Privacy Notice For Users of TAP

Purpose of this Privacy Notice

James Hall Group of Companies (referred to as “the Company”)is committed to protecting the privacy and security of your personal information.  The Company is a "data controller", which means that we are responsible for deciding how we hold and use personal information about you.

 This privacy notice is provided in compliance with current data protection legislation, for all current and former TAP users.

 This document acts as our ‘fair processing notice’ and outlines:

  • What personal data we will collect about you.
  • What lawful basis we have for processing that personal data.
  • What will happen to the personal data during and after you cease to use TAP.

 It is important that you read this privacy notice, together with any other privacy notice we may provide you with, so that you are aware of how and why we are using such information.

 This privacy notice does not form part of any contract of employment or other contract to provide services.  The Company reserves the right to make changes to this privacy notice at any time and in the event of any substantial changes being made, you will be notified of the impact this may have for you

Data Protection Principles

When collecting and processing your personal data, we will comply with the data protection principles, which say that personal data must be:

  • Processed fairly, lawfully and in a transparent manner.
  • Processed for the specific purposes for which it was collected.
  • Adequate, relevant and not excessive for the purpose for which it was collected.
  • Accurate and up to date.
  • Not kept longer than necessary for the purpose for which it was collected.
  • Processed in a secure manner.

 “Personal Data” is any information related to you or any other Data Subject, which can be used to directly or indirectly identify the person. 

 “Sensitive personal data” relates to information concerning a data subject's racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual orientation, or details of criminal offences.

 “Data Processing” includes obtaining, recording or holding data, organising, amending, retrieving, using, disclosing, erasing or destroying data and transferring data to third parties.

The kind of information we will hold about you on TAP:

We will collect, store, and use the following data:

  • Personal contact details such as name, title and personal email addresses.
  • Start date.
  • Location of employment or workplace and job title.
  • Employment records (which could include work history, training records and professional courses you may have completed).
  • Information about your use of our information and communications systems.
  • Photographs.

 The lawful basis on which we will be relying upon to process your personal data is a “legitimate interest”. 

How we will collect your personal data:

We collect personal information about TAP users through information provided by your employer.  Your employer has instructed the Company to develop, manage and process its training activity as part of your contract of employment.  We will collect additional personal information in the course of job-related activities throughout the period of you working your employer.

How we will use your personal data:

Personal information will only be used in line with data protection legislation.  Most commonly this will be to perform our contract with your employer, to comply with legislation or for our (or a third party) legitimate interests, where your interests and fundamental rights do not override those interests. 

 Less commonly, your employer may use your personal information where it is needed to protect your (or a third party) interests and when it is needed for public or official purposes.

 Specific reasons why your employer may process your personal information are as follows:

  • Ensuring you are paid for any training activity that is completed.
  • Administering the contract they have entered into with you.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of your working relationship.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.

(This list is not exhaustive)

 Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

How we will use your sensitive personal data:

We do not intend on collecting, processing or storing any sensitive data on the Training Academy Programme (TAP).

How long will we keep your data?

We will keep your data for as long as you are employed by your employer.  If you, or your employer terminate your working contract then your data will be retained for a period of 7 years; this is based on ‘legitimate’ and ‘legal’ bases.

When do we need your consent?

We do not need your consent if we use your personal information in accordance with our written policy and this privacy notice to carry out our legal obligations or exercise specific rights in the field of employment law.

Change of purpose:

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Automated decision making:

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.  As a data controller, we are allowed to use automated decision-making in the following circumstances:

 Where we have notified you of the decision and given you 21 days to request us to reconsider this decision making.

  • Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
  • In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

 The Company does not envisage that any significant decisions will be taken about you based solely using automated means, however we will notify you in writing if this position changes.

Data retention:

We will not keep your personal data for longer than is necessary for the purposes outlined above.  All personal data is retained in accordance with our Data Protection Policy which is available on our Company website.

 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Data Protection Officer (DPO):

 

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice.  If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at dpo@jameshall.co.uk or 01772 706666.

Your rights in connection with personal data:

Under certain circumstances, by law you have the right to:

  • Request access to your personal information.  This process is called a "data subject access request” and enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request the transfer of your personal information to another party.  This will only be actioned with your written, explicit consent.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You have the right to object where we are processing your personal information for direct marketing purposes.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no lawful reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. 

 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the dpo@jameshall.co.uk.  

 You will not have to pay a fee to access your personal information, or exercise any of the rights listed above.  However, we may charge a reasonable fee or refuse to comply with your request, if it is clearly unfounded or excessive.

Security of data:

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 Data sharing:

There will be occasions when we have to share your data with a third party, which may include service providers and other entities in the group.  We require all third parties to respect the security of your data and treat it in accordance with current legislation.  We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

The reasons for needing to share personal data may be when it is required by law, when it is necessary to administer our working relationship with your employer and / or where we have another legitimate interest in doing so.

 Examples of third parties we may share data with and the reasons for sharing the data are as follows:

  • Employment law advisory service used for specialist advice on employee relations matters.
  • Other third parties, in the context of the possible sale or restructure of the business.
  • Regulatory bodies, where required to by law.

(This list is not exhaustive)

Transferring data outside of the EEA

We do not intend on transferring any data held on the Training Academy Programme (TAP) outside of the EEA.

Breaches of the Data Protection Principles

If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with the DPO at dpo@jameshall.co.uk or 01772 706666.  All such concerns will be investigated with the utmost seriousness and professionalism and in accordance with our obligations.

Back
Back to top