PRIVACY POLICY

1. Background

Manning Fruit Ltd trade name Shack Events (the "company") committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with data protection law, including the General Data Protection Regulation (GDPR). It applies to all employees, workers and contractors. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services

2. Data protection principles

Under the GDPR, there are six data protection principles that the company must comply with. These provide that the personal information we hold about you must be:

Processed lawfully, fairly and in a transparent manner.
Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
Adequate, relevant and limited to what is necessary in relation to those purposes.
Accurate and, where necessary, kept up to date.
Kept in a form which permits your identification for no longer than is necessary for those purposes.
Processed in a way that ensures appropriate security of the data.

3. The kind of information we hold about you

The company collects, uses and processes a range of personal information about you. This includes (as applicable):

§ Personal contact details, including your name, title, address, telephone number and personal e-mail address.

§ Emergency contact details, next of kin.

§ Date of birth.

§ Gender.

§ Marital status and dependants.

§ The start and end dates of your employment or engagement.

§ National Insurance Number.

§ Recruitment records, including personal information included in a CV, any application form, cover letter, interview notes, references, copies of proof of right to work in the UK documentation, copies of qualification certificates, a copy of driving licence and other background check documentation.

§ The terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, written statement of employment, terms of engagement (contract for services), consultancy agreement, pay review and bonus letters, statements of changes to employment or engagement terms and related correspondence.

§ Details of your skills, qualifications, experience and work history, both with previous employers and with the company.

§ Professional memberships.

§ Salary, entitlement to benefits and pension information.

§ Bank account details, payroll records, tax code and tax status information.

§ Disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence.

§ Appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set.

§ Training records.

§ Annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence.

§ Termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence.

§ Information obtained through electronic means, such as swipe card or clocking-in card records.

§ Information about your use of our IT systems, including usage of telephones, e-mail and the Internet

§ Photographs.

The company may also collect, use and process the following special categories of your personal information (as applicable):

§ Information about your health, including any medical condition, whether you have a disability in respect of which the company needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence being taken), medical reports and related correspondence.

§ Information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation.

§ Trade union membership.

§ Information about criminal convictions and offences.

4. How is your personal information collected?

The company collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. The company may also collect personal information from other external third parties, such as references from former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

The organisation may collect this information in a variety of ways. For example, data might be collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

Data will be stored in a range of different places, including in your personnel file, in the organisation’s Payroll and HR management system, and in other IT systems (including the organisation’s email system).

5. Why does the company process personal data?

The company will only use your personal information when the law allows us to. The company needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer entitlements (benefit, pension and insurance).
In some cases, the company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled:

§ where we need to protect your interests (or someone else’s interests);

§ where it is needed in the public interest (or for official purposes).

In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the company to:

§ Maintain accurate and up-to-date employee, worker and contractor records and contact details (including details of whom to contact in the event of an emergency).

§ Run recruitment processes and assess your suitability for employment, engagement or promotion comply with statutory and/or regulatory requirements and obligations.

§ Checking you are legally entitled to work in the UK.

§ Comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations.

§ Maintain and promote equality in the workplace.

§ Maintain an accurate record of your employment or engagement terms.

§ General administration of the contract we have entered into with you.

§ Make decisions about salary reviews and bonuses.

§ Ensure compliance with your statutory and contractual rights.

§ Ensure you are paid correctly and receive the correct benefits and pension entitlements, including liaising with any external benefits or pension providers or insurers.

§ Providing information about changes to your employment such as promotions, changes in working hours.

§ Ensure compliance with income tax requirements, e.g. deducting income tax and National Insurance contributions where applicable.

§ Maintain a record of disciplinary, grievance and capability procedures and action taken.

§ Operate and maintain a record of performance management systems.

§ Record and assess your education, training and development activities and needs.

§ Plan for career development and succession.

§ Provide references on request for current or former employees, workers or contractors.

§ Manage, plan and organise work.

§ Enable effective workforce management.

§ Operate and maintain a record of annual leave.

§ Keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled.

§ Ensure effective general HR and business administration, including accounting and auditing.

§ Complying with health and safety laws.

§ Make decisions about continued employment or engagement.

§ Maintain a record of dismissal procedures.

§ Prevent fraud.

§ Monitor your use of our IT systems to ensure compliance with our IT policies.

§ Ensure network and information security and prevent unauthorised access and modifications to systems.

§ Ensure adherence to company rules, policies and procedures monitor equal opportunities enable us to establish, exercise or defend possible legal claims.

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities).
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.

Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.

6. If you fail to provide personal information?

If you fail to provide certain information when requested, we will not be able to fully perform the contract we have entered with you (such as paying you or providing a benefit), or we could be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

7. How we use sensitive personal information?

The company will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences when the law allows us to. The company will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.1 The company’s obligations as an employer

The company will use your particularly sensitive personal information in the following ways:

§ We will use information relating to leave of absence; this can include sickness absence or family-related leave, to comply with employment and other laws.

§ We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.

§ We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sex life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

§ We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

7.2 Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, if the need arises, we will approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

8. Who has access to your personal information?

In certain circumstances, the company may be legally required to share certain data held by us, which may include your personal information, for example, where the company is involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or governmental authority. The company do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.

Your personal information may be shared internally within the company, including with members of the HR department, payroll staff, your line manager, other managers in the department in which you work and IT staff if access to your personal information is necessary for the performance of their roles.

The company may also share your personal information with third-party service providers (and their designated agents), including:

§ External organisations for the purposes of conducting pre-employment reference and employment background checks.

§ Payroll providers.

§ Benefits providers and benefits administration, including insurers.

§ Pension scheme provider and pension administration.

§ Occupational health providers.

§ External IT services.

§ External auditors.

§ Professional advisers, such as lawyers and accountants.

The company do not allow any third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Where the company engages third parties to process personal data on its behalf, they do so on the basis of written instructions; these parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

The company will not transfer your data to countries outside the European Economic Area.

The company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.

9. How does the company protect data?

The company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures by submitting a request to your line manager.

The company has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat its subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

10. For how long does the company keep data?

The company will hold your personal data for the duration of your employment. At the end of employment, your data will not be kept longer than necessary for the purpose for which it was processed. For example, personal information of employees, including terms and conditions of employment, disciplinary records, reviews and annual leave records will be kept for 6 years after employment ends. The organisation will keep hold of employees’ PAYE, Payroll records for 3 years after employment ends given the relevance to any pay disputes and as HMRC may request to see them in this time. Occupational health records will be kept in a suitable form for a minimum of 40 years after the date of the last entry.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable

11. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it

You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

12. Your rights regarding your data

It is crucial that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the company so that our records can be updated. The company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.

Your rights in connection with personal information Under certain circumstances, by law you have the right to:

§ Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

§ Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

§ Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

§ Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

§ Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

§ Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact rich@shackevents.com.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact the HR department. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

13. Automated decision-making

Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention. We do not envisage that any employment decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes.

14. Contacting Us

If you have any questions about this Privacy Notice, please contact us by email at rich@shackevents.com or by post at Shack Events, is New Cross Farm, Edwyn Ralph, Bromyard, Herefordshire, HR7 4NF. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you (as under section 11, above).

15. Changes to this Privacy Notice

We may change this Privacy Notice as we may deem necessary from time to time, or as may be required by law. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We will also notify you in other ways from time to time about the processing of your personal information.