Azets is committed to respecting and protecting your privacy. This policy is a statement of how we process your personal data in compliance with data protection legislation. When we process personal data in the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR. When we process personal data in the European Economic Area we do so in compliance with the EU GDPR. It is important to note that some countries impose different legal obligations on employers in employment legislation and wherever possible these variations are shown as footnotes.
Where we refer to “you” or “your”, we are referring to you as an employee (current or former) or a consultant of Azets.
Where we refer to “we”, “our” or “us”, we are referring to the Azets company that employs you. The company that employs you is the controller of your personal data. A list of employing companies in the Azets group is contained below. It provides the postal address and Data Protection Officer/Manager contact details to use if you have any questions about this policy or how we process your personal data.
This privacy policy applies to personal data we have already collected or will collect about our employees, workers and consultants. This privacy policy does not form part of any contract of employment or other contract to provide services and we may update this privacy policy at any time and we will inform you of any significant update. Nothing in this notice is intended to create an employment relationship between us and any non-employee providing services to us.
This policy describes:
It is important that you read this policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
Our Data Protection Officer and Data Protection Managers oversee our compliance with data protection legislation. If you have any queries relating to your personal data, please contact the relevant Data Protection Officer or Data Protection Manager as shown in the list below.
You can either send an email to the relevant email address or write for the attention of the Data Protection Officer or Data Protection Manager at the relevant postal address.
(The lawful basis for this processing is described in Appendix B)
Information related to your employment
We use the following personal data to carry out the contract we have (or had) with you, provide you access to business services required for your role and manage our human resources processes:
Information related to your salary, pension, loans and vehicles etc
We process this information for the payment of your salary, income tax, pension and other employment related benefits. We also process it for the administration of statutory and contractual leave entitlements such as holiday or maternity/paternity leave:
Information relating to day-to-day business operations including client relations and travel on our behalf
We use the following to manage our relationships with clients and the interaction you have with them:
Information related to your performance and training
We use this information to assess your performance, conduct pay and grading reviews and to deal with any employer/employee related disputes. We also use it to meet the talent development needs required for your role:
Information relating to monitoring
All of our IT systems and building access systems create auditable logs which can be reviewed, although we don’t do so routinely. We are committed to respecting your reasonable expectations of privacy concerning the use of our buildings, IT systems and equipment. However, we reserve the right to log and monitor such use in line with our Acceptable Use Policy. We use this information to assess your compliance with company policies and procedures and to ensure the security of our client’s data, our premises, our IT systems and our employees. Such data includes:
Information relating to your health and wellbeing
We use the following information to comply with our legal obligations. We also use it to ensure the health, safety and wellbeing of our employees:
Information relating to monitoring of diversity and equal opportunities
In some countries, but not all, we have a legal obligation to monitor diversity in the workplace and to provide equality of opportunity[5]. If - and only if – national legislation requires this we will process information you choose to provide to us on a voluntary basis, regarding:
Such data will be used only for monitoring equality of opportunity and diversity in the workplace.
Information relating to your “Fit and Proper” declaration
We use the information you provide in your fit and proper, independence and confidentiality declaration to satisfy our regulators of your suitability to qualify and practice in the profession of accountancy. Such a declaration is required from Statutory Directors (Principals) and staff (practicing accountants and auditors) and all other members of staff employed by Azets. You are reminded that amongst other information you are required to provide details of any criminal convictions.
Information relating to disputes and legal proceedings
We use the following to protect our business in the event of disputes or legal proceedings:
Information relating to trade union check off arrangements and Works Council administration
We use the following information to regulate our relationship with trades unions and workers councils (if applicable):
Information relating to alumni activities
If your employing company operates an alumni scheme, and with your consent, we will process the following information to supply you with an email newsletter to keep you informed of alumni activities. You will have the choice to opt out of receiving such newsletters at any time:
We initially collect personal data about employees, workers and consultants through the application and recruitment process, either directly from candidates or sometimes from an employment agency. We will also collect additional personal data in the course of your application for employment and, should you be successful, from job-related activities throughout the period of your employment.
We collect information about you in a variety of ways, including from:
We collect and use this information for the following purposes:
In general, processing of your personal data in connection with employment is not conditional on your consent. To the extent that we are interested in processing other personal data for which we need your consent, we will ask it from you directly and will inform you about this processing. If you have given your consent to processing of personal data, you have the right to withdraw your consent at any time, without affecting in any way our employment relationship or the lawfulness of the processing carried out on the basis of your consent given before your withdrawal. You can change or withdraw your consent at any time by sending an email to the Data Protection Officer or your local Data Protection Manager as shown in the list below. We will act immediately accordingly, unless there is a legal basis for not doing so.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any substantial changes to information we collect or to the purposes for which we collect and process it.
For some of your personal data you will have a legal, contractual or regulatory obligation to provide us with your personal data.
Your personal data will be processed by managers, HR staff and administrative staff in the Azets group of companies. Those staff, including your line manager, may not be employed by the same company as you, but may be employed by another company in the Azets group.
In general, access to your personal data is restricted to those who need to access it to perform their duties for example, but not limited to, your management, HR (including local HR teams), Payroll, Talent Development, Compliance and the senior management team.
All companies in the Azets group of companies are bound by a Data Sharing Agreement which commits them to share personal data, when it is necessary, in a secure and lawful manner that respects the rights and freedoms of data subjects.
We have a legitimate interest to operate efficient administration systems and some of these systems are provided by other group companies, so for example:
We have a legitimate interest to maximise efficiency by redeploying or seconding employees from one Azets legal entity to another. In this situation we will disclose, from one Azets legal entity to another, all personal data necessary to support the redeployment or secondment. This may include, amongst other information:
We will only disclose your personal data outside the Azets group of companies and our ultimate parent company if disclosure is consistent with a lawful basis for processing upon which we rely, doing so complies with data protection legislation and is fair to you.
We will disclose your personal data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are overridden by your interests and rights). Where necessary we will also disclose your personal data:
Specific circumstances in which your personal data may be disclosed include to:
All recipients of shared personal data are bound by contract to process personal data in compliance with data protection legislation, particularly with respect to security and confidentiality.
If we were to contemplate selling all or part of the Azets business we may disclose personal data to the potential purchaser as a necessary part of a due diligence process. This would be governed by a legally binding contract that guarantees confidentiality in full compliance with data protection legislation. The contract would also bind the prospective purchaser’s professional advisers to confidentiality. The lawful basis for such disclosure is Legitimate Interest (any Special Category Personal Data would be subject to further restrictions and conditions).
Should a prospective acquisition or merger not proceed to completion the contract would oblige the prospective purchaser to erase any personal data that had been disclosed for the purpose of evaluating the potential business acquisition/merger.
If we were to conclude a sale of all or part of the Azets business personal data would be transferred as an asset in conjunction with the sale or merger (including transfers made as part of any insolvency or bankruptcy proceedings). If this were to occur you will be notified by email and/or a prominent notice on our web sites describing any change of ownership and /or use of your personal data, as well as choices you may have regarding your personal data.
Personal data about you may be held at our offices, on our systems and servers and those of our service providers and partners where information has been shared as described above. Personal data is securely stored and managed in compliance with data protection legislation, particularly with respect to security and confidentiality.
We will neither transfer nor process personal data outside the country in which your employer is based, nor will we permit personal data to be so transferred or processed by a processor or controller, unless it is under one or more of the following conditions:
We keep your personal data during and after your employment, for no longer than is necessary for the purposes for which the personal data is processed. After employment ceases we retain only the information necessary to satisfy legal obligations and to administer any pension commitments we may have. Please see Appendix A of this policy for how long we retain your data.
The duration for which we retain your personal data will differ depending on the type of information and the reason why we collected it from you. It also differs depending upon the national employment legislation of certain countries. However, in some cases personal data may be retained on a long-term basis, for example, personal data that we need to retain because of a legal or regulatory obligation. Such exceptions include:
If we reasonably anticipate litigation, we may issue a “Litigation Hold” (also known as a legal hold, document hold, hold order, or preservation order) which affects your personal data[9]. This is an instruction directing employees to preserve, and refrain from destroying or modifying, certain records and information (both paper and electronic) that may be relevant to the subject matter of a pending or anticipated litigation or government or regulatory investigation. If we reasonably expect litigation or a government investigation, we have a common law duty to prevent spoliation of evidence. This would have the effect of suspending the normal disposition or processing of records, such as backup recycling, archived media and other storage and management of documents and information. The documents to be preserved include electronic documents which would otherwise be deleted in accordance with our retention policy or otherwise deleted in the ordinary course of business.
We have an obligation to ensure that the personal data we hold about you is accurate and up-to-date and we use our best endeavours to ensure its accuracy. But to do this we require your cooperation and assistance. Please let your HR team know if anything changes, for example if you move home or change your phone number or personal email address.
We do not use personal data to perform any automated decision making that could have a legal or similarly significant effect upon you.
We try to be as open as we reasonably can about the personal data that we process. If would like specific information, please ask.
You have the following legal rights concerning your personal data:
Right of access |
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to a copy of that personal data. |
Right to rectification |
You have the right to oblige us to rectify inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. |
Right to erasure (right to be forgotten) |
You have the right (under certain circumstances, but not all) to oblige us to erase personal data concerning you. |
Right to restriction of processing |
You have the right (under certain circumstances, but not all) to oblige us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. |
Right to data portability |
You have the right (under certain circumstances, but not all) to oblige us to provide you with the personal data about you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to oblige us to transmit those data to another controller. |
Right to withdraw consent |
If the lawful basis for processing is consent, you have the right to withdraw that consent. |
Right to object to direct marketing |
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. |
Rights in relation to automated decision making and profiling |
We do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you. |
If you would like to exercise any of these rights, please contact the Data Protection Officer or Data Protection Manager using the email addresses at the top of this notice.
If you are not satisfied with the response you receive, you have the right to lodge a complaint with your national Supervisory Authority. Contact details for the relevant Supervisory Authority for the country in which you work are shown in the table below.
Employed in |
Supervisory authority |
United Kingdom |
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF United Kingdom (t) 0303 123 1113 |
Ireland |
An Coimisiún um Chosaint Sonraí (Data Protection Commission) 21 Fitzwilliam Square South Dublin D02 RD28 Ireland (t) +33 (0)1 7650100 |
Norway |
Datatilsynet / The Norwegian Data Protection Authority Postboks 458 Sentrum 0105 Oslo Norway (t) +47 22 39 69 00 |
Romania |
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal / The National Supervisory Authority for Personal Data Processing B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, cod postal 010336 Bucuresti Romania (t) +40.318.059.211 (t) +40.318.059.212 |
Sweden |
Integritetsskydds myndigheten (IMY) / Swedish Authority for Privacy Protection (IMY) Box 8114 10420 Stockholm Sweden (t) 08-657 61 00 (e ) imy@imy.se |
Finland |
Tietosuojavaltuutetun Toimisto / Office of the Data Protection Ombudsman P.O. Box 800 00531 Helsinki Finland (t) +358 (0)29 566 6700 (e) tietosuoja@om.fi |
Estonia |
Andmekaitse Inspektsioon / Republic of Estonia Data Protection Inspectorate 39 Tatari St. 010134 Tallinn Estonia (t) (+372) 627 4135 (e) info@aki.ee |
Denmark |
Datatilsynet / The Danish Data Protection Agency Carl Jacobsens Vej 35 2500 Valby Denmark (t) 33 19 32 00 |
This notice does not form part of your contract of employment and does not create any contractual rights or obligations. Nothing in this notice is intended to create an employment relationship between us and any non-employee providing services to us.
This Privacy Notice, along with other Azets policies shall form our policy for processing Special Category Personal Data[10].
We reserve the right to update this privacy notice at any time, and we will inform you if we make any significant updates. We may also notify you in other ways from time to time about the processing of your personal data.
Version 20240306
Dated: 6 March 2024
APPENDIX A – Data Retention Schedule
The period for which we will retain your personal data is dictated partly by national employment legislation. The table below shows the retention period depending upon the country where your employer is based.
Type of data |
UK |
Norway |
Romania |
Sweden |
Finland |
Estonia |
Denmark |
Job applications, CVs and interview records of unsuccessful applicants |
12 months |
12 months |
12 months |
12 months |
12 months |
N/A |
6 months |
Personnel and training records (including references, appraisals, grievance procedures and disciplinary matters) |
7 years after employment ceases |
5 years after employment ceases |
75 years (except appraisals which are kept for 3 years) |
During the employment relationship |
10 years |
10 years after employment ceases, 50 years after employment ceases for contracts started before 2009. |
5 years after employment ceases |
“Right to work” documentation |
One year after the foreign employee has ceased working for the company, or until the national border enforcement agency[11] has examined and approved the documentation, whichever is the longer period. |
|
|
|
|
|
|
Contracts of employment and changes to terms and conditions |
7 years after employment ceases |
5 years after employment ceases |
75 years as part of the employment records |
Permanent |
10 years after employment ceases. |
10 years after employment ceases, 50 years after employment ceases for contracts started before 2009. |
5 years after employment ceases |
Payroll |
7 years after employment ceases |
5 years after fiscal year end |
50 years |
Permanent |
6 years after employment ceases or fiscal year ends, “Payroll card” 50 years. |
7 years after fiscal year end. |
Current calendar year + 5 year after employment ceases |
Income tax |
7 years after employment ceases |
5 years after fiscal year end |
50 years
|
Permanent |
6 years after employment ceases or fiscal year ends. |
7 years after fiscal year end. |
Current calendar year + 5 years after employment ceases |
Reportable accident, death or injury in connection with work. |
Permanently |
NA |
75 years as part of the employment records |
Permanent (+10 years after death of person involved |
10 years |
55 years |
Permanently |
Criminal Record Checks |
Deleted following recruitment process unless relevant to ongoing employment relationship. |
NA |
75 years as part of the employment records |
NA |
NA |
NA |
Presented upon employment, not stored by Azets |
Collective and workforce agreements that could affect current employees |
Permanently |
Permanently |
Permanently |
NA |
Permanently |
NA |
NA |
CCTV Images |
30 days |
30 days |
30 days |
NA |
2 weeks |
NA |
30 days |
APPENDIX B– Lawful Basis for Processing your Personal Data
Personal Data
Depending on the processing activity, we rely on the following lawful bases for processing your personal data under the UK GDPR or EU GDPR (whichever applies to your country of employment) and other relevant national data protection legislation:
Special category data – health related
Where the information we process is health related special category data, the additional lawful bases for processing that we rely on are[12]:
Special category data – diversity related
Where the information we process is diversity related special category data, the additional lawful bases for processing that we rely on are[13]:
Criminal convictions and offences
If we process information about workers’ criminal convictions and offences the lawful bases we rely on to process this data are:
Table of postal address and Data Protection Officer/Manager contact details.
Employed by |
Controller of your personal data |
Data Protection Officer or Data Protection Manager contact details |
Azets AS |
Azets AS Company No 917 774 447 Postboks 342 Sentrum 0101 Oslo Norway |
|
Azets ATB ApS |
Azets ATB ApS Company No 252 29 649 Lyskær 3 C 2730 Herlev Denmark |
|
Azets Audit Services Ireland Limited |
Azets Audit Services Ireland Limited Company No. 734828 3rd Floor 40 Mespil Rd, Dublin D04 C2N4 Ireland |
|
Azets Consulting AS |
Azets Consulting AS Company No 892 520 682 Vaskerelven 39, BERGEN 5014, VESTLAND Norway |
|
Azets Document Solutions SRL |
Azets Document Solutions SRL Company No. 41675790 5 Nicolaus Olahus Street Sibiu Business Center Entrance A, 9. Floor 550370 Sibiu Romania |
|
Azets Document Solutions AB |
Azets Document Solutions AB Company No 556808-6143 Box 398 73726 Fagersta Sweden |
|
Azets Document Solutions AS |
Azets Document Solutions AS Company No 983 390 684 7898 Limingen Norway |
|
Azets Document Solutions Ltd |
Azets Document Solutions Ltd Company No 03794595 24 Pindar Road, Hoddesdon, Hertfordshire, EN11 0DE United Kingdom |
|
Azets Document Solutions OY |
Azets Document Solutions OY Company No 2609954-7 Kirkkokatu 25 A 80100 Joensuu Finland |
|
Azets Employee Public A/S |
Azets Employee Public A/S Company No 27 71 86 12 Lyskær 3 C 2730 Herlev Denmark |
|
Azets Holdings Ltd |
Azets Holdings Limited Company No 06365189 2nd Floor, Regis House, 45 King William Street, London, EC4R 9AN United Kingdom |
|
Azets Insight AB |
Azets Insight AB Company No 556 250 3580 Box 1424 17127 Solna Sweden |
|
Azets Insight AS |
Azets Insight AS Company No 983 338 917 Postboks 881 Sentrum 5807 Bergen Norway |
|
Azets Insight A/S |
Azets Insight A/S Company No 25 07 48 23 Lyskær 3 C 2730 Herlev Denmark |
|
Azets Insight OÜ |
Azets Insight OÜ Company No 146 28 759 Lõõtsa 1A, Tallinn, 11415 Estonia |
|
Azets Insight OY |
Azets Insight OY Company no 0220227-1 Elielinaukio 5 B 00100 Helsinki Finland |
|
Azets Insight SRL |
Azets Insight SRL Company No. 24813426 5 Nicolaus Olahus Street Sibiu Business Center Entrance A, 9. - 10. Floor 550370 Sibiu Romania |
|
Azets Ireland Holdings Limited |
Azets Ireland Holdings Limited Company No. 734931 3rd Floor 40 Mespil Rd, Dublin D04 C2N4 Ireland |
|
Azets Labs A/S |
Azets Labs A/S Company No 10407745 Lyskær 3 C 2730 Herlev Denmark |
|
Azets Linköping AB |
Azets Linköping AB Company No 556549-2237 Hertig Karlsgatan 2, 582 21 Linköping, Sweden |
|
Azets Norrkoping AB |
Azets Norrköping AB Company No 556263-6521 Söderleden 104A, 602 28 Norrköping, Sweden |
|
Azets OLH Limited |
Azets OLH Limited Company No 276064 3rd Floor 40 Mespil Rd, Dublin D04 C2N4 Ireland |
|
Azets Opco Ltd |
Azets Opco Limited Company No BR019040 2nd Floor, Regis House, 45 King William Street, London, EC4R 9AN United Kingdom |
|
Azets Payroll Services Ireland Limited |
Azets Payroll Services Ireland Limited Company No 576004 3rd Floor 40 Mespil Rd, Dublin D04 C2N4 Ireland |
|
Azets People AS |
Azets People AS Company No 087 733 748 Postboks 342 Sentrum 0101 Oslo Norway |
|
Azets People Management AS |
Azets People Management AS Company No 912 327 094 Postboks 342 Sentrum 0101 Oslo Norway |
|
Azets Perspektiv A/S |
Azets Perspektiv A/S Company No 43095757 Lyskær 3 C, 2730 Herlev Denmark |
|
Azets Solutions AB |
Azets Solutions AB Company No 559382-1886 Kristianbergsvägen 17 737 30 Fagersta Västmanlands län, Sweden
|
|
Azets Solutions Aps |
Azets Solutions Aps Company No 43334875 Lyskær 3 C, 2730 Herlev, Denmark |
|
Azets Software AB |
Azets Software AB Company No 559273-6937 Ekensbergsvägen 113, 171 41 Solna, Sweden |
|
Blick Rothenberg Ltd |
Blick Rothenberg Limited Company No 10238654 16 Great Queen Street, London, WC2B 5AH United Kingdom |
|
Gorilla Accounting Ltd |
Gorilla Accounting Limited Company No 08583398 Unit B, Lostock Office Park, Lynstock Way, Lostock, Bolton, Lancashire, BL6 4SG United Kingdom |
|
Idur Information AB |
Idur Information AB Company No 556632-5188 Enhagsslingan 6 187 40 Täby Sweden |
|
Isännöinti Luotsi Oy |
Isännöinti Luotsi Oy Company No 1594341-5 Elielinaukio 5 B 00100 Helsinki Finland |
|
Karabin AS |
Karabin AS Company No 923 351 493 C/O Spaces Lars Hilles gate 30 BERGEN 5008, VESTLAND Norway |
|
Karabin Impello AS |
Karabin Impello AS Company No 987 957 697 Inngang B Innherredsveien 7, TRONDHEIM 7014, TRØNDELAG Norway |
|
Karabin Sans AS |
Karabin Sans AS Company No 923 351 493 C/O Spaces Lars Hilles gate 30 BERGEN 5008, VESTLAND Norway |
|
Karabin Valent AS |
Karabin Valent AS Company No 924 615 478 C/O Spaces Lars Hilles gate 30 BERGEN 5008, VESTLAND Norway |
|
Saga Consult AS |
Saga Consult AS Company No 990 070 571 Hvervenmoveien 49, 3511 Hønefoss, Norway |
|
[1] Known as P45 details in the UK.
[2] Form MATB1 in the UK.
[3] MOT certificates in the UK.
[4] Form D906 in the UK.
[5] In the UK this is to comply with the Equality Act 2010 and is advocated by UK regulators including the FCA and the ICAEW.
[6] Financial Reporting Council’s Ethical Standards 2016 in the UK.
[7] Such as those issued by ACAS in the UK.
[8] For example, in accordance with ICAEW guidance in the UK, “Guidance on the duty to report misconduct”, effective from 1 October 2020.
[9] In the UK this is to comply with Practice Direction 31B
[10] as required in the UK by the UK Data Protection Act 2018, Schedule 1, Part IV (“the appropriate policy document”)
[11] The UK Border Agency (UKBA) in the United Kingdom.
[12] In the UK we also rely on processing conditions at Schedule 1 part 1 paragraph 1 and Schedule 1 part 1 paragraph 2(2)(a) and (b) of the Data Protection Act 2018. These relate to the processing of special category data for employment purposes, preventative or occupational medicine and the assessment of your working capacity as an employee.
[13] In the UK we also rely on processing conditions at Schedule 1 part 2 paragraph 8 1(a) and 1(b) of the Data Protection Act 2018. These relate to the processing of special category data which is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained. Also Schedule 1 part 2 paragraph 9 1(a) and 1(b) of the Data Protection Act 2018. These relate to the processing of special category data which is necessary for the purposes of promoting or maintaining diversity in the racial and ethnic origins of individuals who hold senior
positions in the organisation or organisations.
[14] In the UK we also rely on the processing condition at Schedule 1 part 1 paragraph 1 of the Data Protection Act 2018.