It probably comes as no surprise to you that as a Softcat employee or contractor we hold quite a bit of your personal data. In regulatory speak this makes Softcat a Data Controller of your information which simply means we decide on how and when to use your data.
We take privacy very seriously and so should you. This page aims to help you understand what data we hold, what it’s used for and your rights. Hopefully you’ll be comfortable with this but if you have any questions please reach out to HR or DataProtection@softcat.com
What personal data do we hold on you?
- CCTV footage and other information obtained through electronic means such as swipe card records. Information about your use of our information and communications systems
- Information about your use of company vehicles
What do Softcat do with my data?
We are using your personal information to manage your employment and also to make Softcat better for you and for everyone. To help you understand this we’ve set out the typical examples below.
- Making a decision about your recruitment or appointment
- Paying you and deducting tax and National Insurance contributions
- Liaising with your pension provider, providing information about changes to your employment such as promotions, changing in working hours
- General administration of the contract we have entered intowith you
- Business management and planning, including accounting and auditing
- Conducting performance reviews, managing performance and determining performance requirements
- Ensuring your work environment is suitable for your needs
- Making decisions about salary reviews and compensation
- Equal opportunities monitoring
- Assessing qualifications for a particular job or task, including decisions about promotions
- Monitor your business and personal use of our information and communication systems to ensure compliance with our IT policies
- Complying with health and safety obligations
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- Monitor use of company assets, such as company vehicles
- Gathering evidence and any other steps relating to possible grievance or disciplinary matters and associated hearings
- Making decisions about your continued employment or engagement
- Education, training and development requirements
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work
- Determining the terms on which you work for us
- Checking you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role
- Ascertaining your fitness to work, managing sickness absence
- To conduct data analytics studies to review and better understand employee retention and attrition rates
Do you share my information with other organisations
Yes, quite a few. When we share your information we will make sure it’s shared in a secure way and not allow other companies to abuse the information we trust them with.
Any time data is shared with another organisation its use should always be consistent with this privacy notice.
On rare occasion it’s possible we may also have to share you information as required by law or when we need to protect you or other people from harm.
How long will you keep my information?
We will hold this information for as long as you are employed by us. Following this we will only retain the information necessary. When we retain information we will always consider the points below.
- We hold your information for as long as required to do the activities in this notice
- We think about what type of information it is, how sensitive it might be and any legal requirements
- We always think about the potential risk from anyone using or sharing this information without permission
What are my rights?
The right to be informed
You have a right to knowledge on what data we hold and how your data is used, this policy sets that out.
The right to update your data
We should make reasonable efforts to keep your data up to date and enable you to easily rectify any incorrect personal data we hold on you.
The right to know what data we hold on you
This is called the right to access and it allows you to ask for full details of the information we hold on you.
If you’d like to make a request for this information please speak with HR and provide them with as much information as possible about the information you require to assist us in locating the data you require.
The right to request your information is deleted
This is known as the right to erasure, also known as “the right to be forgotten” and means you can request your data is deleted.
In practice as an employee there are many reasons this could be problematic and is most likely to be a request for those ceasing their employment.
Sometimes we can delete your information but other times it’s just not possible, like if the law prohibits us from doing so. If you would like to request the deletion of your data please speak with HR or contact email@example.com to discuss this further.
The right to request your information is not used
This is known as the right to object and is your right to tell us to stop using your personal data.
In practice as an employee there are many reasons why this could be problematic. If you are concerned about how your data is being used please speak with HR or contact firstname.lastname@example.org
The right to object also allows you to object to automated individual decision making, this may impact your ability to benefit from some services. If you are concerned about the use of automated decision making in Softcat you can contact. email@example.com
Requesting your information is transferred
This is called the right to data portability. If you have a need for us to help transfer some of your personal data to another employer please speak with HR.
The right to lodge a complaint with the ICO
If you have any concerns about our processing of your personal data, you can contact us through firstname.lastname@example.org.
Alternatively, or if you feel we have not resolved your concern, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
If you live in a country or territory located in the European Union (EU) or European Economic Area (EEA), you can complain to your national data protection regulator. You can find contact details of national data protection regulators in the EU and EEA, please refer to the European Data Protection Board website.
Data transfers outside the EU
Where it is necessary to transfer data outside the EU we will ensure an adequate level of protection is in place and not allow other companies to abuse the information we trust them with.