Protecting your personal data is very important, including making sure it is only used and shared when appropriate. This policy outlines how the personal data of applicants and prospective employees, and current and former employees, of LONDON RETAIL PARTNERS LIMITED (LRP) will be used, and your associated legal rights. Personal data is defined as information from which individuals may be identified.
This policy applies to all applicants to LRP in the UK and is in line with the General Data Protection Regulation (“GDPR”, as implemented into English and Welsh law by The Data Protection Act 2018) and other English and Welsh data protection laws.
1.Types of Personal Data
LRP obtains personal data relating to prospective colleagues including, but not limited to:
- name, address and other contact details;
- information about previous employment, educational details, skills and experience;
- details of training and qualifications;
- information relating to your health and health conditions;
- race and ethnicity, religion, trade union membership (ROI);
- unspent criminal convictions;
- communications and correspondence;
- publicly available information, including via social networking sites and public profiles;
- other biographical and personal data; and
- salary expectations and information on preferred working arrangements.
We will not retain your data for any longer than necessary and will delete it once it is no longer required. If you become a colleague of LRP, your data will be stored during your period of employment and post-end of your employment for a period necessary in accordance with legislative and regulatory requirements.
Our standard data retention period for unsuccessful candidates is 12 months after the decision not to offer a position, unless you have agreed to a longer retention period.
In exceptional cases, data may be held for longer periods where required.
2.Uses of Personal Data
LRP, and our parent and subsidiary companies, partners, representatives and agents, use this data for a variety of purposes. These include, but are not limited to:
- recruitment, screening and assessment;
- activities relating to interviewing and selecting prospective employees (and maintaining related records);
- identifying and selecting possible candidates for employment opportunities which may arise in the future;
- compliance with statutory and regulatory obligations;
- managing legal disputes;
- dealing with insurance matters (including, without limitation, insurance claims);
- exercising or fulfilling LRP’s legal rights and responsibilities; and
- prevention or detection of fraud, crime, or other unlawful or inappropriate conduct.
3.Legal Basis for Using Prospective, Current And Former Colleague Data
In general, we may process prospective, current or former employees’ data on the basis of it being:
- necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained;
- necessary to fulfil our obligations or exercise our rights relating to employment, social security and social protection law and other relevant laws, regulations and taxation requirements;
- necessary in connection with legal claims (including, without limitation, insurance claims); and/or
- necessary for preventing or detecting unlawful acts.
Where data is collected and used solely on the basis of consent, you have the right to withdraw consent at any time.
4.Disclosures of Data
Where necessary and lawful, your personal data may be disclosed, for example, to:
- LRP management, colleagues, staff, advisers, representatives or contractors involved in recruitment and talent management;
- other LRP group companies or joint ventures;
- our professional advisers, such as solicitors, auditors or accountants, and consultants;
- government departments and agencies (including, without limitation, HM Revenue & Customs);
- police and law enforcement agencies;
- LRP’s (and it’s group companies’) insurance brokers and insurance providers;
- courts and tribunals; and
- other partners, suppliers, agents, representatives and service providers.
5.International Transfers of Data
It may become necessary for LRP to transfer some personal data outside of the European Economic Area, including to jurisdictions where local legislation does not provide adequate safeguards regarding the protection and security of personal data. This could typically occur when, for example, service providers that need to access such data, are located outside the EEA.
Where this takes place, we will ensure that the transfer is compliant with data protection law and that personal data is secure. In most cases, we will rely on standard data protection clauses which have been approved by the European Commission in accordance with the GDPR. A copy of the standard clauses can be obtained at the following link http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm
Where appropriate and lawful, we may exceptionally transfer data outside the EEA without relying on the standard data protection clauses, including (without limitation) where:
- the individual has explicitly consented to the transfer;
- it is required as part of the contract between LRP and an employee; or
- it is necessary in connection with legal disputes and claims.
You have a number of statutory rights under the GDPR and English and Welsh data protection legislation. These rights include the right to request that LRP:
- provides you with a copy of your personal data held;
- correct inaccurate information; and/or
- delete information which LRP do not have a legitimate basis to hold.
You also have rights to restrict the processing of data relating to you, object to processing and in certain circumstances to ‘data portability’ (this means that data is provided in a structured, commonly used and machine-readable format).
Detailed information on these rights can be found in the GDPR or the website maintained by the Information Commissioner’s Office at https://ico.org.uk.
These rights can be exercised free of charge and LRP will normally respond within a month.
If you wish to exercise any of the above rights, please email email@example.com
If you are unhappy about the way your personal data has been handled by LRP (or its group companies), you have the right to lodge a complaint with LRP at the following email address: firstname.lastname@example.org or directly with the Information Commissioner’s Office – further information, including contact details, is available at https://ico.org.uk.
For further advice on this policy, please contact the LRP team by emailing: email@example.com