Aero Metals Alliance UK Limited “the Company” is a “data controller”. This means we are responsible for deciding how we hold and use personal information about you.
This policy applies to current and former employees, workers and contractors. This policy does not form part of a contract of employment or any contract to provide services and may be updated at any time.
The Company is committed to protecting the privacy and security of your personal information. The Company is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.
The detail of the policy is broken down into fourteen sections which are:
- Data Protection Principles
- What information does the Company collect and process?
- Why does the Company process personal data?
- Situations in which we will use your personal information
- If you fail to provide personal information
- Change of purpose
- How we use sensitive personal information
- Information about criminal convictions
- Automated decision-making
- For how long does the Company keep your personal information?
- Who has access to your personal information?
- How does the Company protect data?
- Your duty to inform us of changes
- Your rights
Data Protection Principles
The Company will comply with data protection law. This means that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes
- Relevant to the purposes we have told you about and limited to those purposes only
- Accurate and kept up to date
- Kept only for such time as is necessary for the purposes we have told you about and
- Kept securely.
What information does the Company collect and process?
The Company collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the persona can be identified.
- Personal contact details, such as your name, title, address and contact details, including email address and telephone number
- Date of birth
- The terms and conditions of your employment
- Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Company
- Information about your marital status, next of kin, dependants and emergency contacts
- Information about your nationality and entitlement to work in the UK
- Copy of driving licence
- Details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave
- Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
- Correspondence sent or received by you or relating/copied to you, including emails
- Assessments of your performance, including appraisals, training you have participated in, performance improvement plans and related correspondence
- CCTV footage and other information obtained through electronic means e.g swipe card records.
We may also collect, store and use the following special categories or more sensitive personal information:
- Information about medical or health conditions, including whether or not you have a disability for which the Company needs to make reasonable adjustments
- Details of trade union membership; and
- Information about your criminal record.
The Company collects this information in a variety of ways. For example, data is collected through the application and recruitment process and during work-related activities throughout the period of working for us.
In some cases, the Company collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
Data is stored in a range of different places, including in your personnel file, in the Company’s HR systems and in other IT systems (including the Company’s email system).
Why does the Company process personal data?
The Company needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract.
In addition, the Company needs to process data to ensure that we are complying with our legal obligations, for example, we are required to check an employee’s entitlement to work in the UK.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment relationship.
Situations in which we will use your personal information
Situation in which we will process your personal information are listed below:
In order to:
- Make decisions about recruitment and promotion processes
- Maintain accurate and up-to-date employment records and contact details (including details of whom to contact in the event of an emergency), and records of employee contractual and statutory rights
- Check you are legally entitled to work in the UK
- Gather evidence for, and keep a record of, disciplinary and grievance processes, to ensure acceptable conduct within the workplace
- Pay you and, in the case of employees, make deductions for tax and National Insurance
- Make decisions about salary reviews and compensation
- Operate and keep a record of employee performance and related processes
- Keep records of training and development requirements
- Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled
- Ascertain your fitness to work
- Operate and keep a record of other types of leave (such as maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the Company complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled
- Ensure effective general HR and business administration
- Provide reference on request for current or former employees
- Deal with legal disputes involving you or other employees, workers and contractors
- Facilitate equal opportunities monitoring in the workplace
- Comply with statutory and regulatory requirements, including but not limited to gender pay reporting, national statistics, statutory accounting and the apprenticeship levy
If you fail to provide personal information
If you do not provide certain information when requested, the Company may not be able to perform the contract we have entered into with you, such as paying you or providing a benefit. You may also have to provide the Company with data in order to exercise statutory rights, for example in relation to statutory leave entitlements.
Change of purpose
The Company will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
How we use sensitive personal information
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (for example, in relation to employees with disabilities and for health and safety purposes).
Information about criminal convictions
We do not envisage that we will hold information about criminal convictions
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.
Our employment decisions are not based solely on automated decision-making.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
The Company will generally hold your personal information for the duration of your employment or engagement. The exceptions are:
- Any personal information supplied as part of the recruitment process will not be retained if it has no bearing on the ongoing working relationship
- Disciplinary, grievance and capability records will only be retained until the expiry of any warning given (but a summary disciplinary, grievance or performance management record will still be maintained for the duration of your employment).
Once you have left employment or your engagement has been terminated, we will generally hold your personal information for one year after the termination of your employment or engagement, but this is subject to:
- Any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and
- The retention of some types of personal information for up to six years to protect against legal risk.
We will hold payroll, wage and tax records (including salary, bonuses, overtime, expenses, benefits and pension information, National Insurance number, PAYE records, tax code and tax status information) for six years after the termination of your employment or engagement.
Who has access to your personal information?
Your personal information may be shared internally within the Company, including with members of the HR department, payroll staff, your line manager, other managers in the department in which you work and IT staff if access to your personal information is necessary for the performance of their roles.
The Company may also share your personal information with third-party service providers (and their designated agents), including:
- External organisations for the purposes of conducting pre-employment reference and employment background checks
- Payroll providers
- Benefits providers and benefits administration, including insurers
- Pension scheme provider and pension administration
- Occupational health providers
- External auditors
- Professional advisers, such as lawyers and tax advisors.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
The Company shares your data with third parties where required by law, where it is necessary in order to administer the working relationship with you or where we have another legitimate interest in doing so. For example, a third-party provider carries out pension scheme administration on behalf of the Company. In all cases data is protected by security measures.
Any data transferred to countries outside the European Economic Area (EEA) will be protected by appropriate security measures. If you require further information, please contact the IT Director (contact details below).
How does the Company protect data?
The Company takes the security of your data seriously. The Company has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Details of these measures are available on request.
When the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Your duty to inform us of changes
It is important that the personal information we hold abut you is accurate and current. Please be sure to keep us informed if your personal information changes during your time working with us.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request (known as a “data subject access request”)
- Require the Company to change incorrect or incomplete data
- Request erasure of your personal information. This enables you to ask the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- Object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing, and
- Ask the Company to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.
If you would like to exercise any of these rights, or you have any questions about the policy, please contact the Company Secretary or the IT Director.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office.
Morag Hale, Company Secretary
Peter Moriarty, IT Director