PRIVACY POLICY
Your Rights
The General Data Protection Regulation (GDPR) details your rights as a “Data Subject” to: be informed;
have access to information; rectification; erasure; restrict processing; data portability; object; not
be subject to automated decision making and profiling – you can read more about these in detail by
visiting the Information Commissioner’s website (ico.org.uk). We only hold and process Personal
Identifiable Information (“PII”) when it is necessary to do so to comply with legal requirements or for
the legitimate interests of our business.
Data Controller
The “Data Controller” is Farmfoods Limited and may be referred to as “we” or “us” in this “policy”. The
Data Controller includes all employees of Farmfoods Limited and Farmfoods Distribution Limited that
handle, process or have access to PII. Farmfoods Limited Registered Office is: 7 Greens Road, Blairlinn,
Cumbernauld, G67 2TU (Registered in Scotland No. 30186). Farmfoods Distribution Limited Registered
Office is: 7 Greens Road, Blairlinn, Cumbernauld, G67 2TU (Registered in Scotland No. 101798).
Cookies and Google Analytics
We may use small data files known as Cookies (stored on your device) to help us to improve our online
service to you. We also use Google Analytics to measure the volume of visits to our website. You may
choose to set your browser to block cookies and/or tracking.
Sharing Your Data
We will not share your data without your permission unless:
- We are obliged to by Law Enforcement or Government Departments, e.g. HMRC or Public Authorities.
- It is required by a third party to administer employee benefits including, company car, fuel,
pension administration, and insurances that we may put in place on your behalf.
- It is required by a third party to monitor and report on tachograph data.
- We need to pass it to RTITB, DVSA and other third parties to provide you with the service
of Driver CPC Periodic Training, and to produce the associated documentation.
- It is required by our approved apprenticeship providers to facilitate the support and development of
your apprenticeship with us.
- You are a service leaver or veteran seeking employment with us; we will share your details with Hire
a Hero; these will be kept in line with their privacy policy http://www.hireahero.org.uk/privacy-policy/.
- You have taken responsibility for holding keys to company premises and your telephone number(s) are
required by a third-party alarm response centre.
- The goods or services you have received have not met your expectations and we are able to forward
your details directly on to the manufacturer or supplier of those goods or services; our suppliers
may then contact you directly and are also obliged to ensure your rights to privacy are protected.
- You sign up to our mailing list for vouchers, money saving offers, discounts and exclusive deals; in
doing so you consent to your email address being passed through our service providers solely to
facilitate the delivery of this content until you choose to unsubscribe using the links provided at
the bottom of these email messages.
- It is to establish, exercise or defend our legal rights.
- It is to pursue damages, recovery of assets or conviction on suspicion of criminal activity.
We will seek permission to:
- Share our employees' details with Occupational Health service providers.
The above list is not exhaustive.
Types of Personal Identifiable Information (PII) Held and Retention Periods
"Contact Details" for all our Data Subjects may include name, postal address, telephone numbers and email
addresses.
Whether you are, or have been, an employee or have cause to contact us, the type of personal information
held, and retention periods are detailed here:
- Unsuccessful applications for employment, submitted on paper or online application forms, completed
by you or passed to us by a recruitment agent, are held for two years after the closing date or
programme start date; this data may include: Contact Details; employment history; education and
qualifications; CVs; interests and hobbies; criminal record information; referee details. Your
information will only be used for the purpose of consideration for appointment. Appointments are not
subject to automated decision making, unless legal requirements are not met for the Right to Work in
the UK or the appropriate licence is not held to drive a specified vehicle class.
- In addition to satisfying legal obligations, we process employee personal information through
contractual necessity and to meet the legitimate interest of our business. Records are retained for
six years after the year you left; this data may include: application for employment information as
above; date of birth; National Insurance Number; gender; bank details; next of kin and emergency
contact details; employment contract details including start date, salary and workplace; employment
history including hours of work, earnings, attendance, performance, training, annual leave,
disciplinary and grievance; memberships to professional bodies; driving licence, performance and
endorsements; evidence of the right to work in the UK; video footage; electronic use of company
software and devices, including email; photographs; exit interviews and reasons for leaving;
redundancy; accidents and / or incidents; terms of settlement agreements and other claims; medical
information when appropriate, e.g., Statement of Fitness for Work notes and Occupational Health
information or for risk assessment and management; Earnings Arrestment; and trade union
subscriptions. Records for employees may be retained for longer if there are legitimate concerns re-employment may risk the safety of our employees, customers, suppliers or assets. We may also hold information to protect employee future rights for longer periods,
e.g., pension contributions and insurance information. We may use your information, including video
or stills, to: administer the contract we have entered with you; maintain business management,
planning and auditing; train our teams using images of events where you may be ‘in frame’; establish, exercise or defend our legal rights; and to
keep you up to date with business decisions, changes and products. Where there is justified
suspicion of criminal activity or equivalent malpractice and on completion of a Privacy Impact
Assessment, it is possible covert monitoring will be used for a limited period of time; only data
relating directly to the criminal activity or equivalent malpractice will be retained for no longer
than the period specified above covering all employee data. CCTV is operated by Farmfoods across our premises for the security and safety of our employees, customers, service providers, visitors, and assets. The company may use recorded footage, including from covert cameras, for the purposes of appropriately addressing any concerns identified including monitoring employee conduct and in disciplinary proceedings. CCTV footage is recorded on a loop, i.e., the oldest footage is over-written, typically being retained for between 30 and 60 days, depending on the number of cameras, quality of footage, and storage capacity; footage copied from the system to longer term storage for legal or disciplinary reasons will be kept securely and removed in line with the retention policies stated elsewhere in this policy.
- General customer, members of the public and non-employee Contact Details and reason for enquiry,
including correspondence, compensation and good will gestures, are held for six months after the
resolution of your enquiry, with the following exceptions: email addresses subscribed to our mailing
list will be removed six months after the unsubscribe link has been clicked; personal information
included in financial transactions that are required to be kept for a period of seven years for tax
and financial auditing; or personal information, date of birth, still images, video, compensation
values and medical reports held relating to accidents or incidents that are, or could be, referred
to our insurers or legal representative will be held for a period of up to ten years after the date
of incident, last contact or conclusion of legal proceedings. Your details will be kept and used
only for the purposes we have told you about.
- Correspondence, contact details and payee information taken for the purpose of charitable donation
will be held for eighteen months after payment is made.
- Contact details supplied by contractors as part of their Public Liability Insurance will be held for
three years after the end of the policy period.
How We Protect Your Data
We adhere to the principle of “Privacy by Design" by, among other things, assessing any potential impact
to the protection of your privacy when we review our systems or are planning changes. We deploy and
update security technologies to protect data from unauthorized access. Confidential filing systems and
digital storage servers are kept in secure locations. All areas of our business maintain a Data
Register, listing the type of PII held and how our Data Subjects rights are protected. Employees, acting
on behalf of the Data Controller, are made aware of their responsibility to your privacy.
Changes to This Policy
We reserve the right to update this privacy policy at any time. We may also notify you in other ways from
time to time about the processing of your personal information.
Data Protection Officer
Requests for information, updates to your personal information, data rectification, data erasure or
objections to our processing of data should be made in writing to: The Data Protection Officer,
Farmfoods Limited, 7 Greens Road, Cumbernauld, G67 2TU; or by completing the CONTACT US form on our website.
Signed: Mark Haggerty
Position: Data Protection Officer
Dated: November 2024