This data processing notice describes how Harris + Hoole and its parent company (referred to in this document as “Harris + Hoole”) collects and uses personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and UK data protection laws.
This notice applies to current and former employees, workers, consultants and contractors. This notice does not form part of any employment contract or other contract to provide services.
Personal data, or personal information, means any information about an individual from which that person can be identified. In some cases, we process your personal information because it is necessary for us to perform our contract with you or for us to comply with our legal obligations. In other cases, we may need to process your personal information for our legitimate interests, namely: efficient operation of the business; maintaining standards of service for our customers; protection of our business; monitoring staff welfare; improving diversity.
LAWFUL basis for processing
Personal data must be processed "lawfully, fairly and in a transparent manner" to comply with GDPR. The GDPR sets out the acceptable lawful bases for processing as follows:
|1. Consent||the individual has given consent to such processing.|
|2. Contract||the processing is necessary for the performance of a contract to which the individual is party.|
|3. Legitimate interests||the processing is necessary for the legitimate interests of the data controller (i.e. Harris + Hoole) or a third party except where such interests are overridden by the interests, rights and freedoms of the individual.|
|4. Legal obligation||the processing is necessary for compliance with a legal obligation.|
|5. Vital interests||the processing is necessary to protect the vital interest of the individual (or another person).|
|6. Public task||the processing is necessary for the performance of a task in the public interest/using official authority.|
Harris + Hoole only processes your personal data where there is a lawful basis to do so.
Data Retention Policy
Harris + Hoole endeavours to ensure that personal data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable.
We generally retain personal data for as long as is required to satisfy the purpose for which it was collected. This will usually be the period of your employment/contract with us plus the length of any applicable statutory limitation period following your departure, although some data, such as pension information, may need to be kept for longer. We may keep some specific types of data, for example, tax records, for different periods of time, as required by applicable law. However, some personal data may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
At the end of the defined retention period Harris + Hoole will delete the data or anonymise it so that no individual can be identified from it.
Data Classification and Data Security
Harris + Hoole has IT Security and Data Protection policies in place to ensure that wherever your data is processed the security processes in place are proportionate to the level of sensitivity of the data. GDPR distinguishes “Special Category Personal Data” which is the most sensitive data that we process. This would include information relating to your racial or ethnic origin, sexual orientation, disabilities or any criminal convictions. If this data is processed, it will be subject to strict data protection controls. All personal data that is processed by Harris + Hoole is therefore classified according to its sensitivity and the security processes (including physical and technological access restrictions) are defined accordingly.
Harris + Hoole maintains a “Data Matrix” that catalogues every “Data Type” Harris + Hoole processes. This Data Matrix defines what personal data is being processed, clarifies what the legal basis for processing it is, assigns a retention period, describes the deletion or anonymisation process and explains what security and access control processes are in place to adequately protect the data. The Data Matrix also describes how Harris + Hoole’s obligation to respond to a SAR request can be fulfilled.
Examples of third parties with whom your data will be shared include third party software and service providers, tax authorities, regulatory authorities, Harris + Hoole’s insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of Harris + Hoole’s benefits programs. Harris + Hoole expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security. All service providers sign standard contractual clauses to ensure that they are processing data in a secure way, in compliance with GDPR and that the data is not shared with other third parties unless so approved by Harris + Hoole. The Data Matrix will detail which (if any) third party processes data on Harris + Hoole behalf.
Right to access, correct and delete your personal data
In order to fulfil your request, we will require proof of your identity in order to protect this data from unauthorised access
Harris + Hoole aims to ensure that all personal data is correct. You have a responsibility to ensure that changes in personal circumstances (for example, change of address and bank accounts) are notified to Harris + Hoole so that we can ensure that your data is up to date. You have the right to request correction of any inaccurate data relating to you. You furthermore have the right to request deletion of any irrelevant data we hold about you. To correct/update your information, you will need to contact Human Resources. If you have any questions about how we process your personal information please contact the Human Resources department. We hope that we will be able to address any questions or concerns you may have. However, you also have the right to make a complaint at any time to the Information Commissioner's Office (www.ico.org.uk), the UK supervisory authority for data protection issues.
The personal information we hold about you
This document explains which of your personal data we process, which systems are used for this processing and what the lawful basis for processing is.
Human Resources Database
We record your name, address, date of birth, contact details, job title history, payroll information, bank account details, working location(s), disciplinary and grievance records, course completion history, holiday entitlement, contracted hours, gender, nationality, ethic origin, martial status as well as the dates on which any of these records were amended (and where appropriate the reasons for these changes). We retain a record of your contract of employment, your proof of identity and proof of your right to work in the European Union. If relevant we retain a record of your driving licence. We record the name and contact details of your nominated Next of Kin and what their relationship to you is.
The HR Database acts as the primary data warehouse for all personal data processed in Harris + Hoole. The lawful bases on which data is processed in this system are; that it is required for Harris + Hoole to fulfil its contractual commitments to you; that legislation (e.g. tax regulation) requires the processing and that Harris + Hoole has a legitimate interest in processing your data in order to improve the operational performance of Harris + Hoole. This data warehouse is linked to other in house and third-party systems and in combination with these systems provides insight into your performance of your role within Harris + Hoole. This data can therefore be used when assessing performance. It may also be used in the course of any disciplinary process.
The HR Database does contain some data that may be considered sensitive, including “Special Category Data”. Access to this system is therefore limited to nominated members of the HR team and IT administrators. This data is kept for 7 years, to allow for HMRC regulation (as described under the “Payroll System” section below). After 7 years, all data is deleted from the HR database. After 3 months from the leave date, bank details are removed.
The day after you are processed as a leaver, your Next of Kin data (which Harris + Hoole has a legitimate interest in processing in order for us to fulfil a duty of care to you as your employer in the event of emergency) will be permanently deleted.
The HR portal, which allows shop employees to update the main HR Database contains only that personal data which is required for it to fulfil its function. Individuals can only access data relating to employees working in the shop or shops for which they are responsible. All data requests made through the HR Portal are retained for 6 months before being permanently deleted.
Harris + Hoole uses a Business Intelligence system to create Management Information reporting. This system records till performance including all transactions that shop employees enter into the till. It also includes data relating to when employees were scheduled to work (according to the scheduling system) and actually did work (according to the timesheets). The Business Intelligence system also includes personal data (although not Special Category Personal Data) imported from the HR system. The data can be linked to employee records and employees’ names are recorded in the Business Intelligence system. The legal basis for processing this data is legitimate interest. Harris + Hoole use this data to monitor employee performance, control costs within Harris + Hoole and improve the effectiveness and efficiency of the customer service process in shop. This data may be used as part of the employee assessment process and may be used in the course of any disciplinary process. Access to this data is limited to those for whom the data is relevant and follows Harris + Hoole’s structure (shop managers have access to the data for their shop, Area Managers have access to the data for their Area, and so on. Central users with Harris + Hoole-wide responsibilities and IT administrators have full access). This data is retained for a period of twelve months following an employee’s departure. This retention period is set at twelve months a) because many employees are re-hired within this period b) in case of disciplinary action based in any part on till performance c) to retain clarity for the operations team around shop performance. Following this twelve month period, the data is anonymised.
We may print out this data and retain in your HR record in the event of disciplinary proceedings.
The payroll system retains information about your pay, tax, tax code and pension contributions. This information is held along with personally identifiable information including your name and National Insurance number. The payroll system is used by Harris + Hoole to fulfil our contractual obligation to you and our legal obligations to HMRC. The data is retained in the system for seven years (or 185 bi-weekly pay periods). This retention period aligns with the HMRC requirement that we hold tax records for six tax years plus the current tax year. Access to the payroll system is restricted to the Payroll team, IT system administrators and the third party supplier of that system.
Scheduling and timesheets
Harris + Hoole uses a third-party system for the purposes of shop scheduling and timesheet completion. Shop employees’ data is processed in these systems in order for the effective operation of the business (legitimate interest) and in order for Harris + Hoole to fulfil its contractual obligations to you. This data is exported into the Harris + Hoole reporting system (and processed as described above). The data is retained for a period of seven years following your leave date. The retention period is set to seven years to align with the Payroll System retention period, in case of any query or dispute investigation.
Data transfers and Integrations
Data is transferred between in-house and third-party systems on a daily basis in order to maintain the performance of those systems which, as described in this document, is required for successful business operation (legitimate interest). The transfer is encrypted, access is limited to nominated IT administrators and all data is deleted 48 hours following transfer.
CCTV, video and photographs
CCTV is in operation throughout the Harris + Hoole shop estate. Harris + Hoole has a legitimate interest in processing this data because it can be used to provide evidence of activity (by both members of the public and employees) that may be detrimental to Harris + Hoole. CCTV also acts as a deterrent to this activity and helps to protect the welfare of employees and customers as well as the interests of the business more widely. CCTV footage may be used as part of a disciplinary investigation and as evidence in the course of a disciplinary process. Access to the CCTV system is password protected and remote access can only be gained from Harris + Hoole head office premises. As a matter of policy, CCTV footage can only be accessed by authorised shop employees, the central operations team, mangers in the Maintenance Department, the Profit Protection team and IT administrators. Footage may also be shared with the relevant authorities in the event of a criminal investigation.
CCTV footage is stored for a maximum of 6 weeks when it is deleted by being overwritten.
Part of the culture of Harris + Hoole is that we hold company events at which photographs are taken and video may be recorded. We retain these photos and from time to time we use them within Harris + Hoole and externally to celebrate the culture of Harris + Hoole. The culture of Harris + Hoole as an employer is critical to our success as a business - cultural events and a record of them are therefore critical to Harris + Hoole. The retention of these images form a photographic record and as such we have a legitimate interest in retaining them. Photos and videos are stored securely in centrally managed servers and access to them is restricted to employees with access to the central servers.
Harris + Hoole operates an online Applicant Tracking System (ATS), which is provided by a third party. It is necessary to process personal data in this system in order to track the application process and assess the suitability of candidates. Job applications are retained in the ATS system for 6 months from the last application and then deleted.
Potential candidates will from time to time hand in hard copy CVs in shops. These documents may include whatever personal data an applicant chooses. As a matter of policy these documents are kept in locked storage in shop offices and destroyed once a position is filled and no more than six months after they have been received.
The eLearning system retains the details of any courses that you took. The results of some of these tests will be transferred to the HR Database and are subject to the processes described above. Online training courses are a key element of Harris + Hoole training and development plan and retaining data regarding course participation and attainment is important to the successful training and personal development of employees and therefore the success of Harris + Hoole. We therefore have a legitimate interest in processing this data. Access to this data is restricted to Training and IT department administrators, the Recruitment Centre team, HR Database administrators and relevant line managers. Your personal data in the eLearning system will be deleted six years following your leaving date. This allows for access to the records in the event of any tribunal proceedings.
The Harris + Hoole performance review process is used to assess the performance of employees and identify development opportunities. The process necessarily involves the processing of personal data, the basis for which is legitimate interest because this process is necessary for the performance management of employees which in turn improves the performance of Harris + Hoole generally. The performance review form is held electronically for Shop Managers and head office employees and contains various sections, including opinions on progress made, training and development goals and annual objectives.
As a matter of policy, these are stored securely in restricted access file locations and destroyed one year following your leave date. Shop employee PDRs are recorded on paper, kept in secure storage in shop offices and retained until an employee leaves, when they are, as a matter of policy returned to Head Office and destroyed.
Harris + Hoole’s Electronic Point Of Sale (EPOS) system uses your employee number, first and last name, job title and working location to ensure that you have the correct till access at the correct location. Till usage data is exported to and analysed in the reporting system (as described above). Harris + Hoole has a legitimate interest in processing this data as the core functionality of the tills system relies on it. Data in this system is anonymised one month after your leave date.
Pension provider and employee benefits
Harris + Hoole uses third-party partners to administer employee pensions and other benefit schemes (including health care schemes, third party discount schemes, company car scheme etc). We will only provide such personal data to these partners as is necessary for them to administer the service that they provide, but this will include your name, contact details, pay and benefit details. It is necessary that we share this data with them in order to fulfil our contractual obligations to you. The personal data will only be shared with these partners via defined secure data transfer protocols.
Data is retained in these systems for as long as required for third parties to provide their services (e.g. pension details with providers). After the leaver process has been completed, we cease to share data with these third parties. Former employees will need to go direct to the third party to request a copy of, or delete this data.
If you’ve chosen to include your spouse, partner or children in the Employee Benefits Programme, this data will be held, processed and deleted in the same way.
Email and instant messaging
Harris + Hoole managed email is centrally administered by the IT department. Individuals may choose to send Special Category data via email, although this is discouraged as a matter of policy, unless authorised by a Board member due to the nature of an individual’s job and also, where we need this data to fulfil our contractual obligations to employees. Email management is required as it is a primary communication tool and Harris + Hoole therefore has a legitimate interest in processing this data. Email access is restricted to the owner of the email account or to IT administrators. As a matter of policy, no individual’s email will be accessed without either the consent of that individual, or the consent of a Board Director requesting access via the Head of IT or the Infrastructure Manager. Email held on local devices will be deleted within three months of your leave date; server copies of email are deleted within six months of leave date. The email security and archive service retains email indefinitely, as access may be required in the event of contractual dispute.
Harris + Hoole use an instant messaging application. The retention period is set at twelve months and, as per the email policy, individuals may choose to send Special Category data via email, although this is discouraged as a matter of policy.
Email and instant messaging content from employees, or containing information about employees, may be used in disciplinary proceedings or performance appraisals.
Personal Computer usage
Personal computers may contain the personal data of the user, including storage of documents and web browsing history. Some web browsers will retain username and password information. Access is restricted to the assigned computer user or to IT administrators. As a matter of policy, no individual’s personal computer will be accessed without either the consent of that individual, or the consent of a Board Director requesting access via the Head of IT or the Infrastructure Manager. Computer usage in violation of Harris + Hoole policy may result in disciplinary action and as such data retrieved from personal computers may be used for this purpose. User account files on personal computers or other devices are deleted within three months of leave date.
Physical access to Neal St
Physical access to Harris + Hoole’s Neal Street head office is restricted and monitored using an access control system and CCTV. Head office-based employees are issued with access cards that are registered to those individuals and access times are recorded by the system. Your name is recorded in this system. Non-head office-based employees visiting Neal Street are issued with day passes and a record of this is kept at Reception. CCTV records individuals entering and leaving the building. These systems are in place to ensure the safety and security of staff and visitors, which Harris + Hoole has a legitimate interest in doing. CCTV footage and building access records may be used in a performance management or disciplinary process if relevant. Access control card data is deleted every six months. CCTV footage at Neal Street is retained for six weeks and overwritten after that period.
Psychometric testing, verbal and numeric reasoning tests
We do not currently rely on automated decision making. We do carry out a small amount of profiling from time to time related to assessment of your potential as part of our recruitment and career development programmes. These systems will record your name and email address along with the responses that you gave to questions in the online tests and an analysis of the results. This is used as part of the recruitment process and for development but is not used as the sole basis for any decision. These are online profiling tests that you will be aware of taking: no profiling is done based on other performance indicators. The basis on which we retain this data is legitimate interest as Harris + Hoole will use this information to help recruit the most suitable employees and improve the overall performance of the business. This data is only available to nominated HR and training managers, IT administrators and to individuals’ line managers. The data is retained during your employment and deleted six months following your departure date or job application (if you were not recruited).
Personal data is processed in a number of other “personal use” Harris + Hoole systems including (but not limited to) the expenses management system, the holiday booking system, the staff discount system and mobile telephones. The personal data processed by these systems is limited to that which is required to enable the systems to perform their function. As these systems are required for the successful operation of the business, Harris + Hoole has a legitimate interest in processing this data (and in some cases a contractual or legal obligation to do so). The nature of these systems means that data retrieved from them could be used in disciplinary process or other analysis of employee performance.
Other systems require your name, job level and work location in order to give you the appropriate system access. Your personal data is therefore used in these systems simply to control your access to those systems. This includes the single sign on system, helpdesk applications, Jostle messaging system, the estate management system, the conference call system and the intranet system. Your access attempts into these systems are logged and can be used when assessing performance. We have a legitimate interest in processing your data in these systems as these systems are necessary for the successful operation of the Harris + Hoole.
Notice of changes
Harris + Hoole may change or update this Data Processing and Privacy Notice at any time. An up to date copy of this document can be found in COLIN for shop employees (please ask your manager if you do not have access yourself) or in the shared templates folder on the head office network.
Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated the Data Processing and Privacy Notice so that you know which information we process and how we use this information.
This Data Processing and Privacy Notice was last updated and reviewed on 24/05/2018.