Gift Voucher Map Call

Staff Privacy Policy

This Privacy Policy applies to all employees, workers, and those undertaking work experience at Leekes Limited, (Company Number 00563751) the Vale of Glamorgan Hotel Limited (Company Number 03698783) and Hensol Castle Resort Developments Limited (Company Number 06332621)
Your privacy is extremely important to us so we want you to know exactly what kind of information we hold about you and how we use it.
We’ve set out all the details below.

Please take the time to read and understand this policy.
1. What information do we hold about you?
As an employees, workers, or if undertaking work experience at we will ask you to provide certain personal information relating to you at the outset of you commencing work for us and during the course of your employment.
This information will include but is not limited too:
• Your name
• Your address
• Your date of birth
• Your sex
• Your family details
• Your education and qualifications
• Your work experience
• Your National Insurance number
• Your tax code
• Your emergency contact details
• Your bank details
• Your pension details
• Evidence of your ability to work in the UK
We will also collect additional information during the course of your employment with us, such as but not limited to:
• Information provided from your previous employer(s) and other referees
• Your employment history
• Your employment terms and conditions (e.g. pay, hours of work, holidays, benefits)
• Details of any other offices or appointments or business interests you hold
• Any accidents connected with work
• Any training undertaken
• Any disciplinary, grievance or other issues relating to your employment - FOR A TIME SPECIFIED PERIOD
• Your attendance record and leave taken (e.g. holiday, sickness absence, family leave)
• Performance reviews
• Any other personal information you share with us, including lifestyle and social circumstances
• Any reasonable adjustment(s) made to your employment under the Equality Act 2010
We also keep certain sensitive or special category data in relation to you which might be relevant to your employment, such as but not limited to:
• Racial or ethnic origins
• Driving license details
• Passport details
• DBS Checks
• Political opinions
• Religious or philosophical beliefs
• Membership of a trade union
• Physical or mental health (including details of any disability)
• Sexual orientation
• Details of any known disability
• commission or alleged commission of any offence


2. What will we use your information for and what are our legal bases for doing so?
We use the personal information we hold about you for a number of different purposes, which we list below. Under data protection law we need to have a valid legal basis for using your personal information, we also set out below the legal bases which we will be relying upon.
We use the personal information we hold about you for the following reasons:
• To comply with and enforce our contract with you and inform you of any changes
• To pay you and provide you with any benefits you are entitled to
• To deal with any disciplinary and grievance issues which may arise relating to you or in respect of which you may be able to provide relevant information
• To record your absences from work and your leave
• To review and manage your performance and development
• For general employment or contract administration purposes
In each of these cases the legal basis that we will be relying upon to process your personal information will be because it is necessary for the performance of the contract between us.
We will also use the personal information we hold about you for the following reasons:
• To comply with and demonstrate compliance with our legal obligations and best practice as an employer
• To comply with and demonstrate compliance with any regulatory requirements
In both of these cases the legal basis that we will be relying upon to process your personal information will be because it is necessary for us to do so to comply with our legal obligations.
We will also use the personal information we hold about you for the following reasons:
• To monitor compliance with any of our policies and procedures
• To provide references
• To promote Leekes Limited, the Vale of Glamorgan Hotel Limited and or Hensol Castle Resort Developments Limited
In these cases the legal basis that we will be relying upon to process your personal information will be because it is in our legitimate interests. Our specific legitimate interests include but are not limited to:
• To be a fair and reasonable employer in relation to your employment/engagement and our employment/engagement of others and be able to demonstrate this and/or
• To comply with and demonstrate compliance with our obligations as an employer and/or our policies and procedures relating to employees, workers, work experience, consultants, sub-contractors or interviewees
• To enable us to respond to reference requests.
• To promote our business
We use the special category personal data we hold about you for a number of different purposes, which we list below. Data protection law prohibits us from processing any special category personal data unless we can satisfy at least one of the conditions laid down by data protection law. We also set out below the specific conditions we rely upon when processing special category data.
We use the special category personal data we hold about you for the following purposes:
• To monitor equality and diversity.
In this case the condition we rely upon for processing the information is to monitor equality and diversity which is necessary for reasons of substantial public interest, namely for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained
• To comply with and demonstrate compliance with employment law and best practice and any other applicable laws
• To comply and demonstrate compliance with any regulatory requirements
• To deal with any disciplinary and grievance issues which may arise relating to you or in respect of which you may be able to provide relevant information
In these cases the condition we rely upon for processing the information is because it is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment law and/or the processing is necessary for the establishment, exercise or defence of legal claims and/or the processing is necessary for the assessment of your working capacity or medical diagnosis
• To record your absences from work
• To provide you with any health benefits you may be entitled to
In these cases the condition we rely upon for processing the information is because the processing is necessary for the establishment, exercise or defence of legal claims and/or the processing is necessary for the assessment of your working capacity or medical diagnosis.
We will not otherwise process your sensitive or special category information unless you have given us explicit consent to do so.
We do not carry out any automated decision-making or profiling in relation to you.
Some of the personal data we request will be because we have a legal or contractual requirement to obtain and use the information or it is necessary for us to obtain the information to be able to enter into a contract with you, for example evidence of your right to work in the UK. Failure to provide such information will prevent us from employing or engaging you.


3. Who do we share your information with?
Your personal data will be held by the HR department. Your personal data will be shared internally with other individuals and/or departments where this is reasonably necessary for the processing purposes set out in section 2 above. For example, it will be necessary to share some of your personal information with the Finance department in order to pay you.
From time to time we will need to share your information with external people and organisations. We will only do so where we have a legitimate or legal basis for doing so and in compliance with our obligations under data protection laws.
Your information may be disclosed too but not limited to:
• Her Majesty’s Revenue and Customs (HMRC) in connection with your pay and benefits
• Banks and other financial institutions in connection with your pay and benefits
• Pensions providers for providing and administering your pension
• Payroll provider to enable us to pay you
• Companies and businesses who provide or administer any benefits we offer. For example, if you are entitled to private health care we’ll share relevant information with the health care provider, or if you have opted for childcare vouchers we’ll share relevant information with the childcare voucher provider.
• Other people who help us provide our website, in-house WIFI network, they include information technology experts who design and host our website
• Our insurers and insurance brokers who provide us with comprehensive cover against the risks of running a business
• Employment and recruitment agencies and outplacement organisations
• Professional bodies and regulators such as the Financial Services Authority
• Our professional advisors including our accountants when they need it to give us their professional advice.
• Occupational Health and other medical professionals including social and welfare organisations to provide us with medical opinions in relation to any medical condition, illness or disability you may have or develop during the course of your employment/engagement
• The Police, local authorities, the courts and any other government authority if they ask us to do so (but only if us doing so is lawful).
• Other people who make a subject access request, where we are allowed to do so by law.
• Complainants, where this is necessary to respond to any complaints received
• Debt collection and tracing agents
• Where we are legally obliged to do so, e.g. to comply with a court order
• Current, past or prospective employers in response to reference requests or in relation to any potential transfer of ownership of Leekes Limited, the Vale of Glamorgan Hotel Limited and or Hensol Castle Resort Developments Limited
• Educational establishments, examination bodies, course providers in relation to any training you undertake or have undertaken
• Marketing service providers who carry out marketing activities on our behalf
• Companies that provide technical support for IT services for example the company that provides the HR software will from time to time have access to the data held within the software for the purposes of addressing any technical issues.
• Your family or representatives
• Companies within our group for administrative purposes.

4. International Transfer of Your Information
We do not transfer any of your personal data outside the European Economic Area.

5. How long do we keep your information for?
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it in the first place. In most cases, this means we will keep your information for as long as you are employed or engaged by us and for a period of 7 years thereafter. The reason for keeping your personal data for this length of time is to comply with HMRC requirements and because of the fact that some claims can be brought up to 6 years after your employment/engagement ends.

6. Individual rights
Data protection legislation provides individuals with a number of different rights in relation to their data. For example, you have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. Exercising this right is commonly known as a “subject access request”. Certain exemptions and conditions apply to this right.
There are other rights which you also may be able to exercise, such as the right to have inaccurate personal data rectified, to object to the processing of personal data, to the erasure of personal data or to have the processing of your personal data restricted as well as the right to have electronic data made portable. All these rights are subject to certain conditions and exemptions.
To obtain further information about these rights please see the ICO website - www.ico.gov.uk. If you wish to exercise any of these rights please contact the HR department.

7. Ability to withdraw consent
Where your personal data is processed on the basis of your consent or explicit consent, you have the right to withdraw your consent to the processing at any time. You can do this by emailing privacy@leekes.co.uk. Any withdrawal of consent will not affect the lawfulness of any processing of your personal data based on consent before the withdrawal is notified.

8. Accuracy
If any of your personal details change during your employment/engagement you should contact a member of the HR team to notify them and provide them with the updated accurate information.

9. Updates to this Privacy Policy
We review the ways we use your information regularly. In doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it.

Consequently, we will need to change this privacy policy from time to time to keep it accurate and up-to-date.

We will keep this policy under regular review to ensure it is accurate and kept up to date. This policy was last updated on 12/03/18.

10. About us
Our full name is Leekes Limited.

We are the data controller of the information you provide us with and we hold about you. The term “data controller” is a legal phrase used to describe a person or entity that controls the way personal data is used and processed.

11. Where to get more information about your data protection rights
The Information Commissioner’s Office (ICO) regulates data protection in the UK. They make a lot of information accessible on their website - www.ico.gov.uk.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. We will always do our very best to solve any problems you may have.

12. Contact us
You’re welcome to get in touch with us to discuss your information at any time. Our contact details are you can email privacy@leekes.co.uk or write to us Privacy Team, Leekes Ltd, Mwyndy Business Park, Pontyclun, CF72 8PN.

13. Your Responsibilities
As an employee, worker, work experience, consultant, sub-contractor or interviewee of Leekes Limited, the Vale of Glamorgan Hotel Limited and or Hensol Castle Resort Developments Limited you may have access to the data of individuals, either colleagues within or customers of the business. You must treat this data in such a way as to help the business comply with all current laws and regulations; this means that the data you have access to can only be used for the purposes it was intended for, e.g. customer data must only be used to allow us to fulfil our contracts to supply goods and services or to provide them with information about other goods and services in which they may be interested. Under no circumstances should an individuals data be shared outside of the business unless there is a requirement to do so in order to fulfil our contract and there is a legal agreement in place, for example, if a supplier is delivering goods directly to a customer and they have agreed to our supplier terms and conditions. If you have any doubts about sharing data you must discuss it with your line manager prior to sharing the information.