We take privacy and confidentiality very seriously and actively comply with the General Data Protection Regulations 2018. The objective of this policy is to provide details as to how and why we:
- Obtain personal data
- How we gather it
- How we handle, process and use it
- How we store it and for what length of time
- How we protect personal information
- The legal rights of individuals whose personal information we process
Gathering Personal Data
- Personal data means any information relating to an identified or identifiable individual.
- Because of the various areas of our work, and the different reasons why we need to use personal information, what we collect is very varied and includes:
- Identity and contact data – including name, date of birth, email address, postal address, telephone numbers, proof of eligibility to work in the UK (such as passport details), DBS checks and information provided or collected as part of the services provided to our clients obtained during the employee recruitment processes or signing policies and procedures.
- Financial and transaction data – including bank account details, tax codes, National Insurance numbers and details of payments to and from individuals.
- Technical and usage data – including information about how individuals use our website
- Marketing data – including individuals’ preferences in receiving marketing from us and information provided to us for the purpose of attending events such as dietary information and accessibility requirements, plus for the receipt of any updates whether it be relating to employment law and best practices, newsletters or social media.
- Information used to provide our services – including information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients
- In order to provide our services to clients for equality monitoring purposes to meet specific business obligations (such as working with children or vulnerable groups), we may also collect special category data and personal data relating to criminal convictions and offences, racial or ethnic origin, religious or philosophical beliefs, trade union membership, data concerning health and data concerning a person’s sex life or sexual orientation.
How we obtain personal information
- We obtain personal information in a variety of methods, including through:
- Direct contact – individuals may give us their personal information by corresponding with us directly, by post, email or telephone or otherwise.
- Clients – our clients may give us personal information of individuals (for example a client’s employees) to enable us to provide our services
- Third parties or publicly available sources – we may receive personal information of individuals from third parties (for example disclosure by the police or CPS in connection with a prosecution) in connection with the provision of services by us to our clients. We may also receive information from publicly available sources such as Companies House, HMRC, Pension Providers and health and wellbeing organisations.
The purpose of our cookies is to make the website function correctly, to personalise the website to your preferences, and to collect information about your visit which will help us improve the website in the future. We never collect information that could identify you, or pass information to any third parties.
You can normally visit this website without identifying who you are or revealing any information about yourself. However, cookies are used to store small amounts of information on your computer, which allows certain information from your web browser to be collected. Cookies are widely used on the internet and do not identify the individual using the computer, just the computer being used. Cookies and other similar technology make it easier for you to log on to and use our website during future visits.
By using and browsing this website, you consent to cookies being used. If you do not consent, you must disable cookies in your browser or refrain from using the site.
How we use personal information
- We use personal information in a variety of ways including:
- To provide our services to our clients
- To recruit employees and partners of Essencia HR Ltd
- To manage and supervise our employees and partners
- To promote our services
- To meet our legal and regulatory obligations
- To meet our audit and insurance obligations
The basis upon which we use personal information
- We will only use personal information (including special category data and data relating to criminal convictions and offences)for the purposes for which they have been obtained. Most commonly, we will use personal data in the following circumstances:
- Where we need to do so to perform a contract we are about to enter into or have entered into – for example a contract of employment
- Where it is necessary for our legitimate interests (or those of a third party such as one of our clients) and the interests and fundamental rights of the individual whose personal information we are using do not override those interests – for example where we act on behalf of a client in bringing regulatory proceedings
- Where it is necessary to comply with a legal or regulatory obligation
- When we use special category data and data relating to criminal convictions and offences it will normally be when this is necessary for the establishment, exercise or defence of legal claims or where we need to do so as an employer
How long we keep personal information
- We will keep personal information in accordance with our data retention practices, which apply appropriate retention periods for each category of personal information. In setting retention periods we take account of the purposes for which the personal information was collected, legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.
Who we share personal information with
- We may share personal information with third parties including:
- In the course of providing services to our clients – for example when recruiting for a third party
- When we outsource certain support services – for example IT services
- Our professional advisers –
- To regulatory authorities, courts, tribunals and law enforcement agencies – for example HMRC or CPS
- Third parties to whom we transfer personal information are required to respect the security of the information and treat it in accordance with the law. We do not sell personal data to third parties.
Links to other websites
- Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
- Will comply with any customer’s request to discard their telephone number, e-mail address and postal address.
Which countries we transfer personal information to
- Apart from exceptional circumstances (if a client is linked to a franchise or parent company abroad) we do not send personal information abroad
How we protect personal information
- We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place appropriate measures to inform our staff about how we collect, handle, keep and dispose of/delete information secure.
- We have put in place measures to deal with any suspected personal information breach and will notify relevant individuals and the Information Commissioner of a breach when we are legally required to do so.
The legal rights of individuals whose personal information we process
- Individuals have the rights set out below. If you wish to exercise any of these rights please contact our Data Protection Officer using the contact details given above.
- Request access to their personal information (commonly known as a “data subject access request”). This enables individuals to receive a copy of the personal data we hold about them and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about them. This enables individuals to have any incomplete or inaccurate information we hold, though we will need to verify the accuracy of the new information provided to us.
- Request erasure of their personal information. This enables individuals to ask us to delete or remove personal information where there is no good reason for us continuing to process it. Individuals also have the right to ask us to delete or remove their personal information where they have successfully exercised their right to object to processing (see below), where we may have processed their information unlawfully or where we are required to erase their personal information to comply with local law. Note, however, that we may not always be able to comply with a request of erasure for specific legal reasons which will be notified to the individual, if applicable, at the time of their request.
- Object to processing of personal information where we are relying on a legitimate interest (or that of a third party) and there is something about the individual’s particular situation which makes her/him want to object to processing on this ground as she/he feels it impacts on her/his fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process the information which overrides those rights and freedoms. Individuals also have the right to object where we are processing their personal information for direct marketing purposes.
- Withdraw consent at any time where we are relying on consent to process the personal information. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn.
- If you need further information, have any questions or comments about our policies and practices please contact our Data Protection Officer through the details given at the top of this policy.
- Individuals have a right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.co.uk). We would, however, appreciate the chance to deal with any concerns before the ICO is approached so please contact our Data Protection Officer, using the contact details given above, in the first instance.
Changes to this privacy notice