•  Merthyr Tydfil Golf Club Ltd

    (GDPR2) PRIVACY NOTICE: EMPLOYEES, WORKERS, DIRECTORS AND CONSULTANTS

    We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your working relationship with us. This notice explains how we comply with the law on data protection and what your rights are and for the purposes of data protection we will be the controller of any of your personal information.

    This notice applies to our current and former employees, workers, directors and consultants.   It does not form part of any contract of employment or other contract to provide services.

    References to we, our or us in this privacy notice are to  Merthyr Tydfil Golf Club Ltd.

    We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our Data Protection Compliance Manager has overall responsibility for data protection compliance in our organisation. Contact details are set out in the “Contacting us” section at the end of this privacy notice.

    Personal Information

    When you interact with us in relation to your work with us, you may provide us with or we may obtain personal information about you, such as information regarding your:

    • personal contact details such as name, title, addresses, telephone numbers, and         personal email addresses and emergency contact details;
    • date of birth;
    • bank accounts
    • annual leave & pension
    • start date and leaving date;
    • location of employment or workplace;
    • attendance history;
    • driving licence;
    • recruitment (including copies of right to work documentation, past employment history, references and other information included in a CV or cover letter or as        part of the application process);
    • employment records and notes (including job titles, work history, working hours, training records, professional memberships, maternity, parental and compassionate leave and details of any home-working assessment for health and            safety purposes) and education and professional records/qualifications;
    • compensation history and charity donation preferences;
    • performance including that generated through our appraisal systems;
    • disciplinary and grievance information;
    • movements though CCTV footage and other information obtained through electronic means such as swipecard and key fob records;
    • records of enquiries and other correspondence with you; and

    SPECIAL CATEGORIES OF PERSONAL INFORMATION

    We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:

    • information about your trade union memberships;
    • information about your health, including any medical condition, health and sickness records, medical records and health professional information; and

    We may not collect all of the above types of special category information about you. In relation to the special category personal data that we do process we do so on the basis that

    • the processing is necessary for reasons of substantial public interest, on a lawful basis;
    • it is necessary for the establishment, exercise or defence of legal claims;
    • it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection   law; or
    • based on your explicit consent.

    In the table below we refer to these as the “special category reasons for processing of your personal data”.

    We may also collect criminal records information from you. For criminal records history we process it on the basis of legal obligations or based on your explicit consent.

    COLLECTING YOUR INFORMATION

    We typically collect personal information about employees, workers, directors and consultants through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.  We will also collect additional personal information in the course of job-related activities throughout the period of you working for us.

    If you are providing us with details of referees, next of kin, beneficiaries, family members and emergency contacts they have a right to know and to be aware of how what personal information we hold about them, how we collect it and how we use and may share that information.  Please share this privacy notice with those of them whom you feel are sufficiently mature to understand it.  They also have the same rights as set below:

    Uses made of YOUR PERSONAL information (see table below)

    Purpose Personal information used Lawful basis
    Making a decision about your recruitment or appointment and managing the recruitment process and determining the terms on which you work for us All the personal information we collect for the purposes of the recruitment process We need this information to be able to perform and administer the recruitment process for you to engage you

    This is necessary to enter into a contract with you

    Producing and maintaining business records, staff directories, intranets, websites, brochures and other internal and external business documentation and materials  Personal contact details, location of employment or workplace and employment records We have a legitimate interest to maintain up to date business records and materials.
    Paying you and, if you are an employee, deducting tax and National Insurance contributions Personal identifiers and transaction and payment information To be able to manage and perform our contract with you

    We have a legal obligation to do so

    Providing benefits of employment or working, including flexible benefits and liaising with benefit providers Personal identifiers, salary, annual leave, pension and benefits entitlement, transaction and payment information To be able to manage and perform our contract with you

    We may have a legal obligation to do so

    Administering the contract we have entered into with you All your personal information excluding ‘special categories’ of personal information and criminal records information

     

    To be able to manage and perform our contract with you
    Conducting performance reviews, grievance or disciplinary hearings, managing performance and determining performance requirements and making decisions about compensation and benefits, Performance, disciplinary and grievance information, employment records, compensation history, salary, annual leave, pension and benefits We have a legitimate interest to ensure that our workers are meeting their performance objectives and that the business is managing and controlling the performance process effectively

    To be able to manage and perform our contract with you

    Business management and planning, including accounting and auditing, conducting our normal business operations and managing our relationship with you All your personal information excluding ‘special categories’ of personal information and criminal records information To be able to manage and perform our contract with you.

    We have a legitimate interest to run and manage our business

    Assessing qualifications for a particular job or task, including decisions about promotions and ascertaining your fitness to work, education, training and development requirements Personal identifiers, performance, disciplinary and grievance information, employment records, compensation history, salary, annual leave, pension and benefits and other personal information excluding ‘special categories’ of personal information and criminal records information

     

    We may be legally obliged to do so

    To be able to manage and perform our contract with you

    We have a legitimate interest to run and manage our business and to ensure that our workers are suitably trained

    Making decisions about your continued employment or engagement or termination of our working relationship Personal identifiers, performance, disciplinary and grievance information, employment records, compensation history, salary, annual leave, pension and benefits We have a legitimate interest to ensure that the workers we engage continue to be suitably qualified and/or appropriate for their role within the business
    Managing sickness absence Personal identifiers, attendance history and performance To be able to manage and perform our contract with you

    We have a legitimate business interest to ensure that the workers we engage continue to be suitably qualified and/or appropriate for their role within the business

    Complying with health and safety obligations Personal identifiers, CCTV footage and other information obtained through electronic means such as swipecard and key fob records, working environment information including any home-working assessment records

     

    We have a legal obligation to comply with Health and Safety laws

    We also have a legal obligation to report any accidents at work in accordance with health and safety laws

    Dealing with legal disputes involving you, or other employees, workers, directors and consultants, including accidents at work All your personal information excluding ‘special categories’ of personal information and criminal records information To be able to manage and perform our contract with you

    We have a legitimate interest to ensure that all legal claims are managed effectively

    For the purposes of ensuring the security of our systems and our information, to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution Personal identifiers, CCTV footage and other information obtained through electronic means such as swipecard and key fob records

    Use of our information and communications systems, including the computers and fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information

    We have a legitimate business in ensuring our systems are secure

    To be able to manage and perform our contract with you

     

    To facilitate the use of our IT systems and monitor your use of our information and communication systems to ensure compliance with our IT policies Personal identifiers, CCTV footage and other information obtained through electronic means such as swipecard and key fob records

    Use of our information and communications systems, including the computers and fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information

    We have a legitimate interest in ensuring that our workers use our computer systems and information correctly and efficiently and in compliance with our IT policies

    To be able to manage and perform our contract with you

     

    To comply with our legal obligations, for example in relation to PAYE, National Insurance, Companies House filings Personal identifiers, transaction and payment information, national insurance number and other tax or governmental identifiers

    bank account details, payroll and tax status, name, address, date of birth, other directorships

    We have a legal obligation to do so
    To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution Personal identifiers, CCTV footage and other information obtained through electronic means such as swipecard and key fob records

    Use of our information and communications systems, including the computers and fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information

    We have a legitimate interest in ensuring our systems are secure
    To conduct data analytics studies to review and better understand employee retention and attrition rates Employment records We have a legitimate interest in order to improve as an employer
    For the purposes of equal opportunities monitoring Name, title, date of birth; gender; marital status; salary, annual leave, pension and benefits; location of employment or workplace We may have a legal obligation to do so and we have a legitimate interest in doing so to make sure our business is a fair place to work
    Storage of records relating to you and also records relating to our business All non-‘special categories’ of personal information To be able to manage and fulfil our contract with you, we may have a legal obligation to do so and we also have a legitimate interest to keep proper records
    For the purpose of complying with any regulatory requirements All the personal information about you excluding special category information and criminal records data We may have a legal obligation to comply with regulatory requirements and we have a legitimate interest in complying with regulatory requirements
    Storage of records relating to you and also records relating to our business. All ‘special categories’ of personal information We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.

    For criminal records information we process it on the basis of legal obligations or based on your explicit consent.

    We will use information relating to your absence from work, which may include sickness absence or family-related absences, to comply with employment and other laws. Information about your health, including any medical condition, health and sickness records, medical records and health professional information;

     

    We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
    We will use information about your physical or mental health to provide you with benefits under your contract Information about your health, including any medical condition, health and sickness records, medical records and health professional information;

     

    We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.
    We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits; and Information about your health, including any medical condition, health and sickness records, medical records and health professional information;

     

    We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 2 above.

    For some of your personal information you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information.  If you do not provide us with the requested personal information we may not be able to engage your or we may not be able to properly perform our contract with you or comply with legal obligations and we may have to terminate your engagement.  For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our contract with you.

    Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below.

    Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.  Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide certain benefits to you.

    Disclosure of your PERSONAL information

    We share personal information with the following parties:

    • Purchasers of our business: buyers or perspective buyers who we sell or negotiate to sell our business to.
    • Prospective new employers: for the provision of references for you;
    • The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives for the financial services industry,         including but not limited to the Financial Conduct Authority and Prudential Regulation Authority.
    • Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.

    We do not disclose personal information to anyone else except as set out above.

    HOW LONG WE KEEP YOUR PERSONAL INFORMATION 

    The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.  Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years (if you are a current employee, this may be for 6 years after your employment ends).  Exceptions to this rule are:

    • CCTV records which are held for no more than 30 days unless we need to preserve the records for the purpose of prevention and detection of crime;
    • Details regarding unsuccessful job applicants where we hold records for a period of not more than 12 months;
    • Information that may be relevant to personal injury claims, employment claims, discrimination claims may be retained until the limitation period for those types of         claims has expired.  For personal injury or discrimination claims this can be an         extended period as the limitation period might not start to run until a long time         after you have worked for us.
    • Information that may be useful to a pension provider or benefit provider which we may retain for the period that your pension or benefit is payable.

    It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address.

    YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION

    • the right to be informed about how your personal information is being used;
    • the right to access the personal information we hold about you;
    • the right to request the correction of inaccurate personal information we hold about you;
    • the right to request the erasure of your personal information in certain limited circumstances;
    • the right to restrict processing of your personal information where certain requirements are met;
    • the right to object to the processing of your personal information;
    • the right to request that we transfer elements of your data either to you or another service provider; and
    • the right to object to certain automated decision-making processes using your

    You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us.  For example, we do not use automated decision making in relation to your personal data.  However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

    Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.

    To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below.

    If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. However, we encourage you to contact us to resolve your complaint first.

    CHANGES TO THIS NOTICE

    We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.

    CONTACTING US

    In the event of any query or complaint in connection with the information we hold about you, please email secretary@mtgc.co.uk or write to us at: Merthyr Tydfil Golf Club Ltd, Cloth Hall Lane, cefn Coed, Merthyr Tydfil, CF48 2NT.

    22nd May 2018