This notice contains details of what information we collect from you, what we do with it and why, and with whom it may be shared. It also details your right to request this information be altered, deleted or shown to you.
Personal data we may hold:
- Data that you consent to give us:
- Your name, address, email, telephone numbers, NI number and evidence of your right to work in the UK. This is usually a copy of your passport, which also contains your place of birth.
- Your date of birth, gender, marital status, nationality and ethnic origin.
- Details of your bank account, including the account name and number, and the sort code.
- Your name and email address if/when you log on to the in-store wi-fi.
- Photographs of yourself at work, used for marketing purposes.
- Data that we generate about you:
- The hours that you work, the holiday that you take, the amount you are paid (including pension payments) and any deductions that are made for tax, etc.
- Contracts, correspondence, notes, etc., relating to your work with the company.
- Time-keeping system (biometric data)
- The time-keeping system has a database of staff faces, which it uses to recognise and record who is clocking in and out.
- CCTV system (image data)
- CCTV operates both indoors and outdoors on our West Malling site.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.
The sort of information we hold includes:
- your application form and references;
- your contract of employment and any amendments to it;
- correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary;
- information needed for payroll, benefits and expenses purposes;
- contact and emergency contact details;
- records of holiday, sickness and other absence;
- information needed for equal opportunities monitoring policy;
- photographs of you at work, which we use for marketing purposes;
- records relating to your career history, such as training records, appraisals, other performance measures and,
- where appropriate, disciplinary and grievance records.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations and to administer and manage statutory and company sick pay.
Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency.
Our reasons for collecting and generating this data:
- To enable us to communicate with you by post, telephone or email;
- To fulfill our legal obligations as employers;
To enable us to pay you by bank transfer, and to ensure that all payments (including pension payments, tax, etc.) are correct.
- To ensure the effective management of the company, including marketing purposes;
- To enhance the safety, security and effective running of the company, and for the prevention and detection of crime, including drive-offs, shoplifting and other forms of theft (CCTV);
- To record hours worked (Clocking-in system).
Ways in which we access and store this data:
- On computers in the company offices, access to which is password protected.
- Cloud storage systems (Google Suite, Dropbox, etc.) access to which is password protected.
- On paper in locked cabinets in the company’s offices.
Ways in which we process and share this data:
- Within the company:
- Using accounting and payroll software on the company’s computers.
- Using word-processing and spreadsheet software (both on the company’s computers and in the cloud).
- Using cloud-based email (parkfoot.net runs on the Gmail platform).
- With third parties:
- Using web-based and online software to provide relevant information to Sage (payroll), HMRC (tax etc.), Husky Finance and Legal and General (pensions), Barclays Bank (online banking).
- Photographs of you at work may be used in on-line and paper marketing, including websites, leaflets, Facebook, Twitter, etc.
- CCTV data is shared with Kent Police to assist in the investigation of criminal activity and may also be accessed by the CCTV system maintenance company in the course of updates or system maintenance work.
As a company pursuing retail activities, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. We will not process your data where these interests are overridden by a legal right you may have for the data to be withheld.
How long we keep this data:
We keep data for as long as it is current (i.e. while you are employed by the company) and for as long after the departure of an employee as we are legally required. This is generally 3 years for pay-related data, 2 years for evidence of right to work in the UK and 6 years for pension data. CCTV data is routinely deleted and overwritten, after the legal minimum of 30 days, but may be kept longer for legal and operational purposes.
When you fill out an application form for employment and give us information about yourself, we collect, process and store that information in the legitimate interests of our business, without your rights being overridden. The updated Application Form (May 2018) contains this information.
Most information we collect from you is required by law or for the legitimate running of our business. Where we collect any other data, we will always ask for your consent, eg: photographs, films, quotations used for marketing purposes. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
Your rights to access data:
You have the right to be informed about your personal data held by us and to request to:
- see any or all of this data about yourself (access)
- ask for changes to be made to records (rectification)
- ask for any of all data to be deleted/destroyed (erasure) unless we have legitimate legal reasons to refuse
- ask for certain actions not to happen to your data (process restriction)
- object to any or all of the practices listed above (objection)
- be able to obtain and reuse your personal data for your own purposes across different services in a secure way without hindrance to usability (portability of data)
You also have the right not to be subject to automated decision making, including profiling. Parkfoot does not profile any of its staff, nor does it engage with any third parties who do so, and no automated decision making is used in relation to staff members.
We will not charge you for any of these requests, unless the request is manifestly unfounded or excessive, particularly if it is repetitive.