Staff & Job Applicants Privacy Policy
About us:
Retirement Bridge Group Ltd is part of the Retirement Bridge group of companies who operate from:
Suite 4, First Floor,
Honeycomb,
The Watermark,
Gateshead,
Tyne & Wear,
NE11 9SZ
More information on the group can be found at
www.retbridge.co.uk
Your personal information will be collected and held by Retirement Bridge Group Ltd. A number of subsidiaries in our Group are also authorised and regulated by the Financial Conduct Authority (FCA). As such they may be obliged to collect information about you. Where that is the case we will tell you. Further information about our FCA regulated subsidiaries can be found at
www.retbridge.co.uk.
In this Staff & Job Applicants Privacy Policy, (the policy) references to “we”, “us” and “our” are to Retirement Bridge Group Ltd and, where relevant to your role, its FCA regulated subsidiaries. Retirement Bridge Group Ltd is the data controller of any personal data we collect for recruitment and staff management purposes.
By references to “job applicants” we mean individuals seeking to work for us. By references to “staff” we mean our existing staff. In both instances this also includes directors and non-executive directors, whether employed by us or engaged under a contract for services or similar.
Data Protection law and what this means for you:
We will use the personal information that we collect about you in accordance with all applicable data protection law in the UK and this includes the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Under data protection law, we can only use your personal information if we have a
lawful basis to do so. We must have one or more of the following bases:
- we have your consent;
- to enter into or perform a contract we have with you – for example, your employment contract;
- it is in your vital interests;
- it is in our legitimate interests to do so; or
- when we are under a legal duty.
Personal information is information about you and other individuals, for example your next of kin whose information we may collect as part of fulfilling our employment obligations to you. Before providing us with personal information about someone else, please tell that individual about this policy and tell them that you will share their personal information with us.
What personal information do we collect about you and how?
What information we collect about you depends on whether you are seeking to join us in a new role for the first time, whether you are successful in so doing and progress to becoming a member of staff with us or are engaged in service to the business in some way. Also, it depends on whether the role you are seeking to undertake requires you to be approved by the FCA before you can do so.
The following table provides more guidance:
Job Applicants |
New job applicants
- What information we collect about you may depend on whether a recruitment agent is acting for you and what information they supply to us. You should ask to see a copy of their Privacy policy. It may also depend on what information you have sent us. As a minimum we will collect your name and contact details along with your latest curriculum vitae (c.v.). We will only process other personal information about you where you have included this on your c.v. or you give us consent otherwise to do so, (for example, to allow us to make any necessary adaptations for you to attend an interview). For unsuccessful applicants we will hold this information for 6 months before destroying it securely. We may use it in the intervening period to contact you should another role become available that we believe you may be suitable for, subject to your consent. You have the right to refuse this and request your information be deleted prior to this.
|
Successful job applicants
- Once you have accepted an offer of a role with us, prior to you commencing that role we will collect additional information from you including your full name, current address (including 5-year address history), date of birth, gender and national insurance number. We will also require sight of identification from you in order that we may verify your identity and address. This information will be used for the purposes of our undertaking background screening including a ‘Disclosure Barring Service check on you (see also the section on Criminal conviction data). We will also require details of your most recent employer for reference purposes. We reserve the right to request further such references. All the above is part of how we comply with our legal and regulatory obligations. If, as a result of these checks we withdraw our offer of a role with us, we will hold this information for 6 months before destroying it securely.
|
Staff |
Once you have commenced your role, along with maintaining records of the personal information referred to above (including changes thereto that you should inform us about), we will also collect:
- your bank account details, for payment of salary;
- name and contact details of an individual you tell us is to act as an emergency contact;
- Details about other individuals such as family who you may wish to include in any eligible employee benefit schemes we may offer.
In order to meet our ongoing regulatory obligations, we may repeat background screening and Disclosure Barring Service checks on you at typically 5 yearly intervals. Confirmation of your identity and address would be required by us for this.
|
FCA Senior Managers & Certification Regime - additional requirements |
The Senior Managers & Certification Regime is the FCA accountability regime which applies to firms regulated by them. There are 3 parts to it – the Senior Managers Regime, the Certification Regime and ‘Conduct Rules’. Given some of our activities are regulated by the FCA, in addition to the information contained in the Job Applicants section above:
- where you are to commence a Senior Manager (SM) role or become a Non-Executive Director (but not taking on a SM role) we are required to obtain a regulatory reference (instead of an employment reference) about you covering your employment for the previous 6 years. We will also collect information including directorship history. Individuals taking on Senior Manager roles must be pre-approved by the FCA before they commence the role. Applications for approval to the FCA will be made by us in the name of our regulated firms.
- for roles including Senior Managers, Non-Executive Directors and staff performing a role under the Certification Regime, we are required to have processes in place to certify we consider you fit and proper to work in our business from when you commence your role and on an annual basis.
- all staff are required to abide by the individual Conduct Rules. Senior Managers are also required to abide by additional Senior Manager Conduct Rules specific to them.
|
Why we may process special categories of personal information about you:
In some circumstances we will collect special categories of personal information (also known as sensitive personal data) about you. This may include information concerning your health for example:
- if we need to consider adaptations to facilitate a job interview or to your workspace on medical grounds;
- if you are unable to work for an extended period due to ill health.
If we need to obtain such information from you, we will ask you to provide it to us. In some circumstances we may need to obtain this information from a third party such as your doctor or other medical professional. If so, we will ask for your consent.
Criminal conviction data:
As we use the Disclosure Barring Service checking service to assess applicants suitability for positions of trust with us, (and because we are obliged to undertake such checks for certain roles), we fully comply with their Code of Practice and seek to treat all applicants fairly. A copy of the Code is available from us on request or can be obtained from the GOV.UK website. We may need to process information about you relating to a criminal conviction. If we need to process information about you which relates to a criminal offence or conviction data, we will either:
- ask for your consent; or
- process it because it is necessary for us to do so to comply with our legal and regulatory obligations; or it is necessary for us to do so due to legal proceedings, obtaining legal advice or establishing, exercising or defending our legal rights.
Results of such checks will be stored and maintained securely in accordance with this policy.
Personal information will be collected from you:
- when you apply for a role with us (directly or via your recruitment agent);
- in the course of communications with you, and/or the recruitment agent or employment agency acting for you;
- when you use our website. Please note that we use cookies on our website to collect information. Please refer to www.retbridge.co.uk to see a copy of our Cookie policy;
- during the period you are employed or engaged in services with us;
- when you complete forms for us for submission to the FCA because the role you are to undertake requires you to be approved by them;
- when you complete forms to participate in any employer benefits schemes or remuneration or incentive options we may offer. This includes completing forms to make claims on any such benefits;
- In the course of communications with you during the period you work for us, including for example, where you tell us about changes to your personal information.
Who we may share your information with:
- other members of our Group of companies;
- our business suppliers we engage to undertake background screening and Disclosure Barring Service checks;
- regulators such as the FCA;
- firms and organisations we engage to provide employee benefits who we may provide you with access to;
- training providers we engage;
- external agencies and organisations including Government such as H.M.R.C. immigration or similar;
- legal and medical professionals;
- office security providers.
Other than as set out above, we will not disclose information about you to any other party without your consent except to help prevent fraud, where we have legitimate concerns about your safety and wellbeing, or if required to do so by law.
How do we use personal information we collect about you?
Under data protection law, we are only allowed to process your personal data if we have a lawful basis to do so. The lawful bases we process your personal data on in most cases are:
- we have your consent;
- it is necessary to enter into or perform a contract with you;
- it is necessary to comply with a legal obligation;
- it is necessary in order to protect your vital interests;
- it is in our legitimate interests.
Where we rely on our legitimate interests we mean our:
- pursuit of our commercial activities and objectives;
- compliance with applicable legal and regulatory obligations;
- improvement and development of our business operations and service offering;
- protection of our business, shareholders, employees, customers and other stakeholders.
We have set out the purposes for using your personal information and the legal basis we rely on in the table below:
Purpose |
Lawful Basis
|
To communicate with new job applicants.
|
Consent and Legitimate Interests and Necessary to comply with a legal obligation: We require your personal information in order to enable us to assess your suitability for a role with us. We are also under various legal and regulatory obligations, for example, compliance with FCA regulation.
|
To communicate with successful job applicants and all existing staff for example in the administration of your contract of employment and managing your employment with us including undertaking relevant performance management and monitoring.
|
Necessary to enter into or perform a contract and Necessary to comply with a legal obligation and Legitimate Interests: We require your personal information in order that we can comply with our obligations under employment law and FCA regulation. Also, it is the interest of the business to ensure we manage your employment with us properly.
|
To provide you with access to any employer benefit schemes, incentives or similar.
|
Consent and Legitimate Interests and Necessary to comply with a legal obligation: We may offer you access to various schemes and benefits we provide which you can choose to participate in. We are also under a legal obligation to provide access to a pension. In both instances we require your personal information.
|
To comply with our legal and regulatory obligations, for example to prevent fraud or to make applications to the FCA for you to become authorised by them (if the role requires this) or at least to demonstrate to FCA individuals are fit and proper to work in a regulated environment
|
Necessary to enter into or perform a contract and Necessary to comply with a legal obligation: We require your personal information in order that we can comply with our obligations under various laws including employment law and FCA regulation. In the case of FCA regulation, given some of our activities are regulated by the FCA we must satisfy ourselves you are fit and proper to work in our business.
|
To communicate with any third-party individuals such as your next of kin / emergency contact / medical professionals.
|
Consent and Vital Interests: We require your personal information in order for us to support you during any period of extended absence due to illness or injury. Also, to deal with what we believe, acting reasonably, is an emergency situation or where you are incapacitated or unwell.
|
Where will we transfer your personal information?
We will seek to process your personal information within the European Economic Area (EEA). If we transfer your personal information outside the EEA, we will seek to anonymise it. If we can't anonymise your personal information, we will take reasonable steps to ensure that your personal information is protected.
How will we use automated decision making when we process your personal information?
As part of our business operation, some decisions about you are taken using automated computer software on a system. For this we would use your personal information you have allowed us to use.
Specifically, we carry out background screening and Disclosure Barring Service checks on:
- all successful job applicants who have accepted a role from us but are yet to commence employment;
- those who are seeking to take on a role which requires them to be approved by the FCA;
- existing staff generally at intervals of circa 5 years.
These decisions do not involve human input and the systems apply pre-defined logic programming and criteria to make a decision. We use this information to help us comply with our FCA regulatory obligations which require us to demonstrate individuals are and remain ‘fit and proper’ to work in a regulated environment as well as helping us meet legal obligations – for example that individuals have the right to work in the United Kingdom. You can ask that we do not make automated decisions about you and can object to an automated decision and ask that a person reviews it. See the
How to contact us section later.
Your rights:
You have certain rights with respect to your personal information. The rights will only apply in certain circumstances and are subject to certain exemptions. Please see the table below which contains a summary:
Your rights
|
What this means |
Right of access to your personal information.
|
You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions. |
Right to rectify your personal information.
|
You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete. |
Right to erasure of your personal information.
|
You have the right to ask that your personal information be deleted in certain circumstances. For example:
- where your personal information is no longer necessary for the purpose(s) it was collected of otherwise used;
- if you withdraw your consent and there is no other legal reason to permit us to continue to use your personal information;
- if you object to the use of your personal information (see below);
- if we have used your personal information unlawfully; or
- if your personal information needs to be erased to comply with a legal obligation.
|
Right to restrict the use of your personal information.
|
You have the right to suspend our use of your personal information in certain circumstances. For example:
- where you think your personal information is inaccurate;
- the use of your personal information is unlawful but you don’t want us to delete it;
- we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defence of legal claims; or
- you have objected to the use of your personal information and we are verifying whether our grounds for the use of your personal information override your objection.
|
Right to data portability.
|
You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where this is technically feasible. This right only applies where the use of your personal information is based on your consent or for the performance of a contract, and when the use of your personal information is carried out by automated (i.e. electronic) means.
|
Right to object to the use of your personal information.
|
You have the right to object to the use of your personal information in certain circumstances. For example:
- where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party); and
- if you object to the use of your personal information for direct marketing purposes.
|
Right to withdraw consent.
|
You have the right to withdraw your consent at any time where we rely on consent to use your personal information. However, this will not apply where our use of your personal information is necessary to enter into or perform a contract with you and/or is necessary to comply with a legal obligation.
|
Right to complain to the relevant data protection authority. |
You have the right to complain to the Information Commissioners Office (ICO), where you think we have not used your personal information in accordance with data protection law. Details of how to contact the ICO are given later.
|
How long do we keep your personal information?
- For unsuccessful job applicants we will only retain your personal information for 6 months from the date of receipt, subject to your consent. It will then be destroyed securely. We will also maintain records of any background screening we have undertaken including any applications made to the FCA for 6 months. It will then be destroyed securely.
- For everyone else we will retain your personal information for the duration you are employed or engaged for services with us, plus 7 years thereafter. This is to fulfil our obligations to the FCA, H.M. Revenue & Customs and other governing bodies. Once we no longer need your personal information it will be destroyed securely. We will not consent to any request to destroy the information we hold about you before this timescale has elapsed.
Data security:
We maintain strict physical, electronic, and administrative safeguards to protect your personal information. Our I.T. systems are managed by a third party professional services company which is ISO 27001 and ISO 9001 certified. Our data is held remotely in UK data centres and our infrastructure, servers and backups are maintained and managed providing the highest security protection. Your personal information collected, processed, transferred and stored on our website, database and telephony system is protected using compliant, secure methods. Whilst e-mails to our trusted third parties are encrypted, we cannot send or receive secure e-mail to/from your personal e-mail address. We will therefore not include any of your personal information in an e-mail to you unless you give us your consent to do so. We will not accept any liability for any damages for any loss of confidentially of such e-mails. We will respond by telephone or post where we do not have your consent.
How to complain:
If you think there is a problem with how your personal information has or is being handled, please raise any concerns you have with your line manager and/or Compliance & Risk department. You also have the right to complain to the Information Commissioners Office. They can be contacted on 0303 123 1113. See also
www.ico.org.uk
Changes to this policy:
Any changes we make to this policy in the future will be posted on our website and, where appropriate we will give staff reasonable notice of any changes.
How to contact us:
|
Write to us at:
Retirement Bridge Group Ltd, Suite 4, First Floor, Honeycomb, The Watermark, Gateshead, Tyne & Wear, NE11 9SZ.
Telephone:
0800 0322118.
(in order to verify the content of your call and for staff training and monitoring purposes all calls are recorded).
E-mail:
enquiries@retbridge.co.uk
Website:
www.retbridge.co.uk
|