Servoca Plc

Employee, worker and contractor GDPR privacy

Privacy notice

This notice explains how Servoca Plc (referred to in this notice as we, us or our) and all Subsidiaries and Associated Companies (a subsidiary means a subsidiary of  the Company  within the meaning of section 736 of the Companies Act 1985 and the term "associated Company" means any company in which the Company is a subsidiary is a substantial shareholder) collects and uses information about existing and former employees, workers and contractors for employment/engagement related purposes.

This notice covers the following:

What is personal data?

How do we collect personal data?

What information do we collect?

How do we use your information?

What is the legal basis that permits us to use your information?

What happens if you do not provide information that we request?

How do we share your information?

How do we keep your information secure?

For how long do we keep your information?

Your rights in relation to your information

Complaints

The Table at the end of this notice provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your information and the rights that you have in relation to your information.

This notice does not form part of any contract of employment or other contract to provide services. We keep this privacy notice up to date, so if there are any changes to the way in which your personal data is used this privacy notice will be updated and we will notify you of the changes.

Contact details

Our contact details are as follows:

Address: Servoca Plc, Solar House, 1-9 Romford Road, Stratford, London E15 4LJ

Telephone: 0207 747 3030

We have appointed a data protection officer who has responsibility for advising us on our data protection obligations. You can contact the data protection officer using the following details:

gdpr@servoca.com

Personal data is any information that tells us something about you. This could include information such as your name, contact details, date of birth, medical information and bank account details.

We collect personal data about you from various sources including:

     

We collect the following categories of information about you:

We use your information for the following purposes:

Under data protection legislation we are only permitted to use your personal data if we have a legal basis for doing so as set out in the data protection legislation. The legal bases we rely upon are:

In more limited circumstances we may also rely on the following legal bases:

The Table at the end of this notice provides more detail about the information that we use, the legal basis that we rely on in each case and your rights.

Some information is classified as "special" data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal data and criminal conviction information in the following circumstances:

We need some of your personal data in order to perform our contract with you. For example, we need to know your bank details so that we can pay you. We also need some information so that we can comply with our legal obligations. For example, we need information about your health and fitness to work to comply with our health and safety obligations.

Where information is needed for these purposes if you do not provide it we will not be able to perform our contract with you and may not be able to offer employment/engagement or continue with your employment/engagement.

We share your personal data in the following ways:

Where we share your personal data with third parties we ensure that we have appropriate measures in place to safeguard your personal data and to ensure that it is solely used for legitimate purposes in line with this privacy notice.

All data is held on secure servers housed in a private suite within a Level(3) data centre. Access to the suite requires RFID access to the building, biometric fingerprint access to the floor the suite is on, and then a key code combination to access the private suite.

 

The internet breakout is secured using a Cisco firewall and we have Cyber Essentials accreditation for network security. All data is held on secure SAN nodes with RAID 10 redundancy, and data is accessible by authorised individuals only based on Active Directory and implemented windows security permissions.

 

All virtual servers are fully backed up nightly to a separate server within the private suite via Veeam software, and following this the backup is then replicated to a secure server housed at our Head Office in Stratford. External network access is limited to authorised users only, running Cisco AnyConnect VPN software via the Cisco ASA. All external access if via Windows RDP server access, with features such as printing to devices outside of the company network disabled.

 

We use the full Trend Micro Smart Protection Complete Suite, with all updates immediately deployed and enforced by our central Control Centre. All urgent windows security updates are automatically downloaded and deployed overnight by the Windows Server Update Service to ensure all servers and client machines are fully protected against latest threats. Practises employed to help secure company data include (but are not limited to):

 

Access to all data restricted to only authorised users.

o   Endpoint encryption in place for portable media ( including laptops)

o   USB write blocking to prevent data being copied to personal drives

o   Blocking of all web based email and data storage websites

o   All users are required to change their password every 30 days

o   All user passwords must meet minimum security requirements

o   All machines auto lock after 10 minutes of inactivity to prevent unauthorised access to unattended machines

 

All hardware, backups, and data links are fully monitored 24/7 using PRTG Enterprise Console.

We will ensure access to personal data is restricted to employees working within our group on a need to know basis.  Training will be provided to any employees working within the group who need access to your personal data to ensure it is secured at all times.

As a general rule we keep your personal data for the duration of your employment/engagement and for a period of 5  years after your employment/engagement ends in line with HMRC requirements. However, where we have statutory obligations to keep personal data for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer. [Full details of the retention periods that apply to your information are set out in our Data Retention Policy

You have a number of rights in relation to your personal data, these include the right to:

If you would like to exercise any of your rights or find out more, please contact gdpr@servoca.com The Table at the end of this notice provides more detail about the information that we use, the legal basis that we rely on in each case and your rights.

If you have any complaints about the way we use your personal data please contact gdpr@servoca.com who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in the UK).

 

: quick check of how we use your personal data

Purpose

Data used

Legal basis

Which rights apply?*

Recruitment decisions

Personal contact details, national insurance number, recruitment information, employment records, referencing, compensation history, drivers licence and DBS.

Legitimate interest. It is in our interests to ensure we recruit the best possible candidates in order to achieve our business goals and objectives. Necessary for the performance of the contract with you.

The generally applicable rights plus the right to object.

 

Right to work checks

Information relating to your right to work status, national insurance number, passport number, nationality, tax status information, and personal contact details.

 

Legitimate interest. It is in our interests to ensure that those who work for us have the right to work in the UK as well as to establish the statutory excuse to avoid liability for the civil penalty for employing someone without the right to undertake the work for which they are employed. Necessary for the performance of the contract with you

 

The generally applicable rights plus the right to object.

Performance reviews, salary reviews and promotion decision

Compensation history, performance history, disciplinary and grievance information.

Contractual necessity and legitimate interest. It is in our interests, our clients interests as well as the interest of our employees/workers/contractors to have performance and conduct reviewed. Necessary for the performance of the contract with you

 

The generally applicable rights plus the right to object.

Administration of your contract including payment of salary/fee and expenses

Compensation history, national insurance number, personal contact information, bank account details, payroll records and tax status information, start and end date of employment/engagement and date of birth.

 

Contractual necessity.

The generally applicable rights plus the right to data portability.

Administration of pension schemes

Compensation history, national insurance number, personal contact information, bank account details, email address, payroll records and tax status information, start and end date of employment/engagement, date of birth and contribution entitlements.

 

Legal obligation, contractual necessity and legitimate interest. It is in our interests to adequately incentivise our employees to motivate them to deliver a high standard of work, ultimately having a positive impact on achieving our business goals. It is in the interests of the pension provider to be able to effectively run the pension scheme.

 

The generally applicable rights plus the right to data portability and the right to object.

Compliance with our statutory duties to ensure a safe place of work and to ensure that you are fit for work

Information about your health, including any medical condition, health and sickness records and location of employment or workplace.

Legal obligation.

The generally applicable rights only.

Management of sickness absence

Personal contact details, employment/engagement records (sickness hours/days) and information about your health.

 

Legal obligation and contractual necessity.

The generally applicable rights plus the right to data portability.

To monitor compliance with our policies

Personal contact details, information about your use of our information and communication systems, CCTV footage and other information obtained through electronic means such as swipecard records, disciplinary and grievance information and performance information.

 

Legitimate interest. It is in our interests to ensure employees/workers/contractors are complying with our policies and client policies as non-compliance with policies can result in termination of employment/engagement, ultimately affecting our day to day operations and business plans.

 

The generally applicable rights plus the right to object.

Fraud and crime prevention

Information about criminal convictions and offences committed by you, personal contact details and CCTV footage and other information obtained through electronic means such as swipecard records.

 

Public interest and legitimate interest. It is in our interests as well as our client ands in the interests of our employees/workers/contractors to ensure the prevention of fraud and crime is monitored. This will ensure a safe workplace for all.

 

The generally applicable rights plus the right to object.

Audits

Recruitment information, employment/engagement records, referencing, application form, DBS, right to work data

 

Legitimate interests. It is in our legitimate interest to ensure we pass the audits as required by our clients, the SIA and the British Standards to ensure we remain a respected provider of security services. Necessary for the performance of the contract with you.

The generally applicable rights plus the right to object.

Diversity monitoring

Gender and information about your race or ethnicity.

 

Public interest.

The generally applicable rights plus the right to object.

Disciplinary and grievance procedures

Personal contact details, disciplinary and grievance information and performance information.

Legitimate interests. It is in our legitimate interests to manage the performance of employees and ensure that disciplinary action is taken where appropriate.

 

The generally applicable rights plus the right to object.

To deal with legal disputes

Personal contact details, employment/engagement records, compensation history, performance information, disciplinary and grievance information, photographs, CCTV footage and other information obtained through electronic means and information about criminal convictions and offences committed by you.

 

Legitimate interest. It is in our interests to process personal data to make and defend legal claims to ensure that our legal rights are protected.

The generally applicable rights  plus the right to object.

Business management and business planning

Information about your use of our information and communication systems, employment/engagement records, location of workplace, wages and personal contact details.

 

Legitimate interests.  It is in our interests to undertake this processing to ensure we can improve any business operations which will ultimately improve the overall quality of the service we provide and work/the workplace. Employees/workers/contractors will ultimately benefit as the workplace and its procedures may be strengthened.

 

The generally applicable rights plus the right to object.

Exit management at the end of your employment/engagement

Personal contact details, payroll records, tax status information, end date of employment/engagement, and employment/engagement records.

Legal obligation and contractual necessity. Legitimate interest. It is in our interests as well as the interests of our employees/workers/contractors to undertake exit management steps to ensure the employees/workers/contractors can express any feedback to us which we can consider and decide whether to implement to improve the workplace for other employees/workers/contractors.

 

The generally applicable rights plus the right to object.

*The following generally applicable rights always apply: right to be informed, right of access, right to rectification, right to erasure, right to restriction and rights in relation to automated decision making. For more detail about your rights and how to exercise them please see Your rights in relation to your information

Privacy Policy         Terms & Conditions         Site Map

© 2020 Servoca Plc. All intellectual property rights, including copyright, in the content found on this site belongs to Servoca Plc. All rights are reserved. Registered Office: Solar House, 1-9 Romford Road, London, E15 4LJ. Company Number 2641313. Registered in England and Wales

Website by Cloud

back to top