GFM Holdings Ltd/GFM Clear Communications LTD Employee Privacy Policy
Our contact details
Data Controller: GFM Holdings Ltd
Data Protection officer: Rob McLaughlin
Address: 42 Phoenix Court, Hawkins Road, Colchester, Essex, CO2 8JY
Phone Number: 01206 791733
E-mail: dpo@gfm.co.uk
As your employer, the Company needs to keep and process information about you for normal employment purposes. The information we hold, and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully, and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision. Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.
The type of personal information we collect
We currently collect and process the following information:
• Employment application: Name, address, contact details, employment history, references, and qualifications.
• Right to work: Information about your entitlement to work in the UK. Passport, citizenship, residency, or work permit.
• Buildings, facilities, and information technology access: Photograph, CCTV footage, swipe card access, email and internet usage and other systems access data.
• Onboarding process: Date of birth, National Insurance number, bank details, Emergency contact details, details on whether you have a disability for which the organisation needs to make reasonable adjustments for. Contract of employment and any amendments to it.
• Diversity information: Marital status, religion, ethnic group, sexual orientation, disability, and gender identity.
• Pay and compensation: Employee level, salary, pension, benefits, salary sacrifice agreements, business expenses.
• Working hours and leave: Rosters and work schedules, details of overtime, leave accrual, sick leave information, and information required for processing flexible working requests.
• Training – Training records.
• Performance management: Performance appraisal and improvement documentation, file notes related to employee conduct and behaviour, documentation supporting disciplinary processes.
• Promotion and awards: Promotion and secondment documentation, awards won, talent management information.
• Grievance and disciplinary processes: Documentation related to grievances and disciplinaries.
• Health and wellbeing – This may include medical certificates and reports, details of wellbeing meetings.
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
• Recruiting you for employment; confirming your UK right to work.
• Managing your contract and employment relationship with you.
• Information needed for equal opportunities monitoring policy.
• Providing you access to, and monitoring your use of, GFM’s buildings, facilities, and Information technology and business systems.
• Paying you, including providing you with benefits, rewards, and pensions.
• Accruing your leave.
• Facilitating communication with you and undertaking employee feedback surveys and engagement forums.
• Booking and reimbursement of travel and expenses.
• Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, and where applicable health insurance or life insurance policies.
• We monitor computer and telephone/mobile telephone use, as detailed in our computer/telephone/electronic communications/expenses policy, available on the employee portal and or employee handbook.
• We keep records of your hours of work by way of timesheets, as detailed in the employee handbook.
• Generally operating and managing GFM’s business operations.
We also receive personal information indirectly, from the following sources in the following scenarios:
• Recruitment agencies – If employed via an employment agency.
• Medical Practitioners and specialists including Occupational Health – If reports are requested with your consent.
• References during the recruitment process.
We may share your information with:
• HMRC.
• Government agencies such as the Home Office for purposes of carry out a Right to work check and The Disclosure and Barring Service for a DBS check where required.
• Pension funds and schemes.
• Recruitment agencies.
• External HR – Citation.
• Employee assistance scheme (BUPA).
• Occupational health service providers.
• Human Resource Information Systems providers.
• HR consultants engaged for the purposes of complying with our policies and managing the employment relationship.
• Zoho – External CRM provider
We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external HR Services provider, pension, or health insurance scheme providers.
We may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business.
Why does GFM/GFM Clear Communication process personal data?
We need to process data to enter into an employment contract with you and to meet our obligations under your employment contract. For example, we need to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer some benefits.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws, to enable employees to take periods of leave to which they are entitled, and to consult with employee representatives if redundancies are proposed or a business transfer is to take place. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.
In other cases, we have a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows us to:
• Run recruitment and promotion processes.
• Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights.
• Operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace.
• Operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes.
• Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled.
• Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled.
• Ensure effective general HR and business administration.
• Provide references on request for current or former employees.
• Respond to and defend against legal claims.
• Maintain and promote equality in the workplace.
Where we rely on legitimate interests as a reason for processing data, we have considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring as permitted by the Data Protection Act 2018. You can ask us to stop processing this data at any time.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting the Data Protection officer.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We have a legitimate interest.
How we store your personal information
Your information is securely stored at 42 Phoenix Court, Hawkins Road, Colchester, Essex, CO2 8JY
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the proper performance of their duties.
The criteria used for determining how long your data will be stored for is based on the statutory retention periods and up to a period of six years following termination of employment. If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
Who has access to the data?
Your information will be shared internally with various functions within the business including HR, payroll, your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
Your data may also be shared with employee representatives in the context of collective consultation on a redundancy or business sale. This would be limited to the information needed for the purposes of consultation, such as your name, contact details, role, and length of service.
We share your data with third parties to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
We also share your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
We will not transfer your data to countries outside the European Economic Area.
Your data protection rights
Under data protection law, you have rights including:
• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. We may ask you to verify your identity to process your request. Please provide as much information as possible when making a request.
Please contact us at dpo@gfm.co.uk 42 Phoenix Court, Hawkins Road, Colchester, Essex, CO2 8JY, 01206 791733 if you wish to make a request.
If you have a concern about our use of your personal data, you should write us.
For questions, please contact the Data Protection Officer at: dpo@gfm.co.uk.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at Hello@gfm.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
We may update this Privacy Notice from time to time in response to changing legal, technical, or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by law.
