Privacy Policy for Employees & Temporary Workers
Last updated: 10/12/24
Gi Group want to protect the privacy of our temporary workers and employees. This privacy policy will help you understand how we collect, use and process your personal data.
Data controller: Gi Group of companies, including Gi Group Holdings Recruitment Ltd, Gi Group Recruitment Ltd, Draefern Ltd, Excel Resourcing (Recruitment Consultants) Ltd, Gi Recruitment Ltd, INTOO (UK) Ltd, Marks Sattin (UK) Ltd, TACK TMI UK Ltd, TACK International Ltd, Grafton Professional Staffing Ltd, Encore Personnel Services Ltd, and Gi Group Staffing Solutions Ltd – registered at Unit A, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY hereby referenced as “THE ORGANISATION”.
We are committed to protecting the privacy of all our temporary workers and employees. Following some recent changes to data protection laws we have updated our Privacy Policy.
Gi Group has appointed a Data Protection Officer (DPO), that can be contacted at uk.privacy@gigroup.com
For any enquiries about this privacy policy or to exercise any rights under this policy please email uk.privacy@gigroup.com
THE ORGANISATION collects and processes personal data relating to its temporary workers and employees to manage the employment relationship. THE ORGANISATION is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Whenever you give us personal data, it will be used in accordance with this privacy policy. This privacy policy also relates to our use of any personal information you provide to us by phone, SMS, email, in letters and other correspondence and in person.
Changes to The Organisation’s Privacy Policy
We may update or change our privacy policy at any time and we will provide an adequate notice. The date of the most recent revisions will appear on the top of this page.
Why do we have a privacy notice?
Your privacy is important to us, and we are committed to protecting and safeguarding the data privacy rights of our employees and temporary workers in accordance with applicable law and this Privacy Policy. Under the UK GDPR & Data Protection Act 2018 we must comply with certain regulations which are designed to ensure that any data you provide to us is processed with due care and attention.
This Privacy Notice details the information we collect, how we use and process that information, and to whom it may be disclosed.
What information does the organisation collect?
THE ORGANISATION may collect and process a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number, date of birth and gender;
- The terms and conditions of your employment or assignment, including information required by our clients for specific workplace requirements;
- Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers (including references, driving licences, etc) and with THE ORGANISATION and any other information contained in your application form, CV or covering letter;
- Information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
- Details of your bank account, national insurance number and bank details;
- Information about your marital status, next of kin, dependants and emergency contacts;
- Information about your nationality and entitlement to work in the UK;
- Information about your criminal record (including any relevant DBS or equivalent checks);
- Details of your schedule (days of work and working hours) and attendance at work;
- Assignment details, including dates and locations of assignments and the work undertaken;
- Timesheets;
- Details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave and copies of related documents such as GP fit notes and MAT B1 forms;
- Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
- Information about medical or health conditions, including whether or not you have a disability for which THE ORGANISATION needs to make reasonable adjustments;
- Information about any work related accidents;
- Details of trade union membership;
- Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief;
- 48 Hour Working Time Directive;
- PPE Deduction Forms and Confirmation;
- Information about any Drug or Alcohol tests untaken as workplace requirements;
- General communication, including but not limited to, email, postal letters and text messaging;
- CCTV footage;
- Information from fobs and key cards;
- Any other information required for legal compliance.
THE ORGANISATION collects this information in a variety of ways. For example, data is collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments or via our website.
In some cases, THE ORGANISATION collects personal data about you from third parties, such as references supplied by former employers, information available via online job boards, information from employment background check providers, information from credit reference agencies, job boards and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in THE ORGANISATION’s People management systems and in other IT systems (including THE ORGANISATION’s email system). Temporary Workers’ data is stored in our candidate management databases, which includes; Access, Agility, Spinner, Bullhorn.
Why does the organisation process personal data?
We rely on a number of different legal grounds to process personal data, depending on how we are using it.
In some cases, THE ORGANISATION needs to process data to enter into a contract for services or a contract of employment with you and to meet its contractual obligations, pursuant to Article 6(1)(b) of the UK GDPR. For example, it needs to process your data to provide you with the applicable contract to pay you and to administer benefit, pension and insurance entitlements.
In some other cases, THE ORGANISATION has a legitimate interest in processing personal data, pursuant to Article 13 (1) (d) of the UK GDPR. We rely on legitimate interest to process personal data where we:
- run recruitment and promotion processes;
- Employees ONLY: operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- Employees ONLY: operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- Agency Workers ONLY: operate and keep a record of performance related processes and complaints, to ensure acceptable conduct in the workplace.
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees and agency workers are receiving the pay or other benefits to which they are entitled;
- respond to and defend against legal claims.
Where THE ORGANISATION relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
Where THE ORGANISATION processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. This is in our legitimate interest to ensure equality of opportunity and diversity within our workforce and is also necessary for reasons of substantial public interest. Employees are entirely free to decide whether or not to provide such data and there are no adverse consequences if an employee chooses not to do so. UK GDPR Article 9 (2) (g) & Data Protection Act 2018.
Who has access to data?
Your information will be shared internally, including between companies in THE ORGANISATION’s group, members of the People and recruitment team, payroll, your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
Data provided within our platform MyGiGroup will be made available to other Gi Group companies including, Gi Group Holdings Recruitment Ltd, Wyser S.r.l, Gi Group Recruitment Ltd, Draefern Ltd, Excel Resourcing (Recruitment Consultants) Ltd, Gi Recruitment Ltd, INTOO (UK) Ltd, Marks Sattin (UK) Ltd, TACK TMI UK Ltd, TACK International Ltd, Grafton Professional Staffing Ltd, Encore Personnel Services Ltd, and Gi Group Staffing Solutions Ltd to allow temporary workers and employees to speed up the registration procedure to the reserved areas of the respective portals of these companies who act as autonomous data controllers within the Gi Group of companies.
THE ORGANISATION shares your data with third parties to obtain references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. THE ORGANISATION may also share your data with third parties in the context of a sale of some or all its business or with THE ORGANISATION’s clients in relation to providing services related to finding suitable work. In those circumstances, the data will be subject to confidentiality arrangements.
THE ORGANISATION also shares your data with third parties that process data on its behalf, in connection with payroll, administering your pension, the provision of benefits and the provision of occupational health services.
We will only transfer data outside of the European Economic Area or EEA (i.e., the Member States of the European Union, together with Norway, Iceland, and Liechtenstein) and/or the UK where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission and/or the UK International Data Transfer Addendum approved by the UK Information Commissioner’s Office (“ICO”) for the transfer of personal data by data controllers in the EEA and/or the UK to data controllers and processors in jurisdictions which do not provide the same level of protection for personal data as the EEA and the UK; or
- pursuant to the EU-US Transatlantic Data Privacy Framework (“DPF”) and/or the UK Extension to the DPF for the transfer of personal data from entities in the EU and/or UK to entities in the United States of America that are certified under the DPF, or any equivalent agreement in respect of other jurisdictions. The DPF is an opt-in certification scheme for US companies, under which transfers to US organisations that are certified under the DPF are held to provide an adequate level of protection; or
- transferring your data to a country where there has been a finding of adequacy by the European Commission and/or the UK government in respect of that country’s levels of data protection via its legislation; or for certain ad hoc transfers in some circumstances, such as where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract, or where you have consented to the data sharing.
Please contact UK.Privacy@gigroup.com if you would like further information on the specific mechanisms used by us when transferring your personal data outside the UK or the EEA.
How does the organisation protect data?
THE ORGANISATION takes the security of your data seriously. THE ORGANISATION has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where THE ORGANISATION engages third parties to process personal data on its behalf, they do so on the basis of written instructions and appropriate contractual terms in relation to data protection, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The Gi Group Data Retention Policies can be viewed here (internal employees, temporary workers) which confirm the retention periods applied to personal data.
Your rights
As a data subject, you have a number of rights:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
For the sake of completeness you have the right to withdraw your consent at any time by updating your preferences on your online registration portal.
Once we have received notification of a withdrawal of consent, we will no longer process the information for the purpose or purposes originally agreed to, unless we have another legitimate basis for doing so.
If you would like to exercise any of these rights, please email uk.privacy@gigroup.com
You can make a subject access request by completing THE ORGANISATION’s SARs form. Please click here.
If you believe that THE ORGANISATION has not complied with your data protection rights, you have a right to lodge a complaint with the ICO. Contact details for the ICO can be found on its website at https://ico.org.uk.
What if you do not provide personal data?
If You have obligations under your contract with us to provide THE ORGANISATION with data and You refuse to provide the requested data, Gi Group may not be able to fulfil its contractual obligations. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide THE ORGANISATION with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable THE ORGANISATION to enter into a contract with you. If you do not provide this information, this may hinder THE ORGANISATION’s ability to manage its relationship with you in an efficient way.
Offensive or Inappropriate Content
If you post or send offensive, inappropriate or objectionable content anywhere on any Gi Group or associated company platforms or to THE ORGANISATION or otherwise engage in any disruptive behaviour on any of THE ORGANISATION’s services, THE ORGANISATION may use your personal information to stop such behaviour.
Where THE ORGANISATION reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), the company may use your personal information to inform relevant third parties such as your employer (if different to THE ORGANISATION), email/internet provider or law enforcement agencies about the content and your behaviour.
Automated decision-making
Employment decisions are not based on automated decision-making.
Contacts
Registered office: Gi Group UK, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY
Email contact: uk.privacy@gigroup.com
Signed: Paulo Canoa – Regional Head and Country Manager UK & Ireland
Date: December 2024