BREEDON GROUP PLC
PRIVACY NOTICE: ALL BREEDON GROUP WORKERS
Purpose of this privacy notice
The Data Protection Act 1998 (the "DPA") imposes legal obligations on the way in which Breedon Group plc and its subsidiary and associated companies, including, Hope Cement Limited ("Hope Cement"), Breedon Southern Limited ("Breedon Southern"), Breedon Northern Limited ("Breedon Northern") and/or Breedon Group Services Limited ("Group Services") (together "Breedon Group" and each a "member of Breedon Group") obtains, records and processes personal information about workers. This notice explains:
- what personal information Breedon Group collects and for what purposes; and
- your rights in respect of our use of your personal data.
For the purposes of this policy, "worker" means all of Breedon Group's permanent and temporary employees, and any other individuals who are working for any Breedon Group company but are not directly employed, including company officers, consultants, contractors, contracted hauliers and their employees, work experience candidates and agency workers.
When we refer to “you” in this policy, we mean each individual worker. Use of the term 'worker' is not to be taken to imply that any particular individual has employment status with the company.
When we refer to "we" in this policy, we mean each member of Breedon Group.
This policy covers:
- Who is the data controller?
- What do we use your personal data for?
- Who may have access to your personal data?
- Your rights
Please familiarise yourself with the following words and phrases as they have particular meanings in the DPA and are used throughout this privacy notice:
||Means any information from which a living individual can be identified.
This includes factual information such as telephone numbers, bank account details, credit card numbers, names, addresses, e-mail addresses, photographs, video monitoring equipment (“CCTV”) footage, voice recordings and vehicle tracking data. It also includes expressions of opinion and indications of intentions about individuals (and their own expressions of opinion/intentions), such as performance appraisals.
Information which does not on its own identify an individual is still "personal data" for the purposes of the DPA if it can be combined with other information that Breedon Group holds or that Breedon Group could obtain fairly easily. For example; if personal data has been anonymised by Breedon Group but the company also holds the key to "de-anonymise" the information, or could fairly easily obtain that key, then the anonymised information will still be personal data for the purposes of the DPA.
|Sensitive Personal Data
Information relating to:
- Racial or ethnic origin;
- Political opinions;
- Religious beliefs or beliefs of a similar nature;
- Trade union membership;
- Physical or mental health or condition;
- Sexual life; or
- Offences or alleged offences or information relating to any proceedings for offences committed or allegedly committed.
The term "processing" covers virtually anything you can do with personal data (whether processed in an electronic format or in a structured paper-based format) including:
- Obtaining, recording, retrieving, consulting or holding it;
- Organising, adapting or altering it;
- Disclosing, disseminating or otherwise making it available; and
- Aligning, blocking, erasing or destroying it.
||This is the individual to whom the personal data relates.
||The UK Information Commissioner, who is responsible for implementing, overseeing and enforcing the DPA.
Who is the data controller?
Breedon Group has a number of registrations as a data controller with the Information Commissioner under the DPA.
If you are a worker of Hope Cement, Hope Cement is the data controller.
If you are a worker of Breedon Southern, Breedon Southern is the data controller.
If you are a worker of Breedon Northern, Breedon Northern is the data controller.
If you are a worker of Group Services, Group Services is the data controller.
You may be a worker to more than one member of the Breedon Group.
Each member of Breedon Group may process personal data about you for the following purposes:
What do we use your personal data for?
|Payroll, Pension, Tax and Accounts
||To calculate and pay your salary, PAYE, NI, and pension contributions, and to keep business accounts.
||To calculate, pay and provide benefits such as life assurance, private medical cover, bonuses and other benefits that Breedon Group may offer from time to time, such as cycle to work scheme, childcare voucher scheme and share scheme.
||To administer your employment with us. For example, this will include, complying with employment contracts, legal obligations, our policies and to administer medical and sickness records, sick pay/leave information, holiday/absence, appraisals, promotions, disciplinary and grievance matters, family leave, applications/interview records, working time records and immigration checks.
|Administration of Membership Records
||To administer your membership with clubs, associations and other organisations for business and/or professional purposes.
|Training and Career Development
||To administer and supervise your training and career development.
||To facilitate trade union memberships and relationships. This might include the processing of sensitive personal data.
||To carry out medical examinations to ensure that you are able to carry out the duties which form part of your duties at work, obtaining medical reports if you are on long term sick and drug and alcohol testing.
INDIVIDUALS WHO ARE NOT EMPLOYED BY THE COMPANY
|Remuneration and Accounts
||To calculate and/or pay your charges/fees/expenses/allowances and to keep business accounts.
||To administer your work with us. For example, this will include, monitoring compliance with contracts for services, legal obligations and, where relevant, our policies.
||To provide you with our company training relevant to the services which you provide. To provide you with certificates of attendance.
ABOUT ALL WORKERS
||To keep your personal data and that of others secure and prevent unauthorised access, loss, damage, destruction or corruption.
||To develop our business generally including through marketing (i.e. we may provide your name, work contact details and/or experience to existing and potential customers/clients/suppliers).
||To administer any travel and/or accommodation arrangements where you are required to travel within or outside the UK.
|Company and Group Company Administration
||To carry out administration tasks within Breedon Group and its subsidiary and associated companies.
|Prevention and Detection of Crime
||To prevent and detect crime. This might include processing sensitive personal data including information about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed.
||To promote and monitor equal opportunities within Breedon Group. This might include the processing of sensitive personal data including, religious or similar beliefs, and ethnic origin.
|Corporate finance, Mergers and Acquisitions
||To carry out group company or business restructuring, to sell or otherwise dispose of any of the Breedon Group companies or businesses, or acquire or merge with other companies or businesses. We may disclose your personal data, including sensitive personal data, for any of the above purposes, including at negotiation stage.
|Regulatory and Professional Requirements
||To comply with regulations and professional requirements to which Breedon Group is subject, which includes regulatory requirements of AIM or other stock market listing.
||To administer revenue and tax obligations.
||To carry out vetting of workers to comply with relevant legal requirements. This might include processing sensitive personal data including information obtained from CRB or other official checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed.
|Health and Safety
||To comply with health and safety laws and Breedon Group's SHE policies. This may include Breedon Group processing your sensitive personal data, such as details of your mental and physical health.
||To monitor your use of Breedon Group's IT resources. More information has been provided about this in the section headed 'Monitoring' below.
Who may have access to your personal data?
Sometimes we may need to disclose some of your personal data to other third party organisations. Depending on your status or role with the company, this may happen where we use another organisation to provide services, such as payroll administrators, pension administrators, life assurance providers, expenses administrators, IT service providers, training providers, recruitment agencies, professional advisers (including lawyers and accountants), occupational health professionals, banks, vehicle providers, auditors, or other contractors.
We may also have to disclose some personal data to professional bodies, HM Revenue & Customs, Courts, the Police and other UK governmental or regulatory authorities.
From time to time, we may need to transfer your personal data outside the EEA, for example, where we need to share the information about our workers with Breedon Group's shareholders or directors outside the EEA.
Additionally, we may use service providers that are based outside of the EEA, or which are part of global groups of companies, but we will ensure that any such service provider complies with strict obligations of confidentiality and security, and that any transfers of personal data outside the EEA comply with the law.
Please be aware that your name and work contact details and other information about your work life (for example experience) or training you have carried out (including photographs or video footage) may be made available to customers/clients, potential customers/clients, suppliers and potential suppliers, as well as being available to other workers within Breedon Group, e.g. via our company directory, our website (internal or external).
If you have any objections to any disclosures of your personal data, including on our intranet or website, please contact the Compliance Team. Contact details for the Compliance Team are given at the end of this policy document.
Where relevant, we may monitor your use of our IT resources and communications, including computers, internet and intranet access, e-mail, voicemail, faxes, telephones (including company mobile phones), and data collected by CCTV systems, access card systems, and vehicle mounted tracking and camera systems for the following reasons:
||To maintain and update IT resources and to monitor for viruses and other disruptive programmes.
||To investigate, detect and prevent crime and to identify, find and prosecute offenders. This might include the use of CCTV (see below for more detail), for example, to protect workers’ and other individuals’ safety.
|Unauthorised use of IT resources
||To determine whether any IT resources are being used without authorisation either by workers or external hackers.
||To establish the existence of business related facts and/or to determine whether communications are relevant to our business. For example, depending on your status or role with the company, if you are away from work, to establish whether incoming e-mails are from customers/clients and to ensure that they are properly dealt with during your absence.
|Legal and Policy Compliance
||To determine whether Breedon Group and/or its workers are complying with legal requirements, contracts, our relevant policies and rules and any other requirements with which Breedon Group and/or its workers should comply.
|Material Quality and Service Standards
||To determine whether you are attaining the targets/standards which you ought to be achieving, such as customer/client material quality and service standards.
We may also use CCTV to monitor workers and others on our premises and may disclose footage to third parties such as the Police, solicitors and the Courts. We may also disclose CCTV footage to the media if we believe that this will assist in finding or identifying criminals. Any third parties operating our CCTV system or editing footage for us may also have access to footage on which you appear.
Any CCTV monitoring carried out by Breedon Group will be subject to the CCTV Code of Practice which has been issued by the Information Commissioner. If you would like to see a copy of the CCTV Code of Practice, please contact the Compliance Team.
Breedon Group operates a telephony system on which calls are recorded for purposes including the verifying of service and delivery instructions, and monitoring compliance with contracts and customer and client service and quality standards by Breedon Group employees, contracted hauliers and drivers. Telephone recordings may be disclosed to operations, legal, sales, logistics, and health and safety workers, as well as to Breedon Group's customers, and also to the same categories of third parties and for the same purposes as CCTV footage. Breedon Group's telephony provider may also have access to telephone recordings.
Breedon Group also operates vehicle mounted tracking and camera systems. Data gathered by such systems may be used for monitoring compliance with: contracts, service and delivery standards, materials quality standards and safety standards (for example, safe driving standards) by Breedon Group employees, contracted hauliers and drivers; and for monitoring the deployment of transport resources available to the Company for the purposes of its business. Such data may be disclosed to operations, legal, sales, logistics and health and safety workers, as well as to Breedon Group's customers and also to the same categories of third parties and for the same purposes as CCTV footage. Breedon Group's vehicle tracking and camera system provider may also have access to this data.
As a data subject, you have the following rights under this policy, which are granted by the DPA:
- the right of access to personal data relating to you (see below);
- the right to prevent your personal data being processed (see below);
- rights in relation to automated decision taking (see below);
- the right to have inaccurate personal data corrected or erased (see below); and
- compensation for damage caused by contravention of the DPA.
These rights are explained in more detail below, but if you have any comments, concerns or complaints about Breedon Group's use of your personal data, please contact the Compliance Team.
Requests for access to your personal data
You may ask to see what personal data we hold about you and be provided with:
- a copy;
- details of the purpose for which it is being or is to be processed;
- details of the recipients or classes of recipients to whom it is or may be disclosed; and
- any information available about the source of that data.
Requests for your personal data must be made to the Compliance Team in writing and a copy may be retained on your personnel file.
To help us find the information easily, please give us as much information as possible about the type of information you would like to see.
If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
There are certain types of data which we are not obliged to disclose to you, which include:
- confidential references we give;
- personal data processed for the purposes of management forecasting or management/succession planning where disclosure would cause harm; and
- personal data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.
Right to prevent processing of personal data
You may request that we stop processing your personal data or require that processing is stopped if that processing is causing or is likely to cause you or someone else substantial damage or distress, and that damage or distress is or would be unwarranted.
If you think that any of our processing may cause such damage or distress, you should notify the Compliance Team in writing.
Rights in relation to automated decision taking
You may ask us to ensure that, when we are evaluating you (for example evaluating your conduct or your performance), we don’t base any decisions solely on an automated process. You must notify us of this request in writing to the Compliance Team.
If you make such a request, you will then have the right to be notified where such a decision is or will be based on an automated process. If we notify you that we have taken such a decision, you may request us to review that decision other than by automatic means by writing to the Compliance Team within 21 days of receiving the notification.
These rights will not apply in all circumstances, for example where the decision is authorised or required by law and steps have been taken to safeguard your interests.
You may challenge the accuracy of personal data which we process about you. If, on investigation, it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed or corrected, as appropriate, and to receive written confirmation that this has been done.
You must carry out your duties in such a way to ensure that Breedon Group complies with its obligations under the DPA. Where you are processing personal data about another person, it is your responsibility to ensure that the personal data is:
- processed fairly;
- processed for the limited purposes which Breedon Group has registered with the Information Commissioner;
- adequate, relevant and not excessive for those purposes;
- not kept longer than is necessary;
- processed in accordance with the DPA;
- kept secure; and
- not transferred outside the European Economic Area (EEA) without the required safeguards.
These responsibilities are explained in detail in our “Data Protection Policy”, a copy of which is available from the Compliance Team, and posted on the Breedon Group website.
COMPLIANCE TEAM CONTACT DETAILS