Data controller: Tony Gee and Partners LLP, Hardy House, 140 High Street, Esher, Surrey KT10 9QJ
Tony Gee and Partners LLP (Tony Gee) collects and processes personal data relating to the recruitment and employment of its staff, which includes employees and contract staff. We are committed to being transparent about how we collect and use that data, and to meeting our obligations under the General Data Protection Regulation (GDPR).
In addition, Tony Gee collects and processes data relating to the marketing and business operations of the company. Please refer to the separate Privacy Notice – Marketing and Business Operations.
Tony Gee collects and processes a range of information about you. This includes some or all of the following:
For employees (in addition to the above)
Tony Gee collects this information in a variety of ways, for example, from CVs or resumes; through application forms; from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, we collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks permitted by law.
When a job offer is made and accepted, certain data will be provided by you through a cloud-based system. This data remains exclusively within the EU, and the information is not shared, sold or accessed by parties outside Tony Gee except to operate the data collection and pass the information to Tony Gee for staff administration purposes.
Tony Gee needs to process data to take steps at your request prior to entering into a contract with you. In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts.
Tony Gee has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. Tony Gee may also need to process data from job applicants to respond to and defend against legal claims.
Tony Gee processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
For some roles, Tony Gee is obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, Tony Gee may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
Tony Gee needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, we need to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefits, pension and insurance entitlements.
In some cases, Tony Gee needs to process data to ensure that it is complying with its legal obligations. For example, we are required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.
In other cases, Tony Gee has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows us to:
Where Tony Gee relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
Where Tony Gee processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes is anonymised and/or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
Data is stored in a range of different places, including in your personnel file, in the HR and payroll management systems and in other IT systems, including the Tony Gee email system.
Access to your personal data is permission controlled. Your information will be shared internally, including with members of the HR and payroll team, the Executive Board, managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles.
Tony Gee may share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
Tony Gee also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits, the provision of occupational health services, the provision of outsourced IT services and software, and the provision of training and accreditation services.
Tony Gee takes the security of your data seriously. There are internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details are set out in the Data Protection and Retention Policy.
Where Tony Gee engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are under a duty of confidentiality. They are obliged to implement appropriate technical and organisational measures to try to ensure the security of data and to process it in accordance with your rights under the GDPR.
If your application for employment is unsuccessful, Tony Gee may hold your data on file for the consideration of future employment opportunities. However you have a right to object to the processing of your data at any time, at which point your data will be deleted or destroyed securely.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained for the duration of your employment. The periods for which your data is held after the end of employment are set out in the Data Protection and Retention Policy.
As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact HR [at] tonygee [dot] com.
If you believe that Tony Gee has not complied with your data protection rights, you can complain to the Information Commissioner.
You are under no statutory or contractual obligation to provide data to Tony Gee during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
You have some obligations under your employment contract to provide Tony Gee with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide us with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable Tony Gee to enter a contract of employment with you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
Recruitment processes and employment decisions are not based solely on automated decision-making.
Changes to our Privacy Notice will be posted here. Where the changes are significant, we may also email those affected by the updates.
Last reviewed: May 2018