Your privacy is extremely important to us so we want you to know exactly what kind of information we hold about you and how we use it. We’ve set out all the details below.
Please take the time to read and understand this policy.
As an employees, workers, work experience, consultants, sub-contractor or interviewee at the Vale Resort we will ask you to provide certain personal information relating to you at the outset of you commencing work for us and during the course of your employment/engagement.
This information will include:
We will also collect additiona
l information during the course of your employment/engagement with us, such as:
We also keep certain sensitive or special category data in relation to you which might be relevant to your employment, such as your:
We use the personal information we hold about you for a number of different purposes, which we list below. Under data protection law we need to have a valid legal basis for using your personal information, we also set out below the legal bases which we will be relying upon.
We use the personal information we hold about you for the following reasons:
In each of these cases the legal basis that we will be relying upon to process your personal information will be because it is necessary for the performance of the contract between us.
We will also use the personal information we hold about you for the following reasons:
In both of these cases the legal basis that we will be relying upon to process your personal information will be because it is necessary for us to do so to comply with our legal obligations.
We will also use the personal information we hold about you for the following reasons:
In these cases the legal basis that we will be relying upon to process your personal information will be because it is in our legitimate interests. Our specific legitimate interests are:
We use the special category personal data we hold about you for a number of different purposes, which we list below. Data protection law prohibits us from processing any special category personal data unless we can satisfy at least one of the conditions laid down by data protection law. We also set out below the specific conditions we rely upon when processing special category data.
We use the special category personal data we hold about you for the following purposes:
In this case the condition we rely upon for processing the information is to monitor equality and diversity which is necessary for reasons of substantial public interest, namely for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained
In these cases the condition we rely upon for processing the information is because it is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment law and/or the processing is necessary for the establishment, exercise or defence of legal claims and/or the processing is necessary for the assessment of your working capacity or medical diagnosis
In these cases the condition we rely upon for processing the information is because the processing is necessary for the establishment, exercise or defence of legal claims and/or the processing is necessary for the assessment of your working capacity or medical diagnosis.
We will not otherwise process your sensitive or special category information unless you have given us explicit consent to do so.
We do not carry out any automated decision-making or profiling in relation to you.
Some of the personal data we request will be because we have a legal or contractual requirement to obtain and use the information or it is necessary for us to obtain the information to be able to enter into a contract with you, for example evidence of your right to work in the UK. Failure to provide such information will prevent us from employing or engaging you.
Your personal data will be held by the HR department. Your personal data will be shared internally with other individuals and/or departments where this is reasonably necessary for the processing purposes set out in section 2 above. For example, it will be necessary to share some of your personal information with the Finance department in order to pay you.
From time to time we will need to share your information with external people and organisations. We will only do so where we have a legitimate or legal basis for doing so and in compliance with our obligations under data protection laws.
Your information may be disclosed to:
We do not transfer any of your personal data outside the European Economic Area.
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it in the first place.
In most cases, this means we will keep your information for as long as you are employed or engaged by us and for a period of 7 years thereafter. The reason for keeping your personal data for this length of time is to comply with HMRC requirements and because of the fact that some claims can be brought up to 6 years after your employment/engagement ends.
Data protection legislation provides individuals with a number of different rights in relation to their data. For example, you have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. Exercising this right is commonly known as a “subject access request”. Certain exemptions and conditions apply to this right.
There are other rights which you also may be able to exercise, such as the right to have inaccurate personal data rectified, to object to the processing of personal data, to the erasure of personal data or to have the processing of your personal data restricted as well as the right to have electronic data made portable. All these rights are subject to certain conditions and exemptions.
To obtain further information about these rights please see the ICO website - www.ico.gov.uk. If you wish to exercise any of these rights please contact the HR department.
Where your personal data is processed on the basis of your consent or explicit consent, you have the right to withdraw your consent to the processing at any time. You can do this by emailing [email protected]. Any withdrawal of consent will not affect the lawfulness of any processing of your personal data based on consent before the withdrawal is notified.
If any of your personal details change during your employment/engagement you should contact a member of the HR team to notify them and provide them with the updated accurate information.
We review the ways we use your information regularly. In doing so, we may change what kind of information we collect, how we store it, who we share it with and how we
act on it.
We will keep this policy under regular review to ensure it is accurate and kept up to date. This policy was last updated on 12/03/18.
Our full name is Vale of Glamorgan Hotel Limited
We are the data controller of the information you provide us with and we hold about you. The term “data controller” is a legal phrase used to describe a person or entity that controls the way personal data is used and processed.
The Information Commissioner’s Office (ICO) regulates data protection in the UK. They make a lot of information accessible on their website - www.ico.gov.uk.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. We will always do our very best to solve any problems you may have.
You’re welcome to get in touch with us to discuss your information at any time. Our contact details are you can email [email protected] or write to us Privacy Team, Vale of Glamorgan Hotel Limited, Mwyndy Business Park, Pontyclun, CF72 8PN.
As an employee, worker, work experience, consultant, sub-contractor or interviewee of the Vale Resort you may have access to the data of individuals, either colleagues within or customers of the business. You must treat this data in such a way as to help the business comply with all current laws and regulations; this means that the data you have access to can only be used for the purposes it was intended for, e.g. customer data must only be used to allow us to fulfil our contracts to supply goods and services or to provide them with information about other goods and services in which they may be interested. Under no circumstances should an individuals data be shared outside of the business unless there is a requirement to do so in order to fulfil our contract and there is a legal agreement in place, for example, if a supplier is delivering goods directly to a customer and they have agreed to our supplier terms and conditions. If you have any doubts about sharing data you must discuss it with your line manager prior to sharing the information.