How your information will be used
As your employer or potential employer, Microlink PC (UK) Limited needs to keep
and process information about you for employment purposes.
The information held and processed will be used for our management and
administrative use only.
We will keep and use it to enable us to run our business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us and at the time when your employment ends. This includes using information to enable us to comply with:
- the employment contract;
- to comply with any legal requirements;
- pursue the legitimate interests of the Company and
- protect our legal position in the event of legal proceedings.
If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
As a company pursuing employment for disabled people and wider business activities, we may sometimes need to process your data to pursue our legitimate business interests. For example, to prevent fraud, administrative purposes or reporting potential crimes. We will never process your data where these interests are overridden by your own interests.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.
The sort of information we hold includes your application form and references, your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.
You may be referred to in some company documents and records that are produced by you and your colleagues whilst carrying out your duties and the business of the company.
We keep information relating to your health, which include reasons for absence and GP reports and notes. This information is used to comply with our health and safety/ occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.
Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency.
Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
In addition, we monitor computer and telephone use, as detailed in our IT policy, available in People HR (internal HR system) and mentioned in the company handbook. We also keep records of your hours of work by way of our clocking on and off system, as detailed in the company Data Security/IT policy. All third-party software is compliant with GDPR.
We take the security of HR related personal data seriously. We have internal policies and controls in place to ensure that data is not accessed, except by our staff in the performance of their duties.
We will not transfer HR related personal data to countries outside of the EEA.
We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external payroll provider, pension or health insurance schemes.
We do pass information to Experian upon successful employment for background checking purposes but data is not provided without your express written consent.
Permanent employees’ personal data will be stored according to the legal requirement used to determine how long your data will be stored when you leave the company (as shown below) and 30 days for unsuccessful candidates who have applied to work with Microlink PC (UK) Limited.
|Data||Data Subject||Originated from||What is is used for||Where it is stored||How long we keep it|
||Individual||HR-related administration and communications||HR System and Company Archive||6 Years after the termination of employment and longer if required by legislation.|
If we intend to process your personal data for a purpose other than which it was collected, we will provide you with information on that purpose and any other relevant information.
You have the right to request access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to access your personal data. Requests will be responded to within one month. There is no charge but we reserve the right to apply a fee for repetitive and unfounded requests. All requests must be made in writing to Microlink’s Data Protection Officer.
Identity and contact details of controller and data
Microlink PC (UK) Limited is the controller and processor of data for the purposes of the DPA 2018 and GDPR. If you have concerns as to how your data is processed, please contact:
Suzette Smith, Chief of Staff (firstname.lastname@example.org) or
Dayani Jayasinghe, Information Security Manager/Data Protection Officer (email@example.com)
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 2018.