Data Controller
The data controller is: Westcotts
26-28 Southernhay East Exeter
EX1 1NS
Any reference to ‘Westcotts’ or the ‘Firm’ as Data Controller within this privacy notice also refers to the wider firm which includes ‘Westcotts (SW) LLP trading as Westcotts Chartered Accountants and Business Advisers’, ‘Westcotts Business Recovery and Insolvency LLP’, ‘Westcotts Financial Management Limited’ trading as ‘Westcotts Chartered Financial Planners’ and ‘Westcotts Secretarial Limited’.
Data Protection Officer
To enquire about any aspect of this document or your associated data protection rights please contact Westcotts’ Data Protection Officer:
Mr P Tigwell
26-28 Southernhay East Exeter
Devon EX1 1NS
Email: patrick.tigwell@westcotts.uk
All initial contact should be in writing (by post or email).
General
Westcotts collects and processes personal data relating to its employees to manage the employment relationship. We are committed to being transparent about how we collect and use that data and to meet our data protection obligations.
Lawful reason for processing personal data
We need to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, we need to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements.
Westcotts acts as Controller.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
In other cases, the Firm has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the Firm to:
- run recruitment and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- obtain occupational health advice, to ensure that we comply with duties in relation to individuals with disabilities, to enable we meet our obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the Firm complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- respond to and defend against legal claims; and
- maintain and promote equality in the workplace.
- Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
Categories of personal data collected by Westcotts
We collect and process a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number, date of birth and gender;
- the terms and conditions of your employment;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with us;
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
- details of your bank account, passport and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record;
- details of your schedule (days of work and working hours) and attendance at work;
- Records of your completed compliance documentations including; training records, accident at work and near misses.
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence;
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
The organisation may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving
licence; from forms completed by you at the start of or during employment (such as annual compliance forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data will be stored in a range of different places, including in your personnel file, in the Firm’s HR management systems and in other IT systems (including the Firm’s email system).
Intended recipients of the personal data
Your information may be shared internally, including with members of the HR and Payroll departments, your line manager, partners/directors/managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
The organisation shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. The Firm may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Firm also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of pension and other benefits and the provision of occupational health services.
The Firm will not transfer your data to countries outside the European Economic Area.
Where Westcotts receives a request to submit data to a third party other than those specified by the contract of employment or as required by employment law, the consent of the data subject must be obtained before any data is released.
Retention period
The Firm will hold your personal data for the duration of your employment. The firm will continue to hold all of your data after the end of employment for a period of at least 6 years, certain information will be kept by the employer indefinitely.
What if you do not provide personal data?
You have some obligations under your employment contract to provide the Firm with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the Firm with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the Firm to enter a contract of employment with you. If you do not provide other information, this will hinder the Firm’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Use of Data Processors
- Self-service for employees of the firm
If a self-service system is run under these circumstances the firm will use third party software provided by Thesaurus Software Ltd t/as Brightpay. For more information, please see Brightpay’s privacy policy.
- Recruitment agencies
The firm uses recruitment agencies to advertise or seek applicants for vacancies within Westcotts. The agents will collect information from you during the application process which they will hold in accordance with the terms of their individual privacy notice.
Your rights as data subject
Right of access – where Westcotts is processing or has processed your personal data you have rights as an individual to get a copy of the information that we hold about you. This is known as a subject access request.
For these to be managed effectively, subject access requests must be made in accordance with the guidance issued by the Information Commissioner’s Office (www.ico.org.uk/for-the-public/). All requests should be submitted to Westcotts’ Data Protection Officer.
Failure to submit a subject access request in this format may result in the request being rejected.
The right to rectification – you have the right to request rectification of your personal data where errors have been identified.
Any such request must be made verbally or in writing by post or via email to the Firm and a response will be issued within one month of receipt.
Please note that there may be instances where such requests cannot be fully satisfied and in such cases a full explanation will be provided within the response.
The right to erasure – you have the right to request erasure (also known as ‘the right to be forgotten’) of your personal data.
Any such request must be made verbally or in writing by post or via email to the Data Protection Officer and a response will be issued within one month of receipt.
Please note that there may be instances where such requests cannot be fully satisfied and in such cases a full explanation will be provided within the response.
Right to restriction of processing – you have the right to obtain from us a restriction of processing where one of the following applies:
a) The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
b) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
c) We no longer need the personal data for the purposes of processing, but you require us to retain the data for the establishment, exercise or defence of legal claims.
d) An objection to the processing of personal data has been raised by you, for a period enabling us to consider whether your rights are overridden by our legitimate reasons to retain the data.
Right to data portability – where it is practicable to do so we will provide an active secure self-service system to provide your personal data held by us.
Where it is not practicable to provide an active self-service system, upon receipt of a ‘right of access request’ information held will be made available via a secure self-service system and direct access will be granted to you.
Where possible the data will be provided in a suitable electronic format which complies with the GDPR guidelines on data portability. Where this is not possible this will be explained.
Please note that the right to obtain access to personal data through a remotely accessed secure system should not adversely affect the rights and freedoms of others.
The right to object – you have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
Westcotts will adhere to the guidelines set by the Information Commissioner’s Office upon receipt of an objection. The objection can be made verbally or in writing to the firms marketing department or Data Protection Officer.
All processing will cease upon receipt of a relevant objection. The Data Protection Officer will issue a formal response to the objection within one month of receipt.
Automated decision making and profiling
The firm does not perform any tasks which rely solely on automated decision making or profiling.
Complaints or queries
Westcotts tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice has been drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Westcotts’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address above.
If you want to make a complaint about the way we have processed your personal information, in the first instance please contact the Data Protection Officer. If the Data Protection Officer is unable to satisfactorily deal with your complaint, or you are not satisfied with our response or believe our processing of your personal data is not in accordance with the law you can complain to the Information Commissioner.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.