Privacy Notice
What’s The Purpose Of This Document?
The Shaw Trust Group understands that your privacy and the security of your personal data is important. This notice sets out:
- Who we are.
- What we do with your personal data.
- How we keep it secure.
- From where we collect it.
- Your data protection rights in relation to it.
If you don’t want to read all the detail, here are the things we think you’d really want to know:
- Your personal data is, where appropriate, shared within the Shaw Trust Group.
- We do use third parties to process your personal data on our behalf and some of them do transfer personal data outside of the United Kingdom.
- You have several rights over your personal data. We set out how you can exercise these rights in this document.
- We will occasionally contact you by email, post or SMS with important information if you’re absent from work and we need to contact you.
- We do conduct limited colleague monitoring; this might be to measure performance or to ensure the security of colleagues and our systems.
Who We Are
When we say ‘we’, ‘us’ or ‘our’ in this document, we’re referring to the separate and distinct legal entities that make up the Shaw Trust Group. We are registered with the Information Commissioner’s Office as Data Controllers and the Shaw Trust Group currently includes:
- Shaw Trust.
- Homes2Inspire.
- Ixion.
- Prospects.
The Shaw Trust Group company that controls your personal data depends on the company you work for.
What sorts of personal data do we process?
Personal data is defined as any information about a living individual from which that person can be identified, or which relates to that individual. It does not include data where the identity has been removed (e.g. anonymous data). We process various sorts of personal data before, during and after your employment with us, including:
- Information that you provide to us when you apply for a job or start working for us such as your name, address, date of birth, telephone number, personal email address and bank account details.
- Information from other sources such as references, pre-employment checks, and DBS checks.
- As part of an investigation - information about you that is in the public domain.
- Information about your performance, such as records of 121s, appraisals, investigations, disciplinaries or other information that is automatically produced as a result of your role.
- Information about you from personal safety devices, such as your location, name, contact number and work pattern.
- Records of our interactions (for example, communications between us such as letters and in some cases, call recordings).
- Financial transactions such as records of what you are paid, or work-related salary advances you may have.
- Your work account details including usernames and chosen passwords (only when your account is initially set up and your password is changed when you first log in).
- Electronic communications you send to or from your company email accounts.
- Information about your involvement in company schemes such as staff associations, the childcare voucher scheme, the cycle to work scheme etc.
- Records of your time and attendance which includes room bookings and attendance to our sites.
- Records of your absences and information associated with your return to work.
- Records of the training and tests you undertake.
- Special categories of data, including health, diversity and inclusion information.
- Information you provide about any conflicts of interest.
Our Legal Basis For Processing Your Personal Data
Whenever we process your personal information, we must have a ‘legal basis’ to do so. The legal bases are set out in data protection law. The different legal bases we rely on are:
- Consent: You have given us permission to process your personal data for a specific purpose or purposes.
- Legitimate Interests: The processing is necessary for us to conduct our business, but not where our interests override your rights or interests.
- Performance of a contract: We must process your personal information in order to be able to perform contractual obligations.
- Vital Interests: The processing of your personal information is necessary to protect you or someone else’s life.
- Legal Obligation: We are required to process your personal information by law.
Where we process “special category data,” in addition to the legal bases noted above we also need to make sure that we have a further legal basis for such processing. This will most commonly be one of the following:
- Explicit Consent: Where you have given us your explicit consent to the processing.
- Vital Interests: Where the processing is necessary to protect your vital interests or those of another natural person where you are physically or legally incapable of giving consent.
- Made public by the data subject: Processing relates to personal information that you have made public.
- Legal claims and judicial acts: The processing is necessary for the establishment, exercise or defence of legal claims.
- Substantial public interest: The processing is necessary for reasons of substantial public interest (e.g. regulatory requirements, preventing or detecting unlawful acts).
When we refer to “special category data” we mean personal data that reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, sex life or sexual orientation of an individual.
How Do We Use Your Personal Data And What Is Our Legal Basis For Doing So?
We use the personal information we hold about you to administer your employment with us and for other legitimate interests connected to our organisation. Set out below are some examples:
Before you start working with us.
| How we use your data |
Our legal bases for doing so |
| Assess you as a candidate, including at interview. |
Legitimate Interests, Legal Obligation. |
| Understand if you have a right to work and carry out disclosure checks. |
Legal Obligation. |
| Contact you about your interview or your future employment if successful. |
Legitimate Interests. |
| Set you up as an employee ahead of your start date. |
Legitimate Interests, Legal Obligation. |
When you work for us, we use your personal information to ensure your employment runs smoothly. This involves:
| How we use your data |
Our legal bases for doing so |
| Paying you correctly, including making additions like extra hours worked or deductions such as Trade Union membership fees and pension contributions. |
Legal Obligation, Legitimate Interests, Employment Law. |
| Keeping your contract updated. |
Legal Obligation. |
| Administering your maternity / paternity leave and your holidays. |
Legal Obligation. |
| Reviewing and keeping records of your performance to help manage your career. |
Legitimate Interests. |
| Highlighting talent so we can succession plan and understand future needs. |
Legitimate Interests. |
| Keeping records of the training you complete, your achievements and successes so we understand your capabilities (this may include the results of psychometric tests you have undertaken). |
Legitimate Interests. |
| Keeping records of individuals who fulfil particular roles and sometimes making that information public. For example, where we publish success stories on social media. |
Legitimate Interests. |
| Understanding how and why accidents at work occur to help prevent them happening in the future. |
Legitimate Interests. |
| Monitoring absence and the reasons for it to improve attendance. |
Legitimate Interests. |
| For our grievance and disciplinary processes. |
Legal Obligation. |
| To provide Occupational Health or other support services. |
Legal Obligation. |
| Keeping a record of time and attendance so we can pay you for the hours you work. |
Legal Obligation. |
| Help answer your questions and solve any issues you have. |
Legitimate Interests. |
| Undertake organisational restructures. |
Legitimate Interests. |
| Provide IT support and for business continuity purposes. |
Legitimate Interests. |
| To understand any conflicts of interest and your relationships at work. |
Legitimate Interests. |
When you stop working for us, or at any other times where appropriate, we use your information to:
| How we use your data |
Our legal bases for doing so |
| Manage your exit from the business. |
Legal Obligation. |
| Retain a record of your employment for an appropriate period of time. |
Legal Obligation. |
| Pay any benefits like outstanding salary, pensions or death in service benefits. |
Legal Obligation. |
| To reclaim any monies owed such as salary overpayments. |
Legitimate Interest. |
We may also use your information for the safety and security of our colleagues, organisation and participants. This may involve:
- Monitoring communications in line with our Group IT Acceptable Usage Policy and our Group Bring Your Own Device (BYOD) Policy.
- Granting and removing access to our buildings.
- Using CCTV footage.
In certain circumstances we conduct monitoring. Situations where we may do so include:
- If you are using a Shaw Trust issued device, we monitor all applications running on your device as well as your internet activity and IP address.
- If your Shaw Trust device is lost or misplaced, we can locate it by pulling from a variety of methods of pinpointing to likely give quite an accurate location.
Who Might We Share Your Personal Data With?
The Shaw Trust Group - where appropriate we will share your personal information with the other companies within The Shaw Trust Group.
Our service providers – we work with partners, suppliers and agencies so that they can help us administer your employment and effectively run our organisation. These third parties process your personal data on our behalf and are required to meet our standards of security before doing so. We only share the personal data that allows them to provide their services to us or assist them to provide their services to you. These parties may include:
- Benefit and reward companies such as those providing childcare vouchers.
- Payroll providers so that you can be paid correctly and on time.
- Learning / qualification providers, allowing you to undertake qualifications during your employment with us.
- Partners who undertake our pre-employment checks.
- Where relevant, our professional advisors such as auditors, lawyers and consultants.
- Prospective purchasers and advisors in situations where we’re discussing selling or transferring part or all of Shaw Trust Group, or where TUPE applies such as when a business (or part of one) is transferred to a new employer or when a service provision change takes place (for example where a contract transfers to another supplier).
- If any part of the Shaw Trust Group is reorganised or sold to another organisation. We would need to transfer the information we hold about you to them so they can continue to provide the services associated with your employment.
- Public or regulatory bodies, such as the police (in situations where we are required by law or under any code of practice).
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. In these situations, we will only share your personal information in response to requests which do not override your privacy interests. For example, we will share your personal information with solicitors, insurers etc who have a legitimate interest in processing your personal data.
- The Public – In some circumstances your role may mean that we share your name, image and business contact details with the general public. For instance, we may publish your details within our social media accounts.
International Transfers Of Personal Information
There are times when we transfer your personal data to our suppliers or service providers based outside of the UK for the purposes described in the “Who might we share your personal data with?” section of this privacy notice. When we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of the UK-US Data Bridge, model contracts or independent privacy schemes approved by regulators.
Keeping You Informed About The Organisation And Asking For Your Opinions
We will occasionally contact you with important information about the organisation or to ask for your opinion. This could be by mail, telephone, SMS or email to your personal or work accounts.
You may also choose to provide us with your views and opinions through surveys, feedback, The Loop, Viva Engage or online more generally. We will use this information to understand how we are performing as an organisation or for other legitimate purposes.
Your Rights
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:
- The right to be informed: You have the right to request that we inform you about what we do with your data.
- The right to access: You have the right to request a copy of the personal data we hold about you.
- The right to rectification: You have the right to request that we correct any of your personal information you believe is inaccurate. You also have the right to request we complete information you believe is incomplete.
- The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
How long will we keep your personal data for?
We will keep your personal data for the purposes set out in this privacy notice and in accordance with the law, relevant regulations and codes of practice. We won’t retain your personal information for longer than is necessary, and in most cases our retention period will come to an end 7 years after the end of your employment with us.
In certain circumstances, such as where your personal data needs to be retained in relation to your pension, a specific health and safety issue or claim, this period of time could be longer.
Security
We take protecting your personal information seriously and are continuously developing our systems and processes. Some of the controls we have in place are:
- Technology controls for our information systems such as user verification, firewalls, data encryption, and separation of roles, systems and data.
- User access to our systems limited to only those we believe are entitled to it.
- Proactively monitored systems.
- Utilisation of industry ‘good practice’ standards to support the maintenance of a robust information security management system.
Contact Us
If you have any questions about Shaw Trust’s privacy notice, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us by one of the following means:
By email: data.protectionmailbox@shaw-trust.org.uk
By post: Data Protection Officer, Black Country House, Rounds Green Road, Oldbury B69 2DG
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to Make a complaint | ICO to find out more.
Privacy Notice Change
This privacy notice was updated in June 2024. Should we make any changes to it we will take appropriate steps to bring those changes to your attention.
Appendix A
| Version |
Details of amendments/change |
Formal approval required |
Approved by |
Date of approval |
Date adopted by the board |
| 2.1 |
Privacy Notice re-written to reflect current requirements |
Yes |
Group Head of Assurance and Risk |
June 2024 |
N/A |
| 2.2 |
Document moved to Data Protection area of Document Hub from Info Sec. |
No |
Group Head of Assurance and Risk |
July 2024 |
N/A |