SERVICE USER PRIVACY NOTICE
Cymar Computer Ltd is committed to protecting the privacy and security of your personal information and we will always treat you and your data with the respect you deserve.
This Privacy Notice covers how we collect, use, store and disclose the data that you supply to us and your rights about data that we hold about you. It applies to our employees, current and former Customers, Clients, Suppliers and other Service users. For more information please contact us.
THE INFORMATION WE COLLECT FROM YOU
We will collect, store, and use the following categories of information about you:
CC – Company contact details such as main contact name, title, Company addresses, telephone numbers, and company email addresses.
FI – Bank account details, Invoice records
CRI – Contractor Recruitment information (including copies of right to work documentation, passport, references and other information included in a CV or cover letter or as part of the application process).
CCTV – CCTV footage and other information obtained through electronic means such as swipe card records.
ICS – Information about your use of our information and communications systems.
P – Photographs.
We may also collect, store and use “special categories” of more sensitive personal data which require a higher level of protection:
HR – Information about your health, including any medical condition, health and sickness records (including Occupational Health records).
ED – Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
TU – Trade union membership.
GI – Genetic information and biometric data.
CR – Information about criminal convictions and offences.
How the information is collected
We collect Service user information through the marketing, direct contact, external enquires, referrals and sometimes from an external agencies. We may collect additional information in the course of job-related activities throughout the period of our working relationship.
When we will use your Service user information
We need all the categories of information identified above primarily to allow us to perform our contract with you [*] and to enable us to comply with legal obligations [**]. In some cases we may use your Service user information to pursue legitimate interests of our own or those of third parties [***] (provided your interests and fundamental rights do not override those interests). We will process your Service user information as follows, the asterisks show the purpose for processing:
|Purpose||Type of data||Lawful basis|
|Providing Invoices for work done and Paying invoices for work done.||CC,FI||** *|
|External Consultant proving DBS Checks on behalf of a Client||CRI,CR||** *|
|To prevent fraud.||CC, FI, CRI, GI||***|
|To monitor your use of our information and communication systems to ensure compliance with our IT policies.||CC, CCTV, ICS||***|
|To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.||CC, CCTV, ICS||***|
Failure to provide information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing the required service), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
SENSITIVE PERSONAL INFORMATION
“Special categories” of particularly sensitive personal information require higher levels of protection. We may process special categories of Service user information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our Data Protection Policy.
- Where it is needed in the public interest, such as for equal opportunities monitoring and in line with our Data Protection Policy.
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. We may also process such information about employees or former employees in the course of legitimate business activities with the appropriate safeguards.
Our obligations as an employer
We will use your particularly sensitive personal information in the following ways:
- We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
INFORMATION ABOUT CRIMINAL CONVICTIONS
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We may also process such information about employees or former employees in the course of legitimate business activities with the appropriate safeguards.
We do not envisage that we will hold information about criminal convictions and access your DBS portal.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences in the following ways:
- Consideration for suitability for employment if the job requires a criminal record check, and this shows that the candidate is not suitable for a job because of a spent conviction or caution
We are allowed to use your personal information in this way to carry out our obligations in ensuring that our staff meet the risk requirements for some sensitive posts, such as working within schools.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current, so please let us know if your information changes.
We may have to share your data with third parties, including third-party service providers (including contractors and designated agents); other entities in the group; in the context of a sale of the business; or with a regulator or to otherwise comply with the law; our insurers and/or professional advisers to manage risks legal disputes. The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration, IT services.
We do this where required by law; where it is necessary to administer the working relationship with you; or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We must store most of your HR data for a period of at least 6 years following the termination of your employment; some personal financial data will be destroyed after 2 years; Health and Safety information must be held for a minimum of 40 years.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Please refer to our DSAR Procedure for more information.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Please contact the person responsible for Data Protection in our Company.
COMPLAINTS & QUESTIONS
If you have any questions about this privacy notice or how we handle your personal information, please contact the person responsible for Data Protection in our Company. If we have breached our duty of care, we will take appropriate action.
If you are not satisfied by our response you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (Email: firstname.lastname@example.org)
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.