This privacy notice explains what personal data we hold about current or prospective employees, agents, contractors (you), how we collect it, and how we use and may share information about you during your application for a role with us, employment with us and following the termination of any employment contract you may have with us. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice and any other similar notice we may provide to you from time to time when we collect or process personal data about you as this notice sets out how we process certain of your information (personal data).
Personal data
Personal Data is information that relates to an individual. This may be your name, address, contact details or any feature that identifies you. Personal Data also includes special category data or sensitive personal data. This is information for example about an individual’s race; ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data (where this is used for identification purposes); health data; sex life; or sexual orientation. It is data that is seen as being particularly sensitive and that needs to be processed by organisations with extra care and attention
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
Who collects the information?
Irwin Mitchell LLP and its affiliated entities and group firms (IM) is a ‘data controller’ and gathers and processes your personal data, and so, in this notice, references to ‘we’ or ‘us’ mean IM and our group companies. Where an IM firm or affiliated entity processes personal data different to as set out in this privacy notice, they will have a separate privacy notice which you can access through the IM web pages.
If you have any questions about this privacy or any other IM privacy notice, please contact our Data Protection team at:
IM Asset Management Ltd
Email - IMAMLdataprotection@irwinmitchell.com
Post - Data Protection Team (IMAML) Riverside East, 2 Millsands, Sheffield, South Yorkshire, S3 8DT
All other IM Group entities
Email - dataprotection@irwinmitchell.com
Post - Data Protection Team The Colmore Building, 9th Floor, 20 Colmore Circus, Birmingham, B4 6AH
What personal data do we collect?
We may collect the following personal data from you - if you are not an employee we will always seek your consent before we process any of your personal data:
- Your name, contact details (ie address, home and mobile phone numbers, email address) and emergency contacts (ie name, relationship and home and mobile phone numbers)
- Personal data collected during your recruitment process for example from application forms CVs
- Employment contract information
- Details of salary and benefits, bank/building society, National Insurance and tax information, your age
- Details of your spouse/partner and any dependants or other third party (we will process this personal data for legitimate purposes in fulfilling our legal obligations as your employers so please ensure they are notified)
- Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information;
- A copy of your driving licence
- Details of any share incentive arrangements with us, and all information included in these and necessary to implement and administer them
- Details of your pension arrangements with us, and all information included in these and necessary to implement and administer them
- information about your health, including any medical condition or disability where this relates to the specific role applied for
- Information in your sickness and absence records (including sensitive personal data regarding your physical and/or mental health)
- Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs
- Criminal records information, including the results of Disclosure and Barring Service (DBS) checks
- Information on grievances raised by or involving you
- Information on conduct and/or other disciplinary issues involving you
- Details of your appraisals and performance reviews
- Details of your performance management/improvement plans (if any)
- Details of your time and attendance records
- Information regarding your work output
- Information in applications you make for other positions within our organisation
- Information about your use of our IT, communication and other systems, and other monitoring information
- Your image, in photographic and video form
- Details of your use of business-related social media, such as LinkedIn
- Your use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation; you will be notified separately if this is to occur)
- Details in references about you that we give to others.
Certain areas of the categories above may not apply to you if you are not an employee (such as an independent contractor or agency worker).
How we collect the personal data
We may collect this personal data from you, your personnel records, the Home Office, pension administrators, your doctors, from medical and occupational health professionals we engage and from our insurance benefit administrators, and other third parties such as our recruitment service providers or referees in in relation to your employment with us.
Why we collect the personal data and how we use it
We will typically collect and use this personal data for the following purposes: During the recruitment stage where we invite you for an interview or assessment either at our premises or on the phone and decide whether you are suitable for a role within IM:
- For the performance of a contract with you, or to take steps to enter into a contract
- For compliance with a legal obligation (eg our obligations to you as your employer under employment protection and health safety legislation, and under statutory codes of practice, such as those issued by Acas)
- For the purposes of our legitimate interests (for example in an emergency or disaster scenario for business continuity or to gain valuable insights from our colleagues) or those of a third party (such as a benefits provider), but only if these are not overridden by your interests, rights or freedoms
- Because it is necessary for carrying out obligations or exercising rights in employment law
- To defend any legal claims that may be brought against us in connection with your employment, or to establish, bring or pursue any claim against you, eg to enforce post-termination restrictions; this will typically involve passing personal data on to our legal advisers, who will be subject to strict professional and contractual duties of confidentiality.
- In restricted circumstances, for testing purposes - we fully test our systems and services, to ensure that they will work as expected and will not cause loss or damage to data. Wherever we can, we use anonymous data. Only in very limited circumstances will we use personal data and, on these occasions, the data will be protected in a secure and closed environment and deleted as soon as the testing is completed.
We will use your sensitive personal data as follows:
- We will use your personal data about your medical condition or disability status to consider fitness for work in your employment or relating to the particular role you have applied for and whether we need to provide appropriate adjustments for you
- We will use your passport information in relation to whether you are eligible to work in the UK
- We will use your personal data about whether you have committed a criminal offence or have any criminal convictions for the purpose of ensuring your suitability for any role applied for. [We will not use any spent conviction data]
- For investigating, pursuing or defending any legal claims.
We seek to ensure that our personal data collection and processing is always proportionate. We will notify you of any material changes to personal data we collect or to the purposes for which we collect and process it. We will only retain your personal data for as long as is necessary and will only process your personal data for the purposes of which we have notified.
How we may share the personal data
We may need to share some of the above categories of personal data with other parties, such as external contractors and service providers and our professional advisers and with potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal data with our regulators or as required to comply with the law.
We also use job boards and sites to advertise our vacancies. Where you apply for one of these jobs (as opposed to applying to us directly) we will collect, store and use personal data provided to us by the job board/site together with what you provide direct to us. The information provided by the job board/site is likely to include CV, email address, telephone number, current job title, current location, and current salary. Where you have started an application but not yet completed it, the access granted to us by job boards and sites may mean that we have sight of your application. If you would like further information on how your personal data is processed by job boards/sites and what information they provide to us please review their privacy notice as they are the data controllers in this instance.
Whether we intend to do automated decision-making or profiling
We are striving to become a more digital business while retaining our human approach. We believe that embracing technology has the potential to enhance the overall experience of clients. We use certain tools that draw on artificial intelligence – such as spell-check and anti-virus software – to work efficiently and safely. These tools may process some personal data, however our expert staff review the output from the technology, wherever appropriate. However, we do not use your personal information to make automated decisions about you.
Where information may be held
Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. Information may also be transferred internationally to other countries outside the EU. Where we do transfer personal data outside the EU we will do so securely and in accordance with the relevant data protection laws. We have security measures in place to seek to ensure that there is appropriate security for information we hold.
How long will we keep your personal data?
If you do not join us we will keep your personal data for a period of 12 months after we have communicated to you our decision about whether to offer the job to you. We retain your personal data for that period so that we can show that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.
If a dispute arises between us, we will continue to retain your personal data for the purposes of responding to and dealing with this dispute and this may mean that we keep your personal data for longer than 6 months.
If you have not joined us and would like us to keep your details on record for the purposes of considering you for a suitable role in the future please let us know. We will then keep your details for a further 12 months.
If you join us as an employee then the personal data collected as part of the recruitment and selection process will be added to your HR file. Your personal data will be retained in accordance with our data retention policy.
We will ensure that your personal data is securely deleted after the retention periods stated above have expired.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights
You have a number of rights over your personal data, which are:
- The right to ask us what personal data we have about you and to have a copy of your personal data from us
- The right to ask us to correct any errors in your personal data
- The right to ask us to delete your personal data where:
- We don’t need your personal data anymore- for example 6 years after the termination of your employment with us and there are no outstanding claims or for IMAML staff in which case certain data may need to be kept for longer to meet FCA requirements
- You withdraw your consent to our use of your personal data and we have no other legal basis to keep your personal data
- Our use of your personal data is illegal
- We have to delete your personal data to comply with our legal obligations
- The right to ask us to restrict the use that we are making of your personal data where:
- you don’t think the personal data we have about you is correct, so that we can check if it is correct
- what we are doing with your personal data is illegal but you would rather we stop using your personal data rather than delete it
- we don’t need your personal data anymore, but you need us to keep it so that you can exercise any legal rights
- The right to ask us to transfer your personal data in certain circumstances.
If you are an applicant for a role within IM and you want to access, review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the data protection team at the email and address above.
If you are an employee and you are requesting a particular right please contact the data protection team via the GCT Toolkit on the IM intranet.
How to complain
We hope that our Data Protection Team can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
