This privacy notice will inform you, our employees, of the types of data we process about you. This notice applies to current and former employees, workers and contractors.
This page should be read in conjunction with the information on the main EEF privacy notice page which covers information relevant to anyone whose data is used by EEF including your rights.
We keep several categories of personal data on our employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.
Specifically, we hold the following types of data:
- a) personal details such as name, address, phone numbers
- b) name and contact details of your next of kin
- c) your photograph
- d) your gender, marital status, information of any disability you have or other medical information
- e) right to work documentation
- f) information for equality monitoring purposes, such as race and religion.
- g) information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter
- h) references from former employers
- i) details on your education and employment history etc
- j) National Insurance numbers
- k) bank account details
- l) tax codes
- m) driving licence
- n) criminal convictions
- o) information relating to your employment with us, including:
- job title and job description
- your salary
- your wider terms and conditions of employment
- details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
- internal and external training modules undertaken
- information on time off from work including sickness absence, family related leave etc
- p) CCTV footage
- q) building access card records
- r) IT equipment use including telephones and internet access
- s) information about staff wellbeing for the purposes of providing support
- t) occupational health records
You provide several pieces of data to us directly during the recruitment period and subsequently upon the start of your employment.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.
Personal data is kept in files or within the Company’s HR and IT systems.
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement or in order to effectively manage the employment contract we have with you, including ensuring you are paid correctly.
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
|Activity requiring your data||Lawful basis|
|Carry out the employment contract that we have entered into with you e.g. using your name, contact details, education history, information on any disciplinary, grievance procedures involving you||Performance of the contract|
|Ensuring you are paid||Performance of the contract|
|Ensuring tax and National Insurance is paid||Legal obligation|
|Carrying out checks in relation to your right to work in the UK||Legal obligation|
|Making reasonable adjustments for disabled employees||Legal obligation|
|Making recruitment decisions in relation to both initial and subsequent employment e.g. promotion||Our legitimate interests|
|Making decisions about salary and other benefits||Our legitimate interests|
|Ensuring efficient administration of contractual benefits to you||Our legitimate interests|
|Effectively monitoring both your conduct, including timekeeping and attendance, and your performance and to undertake procedures where necessary||Our legitimate interests|
|Maintaining comprehensive up to date personnel records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained||Our legitimate interests|
|Implementing grievance procedures||Our legitimate interests|
|Assessing training needs||Our legitimate interests|
|Implementing an effective sickness absence management system including monitoring the amount of leave and subsequent actions to be taken including the making of reasonable adjustments||Our legitimate interests|
|Gaining expert medical opinion when making decisions about your fitness for work||Our legitimate interests|
|Managing statutory leave and pay systems such as maternity leave and pay etc||Our legitimate interests|
|Business planning and restructuring exercises||Our legitimate interests|
|Dealing with legal claims made against us||Our legitimate interests|
|Preventing fraud||Our legitimate interests|
|Conducting audits||Our legitimate interests or legal obligation|
|Ensuring our administrative and IT systems are secure and robust against unauthorised access||Our legitimate interests|
|Equality monitoring for employees||Our employment obligations and substantial public interest.|
|Providing wellbeing support||Our legitimate interests|
Employees within our company who have responsibility for recruitment, administration of payment and contractual benefits and the carrying out performance related procedures will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.
Data is shared with the following third party recipients:
- A payroll service provider (at the time of writing, RSM payroll)
- A HR provider who advises us on HR matters and manages our HR documents and system online (at the time of writing, Peninsula)
- Your pension provider (at the time of writing, Aviva)
- Our pension advisers (at the time of writing, Secondsight)
- A company that provides life insurance in the event of death in service (at the time of writing, Canada Life)
- The HMRC for tax purposes; with our accounting software for accounting of net pay (at the time of writing, Quickbooks Online (Intuit))
- Our bank for payment details (at the time of writing, CAF Bank)
- Our auditors (including the DfE)
- The Disclosure and Barring Service for the purpose of DBS background checks (at the time of writing, completed through Atlantic Data)
- Our annual staff survey provider (at the time of writing, The People Experience Hub)
- A provider of right to work checks (at the time of writing, Yoti)
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Data stored within Quickbooks Online (Intuit) is shared with bodies outside of the European Economic Area. These countries are the United States and the reason for sharing with these countries is that we use Quickbooks Online (Intuit) as our accounting software package, who store our data in the USA. We have put the following measures in place to ensure that your data is transferred securely and that the bodies who receive the data that we have transferred process it in a way required by EU and UK data protection laws: The data transfer mechanism used by Quickbooks Online (Intuit) is standard contractual clauses. For more details about how Quickbooks Online (Intuit) use the data, please visit https://quickbooks.intuit.com/uk/privacy-policy/.
We otherwise do not share your data with bodies outside of the European Economic Area.
You will have been notified in EEF’s privacy notice for job applicants that we use the Webrecruit system for recruitment.
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
We only keep your data for as long as we need it for, which will be at least for the duration of your employment with us though in some cases we will keep your data for a period after your employment has ended. Some data retention periods are set by the law. Retention periods can vary depending on why we need your data, as set out below:
|Record||Statutory Retention Period|
|Children/young adults||Until the child reaches 21|
|Retirement Benefits Schemes||6 years from the end of the scheme year|
|Statutory Maternity Pay (calculations, certificates, medical evidence)||3 years after the end on the tax year in which the period ends|
|Wage/salary (overtime, bonuses, expenses)||6 years after the end of employment|
|National Minimum Wage||3 years after the end of the consequent pay reference period|
|Working hours||2 years after they are made|
|Record||Recommended Maximum Retention Period|
|Application forms and interview notes||6 months to a year|
|Assessments under health and safety regulations and records of consultations with safety representatives and committees||Permanently|
|Money purchase details||6 years after transfer or value taken|
|Parental leave||Until child is 18 (birth/adoption)|
|Pension scheme investment policies||12 years from the ending of any benefit payable under the policy|
|Pensioners’ records||12 years after end of benefit|
|Personnel files, training records (disciplinary records, working time records)||6 years after end of employment|
|Redundancy details, calculations of payments, refunds, notification to the Secretary of State||6 years after date of redundancy|
|Statutory Sick Pay records, calculations, certificates, self-certificates||at least 3 months after the end of the period of sick leave, but 6 years after the employment ceases advisable|
|Time cards||2 years after audit|
|Trade Union agreements||10 years after end|
|Works Council minutes||Permanently|
Where we are processing your personal data under consent or for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
For more information on your rights, please see‘Your rights’on our privacy notice main page.
Automated decision-making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Privacy notice – information that we need to tell everyone
Privacy notice for website users
Privacy notice for enquiries
Privacy notice for funding applications
Guidance on data protection for schools and settings involved in an EEF-funded project
Guidance on data protection for grantees delivering or evaluating an EEF-funded project
Privacy notice for subscribers to EEF emails
You are responding to an EEF survey or part of a focus group
Privacy notice for those attending an EEF-organised event
Privacy notice for individual donors
Privacy notice for identified potential or current supporters
Privacy notice for EEF grantees and suppliers
Privacy notice for job applicants
You or your school or setting is involved in the NELI scale up evaluation
Privacy notice for the EEF data archive
Privacy notice for schools involved in Accelerator Fund scale up projects
You are on the EEF Evaluation Panel, Peer Reviewer Panel or an associated third-party