The Warmfront Team Staff Privacy Notice

We are committed to maintaining privacy, confidentiality and respecting your rights in regard to the information we hold about you.  We understand this is important and we want to ensure that this is only gathered as necessary and used for a specific purpose and in a transparent manner. 

This privacy notice tells you what to expect when The Warmfront Team (“the Company”) collects personal information about you. It applies to all employees, ex-employees, agency staff, contractors, sub-contractors, and any other people working with the Company.  However, the information we will process about you will vary depending on your specific role and personal circumstances.

It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we process your personal data, we are regulated under the General Data Protection Regulation (GDPR), the Data Protection Act 2018.  Under this legislation we are considered as a Data Controller and Data Processor. 

Our contact details

Name: The Warmfront Team Ltd

Address:  Hellier House, Two Woods Lane, Brierley Hill DY5 1TA

Phone Number: 0800 0328322

E-mail: info@warmfrontteam.co.uk

Key terms

It would be helpful to start by explaining some key terms used in this policy:

The type of personal information we collect

As part of your terms and conditions of your employment, whether that be as an employee or a subcontractor, you give the firm permission to collect, retain and process information about you such as age, sex, ethnic origins and sickness record. The information is collected so that we can monitor our compliance with the law and best practice in terms of equal opportunity and non-discrimination. The information will be checked with you from time to time to ensure it remains up to date. Should your circumstances change, you should notify Jim Thomas, Managing Director immediately

Information related to your employment.

We use the following information to carry out the contract we have with you, provide you access to business services required for your role and manage our human resources processes.

• Identity data details-Personal contact details such as your name, address, contact telephone numbers (landline and mobile) and personal email addresses.
• Identity data-Your date of birth, gender and NI number.
• Personal data-A copy of your passport or similar photographic identification and / or proof of address documents.
• References provided by past employers/other personal references.
• Marital status.
• Next of kin, emergency contact and their contact information.
• Employment and education history including your qualifications, job application, employment references, right to work information and details of any criminal convictions that you declare.
• Copies of your CV.
• Details of any notes from an interview with you and your response to questions asked.
• Copies of accreditation certifications that are necessary for you to carry out your role e.g. PAS 2030.
• Location of employment
• Details of any secondary employment, conflict of interest declarations or gift declarations.
• Your responses to staff surveys if this data is not anonymised.
• Any content featuring you produced for use on our website or social media such as videos, authorised articles, blog posts and speech transcripts.

Information related to your salary, pension and loans.

We process this information for the payment of your salary, pension and any other employment related benefits. We also process if for the administration of statutory leave entitlements such as holiday, maternity or paternity leave.

• Information about your job role and your employment contract including your start and leave dates, salary (including grade and salary band), any changes to your employment contract, working pattern (including any requests for flexible working).
• Details of time spent working and any overtime, expenses including details of any loans such as for travel season tickets.
• Details of any leave including sick leave, holidays, special leave etc.
• Pension details including membership of both state and occupational pension schemes (current and previous).
• Your bank account details, payroll records and tax status information.
• Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay. This includes forms applying for the relevant leave, copies of MATB1 forms/matching certificates and any other relevant documentation relating to the nature of the leave.

Information relating to your performance and training.

We use this information to assess your performance, to conduct pay and grading reviews and to deal with any employer / employee related disputes. We also use it to meet the training and development needs required for your role.

• Information relating to your performance at work, e.g. probation reviews, appraisals, promotions.
• Grievance and any investigations to which you may be a party or a witness.
• Disciplinary records and documents.
• Whistleblowing concerns raised by you, or to which you may be a party or witness.
• Information related to your training history and development needs.

Information relating to monitoring.

We use this information to assess your compliance with our policies and procedures to ensure the security of our premises, IT systems and employees.

• Information from monitoring IT acceptable use standards.
• Photos And CCTV images.

Information relating to your health and wellbeing and other special category data.

We use the following information to comply with our legal obligations and for equal opportunities monitoring. We also use it to ensure the health, safety and wellbeing of our employees.

• Health and wellbeing information either declared by you or obtained from health checks, eye examinations, occupational health referrals and reports, sick leave forms, health management questionnaires or fit notes i.e., Statement of Fitness for Work from your GP or hospital.
• Accident records if you have an accident at work.
• Details of any desk audits, access needs or reasonable adjustments.
• Information you have provided regarding Protected Characteristics as defined by the Equality Act for the purpose of equal opportunities monitoring. This includes racial or ethnic origin, religious beliefs, disability status, and gender identification and may be extended to include other protected characteristics.

How your personal data is collected.

We collect most of this information from you. However, we may also collect information:

• From an employment agency
• From referees, either external or internal
• From Occupational Health and other health providers.
• From your Trade Union
• Other government departments, for example tax details from HMRC
• Directly from a third party, e.g.:
• Security screening providers.
• credit reference agencies.
• Via our information technology (IT) systems, e.g.:
• door entry systems and reception logs.
• automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

We may share this information:

• Internally between managers if necessary.
• With any HR company/personnel to process your information ensuring it is accurate and up to date.
• Our regulators to provide statistical information to them for example. The information provided will be anonymised where possible but it may be that you are able to be identified.
• Our accreditation bodies to provide statistical information, which will be anonymised where possible but it may be that you can be identified.
• With our external customers for e.g. if you are the person who is attending their home/property so they know who will be attending.
• Any other people you authorise us to share your data with, such as members of your family.
• With future employers if you ask us to provide a reference.
• In some circumstances, such as under a court order, we are legally obliged to share information.
• We may also share information about you with third parties including our data processors, training providers, government agencies and external auditors. For example, we may share information about you with HMRC for the purpose of collecting tax and national insurance contributions.
• credit reference agencies.
• our insurers and brokers.
• external auditors, e.g., in relation to the audit of our accounts.
• our bank to enable us to pay you for your services.
• external service suppliers, representatives and agents that we use to make our business more efficient, e.g., typing services, marketing agencies, document collation or analysis suppliers.

We only allow our service providers to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

How we use your data - the legal basis and purpose

Under data protection law, we can only process your personal information for a legitimate reason and have a legal basis to do so.  We have considered the legal basis and the ones we rely on for processing your information are:  

We have a contractual obligation.

• to comply with our legal obligations as your employer (Article 6(1)( C)
• for the performance of our contract with you, including information about any staff criminal convictions and offences (Article 6(1)(b)
• in order to protect your vital interests or those of another person (Article 6 (1) (d)

Legitimate interest

We consider we have a legitimate interest in collecting your data.  This will of course be balanced against your rights. 

Examples of legitimate interest may be that we process your data:

• We need to process your personal information for the purposes of your employment or providing you with details of work if you are a sub-contractor.
• We may use your information in the governance of our business including accounting managing and auditing our operations so that our business remains effective and performs well.
• Monitoring and recording interactions with you during your employment or as a sub-contractor.
• Monitoring and reviewing your performance against objectives of your particular function.
• For research purpose to ascertain whether our service is appropriate and provides the service we expect to provide to our external clients.

Legal obligations

We have various rules and obligations which we must abide by, including reporting to our regulators and or accreditation bodies-this may involve us providing them with details you have carried out as an employee or sub-contractor on our external clients home/property.  

Consent

The majority of information we process will come from you and as such you have provided us with your consent to process this.  You can change/withdraw your consent at any time by contacting Jim Thomas:

Address: Hellier House, Two Woods Lane, Brierley Hill DY5 1TA

Phone Number: 0800 0328322

E-mail: jim.thomas@warmfrontteam.co.uk

Special category data

As part of your employment we process data that would be considered as special category data, for example your health data.  The additional bases for processing that we rely on are:

• Article 9(2)(b) which relates to carrying out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights.
• Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent.
• Article 9(2)(f) for the establishment, exercise or defence of legal claims.

In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018. This relates to the processing of special category data for employment purposes.

How we store your personal information.

Your information is securely stored via Sharepoint, which is a secure system with a two step authentication process for accessing it. 

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long your personal data will be kept.

The Company shall not keep employee’s personal data for any longer than necessary nor

for the purposes set out in this policy.

The minimum periods we will retain your personal information are as follows:

• Payroll, P60s, P45s-Minimum of 6 years
• Recruitment data but should be a least 6 months
• Accident Records: Minimum of 3 years since the last entry, or if it involves a child until they reach 21.
• Income Tax and NI: Minimum of 3 years from the end of the financial year to which they relate.
• Maternity and Paternity: Minimum of 3 years from the end of the tax year in which the leave ends.
• Working Time: 2 years.
• Parental Leave: 5 years from birth or adoption, or 18 years if the child receives a disability allowance.
• Pension Benefits: 12 years from the ending of any benefit payable.
• All Personnel Files and Training Records: 6 years from the end of employment.
• Redundancy Records: 6 years.
• Sickness Absence Records: 6 years after employment ends.
• Any other information: 6 years after employment ends.

When it is no longer necessary to retain your personal data, all reasonable steps will be taken to delete, anonymise or otherwise dispose of it securely and without delay.

Our data retention guidelines have been agreed following an assessment of our data and the requirements of our industry standard practice, together with our obligations under Data Protection Law.

Do we use any data processors?

Yes - a list of our data processors can be found at Annex A.

Your Data Protection Rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact our Data Protection Officer Jim Thomas at:

Address:  Hellier House, Two Woods Lane, Brierley Hill DY5 1TA

Phone Number: 0800 0328322

E-mail: jim.thomas@warmfrontteam.co.uk

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

• You can request your personnel file by emailing the Jim Thomas. You can also make a verbal request for your information. You will not be able to take away your physical file. Your access request will be handled outside of our normal case management systems with restricted access. We will consult internally with members of staff who might hold personal data about you.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

Address:  Hellier House, Two Woods Lane, Brierley Hill DY5 1TA

Phone Number: 0800 0328322

E-mail: info@warmfrontteam.co.uk

Whilst we hope that any complaint you make is resolved to your satisfaction, you are able to make a complaint to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to this privacy policy

This privacy policy was published on 11th January 2024.

We may change this privacy policy from time to time, when we do, we will inform you via email or letter.

Annexes

Annex A Data Processors

Data processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. Our data processors are listed below.

I need further information in regard to anyone you might ‘outsource’ to that may get access to personal information