Terms & Conditions

Pursuant to that legislation, when processing data we will;
• Process it fairly, lawfully and in a clear, transparent way
• Collect your data only for reasons that we find proper for the course of your
employment in ways that have been explained to you
• Only use it in the way that we have told you about
• Ensure it is correct and up to date
• Keep your data for only as long as we need it
• Process it in a way that ensures it will not be lost or destroyed or used for
anything that you are not aware of or have consented to (as appropriate)
Service Innovation is a “data controller”. This means that we are responsible for
determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an
identified, or identifiable individual in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial
or ethnic origin, political opinions, religious or philosophical beliefs, trade union
membership, physical or mental health conditions, sex life or sexual orientation,
genetic data, and biometric data which require a higher level of protection.
This data protection compliance statement (privacy notice) applies to current and
former employees, workers and contractors.
DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU
The list below identifies the kind of data that we will hold about you:
Personal contact details such as name, title, addresses, telephone numbers, and
personal email addresses
• Date of birth
• Your photograph
• Gender
• Marital status
• Dependants, next of kin and their details
• National Insurance number
• Bank account details, payroll records and tax codes
• Salary, pension and benefits information
• Leave records including annual leave, family leave, sickness absence etc
• Start date
• Location of employment or workplace
• Copy of driving licence
• Information included on your CV including references, education history and
employment history
• Documentation relating to your right to work in the UK
• Information used for equal opportunities monitoring about your sexual
orientation, religion or belief and ethnic origin
• Medical or health information including whether or not you have a disability
• Current and previous job titles, job descriptions, pay grades, training records,
hours of work, professional membership and other terms and conditions relating
to your employment with us
• Compensation history
• Internal performance information including measurements against targets,
formal warnings and related documentation with regard to capability procedures
and appraisal forms
• Information and relevant communications regarding disciplinary and grievance
issues
• CCTV footage and other information obtained through electronic means such as
building/store entry records
• Information about your use of our information and communications systems
The following list identifies the kind of data that that we will process and which falls
within the scope of “special categories” of more sensitive personal information:
information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life
and political opinions
• Information about your health, including any medical conditions and disabilities
• Information about criminal convictions and offences

METHOD OF COLLECTION OF PERSONAL INFORMATION
Your personal information is obtained through the application and recruitment process,
this may be directly from candidates, via an employment agency or a third party who
undertakes background checks. Further information will be collected directly from you
when you complete forms at the start of your employment, for example, your bank and
next of kin details. Other details may be collected directly from you in the form of official
documentation such as your driving licence, passport or other right to work evidence.
Data may be collected during the course of your engagement with us to enable its
continued existence or development.
Personal data is kept in personnel files or within our HR, IT and BOOST reporting
systems.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for
processing. At least one of the following will apply when we process personal data:
• Consent: You have given clear consent for us to process your personal data for a
specific purpose.
• Contract: The processing is necessary for a contract we have with you, or
because we have asked you to take specific steps before entering into a
contract.
• Legal obligation: The processing is necessary for us to comply with the law (not
including contractual obligations).
• Vital interests: the processing is necessary to protect someone’s life.
• Public task: the processing is necessary for us to perform a task in the public
interest or for our official functions, and the task or function has a clear basis in
law.
• Legitimate interests: the processing is necessary for our legitimate interests or
the legitimate interests of a third party unless there is a good reason to protect
your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data contained in the list above
(see section above – details of information we will hold about you) is necessary for the
performance of the contract we have with you and to enable us to comply with our legal
obligations. Occasionally, we may process personal information about you to pursue
legitimate interests of our own or those of third parties, provided there is no good reason
to protect your interests and your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below.
• Making decisions about who to offer initial employment to, and subsequent
internal appointments, promotions etc.
• Responding to requests from third parties such as a reference request or
mortgage approval etc.
• Making decisions about salary and other benefits
• Providing contractual benefits to you
• Maintaining comprehensive up to date personnel records about you to ensure,
amongst other things, effective correspondence can be achieved and
appropriate contact points in the event of an emergency are maintained
• Effectively monitoring both your conduct and your performance and to
undertake procedures with regard to both of these if the need arises
• Offering a method of recourse for you against decisions made about you via a
grievance procedure
• Assessing training needs
• Implementing an effective sickness absence management system including
monitoring the amount of leave and subsequent actions to be taken including
the making of reasonable adjustments
• Gaining expert medical opinion when making decisions about your fitness for
work
• Managing statutory leave and pay systems such as maternity leave, pay etc.
• Business planning and restructuring exercises
• Dealing with legal claims made against us
• Preventing fraud
• Ensuring our administrative and IT systems are secure and robust against
unauthorised access
There may be more than one reason to validate the reason for processing your personal
information.
LAWFUL BASIS FOR PROCESSING “SPECIAL CATEGORIES” OF SENSITIVE DATA
“Special categories” of particularly sensitive personal information require higher levels
of protection. We need to have further justification for collecting, storing and using this
type of personal information. We may process special categories of personal
information in the following circumstances:
• Consent: You have given clear consent for us to process your personal data for a
specific purpose.
• Contract: The processing is necessary for a contract we have with you, or
because we have asked you to take specific steps before entering into a
contract.
• Legal obligation: The processing is necessary for us to comply with the law (not
including contractual obligations) and meets the obligations under our data
protection policy.
• Vital interests: the processing is necessary to protect someone’s life.
• Public task: the processing is necessary for us to perform a task in the public
interest or for our official functions, and the task or function has a clear basis in
law and meets the obligations under our data protection policy. (For example in
the case of equal opportunities monitoring)
• Legitimate interests: the processing is necessary for our legitimate interests or
the legitimate interests of a third party unless there is a good reason to protect
your personal data which overrides those legitimate interests (For example to
assess your capacity to work on the grounds of ill health)
Occasionally, special categories of data may be processed where you are not capable
of giving your consent, where you have already made the information public or in the
course of legitimate business activities or legal obligations and in line with the
appropriate safeguards.
Examples of the circumstances in which we will process special categories of your
particularly sensitive personal information are listed below (this list is non-exhaustive):
• In order to protect your health and safety in the workplace
• To assess your physical or emotional fitness to work
• To determine if reasonable adjustments are needed or are in place
• To monitor and manage sickness absence, family leave or other absences from
work (including time off for dependents)
• To administer benefits
• In order to fulfill equal opportunity monitoring or reporting obligations
Where appropriate, we may seek your written authorisation to process special
categories of data. Upon such an occasion we will endeavor to provide full and clear
reasons at that time in order for you to make an informed decision. In any situation
where consent is sought, please be advised that you are under no contractual
obligation to comply with a request. Should you decline to consent you will not suffer a
detriment.
INFORMATION ABOUT CRIMINAL CONVICTIONS
Information regarding criminal convictions may be processed in accordance with our
legal obligations. Occasionally we may process such information to protect yours, or
someone else’s interests and you are not able to give your consent, or we may process
such information in cases where you have already made the information public. Such
information may be sought as part of the recruitment process or in the course of your
employment with us.
We do not anticipate that we will process information about criminal convictions.
AUTOMATED DECISION-MAKING
We do not anticipate that any of our decisions will occur without human involvement.
Should we use any form of automated decision making we will advise you of any change
in writing.
SHARING DATA
Your data will be shared with colleagues within the Company where it is necessary for
them to undertake their duties. This includes, for example, Administrators, Senior
Payroll Administrator, Divisional Manager, Operations Manager, Field Operations
Manager, Area Manager, Business Unit Manager, Team Leaders for their management of
you, the HR department for maintaining personnel records and the payroll department
for administering payment under your contract of employment.
It may be necessary for us to share your personal data with a third party or third party
service provider (including, but not limited to, clients, contractors, agents or other
associated/group companies) within, or outside of, the European Union (EU). Data
sharing may arise due to a legal obligation, as part of the performance of a contract or in
situations where there is another legitimate interest (including a legitimate interest of a
third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
• Payroll
• Pension providers/administrators
• IT services
• Legal advisors
• Security
• Insurance providers
• Group companies
• External clients
• Suppliers
• Companies house
Data may be shared with 3rd parties in the following circumstances:
• In the process of regular reporting activities regarding our performance,
• With regards to a business or group reorganisation, sale or restructure,
• In relation to the maintenance support and/or hosting of data
• To adhere with a legal obligation
• In the process of obtaining advice and help in order to adhere with legal
obligations
• In order for you to carry out your role for external clients
If data is shared, we expect third parties to adhere and comply with the GDPR and
protect any data of yours that they process. We do not permit any third parties to
process personal data for their own reasons. Where they process your data it is for a
specific purpose according to our instructions.
We anticipate that we will transfer data to other countries.
Data may be transferred to the following country/countries:
• Germany – There is an adequacy decision* by the European Commission in
respect of this country
• Netherlands – There is an adequacy decision* by the European Commission in
respect of this country
• United States – There is an adequacy decision* by the European Commission in
respect of this country
• India – There is not an adequacy decision by the European Commission in
respect of this country
*Where there is a positive finding of adequacy, the country is considered to provide an
adequate level of protection for the transfer of personal data for further information
see https://ico.org.uk/your-data-matters/
In further efforts to secure and protect the transfer of data to third parties, within or
outside of the EU, we have implemented strict data protection criteria within all our
contract and non-disclosure agreements.
As part of our commitment to protecting the security of any data we process, we have
included a more detailed Data Security section within our Data Protection Policy.
In addition, we have security measures in place to avoid data from being accessed,
damaged, interfered with, lost, stolen or compromised. In cases of a breach, or
suspected breach, of data security you will be informed, as will any appropriate
regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business
need, in accordance with our guidance and in accordance with the duty of
confidentiality.
DATA RETENTION
We anticipate that we will retain your data as part of the recruitment process for no
longer than is necessary for the purpose for which it was collected.
We have given consideration to the following in order to decide the appropriate
retention period:
• Quantity
• Nature
• Sensitivity
• Risk of harm
• Purpose for processing
• Legal obligations
At the end of the retention period, upon conclusion of any contract we may have with
you, or until we are no longer legally required to retain it, it will be reviewed and deleted,
unless there is some special reason for keeping it. Occasionally, we may continue to
use data without further notice to you. This will only be the case where any such data is
anonymised and you cannot be identified as being associated with that data.

YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your
obligation to make us aware of any changes to your personal information.
In some situations, you may have the;
• Right to be informed. This means that we must tell you how we use your data,
and this is the purpose of this privacy notice.
• Right to request access. You have the right to access the data that we hold on
you. To do so, you should make a subject access request
• Right to request correction. If any data that we hold about you is incomplete or
inaccurate, you are able to require us to correct it.
• Right to request erasure. If you would like us to stop processing your data, you
have the right to ask us to delete it from our systems where you believe there is
no reason for us to continue processing it.
• Right to object to the inclusion of any information. In situations where we are
relying on a legitimate interest (or those of a third party) you have the right to
object to the way we use your data where we are using it.
• Right to request the restriction of processing. You have the right to ask us to stop
the processing of data of your personal information. We will stop processing the
data (whilst still holding it) until we have ensured that the data is correct.
• Right to portability. You may transfer the data that we hold on you for your own
purposes.
• Right to request the transfer. You have the right to request the transfer of your
personal information to another party.
Where you have provided consent to our use of your data, you also have the
unrestricted right to withdraw that consent at any time. Withdrawing your consent
means that we will stop processing the data that you had previously given us consent to
use. There will be no consequences for withdrawing your consent. However, in some
cases, we may continue to use the data where so permitted by having a legitimate
reason for doing so.
If you wish to exercise any of the rights explained above, please
contact dpa@sigeurope.com.
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to
enter into or continue with an employment contract with you, and it may prevent us
from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was
collected, except where we reasonably consider that the reason for processing changes
to another reason and that reason is consistent with the original basis for processing.
Should we need to process personal information for another reason, we will inform you
of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or
consent, in compliance with the above rules (see above section – lawful basis for
processing your personal information).
In the event that you enter into an employment contract with us, any information
already collected may be processed further in accordance with our data protection
policy, a copy of which will be provided to you.
QUESTIONS OR COMPLAINTS
Should you have any questions regarding this statement, please
contact dpa@sigeurope.com.
The supervisory authority in the UK for data protection matters is the Information
Commissioner (ICO). If you think your data protection rights have been breached in any
way by us, you are able to make a complaint to the ICO.
DATA PROTECTION POLICY
The Company is fully committed to compliance with the requirements of the General
Data Protection Regulation (GDPR) and all other data protection legislation currently in
force. The Regulation applies to anyone processing personal data and sets out
principles which should be followed and gives rights to those whose data is being
processed.
To this end, the Company endorses fully and adheres to the Data Protection Principles
listed below. When processing data we will ensure that it is:
• Processed lawfully, fairly and in a transparent way (‘lawfulness, fairness and
transparency’)
• Processed no further than the legitimate purposes for which that data was
collected (‘purpose limitation’)
• Limited to what is necessary in relation to the purpose (‘data minimisation’)
• Accurate and kept up to date (‘accuracy’)
• Kept in a form which permits identification of the data subject for no longer than
is necessary (‘storage limitation’)
• Processed in a manner that ensures security of that personal data (‘integrity and
confidentiality’)
• Processed by a controller who can demonstrate compliance with the principles
(‘accountability’)
These rights must be observed at all times when processing or using personal
information. Therefore, through appropriate management and strict application of
criteria and controls, the Company will:
• Observe fully the conditions regarding having a lawful basis to process personal
information
• Meet its legal obligations to specify the purposes for which information is used
• Collect and process appropriate information only to the extent that it is
necessary to fulfil operational needs or to comply with any legal requirements
• Ensure the information held is accurate and up to date
• Ensure that the information is held for no longer than is necessary
• Ensure that the rights of people about whom information is held can be fully
exercised under the GDPR (i.e. the right to be informed that processing is being
undertaken, to access personal information on request; to prevent processing in
certain circumstances, and to correct, rectify, block or erase information that is
regarded as wrong information)
• Take appropriate technical and organisational security measures to safeguard
personal information
• Ensure that personal information is not transferred outside the EU, to other
countries or international organisations without an adequate level of protection
EMPLOYEES PERSONAL INFORMATION
Throughout employment and for as long as is necessary after the termination of
employment, the Company will need to process data about you. The kind of data that
the Company will process includes:
• Any references obtained during recruitment
• Details of terms of employment
• Payroll details
• Tax and national insurance information
• Details of job duties
• Details of health and sickness absence records
• Details of holiday records
• Information about performance
• Details of any disciplinary and grievance investigations and proceedings
• Training records
• Contact names and addresses
• Correspondence with the Company and other information that you have given
the Company
The Company believes that those records used are consistent with the employment
relationship between the Company and yourself and with the data protection principles.
The data the Company holds will be for management and administrative use only but
the Company may, from time to time, need to disclose some data it holds about you to
relevant third parties (e.g. where legally obliged to do so by HM Revenue & Customs,
where requested to do so by yourself for the purpose of giving a reference or in relation
to maintenance support and/or the hosting of data in relation to the provision of
insurance).
In some cases the Company may hold sensitive data, which is defined by the legislation
as special categories of personal data, about you. For example, this could be
information about health, racial or ethnic origin, criminal convictions, trade union
membership, or religious beliefs. This information may be processed not only to meet
the Company’s legal responsibilities but, for example, for purposes of personnel
management and administration, suitability for employment, and to comply with equal
opportunity legislation. Since this information is considered sensitive, the processing of
which may cause concern or distress, you will be asked to give express consent for this
information to be processed, unless the Company has a specific legal requirement to
process such data.
ACCESS TO DATA
You may, within a period of one month of a written request, inspect and/or have a copy,
subject to the requirements of the legislation, of information in your own personnel file
and/or other specified personal data and, if necessary, require corrections should such
records be faulty. If you wish to do so you must make a written request to your line
Manager. The Company is entitled to change the above provisions at any time at its
discretion.
DATA SECURITY
You are responsible for ensuring that any personal data that you hold and/or process as
part of your job role is stored securely.
You must ensure that personal information is not disclosed either orally or in writing, or
via web pages, or by any other means, accidentally or otherwise, to any unauthorised
third party.
You should note that unauthorised disclosure may result in action under the
disciplinary procedure, which may include dismissal for gross misconduct. Personal
information should be kept in a locked filing cabinet, drawer, or safe. Electronic data
should be coded, encrypted, or password protected both on a local hard drive and on a
network drive that is regularly backed up. If a copy is kept on removable storage media,
that media must itself be kept in a locked filing cabinet, drawer, or safe.
When travelling with a device containing personal data, you must ensure both the
device and data is password protected. The device should be kept secure and where
possible it should be locked away out of sight i.e. in the boot of a car. You should avoid
travelling with hard copies of personal data where there is secure electronic storage
available. When it is essential to travel with hard copies of personal data this should be
kept securely in a bag and where possible locked away out of sight i.e. in the boot of a
car. This document demonstrates our commitment to protecting the privacy and
security of your personal information. It contains information regarding how we collect
and use personal data or personal information about you in accordance with the
General Data Protection Regulation (GDPR) and all other data protection legislation
currently in force.