The ELAS Group Client’s Authorised Contacts Privacy Notice

This statement is provided with the intention to comply with your right to be informed under the General Data Protection Regulation (GDPR).

We may hold and process the following information:

  1. Your personal and contact details including your name, telephone numbers, email addresses
  2. Particulars of your employment including your job title
  3. Particulars of your qualifications and skills including references, licences, certificates and training
  4. IT usage information including email addresses, log-ins, passwords to Portals

We are the controller, together with your employer, of this information in that we may request particular information from your employer and we are also the processor of this information.  This data has been gathered so that you, as a representative of your employer, can take advice and liaise with us.  This is so your employer can comply with their legal obligations to its employees and third parties and/or to allow us to fulfil our legal obligation to correctly advise your employer, represent them in any legal proceedings we are instructed on and in accordance with the legitimate interest of us demonstrating that we have correctly and adequately advised your employer in the circumstances.

The officer responsible for the protection of your data is:

The Data Protection Officer

0161 785 2000

dpo@elas.uk.com

Charles House, Albert Street, Eccles, Manchester M30 0PW

Your data will be used to advise you and your employer and represent you and them in legal proceedings.  It will also be used as evidence to demonstrate that we have fulfilled the terms and conditions of our service to your employer and the requisite standard.

This is done on the basis of your employer’s requirement to comply with their legal obligations to its employees and third parties and/or to allow us to fulfil our legal obligation to correctly advise your employer, represent them in any legal proceedings we are instructed on in accordance with in the legitimate interest of us demonstrating that we have correctly and adequately advised your employer in the circumstances.  The failure to provide us with the data may impact upon your recruitment, employment or tasks, duties and responsibilities with your role and/or assignment.  You should discuss the further impact of this with your manager.

The recipients of your data are us and we anticipate that we may need to share personal data with the HMRC (e.g. your Name and National Insurance Number), HSE (e.g. your Name and Employment Details where there has been a reportable accident or investigation), Legal Advisers and professional advisers (e.g. your name and employment details where we need advice), Tribunals and Courts (e.g. your name, employment details and other personal data which is necessary for the determination of claims where litigation is commenced).  It is not anticipated that there will be any other recipients nor any transfers of data to a third country.  Accordingly, it is considered that safeguards for the transfer of data to a third country are not necessary.  Should this change you will be notified.

Your employment data will be kept for the duration of your employment or for the duration of your employer’s contract with us (whichever is the longer) and for a further period thereafter of 6 years.  This period has been set for the protection of our organisation throughout the duration of your employer’s relationship with us and for the limitation period for the filing of a breach of contract or professional negligence claim.  If such a claim has been filed, the data will be retained for a period of 6 years following resolution of that claim and for 6 years following the resolution of any further claims.  This period has been determined for the protection of the organisation in the event any professional negligence or breach of contract claims in the event we use representation to defend any claims.

You have the right to be informed of fair processing information with a view to transparency of data.  This statement is intended to fulfil that right

You have the right to access the information we hold.  You should make such a request in writing to the Data Protection Officer using the above contact information.  We shall provide the data within 1 month.  In exceptional cases we may extend this to 3 months.  You will be notified within 1 month when we believe this to be an exceptional case requiring a longer period of compliance.  Where a request is manifestly unfounded or excessive we may charge a reasonable fee or refuse the request.  In the event of a fee or refusal, you will be advised of this and your further rights relating to the fee or refusal.

You have the right to request the information we hold is rectified if it is inaccurate or incomplete.  You should contact the Data Protection Officer using the above contact information and provide him with the details of any inaccurate or incomplete data.  We will then ensure that this is amended within one month.  We may, in complex cases, extend this period to two months.

You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing.  We have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of an official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defence of legal claims.  You will be advised of the grounds of our refusal should any such request be refused.

You have the right to restrict our processing of your data where you contest the accuracy of the data until the accuracy is verified.  You have the right to restrict our processing of your data where you object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your interests.  You have the right to restrict our processing of your data when processing is unlawful and you oppose erasure and request restriction instead.  You have the right to restrict our processing of your data where we no longer need the data and you require the data to establish, exercise or defend a legal claim.  You will be advised when we lift a restriction on processing.

You have the right to data portability in that you may obtain and reuse your data for your own purposes across different services, from one IT environment to another in a safe and secure way, without hindrance to usability.  The exact method will change from time to time.  You will be informed of the mechanism that may be in place should you choose to exercise this right.

You have the right to object to the following:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics

The data collected is not anticipated to fall within the above categories.

Whilst there is no anticipated automated decision making relating to the data you provide, you have rights where there is automated decision making including profiling.  We may only do this where it is necessary for the entry into or performance of a contract, authorised by EU or the UK law or based on your explicit consent.  Whilst it is not anticipated that this will occur, where it does, we will give you information about this processing, introduce to you simple ways for you to request human intervention or challenge a decision, and carry out regular checks to ensure that our systems are working as intended.

You have the right to withdraw your consent at any time.

You have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office or any other of our regulators or accreditors that may regulate or provide accreditations to us from time to time.  We advise that you exhaust our internal complaints procedure prior to referring the matter to any supervisory, regulatory or accrediting body.  A copy of our complaints process is available from the Data Protection Officer at the contact information above.

Latest News

Keep in touch with the latest news affecting businesses throughout the UK

Get In Touch