The General Data Protection Regulation (GDPR) details your rights as a “Data Subject” to: be informed; have access to information; rectification; erasure; restrict processing; data portability; object; not be subject to automated decision making and profiling – you can read more about these in detail by visiting the Information Commissioner’s website (ico.org.uk). We only hold and process Personal Identifiable Information (“PII”) when it is necessary to do so to comply with legal requirements or for the legitimate interests of our business.
The “Data Controller” is Farmfoods Limited and may be referred to as “we” or “us” in this “policy”. The Data Controller includes all employees of Farmfoods Limited and Farmfoods Distribution Limited that handle, process or have access to PII. Farmfoods Limited Registered Office is: 7 Greens Road, Blairlinn, Cumbernauld, G67 2TU (Registered in Scotland No. 30186). Farmfoods Distribution Limited Registered Office is: 7 Greens Road, Blairlinn, Cumbernauld, G67 2TU (Registered in Scotland No. 101798).
Cookies and Google Analytics
We may use small data files known as Cookies (stored on your device) to help us to improve our online service to you. We also use Google Analytics to measure the volume of visits to our website. You may choose to set your browser to block cookies and/or tracking.
Sharing Your Data
We will not share your data without your permission unless:
- We are obliged to by Law Enforcement or Government Departments, e.g. HMRC or Public Authorities.
- It is required by a third party to administer employee benefits including, company car, fuel, pension administration or insurances that we may put in place on your behalf.
- It is required by a third party to monitor and report on tachograph data.
- We need to pass it to RTITB, DVSA and other third parties in order to provide you with the service of Driver CPC Periodic Training, and to produce the associated documentation.
- It is required by our approved apprenticeship providers to facilitate the support and development of your apprenticeship with us.
- You have taken responsibility for holding keys to company premises and your telephone number(s) are required by a third-party alarm response centre.
- The goods or services you have received have not met your expectations and we are able to forward your details directly on to the manufacturer or supplier of those goods or services; our suppliers may then contact you directly and are also obliged to ensure your rights to privacy are protected.
- You sign up to our mailing list for vouchers, money saving offers, discounts and exclusive deals; in doing so you consent to your email address being passed through our service providers solely to facilitate the delivery of this content until you choose to unsubscribe using the links provided at the bottom of these email messages.
- It is to establish, exercise or defend our legal rights.
We will seek permission to:
- Share our employees' details with Occupational Health service providers.
The above list is not exhaustive.
Types of Personal Identifiable Information (PII) Held and Retention Periods
"Contact Details" for all our Data Subjects may include name, postal address, telephone numbers and email addresses.
Whether you are, or have been, an employee or have cause to contact us, the type of personal information held and retention periods are detailed here:
- Unsuccessful applications for employment, submitted on paper or online application forms, completed by you or passed to us by a recruitment agent, are held for six months after the closing date or programme start date; this data may include: Contact Details; employment history; education and qualifications; CVs; interests and hobbies; criminal record information; referee details. Your information will only be used for the purpose of consideration for appointment. Appointments are not subject to automated decision making, unless legal requirements are not met for the Right to Work in the UK or the appropriate licence is not held to drive a specified vehicle class.
- In addition to satisfying legal obligations, we process employee personal information through contractual necessity and to meet the legitimate interest of our business. Records are retained for ten years after leave date; this data may include: application for employment information as above; date of birth; National Insurance Number; gender; bank details; next of kin and emergency contact details; employment contract details including start date, salary and workplace; employment history including hours of work, earnings, attendance, performance, training, annual leave, disciplinary and grievance; memberships to professional bodies; driving licence, performance and endorsements; evidence of the right to work in the UK; video footage; electronic use of company software and devices, including email; photographs; exit interviews and reasons for leaving; redundancy; accidents and / or incidents; terms of settlement agreements and other claims; medical information when appropriate, e.g. Statement of Fitness for Work notes and Occupational Health information or for risk assessment and management; allocation of earnings for arrestments; and trade union subscriptions. We may also hold information to protect employee future rights for longer periods, e.g. pension contributions and insurance information. We may use your information, including video or stills, to: administer the contract we have entered with you; maintain business management, planning and auditing; train our teams using images of events where you may be ‘in frame’; and to keep you up to date with business decisions, changes and products. Where there is justified suspicion of criminal activity or equivalent malpractice and on completion of a Privacy Impact Assessment, it is possible covert monitoring will be used for a limited period of time; only data relating directly to the criminal activity or equivalent malpractice will be retained for no longer than the period specified above covering all employee data.
- General customer, members of the public and non-employee Contact Details and reason for enquiry, including correspondence, compensation and good will gestures, are held for six months after the resolution of your enquiry, with the following exceptions: email addresses subscribed to our mailing list will only be removed after the unsubscribe link has been clicked; personal information included in financial transactions that are required to be kept for a period of seven years for tax and financial auditing; or personal information, date of birth, still images, video, compensation values and medical reports held relating to accidents or incidents that are, or could be, referred to our insurers or legal representative will be held for a period of up to ten years after the date of incident, last contact or conclusion of legal proceedings. Your details will be kept and used only for the purposes we have told you about.
- Correspondence, contact details and payee information taken for the purpose of charitable donation will be held for eighteen months after payment is made.
- Contact details supplied by contractors as part of their Public Liability Insurance will be held for three years after the end of the policy period.
How We Protect Your Data
We adhere to the principle of “Privacy by Design" by, among other things, assessing any potential impact to the protection of your privacy when we review our systems or are planning changes. We deploy and update security technologies to protect data from unauthorized access. Confidential filing systems and digital storage servers are kept in secure locations. All areas of our business maintain a Data Register, listing the type of PII held and how our Data Subjects rights are protected. Employees, acting on behalf of the Data Controller, are made aware of their responsibility to your privacy.
Changes to This Policy
Data Protection Officer
Requests for information, updates to your personal information, data rectification, data erasure or objections to our processing of data should be made in writing to: The Data Protection Officer, Farmfoods Limited, 7 Greens Road, Cumbernauld, G67 2TU; or by email to firstname.lastname@example.org.
Signed: Mark Haggerty
Position: Data Protection Officer
Dated: January 2020