Azets is committed to respecting and protecting your privacy. This policy is a statement of how we process your personal data in compliance with data protection legislation. When we process personal data in the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR. When we process personal data in the European Economic Area we do so in compliance with the EU GDPR. It is important to note that some countries impose different legal obligations on employers in employment legislation and wherever possible these variations are shown as footnotes.
Where we refer to “you” or “your”, we are referring to you as an employee (current or former) or an consultant of Azets.
Where we refer to “we”, “our” or “us”, we are referring to the Azets company that employs you. The company that employs you is the controller of your personal data. A list of employing companies in the Azets group is contained here. It provides the postal address and Data Protection Officer/Manager contact details to use if you have any questions about this policy or how we process your personal data.
This privacy policy applies to personal data we have already collected or will collect about our employees, workers and consultants. This privacy policy does not form part of any contract of employment or other contract to provide services and we may update this privacy policy at any time and we will inform you of any significant update. Nothing in this notice is intended to create an employment relationship between us and any non-employee providing services to us.
This policy describes:
It is important that you read this policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
Our Data Protection Officers and Data Protection Managers oversee our compliance with data protection legislation. If you have any queries relating to your personal data, please contact the relevant Data Protection Officer or Data Protection Manager here.
You can either send an email to the relevant email address or write for the attention of the Data Protection Officer or Data Protection Manager at the relevant postal address.
(The lawful basis for this processing is described in Appendix B)
Information related to your employment
We use the following personal data to carry out the contract we have (or had) with you, provide you access to business services required for your role and manage our human resources processes:
Information related to your salary, pension and loans
We process this information for the payment of your salary, income tax, pension and other employment related benefits. We also process it for the administration of statutory and contractual leave entitlements such as holiday or maternity/paternity leave:
Information relating to day-to-day business operations including client relations and travel on our behalf
We use the following to manage our relationships with clients and the interaction you have with them:
Information related to your performance and training
We use this information to assess your performance, conduct pay and grading reviews and to deal with any employer/employee related disputes. We also use it to meet the talent development needs required for your role:
Information relating to monitoring
All of our IT systems and building access systems create auditable logs which can be reviewed, although we don’t do so routinely. We are committed to respecting your reasonable expectations of privacy concerning the use of our buildings, IT systems and equipment. However, we reserve the right to log and monitor such use in line with our Acceptable Use Policy. We use this information to assess your compliance with company policies and procedures and to ensure the security of our client’s data, our premises, our IT systems and our employees. Such data includes:
Information relating to your health and wellbeing
We use the following information to comply with our legal obligations. We also use it to ensure the health, safety and wellbeing of our employees:
Information relating to monitoring of diversity and equal opportunities
In some countries, but not all, we have a legal obligation to monitor diversity in the workplace and to provide equality of opportunity. If - and only if - such a legal obligation applies we will process:
Information relating to disputes and legal proceedings
We use the following to protect our business in the event of disputes or legal proceedings:
Information relating to trade union check off arrangements and Works Council administration
We use the following information to regulate our relationship with trades unions and workers councils (if applicable):
[1] Known as P45 details in the UK.
[2] Form MATB1 in the UK.
[3] MOT certificates in the UK.
[4] Form D906 in the UK.
We initially collect personal data about employees, workers and consultants through the application and recruitment process, either directly from candidates or sometimes from an employment agency. We will also collect additional personal data in the course of your application for employment and, should you be successful, from job-related activities throughout the period of your employment.
We collect information about you in a variety of ways, including from:
We collect and use this information for the following purposes:
In general, processing of your personal data in connection with employment is not conditional on your consent. To the extent that we are interested in processing other personal data for which we need your consent, we will ask it from you directly and will inform you about this processing. If you have given your consent to processing of personal data, you have the right to withdraw your consent at any time, without affecting in any way our employment relationship or the lawfulness of the processing carried out on the basis of your consent given before your withdrawal. You can change or withdraw your consent at any time by sending an email to your local Data Protection Officer or Data Protection Manager (as shown in the list here). We will act immediately accordingly, unless there is a legal basis for not doing so.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any substantial changes to information we collect or to the purposes for which we collect and process it.
For some of your personal data you will have a legal, contractual or regulatory obligation to provide us with your personal data.
Your personal data will be processed by managers, HR staff and administrative staff in the Azets group of companies. Those staff, including your line manager, may not be employed by the same company as you, but may be employed by another company in the Azets group.
In general, access to your personal data is restricted to those who need to access it to carry out their duties for example, but not limited to, your management, HR (including local HR teams), Payroll, Talent Development, Compliance and the senior management team.
All companies in the Azets group of companies are bound by a Data Sharing Agreement which commits them to share personal data, when it is necessary, in a secure and lawful manner that respects the rights and freedoms of data subjects.
We have a legitimate interest to operate efficient administration systems and some of these systems are provided by other group companies, so for example:
We will only disclose your personal data outside the Azets group of companies and our ultimate parent company if disclosure is consistent with a lawful basis for processing upon which we rely, doing so complies with data protection legislation and is fair to you.
We will disclose your personal data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are overridden by your interests and rights). Where necessary we will also disclose your personal data:
Specific circumstances in which your personal data may be disclosed include to:
All recipients of shared personal data are bound by contract to process personal data in compliance with data protection legislation, particularly with respect to security and confidentiality.
Personal data about you may be held at our offices, on our systems and servers and those of our service providers and partners where information has been shared as described above. Personal data is securely stored and managed in compliance with data protection legislation, particularly with respect to security and confidentiality.
We will neither transfer nor process personal data outside the country in which your employer is based, nor will we permit personal data to be so transferred or processed by a processor or controller, unless it is under one or more of the following conditions:
We keep your personal data during and after your employment, for no longer than is necessary for the purposes for which the personal data is processed. After employment ceases we retain only the information necessary to satisfy legal obligations and to administer any pension commitments we may have. Please see Appendix A of this policy for how long we retain your data.
The duration for which we retain your personal data will differ depending on the type of information and the reason why we collected it from you. It also differs depending upon the national employment legislation of certain countries. However, in some cases personal data may be retained on a long-term basis, for example, personal data that we need to retain because of a legal or regulatory obligation. Such exceptions include:
If we reasonably anticipate litigation, we may issue a “Litigation Hold” (also known as a legal hold, document hold, hold order, or preservation order) which affects your personal data[2]. This is an instruction directing employees to preserve, and refrain from destroying or modifying, certain records and information (both paper and electronic) that may be relevant to the subject matter of a pending or anticipated litigation or government or regulatory investigation. If we reasonably expect litigation or a government investigation, we have a common law duty to prevent spoliation of evidence. This would have the effect of suspending the normal disposition or processing of records, such as backup tape recycling, archived media and other storage and management of documents and information. The documents to be preserved include electronic documents which would otherwise be deleted in accordance with our retention policy or otherwise deleted in the ordinary course of business.
We have an obligation to ensure that the personal data we hold about you is accurate and up-to-date and we use our best endeavours to ensure its accuracy. But to do this we require your cooperation and assistance. Please let your HR team know if anything changes, for example if you move home or change your phone number or personal email address.
We do not use personal data to carry out any automated decision making that could have a legal or similarly significant effect upon you.
We try to be as open as we reasonably can about the personal data that we process. If would like specific information, please ask.
You have the following legal rights concerning your personal data:
Right of access |
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data. |
Right to rectification |
You have the right to oblige us to rectify inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. |
Right to erasure (right to be forgotten) |
You have the right (under certain circumstances, but not all) to oblige us to erase personal data concerning you. |
Right to restriction of processing |
You have the right (under certain circumstances, but not all) to oblige us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. |
Right to data portability |
You have the right (under certain circumstances, but not all) to oblige us to provide you with the personal data about you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to oblige us to transmit those data to another controller. |
Right to withdraw consent |
If the lawful basis for processing is consent, you have the right to withdraw that consent. |
Right to object to direct marketing |
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. |
Rights in relation to automated decision making and profiling |
We do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you. |
If you would like to exercise any of these rights, please contact the Data Protection Officer or Data Protection Manager using the email addresses at the top of this notice.
If you are not satisfied with the response you receive, you have the right to lodge a complaint with your national Supervisory Authority. Contact details for the relevant Supervisory Authority for the country in which you work are shown in the table below.
Employed in |
Supervisory authority |
United Kingdom |
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF United Kingdom (t) 0303 123 1113 |
Norway |
Datatilsynet / The Norwegian Data Protection Authority Postboks 458 Sentrum 0105 Oslo Norway (t) +47 22 39 69 00 |
Romania |
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal / The National Supervisory Authority for Personal Data Processing B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, cod postal 010336 Bucuresti Romania (t) +40.318.059.211 (t) +40.318.059.212 |
Sweden |
Integritetsskydds myndigheten (IMY) / Swedish Authority for Privacy Protection (IMY) Box 8114 10420 Stockholm Sweden (t) 08-657 61 00 (e ) imy@imy.se |
Finland |
Tietosuojavaltuutetun Toimisto / Office of the Data Protection Ombudsman P.O. Box 800 00531 Helsinki Finland (t) +358 (0)29 566 6700 (e) tietosuoja@om.fi |
Estonia |
Andmekaitse Inspektsioon / Republic of Estonia Data Protection Inspectorate 39 Tatari St. 010134 Tallinn Estonia (t) (+372) 627 4135 (e) info@aki.ee |
Denmark |
Datatilsynet / The Danish Data Protection Agency Carl Jacobsens Vej 35 2500 Valby Denmark (t) 33 19 32 00 |
This notice does not form part of your contract of employment and does not create any contractual rights or obligations. Nothing in this notice is intended to create an employment relationship between us and any non-employee providing services to us.
This Privacy Notice, along with other Azets policies shall form our policy for processing Special Category Personal Data[3].
We reserve the right to update this privacy notice at any time, and we will inform you if we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.
Version 20220303
Dated: 18 July 2022
The period for which we will retain your personal data is dictated partly by national employment legislation. The table below shows the retention period depending upon the country where your employer is based.
Type of data |
UK |
Norway |
Romania |
Sweden |
Finland |
Estonia |
Denmark |
Job applications, CVs and interview records of unsuccessful applicants |
12 months |
12 months |
12 months |
12 months |
12 months |
N/A |
6 months |
Personnel and training records (including references, appraisals, grievance procedures and disciplinary matters) |
7 years after employment ceases |
5 years after employment ceases |
75 years (except appraisals which are kept for 3 years) |
During the employment relationship |
10 years |
10 years after employment ceases, 50 years after employment ceases for contracts started before 2009. |
5 years after employment ceases |
“Right to work” documentation |
One year after the foreign employee has ceased working for the company, or until the national border enforcement agency[1] has examined and approved the documentation, whichever is the longer period. |
|
|
|
|
|
|
Contracts of employment and changes to terms and conditions |
7 years after employment ceases |
5 years after employment ceases |
75 years as part of the employment records |
Permanent |
10 years after employment ceases. |
10 years after employment ceases, 50 years after employment ceases for contracts started before 2009. |
5 years after employment ceases |
Payroll |
7 years after employment ceases |
5 years after fiscal year end |
50 years |
Permanent |
6 years after employment ceases or fiscal year ends, “Payroll card” 50 years. |
7 years after fiscal year end. |
Current calendar year + 5 year after employment ceases |
Income tax |
7 years after employment ceases |
5 years after fiscal year end |
50 years
|
Permanent |
6 years after employment ceases or fiscal year ends. |
7 years after fiscal year end. |
Current calendar year + 5 years after employment ceases |
Reportable accident, death or injury in connection with work. |
Permanently |
NA |
75 years as part of the employment records |
Permanent (+10 years after death of person involved |
10 years |
55 years |
Permanently |
Criminal Record Checks |
Deleted following recruitment process unless relevant to ongoing employment relationship. |
NA |
75 years as part of the employment records |
NA |
NA |
NA |
Presented upon employment, not stored by Azets |
Collective and workforce agreements that could affect current employees |
Permanently |
Permanently |
Permanently |
NA |
Permanently |
NA |
NA |
CCTV Images |
30 days |
30 days |
30 days |
NA |
2 weeks |
NA |
30 days |
Personal Data
Depending on the processing activity, we rely on the following lawful bases for processing your personal data under the UK GDPR or EU GDPR (whichever applies to your country of employment) and other relevant national data protection legislation:
Special category data
Where the information we process is special category data, for example your health data, the additional lawful bases for processing that we rely on are[2]:
Criminal convictions and offences
If we process information about workers’ criminal convictions and offences the lawful bases we rely on to process this data are:
[1] The UK Border Agency (UKBA) in the United Kingdom.
[2] In the UK we also rely on processing conditions at Schedule 1 part 1 paragraph 1 and Schedule 1 part 1 paragraph 2(2)(a) and (b) of the Data Protection Act 2018. These relate to the processing of special category data for employment purposes, preventative or occupational medicine and the assessment of your working capacity as an employee
[3] In the UK we also rely on the processing condition at Schedule 1 part 1 paragraph 1 of the Data Protection Act 2018.
[1] For example, in accordance with ICAEW guidance in the UK, “Guidance on the duty to report misconduct”, effective from 1 October 2020.
[2] In the UK this is to comply with Practice Direction 31B
[3] as required in the UK by the UK Data Protection Act 2018, Schedule 1, Part IV (“the appropriate policy document”)