Employee Privacy Notice
Data Controller: Nexus Workforce LTD T/A Nexus People (the ‘Organisation’)
The organisation collects and processes personal data relating its employees to manage the employment relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Our legal basis for processing your personal data is below, this forms the basis of our relationship.
- Employment Contracts (PAYE, LTD, Contractor, Temporary Worker)
- Health & Safety at Work Act 1974
- Employment Agencies Act 1973
- Equality Act 2010
- Rehabilitation of Offenders Act 1974
- The Modern Slavery Act 2015
- EU Driver Regulations
- Working Time Directive 2002
What information does the organisation collect?
The organisation collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number, date of birth and gender,
- the terms and conditions of your employment,
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation,
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover,
- details of your bank account and national insurance number,
- information about your marital status, next of kin, dependants and emergency contacts,
- information about your nationality and entitlement to work in the UK,
- photographs / videos, including CCTV and visual media,
- details of your schedule (days of work and working hours) and attendance at work,
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence,
- assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence,
- all driving records/certificates and working time hours in accordance with the H&S, WTD regulations and EU Driver Regulations,
- employee survey data, including employee Talent Surveys.
Please note: we also process the following special categories (Sensitive) data which are required to process under current employment law. We will gain separate consent prior to obtaining the below unless we have substantial legal grounds. (Please contact HR Team for more information).
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments,
- equal opportunities monitoring information including information about your ethnic origin, sexual orientation and religion or belief,
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave,
- logistics tracking software (including GPS),
- genetical biometric data,
- drug and alcohol tests,
- information about your criminal record.
The organisation may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence, from forms completed by you at the start of or during employment (such as benefit nomination forms), from correspondence with you, or through interviews, meetings or other assessments.
In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law. These may also include the following:
- Job boards,
- Time & attendance systems,
- 2nd tier suppliers or partnered agency suppliers,
- Social Media,
- Clients / Associates / Neutral Vendor Partners,
- Government Authorities.
Data will be stored in a range of different places, including in your personnel file, in the organisation’s HR management systems and in other IT systems including the organisation’s email system. It may also be stored on client data basis, external payroll companies, financial services. The duration of which your records will be held will be in line with their retention policy. For further information please contact HR.
Why does the organisation process personal data?
The organisation needs to process data to enter into an employment contract with you and to meet its obligations to you. For example, it needs to process your data to establish you as an employee, to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations as listed above. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
If you fail to provide personal data, we may not be able to perform the employment contract or meet our legal obligations.
In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the organisation to:
- run recruitment and promotion processes,
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights,
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace,
- operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes,
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled,
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled,
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled,
- ensure effective general HR and business administration,
- provide references on request for current or former employees, and
- respond to and defend against legal claims.
Sensitive/Special Category data
As explained above, the organisation also processes some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations such as those in relation to employees with disabilities.
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time.
Who has access to data?
Your information may be shared internally, including with members of the HR and recruitment team including payroll, your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
The organisation shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. The organisation may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The organisation may also share your personal data with third parties outside of the organisation where contractual obligations require us to do so. For example, with the end user and other agencies supplying the end user.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We will keep you informed of this retention and will request your consent in advance.
The organisation also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
For the purpose of payroll and scheduling, the business may also work alongside a Neutral Vendor which provide services to our end client. They store information on their internal system to which the organisation and the Neutral Vendor have access to.
During your registration process, you are asked if you would like to take out Personal Accident Insurance, this is facilitated by Pulse Insurance Limited. Pulse work with 3rd party companies to facilitate your policy such as Infinity Finance Group Limited and Hive Insurance Services Limited. You will be provided with specific terms and conditions and the privacy notice for these companies if you decide to agree to the Personal Accident Plan. The organisation will share your details with the insurer, who will contact you regarding your plan.
Once you have started your new role with the organisation, you will be provided with PPE (Personal Protective Equipment). If you do not return the equipment to us when you leave, you will be charged for that equipment. This will be via the means of a direct debit payment, terms of which will be provided to you at the point of which your PPE is provided. Your details will therefore be shared with 3rd party payment facilitator GoCardless.
The organisation will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your employment. The periods for which your data is held after the end of employment are in line with the companies’ retention policy.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request,
- require the organisation to change incorrect or incomplete data,
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing, and
- object to the processing of your data,
- request the restriction of processing of your personal data, which will result in a suspension of processing whilst it is reviewed,
- request the transfer of your data to a third party.
If you would like to exercise any of these rights, please contact the HR Department. If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You have some obligations under your employment contract to provide the organisation with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters. You may also have to provide the organisation with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the organisation to enter a contract of employment with you. If you do not provide other information, this will hinder the organisation’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Nexus Workforce LTD has appointed Touchstone HR Services to oversee Data compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact Touchstone HR Services. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
You have the right to make a complaint with the Information Commissioners Office at the following address:
Information Commissioner’s Office
Telephone: 0303 123 1113