This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your employment and after it ends.  We are required to notify you of this information under data protection legislation.  Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

We may occasionally need to change this Privacy Notice and you will find the most recent version on iShare.  We will inform you of important changes to this notice.

 

Who collects the information
Sweco Services UK Limited and Sweco UK Limited are ‘data controllers’ and gathers and uses certain information about you.  This information is also used by our affiliated entities and group companies, namely Sweco Group (our ‘group companies’) and so, in this notice, references to ‘we’ or ‘us’ mean the Company and our group companies.

 

Data protection principles
We will comply with the data protection principles when gathering and using personal information, as set out in our Sweco Group Privacy Framework and Sweco Group Privacy Guidelines.

About the information we collect and hold
The table set out in the Schedule summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.

We may also need to share some of the categories of personal information set out in Schedule with other parties, such as external contractors and our professional advisers and potential purchasers of some or all of our business.  Usually, information will be anonymised but this may not always be possible.  The recipient of the information will be bound by confidentiality obligations.  We may also be required to share some personal information as required to comply with the law.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Where information may be held

Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above.  Information may be transferred internationally to any country in which Sweco operates and other countries around the world, including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above.  We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our IT Security Guidelines which can be found on the Sweco intranet or from your Line Manager.

How long we keep your information

We keep your information during and after your employment for no longer than is necessary for the purposes for which the personal information is processed.  Further details on this are available in our Data Retention Policy (Employment).


Your rights to correct and access your information and to ask for it to be erased

Please contact the HR team in Leeds, by email, ukhr@sweco.co.uk if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice.  You also have the right to ask the HR team for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.  The HR team will provide you with further information about the right to be forgotten, if you ask for it, and what information is available to you.


Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.  We limit access to your personal information to those who have a genuine business need to know it.  Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that the HR team can resolve any query or concern you raise about our use of your information.  If not, please contact our Local Privacy Officer and Head of Legal, Roger Hirons.
 

The Schedule – About the information we collect and hold

 

The information we collect and hold

How we collect the information

Why we collect the information

How we use and may share the information

Your name, date of birth, contact details (i.e. address, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and home and mobile phone numbers) ?

From you

To enter into/perform the employment contract

Legitimate interest: to maintain employment records and good employment practice

To enter into/perform the employment contract

Information shared with the DVLA to transfer penalty notices

Details of salary and benefits, bank/building society, National Insurance and tax information, your age ?

From you

To perform the employment contract including payment of salary and benefits

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

Consent: required where information is provided to third parties

To ensure you receive the correct pay and benefits

Information shared with our internal and external payroll administrators and with HM Revenue & Customs (HMRC)

Information shared with third parties with consent

 

Details of your spouse/partner and any dependants ?

From you

To perform the employment contract including employment-related benefits, e.g. pension, life assurance and private medical insurance

To ensure you receive the correct pay and benefits

Information shared with our internal and external payroll administrators with HM Revenue & Customs (HMRC)

Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information ?

From you and, where necessary, the Home Office

To enter into/perform the employment contract

To comply with our legal obligations

Legitimate interest: to maintain employment records

To carry out right to work checks

Information may be shared with the Home Office

A copy of your driving licence (and your family member if you choose to allow them to drive a company car) ?

From you

To perform the employment contract

To comply with our legal obligations

To comply with the terms of our insurance

To ensure that you have a clean driving licence

Information may be shared with our insurer

Details of your pension arrangements, and all information included in these and necessary to implement and administer them ?

From you, from our pension brokers and administrators and (where necessary) from your own pension fund administrators

To perform the employment contract including employment-related benefits

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

To administer your pension benefits

To comply with our auto-enrolment pension obligations

Information shared with our pension brokers and administrators and with HMRC

Information in your sickness and absence records (including sensitive personal information regarding your physical and/or mental health) ?

From you, from your doctors, from medical and occupational health professionals we engage and from our insurance benefit administrators

 

 

To perform the employment contract including employment-related benefits

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

Consent: will be obtained prior to engaging your doctors, medical and occupational health professional

 

To maintain employment records, to administer sick pay entitlement, to follow our policies and to facilitate employment-related health and sickness benefits

To comply with our legal obligations to you as your employer

Information shared with your doctors, with medical and occupational health professionals we engage and with our insurance benefit administrators

For further information, see * below

Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs

From you

To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment)

To comply with our equal opportunities monitoring obligations and to follow our policies

For further information, see * below

Criminal records information, including the results of Disclosure and Barring Service (DBS) checks ?

From you and the DBS

To perform the employment contract

To comply with our legal obligations

For reasons of substantial public interest (preventing or detecting unlawful acts)

To carry out statutory checks

Information shared with DBS and other regulatory authorities as required

For further information, see * below

Information on grievances raised by or involving you

From you, from other employees and from consultants and advisors we may engage in relation to the grievance procedure

To perform the employment contract

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

For employee administration, to follow our policies and to deal with grievance matters

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

Information on conduct issues involving you

From you, from other employees and from consultants and advisors we may engage in relation to the conduct procedure

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

For employee administration, to follow our policies, to monitor and manage employee performance and conduct and to deal with disciplinary and grievance matters

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

Details of your appraisals and performance reviews

From you and from other employees

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

For employee administration, to follow our policies, to monitor and manage employee performance and conduct and to deal with disciplinary and grievance matters

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

Details of your performance management/improvement plans (if any)

From you, from other employees and from consultants and advisors we may engage in relation to the performance review process

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

For employee administration, to follow our policies and to monitor and manage employee performance

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

Details of your time and attendance records

From you and from door entry systems, swipe card systems, time management system, application logs

To perform the employment contract

Legitimate interest: to monitor and manage employee access to our systems and facilities and to record employee absences

For payroll and employee administration and assessments, to follow our policies and to monitor employee performance and attendance

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage and with our internal payroll administrators

Information regarding your work output

From application logs, e.g. BST, billing ratios

To perform the employment contract

Legitimate interests: to maintain employment records

For payroll and employee administration, to follow our policies and to monitor and manage employee performance and attendance

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage and with our internal and external payroll administrators

Information in applications you make for other positions within our organisation

From you

To enter into/perform the employment contract

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

To process the application

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

Information about your use of our IT, communication and other systems

Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephones, voicemail, mobile phone records, firewalls, mobile device management systems

Legitimate interests:

to monitor and manage employee access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

for operational reasons, such as maintaining employment records, recording transactions, training and quality control

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

for security vetting and investigating complaints and allegations of criminal offences

for statistical analysis

to prevent unauthorised access and modifications to our systems

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

To protect and carry out our legitimate interests (see adjacent column)

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

For further information, see ** below

Your image, in photographic and video form

From you

Legitimate interests:

to monitor and manage employee access to our premises, systems and facilities

for marketing and business development purposes

To protect and carry out our legitimate interests (see adjacent column)

Information shared with HR, IT and security personnel

Information shared with marketing and business development personnel and with consultants we may engage

Details of your use of business-related social media, such as LinkedIn

From relevant websites and applications

Legitimate interests:

to monitor and manage employee access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

To protect and carry out our legitimate interests (see adjacent column)

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

For further information, see ** below

Your use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation; you will be notified separately if this is to occur)

From relevant websites and applications

Legitimate interests:

to monitor and manage employee access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

To protect and carry out our legitimate interests (see adjacent column)

Information shared with relevant managers, HR personnel and with consultants and advisors we may engage

For further information, see ** below

Details in references about you that we give to others

From your personnel records, our other employees

To perform the employment contract

To comply with our legal obligations

Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice

To provide you with the relevant reference

To comply with legal/regulatory obligations

Information shared with relevant managers, HR personnel and the recipient(s) of the reference

 

 

You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked ‘?’ above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits, such as e.g. contractual sick pay and to administer statutory payments such as statutory sick pay (SSP).  If you do not provide this information, we may not be able to employ you, to make these payments or provide these benefits.

 

* Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our Absence policy, Equality policy and Disclosure and Barring (including Employment of Ex-Offenders) policy.  These policies are available from iShare, your Line Manager or the HR team.

 

** Further information on the monitoring we undertake in the workplace and how we do this is available in our Monitoring Policy, available from iShare, your Line Manager or the HR team.