DLF Seeds Limited Employee Data Privacy Notice
This data privacy notice applies to current and former employees of DLF Seeds Ltd (the Company).
We respect our employees’ right to privacy and will therefore only collect and process personal data which is necessary. The General Data Protection Regulation (GDPR) requires us to have a lawful basis for using personal data, e.g. because it is necessary for the performance of your employment contract, or you have given your consent for us to use your data. We may process your data for other legitimate business interests, or to fulfil our legal obligations.
When you accept an employment offer with the Company, your personal details will be held on the Company’s electronic and physical filing systems. As part of the DLF group, our IT service is provided by our parent company in Denmark where our secure servers are located. We will not store or share your data outside the EU.
What Personal Data is processed
During the recruitment process you provide us with your name, contact details, qualifications and relevant information about your health. When you start employment with the Company, you provide us with your bank details for payroll purposes. We also ask you to let us know who we should contact in case of an emergency.
During your employment, the data we hold on you will include sickness, performance reviews, training and development. With your consent we may also access medical information from your doctor or other health professionals.
How long we keep your data
We will not keep personal data longer than necessary. Your personal file and employment records will be kept routinely for 6 years after you leave the Company. Where a longer data retention period is laid down by statute we will comply with this. Our Data Retention Policy contains further details.
Where we use third parties to process some personal data, DLF is responsible as the “Data Controller” for ensuring your data is processed securely. For this reason, we require our third party data processors to enter into agreements with us to confirm they comply with current legislation when processing our employees’ data. Details of our current third party processors and the information we share with them are given below:
SG Corporate Services:
We share necessary data with SGCS, the Company’s corporate brokers, who liaise between us and the organisations we partner with to provide employee services or benefits. Information provided to SGCS will include your name, address, date of birth, salary, pension contributions and National Insurance number.
We share necessary data with Wagemate Ltd our payroll processor. Information provided to Wagemate will include your name, address, date of birth, salary, pension contributions, National Insurance number, tax code and details of any authorised deductions from your salary.
We share necessary data with Zurich Municipal who provide our group income protection and life assurance cover to qualifying employees. Information provided to Zurich will be your name, address, date of birth, salary and any relevant health conditions.
BHSF provide our Occupational Health service. During your employment with DLF Seeds, should the need arise we may ask your permission to seek medical advice about your health in relation to your job. If this requires an occupational health report, this information will be held by the provider who will give us a summary report or fit to work certificate. This will include recommendations on any adjustments which may be needed to help you work effectively. You can ask to see the report before it is sent to us.
The information provided to BHSF would be subject to your written consent to allow them to access your health records. We would also need to provide BHSF with your name, contact details, date of birth and job title.
We may use Thomas International to process Personality Profile Assessments as part of the recruitment process, or to assist with ongoing employee development. These assessments are processed by our HR Department at DLF Head Office in Denmark. If we ask you to complete an assessment, we will send you a link to access this. A report will be generated initially to HR at our Head Office in Denmark and thereafter it will be held by the UK business. You will be offered feedback on the process.
The information provided to Thomas International (via HR in Denmark) will be your name, contact details and the title of your current post or the position you have applied for.
As the law requires, we will auto-enrol you into the pension scheme. Details provided to Scottish Widows will be your name, date of birth, National Insurance number and salary. Your bank details will not be passed to Scottish widows at this time.
Please note: Personal Pensions put in place for our employees are a series of individual legal contracts between each employee and Scottish Widows. Participating employees and former employees are direct customers of Scottish Widows and therefore have a formal and direct contractual agreement with them as provider. DLF Seeds as the sponsoring employer is effectively an unconnected 3rd party in this relationship. Scottish Widows as the “Data Controller” for participating employees is responsible for ensuring full compliance with GDPR regarding pension policy holders’ data.
Access to personal information
You can find out what personal information we hold on you by making a ‘subject access request’ (SAR) under the Data Protection Act 1998. If you wish to do so, please contact our HR Manager, Pam Shadbolt firstname.lastname@example.org or send a letter to our UK Head Office, Thorn Farm, Inkberrow, Worcestershire WR7 4LJ. Please indicate clearly that you are making a subject access request. We will respond within one month of receipt to all genuine and reasonable requests. If your request is particularly complex, we may inform you that we need to extend the response time. We will tell you what information we hold on you, for what purpose and to whom it could be disclosed. Any complaints will be investigated and appropriate action taken. We will correct any inaccuracies brought to our attention. If you are content for us to resolve your request informally, e.g. over the phone, we will do so.
Other Rights under GDPR
The new regulation provides you with additional rights which in summary are:
Full details of your rights regarding your personal data are set out in our Data Protection Policy.
If you have any other queries about how we handle your information please contact our Data Protection Lead Officer, Paul Newman: email@example.com or by letter addressed to him at our Head Office
Review of this Privacy Notice
This document was drafted in May 2018 and will be reviewed periodically to ensure it continues to meet current legislative requirements.