Data protection privacy notice
We are committed to protecting your personal information and ensuring we respect your privacy. This Privacy Notice explains how we will look after and use any personal information that we collect about you.
What is personal information?
Personal information means any information about you from which you can be identified. Examples of personal information include your name, home address, national insurance number, date of birth, telephone number and e-mail address but it also includes other pieces of information which can be used to identify you, either directly or indirectly, such as a cookie.
Ingenious Media Limited is the Controller of the personal information you provide to us. If you have any questions about this Privacy Notice or the information we hold about you please contact our Data Protection Officer using the details set out below:
Full name of legal entity: Ingenious Media Limited
Name or title of DPO: James Read
Email address: email@example.com
Postal address: Ingenious Media Limited, 15 Golden Square, London, W1F 9JG
Contact telephone numbers: 02073194000
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would however appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
We collect information at the recruitment stage and when you are employed with us. At the recruitment stage we will ask for basic personal information only. If we employ you, further personal information will be requested/used. The type of personal information used in the course of employment includes:
- Address details
- Date of Birth
- Contact information (Including personal/work)
- Employment Details (Including position, compensation, performance & absence records)
- Bank Account Details
- Educational history
- Employment history (Including CV)
- Instructions or requests (for example if you ask for documents, references or annual leave);
- Financial information (financial position and history);
- Documentary data (things can include passport or drivers licence or other forms of identification);
- Family information required for benefits
- Emergency contact details
- Historical information i.e. previous names and addresses;
We may collect the following information from you which is referred to as a special category of personal data because it is sensitive information about you and will require special protections. The information that we may collect is in relation to your:
- Medical History.
We are able to process this information in order to comply with our rights and obligations in relation to employment law, social protection law and social security law.
We collect information about criminal convictions or offences because as part of our staff vetting procedures, and to comply with our obligations under the Financial Services and Markets Act 2000 to ensure that certain staff are fit and proper to carry out regulated activities.
Where we need to collect your personal information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to commence or continue your employment.
Typically we will collect information from you at the start of the recruitment stage, when we decide to hire and during the course of your employment. We collect information from and about you in the following ways:
- Through direct interactions when you give us your personal information by filling in forms or during correspondence with us.
- Through third parties such as Recruiters or the Disclosure and Barring Service.
We only obtain, use and keep personal information where we need it for a specific purpose. We set out in the table below the ways in which we plan to use your personal information. We are only able to use your personal information if we have a proper legal reason or basis for doing so. Most commonly we will use your information in the following ways:
- We have a contract of employment with you.
- We have a legal obligation. We need to use your personal information to comply with employment law.
- We, or a third party, have a legitimate interest in processing the information and your interests and fundamental rights do not override those interests. For example, processing your information to prevent fraud or to provide you with certain employment benefits.
We set out in the table below all the ways we plan to use your personal information and the legal basis we rely on to do so. We also explain what our legitimate interests are where appropriate:
LAWFUL BASIS FOR PROCESSING INCLUDING OUR LEGITIMATE INTERESTS
To on-board you as a new employee and fulfil our obligations as an employer
To fulfil our contract with you
To provide references or contact you after you leave our employment
Necessary for the legitimate interests of you and Ingenious
After you have left our employment in the event that we need to contact you or provide references
Necessary for the legitimate interests of you and Ingenious
We will only use your personal information for the reason for which we collected it. We will only use it for another reason if we believe that new reason is compatible with the original purpose. If we do need to use your personal information for a non-related purpose, we will tell you about it and explain the legal basis which allows us to do so.
We may need to provide information to third parties for a variety of reasons, for example, in order to provide you with certain employee benefits. The categories third parties we share your information with (if applicable) are as follows:
- Insurance providers
- Payroll services providers
- Childcare vouchers providers
- Health Screening service providers
- Regulatory authorities
- Pension services providers
- Employee benefits administration suppliers
The regulations which have been put in place to protect your privacy apply throughout the EEA. The EEA is the European Economic Area which includes all the countries in the European Union plus Iceland, Liechtenstein and Norway. This means that any country within the EEA must meet the same privacy standards as the United Kingdom. All the personal information that we hold about you will be processed in the EEA.
We will need to keep your personal information (updated to ensure accuracy) to fulfil our contract of employment. We also need to comply with EU and UK law, which often requires us to keep certain records - which will include certain personal information – for several years.
Our policy is to keep records for up to as long as is reasonably required after you are no longer an employee. We will ensure all records are safely destroyed if we no longer need to retain them. We review our retention periods for personal information on a regular basis. We will tell you if we change the retention period.
You are provided with a number of different rights under the data protection laws in relation to your personal information. These allow you:
- To access your information;
- To request we correct your information;
- To request that we erase your information;
- To object to the processing of your information;
- To request a restriction in the processing of your information;
- To request a transfer of your information; and
- To withdraw your consent.
If you wish to exercise any of these rights, please email firstname.lastname@example.org. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to deal with your request. We may also need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint.
We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have a procedure to deal with any suspected personal data breach and will notify you, and other regulators, where we are legally required to do so.