Privacy Notice (External)
INTRODUCTION
We are Solent Pay Limited (Registered in England & Wales No. 13347651). Our registered office is at Fairways House, Mount Pleasant Road, Alpha Business Park, Southampton, Hampshire, United Kingdom, SO14 0QB.
This Privacy Notice sets out the basis on which we use personal data in the course of our business activities.
We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.
WHO SHOULD READ THIS PRIVACY NOTICE?
This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities. You should read this Privacy Notice if you are:
· An Operative
· A Client Contact
· A Supplier Contact
If you are an employee or applicant for employment within our central business operations – rather than performing services for Clients - you should refer to our internal Privacy Notice instead.
DEFINITIONS
This Privacy Notice uses the following defined terms:
· Client means an employment business or building services contractor which has engaged us to provide services or which we have identified as a business for which we wish to perform services.
· Client Contact means a person who is employed or engaged by a Client and with whom we may liaise in respect of any services which we are providing or wish to provide to the Client.
· Data Protection Legislation means (i) the Data Protection Act 2018, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the Data Protection Act 2018 or the GDPR insofar as it is applicable to the United Kingdom;
· Operative means a person who is or who has been registered with us as an umbrella employee or CIS subcontractor;
· Professional Services Provider means any relevant third-party business which provides services to us and which may process personal data, including our:
o Accountants, auditors, tax advisors and lawyers;
o Insurers;
o IT services and software providers;
o Independent consultants and subcontractors who perform services within our central business operations.
· Supplier means a business which provides services to us, including Professional Services Providers.
· Supplier Contact means a person who is employed or engaged by a Supplier and with whom we may liaise from time to time in respect of the services which we receive from that Supplier.
HOW WE OBTAIN PERSONAL DATA
We obtain personal data from a number of different sources, depending on the capacity in which you are dealing with us.
If you are an Operative, we may obtain personal data relating to you:
· Directly if you have:
o registered with us on our website or by telephone;
o contacted us in the course of your employment or engagement;
o sent us written correspondence, including by email and instant messaging.
· Indirectly from:
o third party employment businesses and clients who provide information about the temporary assignments which you have carried out;
o online professional networking sites such as LinkedIn;
o social media sites such as Facebook, Instagram or Twitter;
o governmental departments and agencies such as HMRC, the UK Border Agency and HM Courts and Tribunals Service.
If you are a Client Contact or Supplier Contact, we may obtain personal data relating to you:
· Directly in the course of (i) us providing services to the Client or (ii) the Supplier providing services to us, as applicable; or
· Indirectly from:
o online professional networking sites such as LinkedIn
o your employer’s website and other industry-related websites
o other individuals within your organisation in the course of (i) us providing services to the Client or (ii) the Supplier providing services to us, as applicable.
TYPES OF INFORMATION WE HOLD
If you are an Operative, we may collect, store and process the following types of personal information about you:
· Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
· Your gender, date of birth, nationality and place of residence;
· Your professional skills, experience, qualifications, training and certifications;
· Proof of your identity and address, such as copies of your driving licence, utility bills or similar documents;
· Proof of your right to work in the United Kingdom such as copies of your passport and, where applicable, visa, residence permit or similar government documents;
· Information about temporary assignments which you have carried out, including your job title and the relevant Client together with information which we need to pay you such as your tax code, UTR, bank details, National Insurance Number, working hours and pay rate;
· Any background information which you provide to us during the course of your dealings with us.
We may also collect, store and use the following "special categories" of more sensitive personal information:
· Information about your race or ethnicity; and
· Information about your health, including any medical condition, health and sickness records.
If you are a Client Contact, we will collect, store, and use the following categories of personal information about you:
· Contact details such as name, title, addresses, telephone numbers, and email addresses;
· Your job title and position within the Client organisation; and
· Any background information relating to the role which you perform within the Client which you may provide to us in the course of your dealings with us.
We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.
If you are a Supplier Contact, we will collect, store, and use the following categories of personal information about you:
· Contact details such as name, title, addresses, telephone numbers, and email addresses;
· Your job title and position within the Supplier organisation; and
· Any background information relating to the role which you perform within the Supplier which you may provide to us in the course of your dealings with us.
We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Contact.
HOW WE USE PERSONAL DATA
If you are an Operative, we may use your personal data to:
· Register you as an umbrella employee or CIS subcontractor;
· Liaise with Clients about the work which you have carried out;
· Make payments to you for your services;
· Carry out management and HR functions in respect of your engagement and in relation to your contract with us;
· Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime;
· Conduct equal opportunities monitoring; and
· Produce statistical information.
If you are a Client Contact, we may use your personal data to:
· Contact you about assignments which our Operatives have carried out;
· Liaise with you so that we may effectively perform services for our Client;
· Contact you for invoicing and credit control purposes;
· Provide or request compliance information; and
· Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.
If you are a Supplier Contact, we may use your personal data to:
· Liaise with you in respect of the services which are being provided by the Supplier;
· Contact you in relation to billing matters;
· Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.
OUR LAWFUL BASIS FOR PROCESSING DATA
If you are an Operative:
· We need to process personal data relating to you for the purpose of performing a contract with you i.e. your contract for services or contract of service as applicable. After termination of your contract, we need to retain your information to comply with our legal record-keeping obligations.
· We may also need to process sensitive or special personal data relating to you. The type of sensitive personal data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the type of work which you carry out or any claim for SSP (ii) information about any unspent criminal convictions and, where relevant to the type of role which you are carrying out, spent convictions (subject to the filtering rules), police warnings etc and (iii) information about any trade union of which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site).
We have determined that we have a legitimate interest to process your personal data where you are:
· A Client Contact, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Clients. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business.
· A Supplier Contact, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible service which, in turn, is of direct benefit to both our Candidates and our Clients.
WHERE WE PROCESS PERSONAL DATA
Your personal data is held and processed by us in the United Kingdom.
We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the UK and EEA where:
· There are binding corporate rules in place regarding the transfer of such data within the Group, in accordance with Article 47 of the GDPR. This means that the data transfer is between group companies and those group companies have agreed to share that data in accordance with the rules specified by the European Commission.
· The European Commission has made an adequacy decision in respect of such jurisdiction. This means that the European Commission has pre-approved the data privacy regime in the relevant non-EEA country. At present, the European Commission-approved jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
· The transfer of data is subject to the model contractual clauses adopted by the European Commission. This means that we have a data-sharing agreement in place which complies with the requirements set out by the European Commission; or
· You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you the same degree of protection as you have within the UK and EEA.
PARTIES WITH WHOM WE MAY SHARE DATA
If you are a Candidate, we may share your personal data for legitimate purposes with:
· A Client where you are being supplied to such Client on a temporary assignment;
· Any third-party which is engaged by the Client to assist them in the hiring process including a managed service company, Recruitment Process Outsourcing provider or IT platform provider;
· A third-party company to which you have specifically asked to be introduced or referred, such as an insurance company or accountancy service;
· Professional Services Providers who, in some cases, will use their own subcontractors and sub-processors;
· Governmental departments and agencies where we are permitted or required by law to do so.
If you are a Client Contact or a Supplier Contact, we will share your personal data with our Professional Services Providers for legitimate business purposes.
AUTOMATED DECISION MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
All decisions which are made in the course of our business processes involve human intervention. We do not therefore make any decisions about you using automated means.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from a Director.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you are an Operative, we will retain your personal data for one year from the date on which you make an enquiry about registering with us. If you go on to register with us, we are required to retain personal data (i) for auditing and compliance purposes (ii) to comply with our contractual obligations to third parties and (iii) in respect of any legal claims which may arise. Our standard data retention period for this purpose is seven years.
If you are a Client Contact or a Supplier Contact, our standard data retention period is two years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information. Under certain circumstances, you have the right to:
· Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
· Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
· Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
· Object to processing of your personal information where we are relying on a legitimate interest and you object on “grounds relating to your particular situation.”
· Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
· Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not usually applicable to any data processing carried out by us.
If you want to exercise any of the above rights, please contact a Director in writing. We will consider your request and confirm the actions which we have taken in response to such request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If our right to process data is consent-based, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact a Director. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.
If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745
Email: casework@ico.org.uk
CONTACTING US
If you have any questions about this Privacy Notice, you can write to the Directors at Solent PayLimited, Fairways House Mount Pleasant Road, Alpha Business Park, Southampton, SO14 0QB. Alternatively, you may telephone us on TEL or email us at EMAIL.
Copyright © 2023 Solent Pay Limited - All Rights Reserved.
Powered by GoDaddy