Privacy Policy

What Sensitive Personal Data will we collect?

We will try to limit the sensitive personal data that we collect. It is our intention to collect sensitive personal data only about:

  • Your health – sensitive personal data may be recorded if you notify us of any medication you are taking or any health conditions you have, or it may be recorded in records of absence and absence notification, return to work documents, and doctors’ fit notes or other correspondence from medical advisors. If we believe it is necessary to obtain access to your medical records and or to request a medical report from your GP or healthcare professional or from an independent healthcare professional such as the government’s Fit For Work service or an occupational health advisor, we will ask you to give your consent to this before we do anything and we will remind you that you do not have to give your consent if you do not want to.

  • Your trade union membership – this may be recorded if you are invited to a meeting, such as a disciplinary hearing, at which you are entitled to have a trade union representative present.

It is not our intention to collect sensitive personal data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life or sexual orientation. However, it is possible that we may become aware of this sensitive personal data as we get to know you. If you choose to disclose information about your ethnic origin, political opinions or religion etc. we will treat this confidentially.

If we ask you to complete an equal opportunities monitoring questionnaire this will be done on an anonymous basis and the data collected will be held anonymously and separately to any other data that we have about you.


Why do we collect, store and process personal data?

We will only collect, store and process personal data to the extent that it is required for the purposes set out below (and in any separate privacy notice issued to you).

We need to collect, store and process personal data in order to fulfil the terms of our contract with you and to meet our legal obligations as an employer, and in order to ensure that we comply with good HR practices for managing Staff and meet the needs of our business. This personal data will be accessible only by the HR department, the Directors and the senior management team.

For example:

  • We need contact information like your full name, address, telephone number(s) and email address so that we can keep in touch with you, but we will not pass your contact details on or use them for marketing to you without your consent.

  • We need to check your passport and/or visa or residence permit and similar information to ensure and be able to evidence that you have the right to work in the UK.

  • We need information like your bank details, tax code, National Insurance number, student loan information, any attachments of earnings orders and your date of birth for administration of salary, benefits, and pension contributions.

  • We will create a personnel file for you, which will include the above information, your CV and/or application form, your offer letter, any references obtained in relation to you, your contract of employment and any amendments to it, information provided to us by you in relation to your health, health questionnaires and personal data that we create and collect during your employment such as information relating to performance reviews and appraisals, training, promotions and job changes, accident records, sickness absences (including self-certification forms and return to work forms, fit notes, doctors’ reports and notes of any review meetings or capability meetings), maternity, paternity, adoption or parental leave, other time off work, disciplinary matters, grievances, whistleblowing procedures, redundancy programmes (including selection criteria and scores), transfers of employment.

We will monitor the use of our telephones, internet and email systems and social media websites. This monitoring may include: logs of incoming and outgoing telephone calls including numbers used, times of calls and duration of calls; incoming and outgoing emails including email addresses, times of emails, size of emails, subject headings and attachments, we may also read the content of emails; websites visited, when and for how long; and, content of social media pages. This monitoring will be carried out by Senior Management Team. The purposes of this monitoring is limited to ensuring that our policies and procedures are complied with, investigating alleged breaches of our policies and procedures, investigating alleged breaches of confidentiality or disclosures of intellectual property information or trade secrets, investigating any derogatory comments or misrepresentations made in relation to our business or our Staff, investigating grievances or disciplinary matters, covering a member of Staff’s work if they are absent from work for any reason, finding any lost messages or information, and complying with any legal obligation.

Who do we share your Personal Data with?

We will share your personal data with the Data Processors identified above.

If you have an accident at work or are taken ill, it may be necessary for us to call an ambulance for you and to disclose personal data (including sensitive personal data) about your health and/or medication to the medical professionals in attendance. If you are unconscious or very unwell, it may not be possible for us to ask for your consent in relation to this disclosure and we will limit the disclosure to the information required to be disclosed in your best interests.

If we lose a contract that you are engaged to work on or if a part of our business that you are engaged to work in is bought by another organisation, then it is possible that your employment will transfer to the other organisation. We will consult with you about the transfer of your employment if that arises. However, as part of this process, we might have to transfer some personal data about you to the other organisation so that they can get ready to employ you – this may include your name, job title, salary and benefits information, terms of employment and any disciplinary or grievance procedures followed in the two years before the transfer.

We may also have to disclose personal data in order to comply with our legal obligations, to enforce or apply any contractual terms that we have with you, or to protect our rights, property, or safety of our Staff, customers or others. This may include instructing legal advisors and engaging in legal proceedings, and exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.

We will not send your personal data outside of the UK.

How long do we keep Personal Data?

We will ensure that any Personal Data that we hold is accurate and kept up to date. We will check the accuracy of Personal Data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.

We will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

How will we keep your Personal Data secure?

We will put in place appropriate procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction and to prevent unlawful or unauthorised processing of personal data, and accidental loss of or damage to personal data.

Only people who are authorised to access or use personal data will have access to it.

Personal data held in paper records will be stored in locked filing cabinets and cupboards, locked desk drawers and/or locked offices. We will secure our premises by ensuring they are locked when not in use and areas where personal data are stored are secured with PIN code entry doors. Staff must ensure that these locks and PIN codes are used and premises kept secure. Any strangers seen on the premises should be reported to Management Team.

Personal data held in electronic records will be stored on secure servers, that are regularly backed up and subject to regular maintenance. Passwords and restricted networks will be used to limit access to electronic records. Staff must ensure that they lock their IT equipment using appropriate passwords and that extra care is taken when transporting IT equipment, particularly on public transport.

Personal data will only be transferred to Data Processors who put appropriate security measures in place.

Personal data will be securely destroyed. Personal data held in paper records will be shredded or placed in confidential waste. Personal data held in electronic records will be deleted. Digital storage devices will be wiped and/or destroyed when they are no longer required.

Want to know more?


Download our digital brochure and discover how contract electronic manufacturing services from Electroparts helps businesses worldwide to increase efficiency and reduce costs.