keeping your information secure

We will ensure the proper safety and security of your personal information and have measures in place to do so. Details regarding the storage of your personal information can be found in our policy document: ________.

We are ISO 27001 certified. This certification assists us in ensuring the safety of your personal information.

We have proper procedures in place to deal with any data security breach, details of which can be found in our ________.


Use of your information outside of the United Kingdom

We have described above the purposes and lawful bases for which we process your personal information. In order to meet those needs, we may transfer your personal information outside of the United Kingdom.

Your personal information may be transferred to:

________

The recipient country or countries listed above have been deemed by the United Kingdom to have adequate protection in place in so that the security of your personal information can be maintained.

If you require any further information regarding the use of your personal information outside of the United Kingdom, or in relation to the measures in place to ensure the security of your personal information overseas, this can be found within our policy document as entitled ________ which can be located at ________.


Your rights

Under the UK General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

    • fair processing of information and transparency over how we use your use personal information
    • access to your personal information and to certain other supplementary information that this Privacy Statement is already designed to address
    • require us to correct any mistakes in your information which we hold
    • require the erasure of personal information concerning you in certain situations
    • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this information to a third party in certain situations
    • object at any time to processing of personal information concerning you for direct marketing
    • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
    • object in certain other situations to our continued processing of your personal information, or ask us to suspend the processing procedure in order for you confirm its assurance or our reasoning for processing it.
    • object to processing our your personal information where we are doing so in reliance upon a legitimate interest of our own or of a third party and where you wish to raise to an objection to this particular ground.
    • otherwise restrict our processing of your personal information in certain circumstances
    • claim compensation for damages caused by our breach of any data protection laws
    • in any limited circumstance where we rely upon your consent for processing personal information, you may withdraw this consent at any time.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individual's rights under the General Data Protection Regulations.

If you would like to exercise any of these rights please contact ________ via ________.


8255 828585222228

52 225 82585 8822 2588 228882 82 5222525 225252 (225 2552282: 55582, 85522 25822, 8558882) 282582 8222582 58 58822 252 5225888 82828.


8222858228 252825552

22 5222 2552 82 852 5282882 522 85252 25 8228252 225 55882 58252 255 582 22 2255 82225252822.

552 55 2222558 8525 2522282822 8225852822 5882 28828 225 58252 22 82522 5 822285822 8825 252 85225888252 552525822. 552 85225888252 552525822 82 252 528225 5822522 88 252 52225252822 822288882225.


Changes to the privacy policy

This privacy policy was published on ________ and last updated on ________.

We may change this privacy policy from time to time and will notify all employees of any changes by:

________


Contacting us

If you wish to contact us in relation to any aspect of this statement, or your personal information rights, please contact: ________ via ________.




This privacy policy is full and robustly endorsed at all levels by ________.



Signed: __________________________

(________)

Date: ___________________________




I ____________ (employee of ________), confirm I have been provided with a copy of this privacy statement which I have read and understood.

Signed: __________________________

Print name: _______________________

Date: ___________________________