Our privacy promise to employees
We ask that you read this employee privacy promise carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint.
Please see the section on Your rights for more information.
You may also be interested in our:
We are Eniola Care Limited trading as Eniola Care. In order to identify, select, train and recruit new employees we collect and process personal information about you.
Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).
As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (GDPR), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.
As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
If you have any questions about this privacy promise or would like further explanation as to how your personal information is managed then please contact us (see How to contact us below).
This document provides the information as required by GDPR under your right to be informed.
Personal data we process
In our role as an employer, and because of the nature of our business, we process a number of different categories of data from our employees during and after your working relationship with us. This includes:
- Contact details (postal address, phone number, email address)
- Bank details
- Age / date of birth
- Marital status
- Driving licence number
- Payroll records (benefits, salary, tax status, etc.)
- Performance management records (direct observations, appraisals, supervisions, disciplinary, grievance)
- Training and competency records
- Absence records (annual leave, etc.)
- Next of kin contact details
- GP contact details
- Recruitment records (including employment history, references, right to work, etc.)
- National Insurance number
- Extra information you choose to tell us (in writing or verbally)
Certain information that we process is classed as ‘special category data’. It is sensitive by nature. We have a higher duty of care in how we process this:
- Medical and health information (including sickness details)
- Nationality or ethnicity
- Criminal cautions or convictions
- Motoring convictions
Purposes of processing your personal information
In order to employ and support you during your employment with Eniola Care we will process personal data.
|Purpose of processing||Examples|
|Maintaining employee files||
|Finance and Payroll||
|Provision of service||
|Investigations and regulatory compliance||
|Reporting and business analysis||
Who has access to your personal data
In order to operate our business and run our recruitment we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information.These third parties are:
- IT and telecoms support companies – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices
- Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your recruitment progression
- Communication service providers – such as Royal Mail and network providers
- Relevant authorities – such as the DVLA, HMRC, CQC or CIW
- Service providers – such as fleet vehicle management, vehicle hire, hotel, training providers
- Insurance providers
- Archiving Service Providers
We will share relevant information within Eniola Care during and after your employment where this is necessary, and in line with our purpose for processing.
Due to the nature of our business and the service we provide we may share minimal personal data with our customers to enable the safe and effective delivery of care, for example we may share your name with a customer who you have agreed to work with.
We will not share, sell or trade your personal information with any other third party without your consent, unless there is a legal reason to do so.
All your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data.
In certain situations, we transfer your personal information to the following countries which are located outside the European Economic Area (EEA):
- A country where you are resident or located in temporarily
This will be for the purposes of communicating with you about your employment and the services we provide while you are outside of the UK.
This international transfer is under Article 49(1)(b) – the transfer is necessary for the performance of a contract between the data subject and the controller
Such countries do not have the same data protection laws as the United Kingdom and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
If you would like further information please contact us (see How to contact us below).
|Type of data||Retention period|
|Employee file||7 years post employment|
|Finance details||3 years post employment|
|Pension or retirement benefit details||7 years post employment|
|Details relating to the provision of care to customers||Until the customer data record is deleted, in line with Eniola Care Retention Schedule.|
Legal basis for processing
We rely on the following grounds within the GDPR:
- Article 6(1)(b) – processing is necessary for the performance of our contracts to provide individuals with care and support services and you with employment
- Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks
- Article 6(1)(f) – in pursuit of legitimate interests
- To analyse and report on the performance and compliance of the business
- Providing access to company equipment, vehicles and facilities (including phone, vehicles, software and applications)
- To send, receive and analyse employee feedback.
GDPR recognises that additional care is required when processing special category (sensitive) data such as your health. We process this under the following grounds within GDPR:
- Article 9(2)(h) – Provision of health or social care or management of health or social care systems or services
- Article 9(2)(b) – Legal obligations under employment or social benefit law
- Article 9(2)(f) – Establishment, exercise or defense of legal claims or court.
Under the GDPR you have important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information that this Privacy Promise is designed to address
- Require us to correct any mistakes in your information which we hold
- Require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, this may affect our ability to provide employment or to fulfil our contractual duties with you
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal information concerning you for direct marketing
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
- Claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.
Keeping your personal information secure
The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or by phoning 0303 123 1113.
Data Protection Officer
Eniola Care, 111 Lewes House, 32 High Street, Lewes, East Sussex BN7 2LX
Data controller details
How to contact us
You can contact us by:
- Email – [email protected]
- Post – Compliance Department, Eniola Care
111 Lewes House
32 High Street
Lewes, East Sussex
- Telephone – 01273 974150
If you would like to exercise any of those rights, please:
- Contact us using the details above – making clear that you wish to exercise one of your privacy rights
- Let us have enough information to identify you (e.g. your name and address),
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
- Let us know the information to which your request relates, including any account or reference numbers, if you have them