Privacy Policy

Harry Burrows Fabrications Ltd Privacy Notice

This the privacy statement for Harry Burrows Ltd.

Name of and Contact Details of Data Controller

The details of the company Data Controller are given below.

Marc Burrows
Harry Burrows Fabrications Ltd 8/9 Bayton Way
Exhall
Coventry
CV7 9ER

Email: marc.burrows@harryburrows.co.uk Tel 02476 361313

Introduction

The below sets out the Company’s statement on dealing with personal data.

Section 1 relates to those applying for jobs with the Company; Section 2 relates to those who work for the Company; Section 3 deals with personal data relating to customers, clients, those subject to our services and or suppliers; Section 4 relates to marketing.

Please refer to the relevant section.

Section 1 Privacy Notice Recruitment

The below provides you with important information concerning the personal data the Company may collect, retain and process relating to job applicants. The personal data collected, retained and processed is limited to that which is relevant to the entering into an employment relationship. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. The below provides information to assist in this matter.

1.1 Purposes of Processing and Legal Basis of Processing

The Company needs to collect, retain and process or use personal data for the following reasons.

In order to enter into a contract of employment or any other work contract with you or to take steps at your request prior to entering into a contract;

To meet our legal responsibilities as an employer (for example to check you are entitled to work in the UK and or the meet our responsibilities under the Equality Act 2010)

To pursue the relevant and legitimate interests of the business (for example being able to process and retain information for managing the recruitment process and or for making appropriate decisions about suitability of candidates and or for making offers of employment).

Special categories of personal data may be processed in order to comply with the Equality Act 2010 and or other legislation.

The Company will not use your personal information for any other purpose than recruitment activity. However, if you are not successful the Company may retain your details for a 6 month period. In this period the Company may contact you if a suitable vacancy arises.

1.2 Who has Access to Personal Data

Your personal data will only be disclosed where appropriate to authorised individuals within the Company involved in the recruitment process or third parties involved in the recruitment process and or who are providing relevant support or advice.

Those authorised individuals within the Company who may be included in the recruitment process include those with HR and or recruitment responsibilities, the management team in the area where the vacancy exists, those involved in the interview and assessment process and those with responsibility for IT, where they need access to your data for the performance of their role. However, in respect of those with access to your data, the access they have will be limited to what they need to have access to only. Also your data may be disclosed to third parties providing computerised storage facilities including cloud technology.

If you are not successful your personal data will not be shared with third party providers, other than those who may be included in the recruitment process or who may give us advice on such matters. If, however, you are successful in your application your personal data may be provided to third party providers such as any third parties providing accountancy, I.T., payroll or HR/legal/Occupational Health/Benefit Provision support to the company and in such circumstances only data relevant to such support will be provided. Further the need for pre employment checks and or the obtaining of references may result in us sharing information with other employers. Also we may need to perform pre employment screening or conduct Disclosure and Barring checks and again we may share your data with such external organisations as are used in such circumstances.

Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.

It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.

1.3 Time Period for Retaining Data

If you are unsuccessful in your application the Company will retain your personal data for a period of up to 6 months following the decision in relation to your application.

1.4 Your Rights

As a data subject you have the following rights:

  • You can request from the Company access to and copy of your data
  • You can request the Company to correct or erase personal data
  • You can request a restriction of processing of your personal data
  • You can object to processing of your personal data
  • You can request to exercise the right to data portability in certain circumstances.

If you wish to exercise any of the above rights you should contact the Data Controller identified above.In addition you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.You are not under any contractual or statutory requirement to provide any personal data to the Company during the process of recruitment.

However, if you fail to provide relevant personal data this may prevent the Company from being able to fully or properly process your application or it may be the Company will not be able to process your application at all.

No automated decision making is used in respect to any personal data.

1.5 Categories of Personal Data

The Company may or will collect, use and process a range of personal information relating to you during or as part of the recruitment process. The nature of the personal data may include information such as or relating to the following:

Your name, address, email address, contact details, phone number, personal details, right to work in the UK, criminal records, your qualifications, work history, future career plans, experience, skills, current level of pay and associated employment benefits, health records/history, whether you have a disability and or whether reasonable adjustments are needed, references, equal opportunity related information, information relating to your suitability for the role.

1.6 Source

The information and or data collected and or processed relating to you is received from a number of sources. These include information provided by you (such as CVs, application forms, identity documents) or information gained at interviews, meetings or assessments with or of you.

In addition data about you may be obtained from other sources for example; recruitment agencies, job boards, where references are provided from a previous employer or third party or from other employment checks such as criminal records checks or other pre employment checks where appropriate or from professional networking sites such as linkedin.

The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, filing systems, HR system or the appropriate recruitment file(s).

Section 2 Privacy Notice Workers

This notice provides you with important information concerning personal data the Company may collect, retain and process relating to those who work for the Company. The personal data is limited to that which is relevant to the working relationship. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.

This Privacy Notice should be read in conjunction with the Company Data Protection Policy.

2.1 Purpose of Processing

The Company needs to collect, retain and process or use personal data: in order to enter into a contract of employment or any other work contract with you (for example, to ensure you are paid properly and receive your benefits); to manage and meet its obligations under or connected with the contract of employment or any work related contract (for example, to ensure that you receive the correct holiday); to manage the performance of the employment relationship, where applicable (for example assessments, appraisal information, absence records); to manage the workforce and work planning (for example, maintaining records of statutory leave); to meet our legal responsibilities (for example to ensure we deduct tax and NI and pay this to HMRC as required and or retain health and safety data); to maintain relevant employment/work records and to pursue the relevant and legitimate interests of the business (for example retaining training and development records, and/or records on disciplinary matters in order to ensure acceptable conduct in the workplace). Special categories of personal data may be processed in order to comply with the Equality Act 2010 and/or other appropriate legislation.

2.2 Legal Basis of Processing

The processing of personal data is necessary:

  • for the performance of the work contract to which you are party or in order to take steps at your request prior to entering into the contract;
  • for compliance with a legal obligation to which the Company is subject. (It should be noted the Company is required to comply with a number of employment and health and safety laws.); and or
  • for the purposes of the legitimate interests pursued by the Company, such as properly managing and performance of the working relationship, to maintain relevant employment records, to maintain security and safety, to monitor use of company equipment/resources, and to assist with planning and/or organisation of work.

2.3 Who has Access to Personal Data

Your personal data will only be disclosed where appropriate to authorised individuals within the workplace or authorised third party providers external to the Company.

Those who are authorised individuals within the Company include those with HR and or payroll responsibilities, your line manager, and certain other managers where appropriate, and those with responsibility for IT where they need access for the performance of their role. However, in respect of those with access to your data, the data to which they have access will be limited only to that which is necessary for the proper performance of their function.

Third party providers to whom data might be disclosed include any third parties providing accountancy, I.T., payroll, health and safety, HR, legal, occupational health or benefit provision support to the Company and in such circumstances only data relevant to such support will be provided. In addition data will be disclosed as required to HMRC or where it must be legally disclosed. Further, pre employment checks and/or the giving of references may result in us sharing information with other employers. Also, we may need to perform pre employment screening or conduct Disclosure and Barring checks and in such circumstances again we may share your data with such external organisations as are used in such circumstances. Also your data may disclosed to third parties providing computerised storage facilities including cloud technology.

Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.

It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.

2.4 Time Period for Retaining Data

The Company will retain relevant personal data during the course of any employment/engagement and will retain such data for a period of 6.5 years from the end of the tax year following the end of any such employment/engagement, in part due to the need to keep records for certain legal reasons.

Following this the data will be destroyed. However basic information on your personal details, job title, reason for leaving may be retained beyond this period for the purposes of giving references if you give consent.

2.5 Your Rights

As a data subject you have the following rights:

  • You can request from the Company access to and a copy of your data;
  • You can request the Company to correct or erase personal data;
  • You can request a restriction of processing of your personal data; and
  • You can object to processing of your personal data:
  • You can request to exercise the right to data portability in certain circumstances.If you wish to exercise any of the above rights you should contact the Data Controller identified above.

In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.

The provision of certain personal data is a contractual requirement, or a requirement necessary to enter into a contract. Also, the provision of certain personal data is or may be a statutory requirement. The consequences of not providing the personal data is that the working relationship may not be able to function and certain legal responsibilities may be impossible to meet. This may include for example not being able to pay you if you do not provide us with your bank details and/or NI number.

If you fail to provide relevant personal data this may hinder the Company’s ability to manage the employment relationship and prevent certain rights and obligations that form part of that relationship from operating. This may affect your ability to enjoy certain rights under the contract or certain statutory rights. In certain circumstances it may be the case that the working relationship cannot function and so is brought to an end.

No automated decision making is used in respect of any personal data.

2.6 Categories of Personal Data

The Company collects, uses and processes a range of personal information relating to you. The nature of the personal data may or will include information such as or relating to the following:

Your name, address, email address, contact details, phone number, personal details (such as date of birth, national insurance number, next of kin, emergency contacts, nationality and the right to work in UK), criminal records, bank account details, data relating to your contract (including terms and conditions), working hours, timekeeping records, attendance and sickness absence records, periods of statutory leave (such as maternity, adoption, parental, paternity, shared parental leave), statutory entitlements, pay details, pension details, benefits, training records, your qualifications, appraisal and/or assessment and/or performance review information or other performance management information, your skills and experience, work history (including work history with others as may be detailed on CVs or application forms), references, disciplinary matters and grievances in which you have been involved or subject to, records of concern (relating to your conduct, performance, attendance), disability, health and/or medical records, health and safety records, equal opportunity related information, relevant information relating to the use of company equipment/resources and/or the performance of the role, or the planning or organisation of work, photographs for personnel records and marketing purposes, monitoring records (e.g. records of computer use, including personal use, time recording records, CCTV images, vehicle tracking information and security pass records).

2.7 Source

The data collected and processed relating to you is received from a number of sources. These include information provided by you (such as CVs, application forms, identity documents and other details you may have provided at the start of your employment/engagement when completing HR documentation, or you may have provided during the course of your employment/engagement, or information gained at interviews, meetings or assessments).

In addition, data about you may be obtained from other work place sources (such as managers, work colleagues, Company systems, workplace monitoring systems) during the course of your employment/engagement and/or may be obtained in some cases from third parties (for example where references are provided from a previous employer) or from other employment checks such as criminal records checks where appropriate or from professional networking sites such as linkedin.

The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, filing systems, payroll system, HR system and or the appropriate personnel file(s).

Section 3 Privacy Notice Customers, Clients, and or Suppliers

This notice provides you with important information concerning personal data the Company may collect, retain and process relating to customers, clients, and or suppliers. The personal data is limited to that which is relevant to the business relationship or the service we provide. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.

3.1 Purpose of Processing

The Company needs to collect, retain and process or use personal data: in order to enter into a commercial contract with you or your organisation; to manage and meet its obligations under or connected with any such contract; to meet any of our legal responsibilities in connection with the contract or to you or your organisation; to pursue the relevant and legitimate interests of the business.

3.2 Legal Basis of Processing

The processing of personal data is:

  • on the grounds of consent (where such consent has been given);
  • for the performance of the commercial contract to which you or your organisation is party or in order to take steps at your request prior to entering into any such commercial contract;
  • for compliance with a legal obligation to which the Company is subject; and or
  • for the purposes of the legitimate interests pursued by the Company. The legitimate interests pursued include the provision of products and services to you, and keeping you informed of our products and services or changes relating to our products and or services.

3.3 Who has Access to Personal Data

Your personal data will only be disclosed where appropriate to authorised individuals within the Company or authorised third party providers external to the Company.

However, in respect of those with access to your data, the data to which they have access will be limited only to that which is necessary for the proper performance of their function.

Third party providers to whom data might be disclosed include any third parties providing accountancy, I.T., and or legal support to the Company, and in such circumstances only data relevant to such support will be provided. In addition data will be disclosed as required to HMRC or where it must be legally disclosed. Also your data may disclosed to third parties providing computerised storage facilities including cloud technology.

Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.

It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.

3.4 Time Period for Retaining Data

The Company will retain relevant personal data during the course of any commercial contract and will retain such data for a period of 6.5 years from the end of the tax year following the end of any such commercial contract, in part due to the need to keep records for certain legal reasons.

3.5 Your Rights

As a data subject you have the following rights:

  • You can request from the Company access to and a copy of your data;
  • You can request the Company to correct or erase personal data;
  • You can request a restriction of processing of your personal data; and
  • You can object to processing of your personal data:
  • You can request to exercise the right to data portability in certain circumstances.

If you wish to exercise any of the above rights you should contact the Data Controller identified above.

In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.

The provision of certain personal data is or may be a contractual requirement, or a requirement necessary to enter into a contract. Also, the provision of certain personal data is or may be a statutory requirement. The consequences of not providing the personal data is that the commercial contract may not be able to function and certain legal responsibilities may be impossible to meet.

In certain circumstances it may be the case that the commercial contract cannot function and so is brought to an end.

No automated decision making is used in respect of any personal data.

3.6 Categories of Personal Data

The nature of the personal data may or will include information such as or relating to the following:

Your name, email address, contact details, and phone number. In addition if the contract or provision of services or goods is to you personally then personal details (such as address, bank details) and data relating to any contract between the Company and you (including terms and conditions).

3.7 Source

The data collected and processed relating to you is received from your organisation and or you.

The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, filing systems, and or account system.

Section 4 Marketing

This notice provides you with important information concerning personal data the Company may collect, retain and process relating to marketing information. The personal data is limited to that which is relevant to such purposes. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.

4.1 Purpose of Processing

The Company may process personal data for the purposes of marketing, to keep in touch with you and to keep you informed of its products and services and related information.

4.2 Legal Basis of Processing

The processing of personal data is:

  • on the grounds of consent (where such consent has been given); and or
  • for the purposes of the legitimate interests pursued by the Company. The legitimate interests pursued include keeping customers and clients informed of our products and services or changes relating to our products and or services.

4.3 Who has Access to Personal Data

Your personal data will only be disclosed where appropriate to authorised individuals within the workplace or authorised third party providers external to the Company.

Third party providers to whom data might be disclosed include any third parties providing I.T., legal, marketing support to the Company and in such circumstances only data relevant to such support will be provided. Also your data may be disclosed to third parties providing computerised storage facilities including cloud technology.

Where data is provided to third parties they are placed under an obligation of confidentiality and are given written instructions, and operate under an agreement, to only use the data for the purposes for which it is disclosed.

It may be that your personal data will be transferred outside the European Economic Area (EEA) for example through the use of cloud storage or technology. In such circumstances relevant safeguards, including obligations of confidentiality will apply as required. The safeguards will include where required an adequacy decision by the EU Commission. In the absence of any such adequacy decision relevant safeguards such as standard data protection clauses adopted by the Commission, or by the ICO and approved by the Commission, or contractual clauses as authorised by the ICO and or other safe guards as set down by article 46 of the GDPR will apply. A copy of safeguards or where they can be obtained from can be provided via the Data Controller.

4.4 Time Period for Retaining Data

The Company will retain relevant personal data until such time as you request to be removed from any marketing list. You can request to unsubscribe at any time.

4.5 Your Rights

As a data subject you have the following rights:

  • You can withdraw consent at any time
  • You can request from the Company access to and a copy of your data;
  • You can request the Company to correct or erase personal data;
  • You can request a restriction of processing of your personal data; and
  • You can object to processing of your personal data:
  • You can request to exercise the right to data portability in certain circumstances.

If you wish to exercise any of the above rights you should contact the Data Controller identified above or in the case of withdrawing consent for marketing purposes you can click on any unsubscribe button on any marketing material sent.

In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.

There is no contractual requirement or statutory requirement that you provide to us your personal data for marketing purposes. The consequences of not providing such personal data is that we will not be able to keep you informed of, or changes relating to, our products and services. This may affect your ability to enjoy our products and services.

No automated decision making is used in respect of any personal data.

4.6 Categories of Personal Data

The nature of the personal data the Company may or will process include information such as or relating to the following:Your name, email address, contact details, phone number, business address.

4.7 Source

The data collected and processed relating to you may or is received from a number of sources. These include information provided by you or your organisation.

The data held by the Company will be stored securely and will be held within the Company’s computer or electronic or cloud or email systems, and or filing systems.