Privacy Statement

We have created this Privacy Statement to demonstrate our firm commitment to your rights to data protection and privacy. This Privacy Statement outlines the personal data (information that can be used directly or indirectly to iden-tify individuals) (Personal Data) we hold about you, how we collect it, and how we use and may share such infor-mation about you during the recruitment process and/or during the course of your employment and after it ends.

This Privacy Statement is intended to apply to job applicants, prospective employees (for the purposes of this Privacy Statement referred to as ‘Candidates’), agency workers, independent contractors, freelancers, volunteers or interns (for the purposes of this Privacy Statement referred to as ‘Worker(s)’), and our employees.

Who Collects the Personal Data

This Privacy Statement relates to Personal Data gathered and used by Edenhouse Solutions Limited (and its group companies) (‘we’, ‘us’).

Data Protection Principles

We will comply with the data protection principles when gathering and using Personal Data, as set out in our internal Data Protection Policy.

Types of Personal Data We Collect and Hold

What Personal Data We Hold

If you are a Candidate

We may collect the following Personal Data upon your registration to our Careers site, upon any application you sub-mit to us, and during the recruitment process:
• Your name and contact details (i.e address, home and mobile phone numbers, email address);*
• Details of your qualifications, experience, employment history (including amongst other things
job title, salary and working hours) and interests;
• Details of your referees;
• Personal Data about your previous academic and/or employment history;*
• Personal Data regarding your academic and professional qualifications; *
• Your nationality and immigration status and information from related documents*;
• Photographic identification (e.g passport and/or driving licence)*.
You are required (by law or in order to enter into a contract of employment with us) to provide the categories of in-formation marked ‘*’ above to us, to enable us to verify your right to work and suitability for any position with us.

If you are a Worker or Employee

In addition to the Personal Data collated above (which we shall continue to retain during your engage-ment/employment and afterwards), we may also collect the following Personal Data during your engage-ment/employment with us:
• Emergency contacts (i.e name, relationship and home and mobile phone numbers);
• Employment contract information;
• Date of birth/age;
• Your sex, racial or ethnic origin;
• Details of salary and benefits, bank/building society, National Insurance and tax information*;
• Details of your spouse/partner and any dependants and/or next of kin;
• Details of any share incentive arrangements (and any information included within these as necessary to
implement and administer them);
• Details of your pension arrangements (and any information included within these as necessary to implement
and administer them);
• Details of your health insurance arrangements (and any information included within these as necessary
to implement and administer them);
• Information in your sickness and absence records (including sensitive personal information regarding
your physical and/or mental health);
• Criminal records information, including the results of Disclosure and Barring Service (DBS) checks*;
• Information on grievances raised by or involving you;
• Information on conduct and/or other disciplinary issues involving you;
• Details of your appraisals and performance reviews;
• Details of your performance management/improvement plans (if any);
• Details of your time and attendance records;
• Information regarding your work output;
• Information in applications you make for other positions within our organisation;
• Information about your use of our IT, communication and other systems, and other monitoring information;
• Details of your use of business-related social media, such as LinkedIn;
• Details in references about you that we give to others.

Certain categories of personal data referred to above may not apply to you if you are a Worker.

You may be required (by law, under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked ‘*’ above, in order to enable us to verify your right to work and suitability for any position, to pay you, to provide you with your contractual benefits (such as contractual sick pay), and to administer statutory payments (such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, to make these payments or provide these benefits. Where we process special categories of personal data (such as sex, health, ethnic origin), unless we have your explicit consent, this will be done solely for the purposes delivering a benefit to you or for equal opportunities monitoring. Information relating to our handling of criminal convictions and offences information is set out in our Criminal Records Information Policy.

Further information on the monitoring we undertake can be found in our Internal Data Protection Policy Internal).

How We Collect the Personal Data

We may collect Personal Data from you, your referees (details of whom you will have provided), your education provider, any relevant professional body, the Home Office, share scheme administrators, pension administrators, health scheme administrators, your doctors, from any medical and occupational health professionals we may engage, our insurance benefit administrators or relevant security clearance agencies. We may also collect Personal Data from cookies and other tracking technologies (subject to your consent), and/or from the monitoring of our IT and communications systems.

How We Use Your Personal Data

We will typically collect and use Personal Data for the following purposes (other purposes that may also apply are explained in our internal Data Protection Policy):
• For the performance of a contract with you, or to take steps to enter into a contract with you;
• For compliance with a legal obligation (e.g our obligations to you as an employer under employment
protection and health safety legislation, and under statutory codes of practice, such as those issued by
Acas); and
• For the purposes of our legitimate interests or those of a third party (such as a benefits provider), but
only if these are not overridden by your interests, rights or freedoms.

We monitor use of our IT and communications systems in order to prevent unauthorised or unlawful use, to identify anomalies or to resolve technical or other problems with the same. This may result in the processing of Personal Data. Further information on the monitoring we undertake and how we do this is available in our internal Data Protection Policy. We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.

Who We Share Your Personal Data With

We share some of the abovementioned categories of Personal Data with the following types of third parties, or in the
following circumstances:

Group Companies: Our business is closely aligned with that of EdenOne Solutions Limited. We share information with EdenOne and our other affiliates and subsidiaries for business purposes, such as internal administration.

Partners: We are a certified, channel partner of SAP (UK) Limited (SAP). We may liaise with SAP and its affiliates, and other strategic partners for the purposes of facilitating your education, training and certification.

Customers: We may share limited information (such as names contact details and evidence of security clearance) with our customers from time to time in order to facilitate the delivery of products and services to them.

Other Third Party Vendors: We use a variety of third-party vendors (including agents, contractors and advisors to carry out services like, by way of example only website management and hosting, and/or to protect and secure our systems and services. We only share your data as necessary for the purpose of receiving such products, services or advice from these third parties.

Sale, Merger or Acquisition: We may share your information in the event of a sale, merger or acquisition or all or any part of our business or our assets.

Compelled Disclosure: When legally required, strictly necessary for the performance of a contract, or to protect our rights (or those of our affiliates) we may disclose your Personal Data to law enforcement or other authorities if required by applicable law, pursuant to or in connection with legal proceedings, or as may otherwise be required of an entity having legal authority to require the same. We share information in this way for our legitimate interests, or to comply with our legal or contractual obligations. When sharing Personal Data with third parties, we ensure that recipients are bound by suitable obligations of confidentiality, are required to abide by our privacy and security requirements, and are prohibited from using Personal Data received from us for any other purpose. When sharing data with third parties, your personal information may be transferred outside of the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’. Where reasonably practicable, Personal Data will be anonymised, but this may not always be possible. We will not share your Personal Data with any other third party without your consent.

Transfer of your information out of the EEA

As a Controller we process your Personal Data in the European Economic Area. However, we may transfer your Personal Data to sub-processors, who may process data within as well as outside of the EEA. As a consequence, whenever such transfers occur your Personal Data may be transferred to countries outside of the EEA, we have adequate mechanisms in place to protect it, for example by the use of Standard Contractual Clauses as approved by the European Commissions. If you would like further information please contact the Privacy Team (see ‘How to Contact Us’ below).

How Long Your Personal Data Will Be Kept

How long we keep Personal Data will depend on (i) whether your application is successful, (ii) whether you are/become employed by us, (iii) the nature of the Personal Data concerned, and (iv) the purpose for which the Personal Data is processed. For further information on how long we retain your Personal Data please refer to our Records Management Policy. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date. However, you are required to inform us of any necessary changes, so that we can update or delete your Personal Data accordingly.

Your Rights

We rely on you to ensure that your personal information is complete, accurate and up to date. In the circumstances, we would ask you to notify us promptly of any changes or inaccuracies in your Personal Data.
In any event, you have a number of important rights in relation to our use of your personal information. In summary, such rights include the right to:
• access to your Personal Data;
• require us to correct any mistakes in your Personal Data;
• require the erasure of Personal Data concerning you in certain situations;
• object to our processing where we process your Personal Data based on legitimate interest;
• otherwise restrict our processing of your personal information in certain circumstances;
You can contact our Privacy Team at datarequests@edenhousesolutions.co.uk if you wish to exercise any of these
rights.

Keeping Your Personal Data Secure

We are committed to protecting the security of your Personal Data. We maintain appropriate security measures to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. Our ISO27001 certification also ensures the ongoing confidentiality, integrity, availability and resilience of our processing systems. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Whilst data transmission over the internet is inherently insecure (such that we cannot guarantee the security of data transmitted by this means), all electronic communications from us shall be encrypted.

We also have procedures in place to deal with any suspected data security breaches. We will notify you, the applicable supervisory authority and any applicable regulator of any suspected data security breach where we are legally required to do so.

How To Complain

We hope that we can resolve any query or concern you may have about our use of your Personal Data. However, if we are unable to do so, you can contact the Supervisory Authority, namely the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

How To Contact Us

Copies of all policies referred to in this privacy statement can be made available upon request.
You can contact the Privacy Team if you have any questions about this privacy statement or the information we hold
about you, by:

  • email: privacy@edenhousesolutions.co.uk
  • by post: Privacy Team, Edenhouse Solutions Limited, 6 Quartz Point, Stonebridge Road,
    Coleshill B46 3JL; or
  • by phone: 0121 767 9280