Data Protection Act 2018 & The General Data Protection Regulations (GDPR)
Your HR Director is a consultancy business, which provides advice and services relating to Human Resources and Employment in the UK.
The GDPR provides the following rights for individuals:
What information will be collected?
We gather and hold data relating to our clients, details about their business, and their employees, workers and subcontractors. This data could be in electronic or hard copy form. This might include, but may not be limited to:
Roles of Data Controller and Data Processor
Our clients remain the Data Controller of employee, worker and contractor data, and we process the data (as Data Processor) on their behalf. We are the Data Controller of our client’s personal data.
The legal basis for holding the data
The two separate legal bases for us holding the data are:
Contract: To fulfil the contract entered into between Your HR Director and our client.
Legitimate Interest: Gathering and holding the data is a necessary function of running our business.
The reason we hold the data and the consequences of not providing it
Our clients have engaged us to provide them with guidance about HR. It could be that they do not have an in-house HR Department, or their HR Department may have asked us for help with a specific project.
Having assistance from an external consultant helps our clients lawfully fulfil the contract of employment or terms of engagement / service that they have entered into with an individual.
Therefore it is necessary for our clients to share both their own data and their employee, worker and contractor data with us, otherwise it would not be possible to provide our clients with the service they have requested.
What we use the data for
Here are some examples of how we might use personal data:
How long do we keep personal data?
It is important that we are able to review the service we have provided during the standard Contractual Limitation Period of six years, therefore allowing for an additional margin of one year, we will retain client personal data for seven years. We will review any request for deletion of data and only keep it with good reason. Data relating to client's employees will be deleted when it is no longer necessary to keep it for the function of fulfilling the piece of work or contract between us and our client.
Data security
Your HR Director takes data security very seriously. Electronic Data is stored in a GDPR compliant cloud system, with secure passwords and restricted access. Office computers are password protected.
Hard copy data is destroyed securely as soon as it is no longer needed.
With whom do we share personal data?
We might share personal data under the following circumstances:
What will not be done with personal data?
Personal data will not be sold to third parties save in the case of sale or transfer of the business.
- - -
If you have any queries or questions about this notice or how data is used by Your HR Director please contact Duncan Elliott.
Further information and people’s right to complain can be found here: https://ico.org.uk
Your HR Director is a consultancy business, which provides advice and services relating to Human Resources and Employment in the UK.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
What information will be collected?
We gather and hold data relating to our clients, details about their business, and their employees, workers and subcontractors. This data could be in electronic or hard copy form. This might include, but may not be limited to:
- Names and addresses
- Contact details
- Pay details
- CVs
- Work history
- Email addresses
- Employment details
Roles of Data Controller and Data Processor
Our clients remain the Data Controller of employee, worker and contractor data, and we process the data (as Data Processor) on their behalf. We are the Data Controller of our client’s personal data.
The legal basis for holding the data
The two separate legal bases for us holding the data are:
Contract: To fulfil the contract entered into between Your HR Director and our client.
Legitimate Interest: Gathering and holding the data is a necessary function of running our business.
The reason we hold the data and the consequences of not providing it
Our clients have engaged us to provide them with guidance about HR. It could be that they do not have an in-house HR Department, or their HR Department may have asked us for help with a specific project.
Having assistance from an external consultant helps our clients lawfully fulfil the contract of employment or terms of engagement / service that they have entered into with an individual.
Therefore it is necessary for our clients to share both their own data and their employee, worker and contractor data with us, otherwise it would not be possible to provide our clients with the service they have requested.
What we use the data for
Here are some examples of how we might use personal data:
- Producing an employment contract
- Writing a letter
- Advising on pay (for example, the National Minimum Wage)
- Providing guidance on a Grievance or Disciplinary matter
How long do we keep personal data?
It is important that we are able to review the service we have provided during the standard Contractual Limitation Period of six years, therefore allowing for an additional margin of one year, we will retain client personal data for seven years. We will review any request for deletion of data and only keep it with good reason. Data relating to client's employees will be deleted when it is no longer necessary to keep it for the function of fulfilling the piece of work or contract between us and our client.
Data security
Your HR Director takes data security very seriously. Electronic Data is stored in a GDPR compliant cloud system, with secure passwords and restricted access. Office computers are password protected.
Hard copy data is destroyed securely as soon as it is no longer needed.
With whom do we share personal data?
We might share personal data under the following circumstances:
- When required to do so by law
- When a client asks us to in order to fulfil a contractual obligation or to achieve a legitimate aim (for example, discussing pay details with an external payroll provider.)
What will not be done with personal data?
Personal data will not be sold to third parties save in the case of sale or transfer of the business.
- - -
If you have any queries or questions about this notice or how data is used by Your HR Director please contact Duncan Elliott.
Further information and people’s right to complain can be found here: https://ico.org.uk