Our Privacy Assurance to You
We value and respect your privacy and we are committed to protecting the personal information you provide to us. When you supply us with your personal data, you consent to us processing all such personal data as set out in the Privacy Statement.
Please read and regularly review this Privacy Statement to gain awareness of any future changes. If you have any feedback or concerns over the handling of your personal information, please feel free to contact us.
Even though we take appropriate technical steps to protect your security, please be aware that data transmission over the internet cannot always be guaranteed as 100% secure, therefore use of the website is at your own risk.
Personal Data – What information do we collect about you and how do we process it?
Personal data is kept by the company to provide the best service for existing and potential future clients and continue in contractual arrangements with suppliers and follow company processes. This data will be held securely on our systems.
We will release personal information where we are operationally required to or permitted to do so by law or by the regulations and other rules to which it is subject.
Your data will be stored for a period of seven years.
We would like to send you information about products and services of ours which may be of interest to you.
If you are already a customer of ours or we are contacting you at a corporate business account, we believe that we have a legitimate business interest in storing and processing your data in this way. If you wish to discuss the legal basis for this business process, please feel free to contact us. If you no longer wish to be contacted via email for marketing purposes, please contact us as firstname.lastname@example.org to object.
If you are not already a customer of ours and you are a sole trader or an individual, we will have emailed you to ask for your consent to send you marketing information via email. If you wish to withdraw this consent at any time, please feel free to contact us at email@example.com
You have the right to be informed of fair processing information with a view to transparency of data. This statement is intended to fulfil that right.
You have the right to access the information we hold. You should make such a request by email to firstname.lastname@example.org or contact us in writing at H2 Business Communication, Shepperton Studios, Studios Road, Shepperton, Middlesex TW17 0QD.
You have the right to ensure the data we hold on you is rectified if it is inaccurate or incomplete. You should contact us using the above contact information and provide them with the details of any inaccurate or incomplete data. We will then ensure that this is amended within one month. We may, in complex cases, extend this period to two months.
You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of an official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defense of legal claims. You will be advised of the grounds of our refusal should any such request be refused.
You have the right to restrict our processing of your data where contest the accuracy of the data until the accuracy is verified. You have the right to restrict our processing of your data where you object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your interests. You have the right to restrict our processing of your data when processing is unlawful, and you oppose erasure and request restriction instead. You have the right to restrict our processing of your data where we no longer need the data and you require the data to establish, exercise or defend a legal claim. You will be advised when we lift a restriction on processing.
You have the right to data portability in that you may obtain and reuse your data for your own purposes across different services, from one IT environment to another in a safe and secure way, without hindrance to usability. The exact method will change from time to time.
You have the right to object to the following:
• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• direct marketing (including profiling); and
• processing for purposes of scientific/historical research and statistics
The data collected is not anticipated to fall within the above categories.
Whilst there is no anticipated automated decision making relating to the data you provide, you have rights where there is automated decision making including profiling. We may only do this where it is necessary for the entry into or performance of a contract, authorised by EU or the UK law or based on your explicit consent. Whilst it is not anticipated that this will occur, where it does, we will give you information about this processing, introduce to you simple ways for you to request human intervention or challenge a decision, and carry out regular checks to ensure that our systems are working as intended.
You have the right to withdraw your consent at any time where data is controlled and processed under the legal basis of Consent (1.a Article 6)
You have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office or any other of our regulators or accreditors that may regulate or provide accreditations to us from time to time. We advise that you exhaust our internal complaints procedure prior to referring the matter to any supervisory, regulatory or accrediting body.
Employee Privacy Notice – How do we control and process the personal data of our Employees?
This statement is provided with the intention to comply with your right to be informed under the General Data Protection Regulation.
We will hold and process the following information:
1. Your personal and contact details including your name, address, telephone numbers, emails, driving license and passport, clothes size, any medical requirements
2. Particulars of your employment including your job title, salary, benefits
3. Financial information including your bank details, NI No, tax statements, pay slips
4. Particulars of your right to work in the UK including your National Insurance Number
5. Particulars of your qualifications and skills including references, licenses, certificates and training
6. Emergency contact information and doctor’s details
7. Particulars of your performance including tasks, attendance
8. Sensitive information including protected characteristics under the Equality Act 2010 for Equal Opportunities Monitoring and Compliance
9. IT usage information including email addresses, log-ins, passwords
10. Particulars of processes e.g. disciplinary, grievance, performance management processes undertaken with you
11. Copies of letters and communications between us and you.
We are the controller of this information and we are also the processor of this information. This data has been gathered with your consent under the legal basis of Contract (1.b article 6), Legal Obligation (1.c article 6) and in the Legitimate Interest (1.f article 6) of assisting us in fulfilling the contractual requirements to supply hours and pay in the course of your employment. It will also be necessary for us to hold and process this data in the interests of your health, safety and welfare in work.
The officer responsible for the protection of your data is:
Your data will be used to assign you work, provide you with hours of work, pay you, monitor your performance, write to you with important documents, check your skills, qualifications and experience, appraise your performance and safeguard your health, safety and wellbeing in the workplace.
This is done on the basis of your legitimate interests and legal obligation to safeguard your health, safety and welfare and the health, safety and welfare of your colleagues, clients and third parties in the workplace. Your data is also processed in accordance with a contractual requirement between you and the company.
The recipients of your data are us and we anticipate that we may need to share personal data with the HMRC (e.g. your Name and National Insurance Number), Priority Payroll, HSE (e.g. your Name and Employment Details where there has been a reportable accident or investigation), Legal Advisers and professional advisers (e.g. your name and employment details where we need advice), Tribunals and Courts (e.g. your name, employment details and other personal data which is necessary for the determination of claims where litigation is commenced), Customers, Suppliers and other organisations (e.g. Your name, contact number, email address and passport details where required for planning processes and documentation to fulfil a contract).
Your employment data will be kept for the duration of your employment and for a further period thereafter of seven years. This period has been set for the protection of our organisation throughout your employment and for a period thereafter in the event of any employment tribunal claims. If such a claim has been filed, the data will be retained for a period of seven years following resolution of that claim and for seven years following the resolution of any further claims. This period has been determined for the protection of the organisation in the event any professional negligence or breach of contract claims in the event we use representation to defend any claims.
Your financial data will be kept for the duration of your employment and for a further period thereafter of seven years. This period has been set for the protection of our organisation throughout your employment and for a period thereafter in the event of any employment tribunal or breach of contract claims. If such a claim has been filed, the data will be retained for a period of seven years following resolution of that claim and for seven years following the resolution of any further claims. This period has been determined for the protection of the organisation under HMRC requirements and in the event any professional negligence or breach of contract claims in the event we use representation to defend any claims.
How to Contact Us?
H2 Business Communication, Shepperton Studios, Studios Road, Shepperton, Middlesex TW17 0QD