People & Culture Privacy Notice
Your information is very important to us and we look after it carefully in line with privacy and data protection laws, including the General Data Protection Regulation, UK GDPR and any applicable national legislation. We’ve set out below in more detail what information we collect about you, how we use that information and your rights as a data subject.
This Employee Privacy Notice (which is for anyone employed on a permanent or fixed-term contract of employment) describes the categories of personal information we may process, how your personal information may be processed and how your privacy is safeguarded while you’re here with us.
It’s intended to comply with our obligations to provide you with information about the Company's processing of your personal information under privacy laws. It doesn’t form part of your contract of employment.
This Employee Privacy Notice should be read alongside any supplemental privacy notices you may receive from the Company, including, where applicable, specific local privacy notices. We may update this Employee Privacy Notice from time to time and will notify you when any changes are made.
The Company is committed to protecting the security of the personal information you share with us or that we may receive or have about you. To support this, we’ve taken appropriate technical, physical and organisational measures to make sure the level of security is appropriate to the risk of it being compromised.
Last reviewed: October 2025.
DHU Healthcare CIC (Registered in England under registration no. 05834163 with its registration address at No:2 Roundhouse Road, Derby DE24 8JE its subsidiary and associated companies (referred to as DHU) is committed to protecting personal data.
During the course of our activities we, DHU Healthcare, will process personal data (which may be held on paper, electronically, or otherwise) about our Employees and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UKGDPR). The purpose of this notice is to make you aware of how we will collect and use your personal information both during and after your working relationship with DHU Healthcare
a) This notice applies to:
1. All applicants seeking employment with DHU Healthcare
2. All current and former employees of DHU Healthcare
3. All other workers, such as but not limited to sessional workers
4. All other contractors & consultants engaged with DHU Healthcare
5. All apprentices at DHU Healthcare
6. All volunteers at DHU Healthcare
7. All others that are engaged with DHU Healthcare as a direct or indirect resource
It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
b) The Data Controller is DHU Healthcare.
c) DHU have appointed a data protection officer and this is Affinity Resolutions who can be contacted at DPO@regulatorysolution.co.uk
a) We will comply with the 7 data protection principles in the DPA and UK GDPR, which say that personal data must be:
I. Processed lawfully, fairly and in a transparent manner.
II. Collected only for specified, explicit and legitimate purposes.
III. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
IV. Accurate and where necessary kept up to date.
V. Not kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed.
VI. Processed in a manner which ensures appropriate security of the data.
VII. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’)
b) “Personal data” means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
c) Fair and lawful processing
I. We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the UK GDPR.
II. We will only process “special category data” also called “sensitive personal data” about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data and personal data relating to criminal proceedings or convictions, where a further condition is also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes. The full list of conditions is set out in the UK GDPR.
In the main the processing of special category data linked to your employment with DHU will be covered under Article 9(2)(b) in the act of processing data for Employment, social security and social protection law.
We collect personal data in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party, such as an employment agency, former employer, background check providers, credit reference agencies and from the DBS. We also collect information throughout the period of your working relationship with us. This may be collected during your work-related activities. Some of the information you provide will be a statutory requirement and others contractual. We will inform you whether you are required to provide certain personal information statutory or contractually or whether you have a choice.
1. We will process data about Employees for legal, contractual, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to pay you, monitor your performance and to confer benefits in connection with your employment. We will also process data where it is necessary for our legitimate interest such as training, profiling Employees and advising Employees of benefits from third parties. We may also use your data where it is necessary to protect your vital interests. This processing may include but is not limited to.
a) To maintain accurate records and contact details.
b) Assessing suitability for employment, promotion, conferring benefits and pay reviews.
c) Complying with statutory and contractual requirements.
d) Maintaining records of employment, grievance, complaints, disciplinary, performance, appraisal, training, career and professional development and needs.
e) Operating Employees schedules, leave, sickness absences, workforce management, maternity leave, paternity leave, adoption leave and any other unpaid leave.
f) Payment to you of any entitlements and payment to any third party such as HMRC or a pension provider.
g) Reviewing sick leave or fitness to work.
h) Preventing fraud.
i) To provide access to key systems and application as required as part of your employment with DHU
j) Monitoring use of IT & telephony systems including;
a. Computer usage
b. Mobile phone usage
c. Recording all incoming and outgoing telephone calls on DHU telephony system
Information relating to this is detailed in our Acceptable Use / expenses procedures
k) Video recordings (CCTV) in our buildings and in our vehicles.
l) Ensuring effectiveness of people & culture polices, data protection polices, business administration and other business policies and procedures.
m) Establishing or defending complaints and legal claims.
n) To fulfil laws which apply to us and any third parties we work with.
o) For statistical research and analysis and to enable us to we can monitor and improve services.
p) To monitor how we are meeting our clinical and non-clinical performance.
q) Managing our relationships with you and third parties who assist us to provide the services or information to you. We will never process your data where these interests are overridden by your own interests.
r) To maintain Employees management & people & culture process
s) To update DHU Employees Management databases for administrative purposes (e.g. for shift vacancies, sickness and emergency cover situations) and will use these methods to communicate with you for item such as, but not limited to,
a. sending organisational updates via email and
b. changes to shift coverage
c. additional cover requests
d. emergency notifications by phone, email or SMS.
2. We may process special category data relating to Employees including, as appropriate:
a. Information about an employee’s physical or mental health or condition to monitor sick leave and take decisions as to the employee’s fitness for work.
b. The employee’s racial or ethnic origin or religious or similar information to monitor compliance with equal opportunities legislation.
c. To comply with legal requirements and obligations to third parties.
d. The above is not a restrictive list and we may process all the special category data set out in clause 2(C)(I) above.
3. As part of the Recruitment & On-Boarding process your data will be collected via external systems authorised and compliance checked by DHU Healthcare.
4. You are also required to adhere to the Confidentiality Code of Conduct when dealing with or coming in to contact with any information that relates to DHU or its business in any way, this includes abiding by and acknowledging the fact that any information placed on public forums, internet media or social media that brings DHU or any of its subsidiaries in to disrepute may be followed with disciplinary action or legal action where appropriate and justified. Information relating to breaches may be shared with relevant authorities without your consent in pursuance of the above.
Your personal data may be shared internally within DHU including but not limited to; members of People & Culture, payroll department, health & safety management and IT where your personal data is necessary for the performance of their roles or a process. It may also be shared with the wider work force where this is necessary for our legitimate interest.
DHU may also share your personal data with third parties which may include: -
a) External organisations for conducting pre-employment reference and background checks.
b) Payroll providers.
c) Benefits providers such as, but not limited to Employee Assistance, Insurance and Pensions.
d) Occupational health and wellbeing providers.
e) Professional Bodies
f) External IT supports.
g) Internal and external auditors, accountants, lawyers, legal support and other professional providers.
h) HMRC and other government bodies.
i) NHS Trusts and other health care bodies.
j) DBS checking agencies.
k) If we merge or restructure (e.g., TUPE, your personal information will be provided to new providers of transferred services)
l) With regulators or to comply with any legal obligation.
m) To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
n) When you request, we supply personal data to another party you wish to supply services or products to you.
o) Where we use other companies to provide services on our behalf for training, processing, mailing, delivering, answering questions about products or services, sending mail and emails, data analysis, assessment and profiling or processing credit/debit card payments.
p) with our subsidiaries, affiliates or associated organisations companies
q) When you join or take part in any social media platforms managed by us.
r) When we have a contract with another organisation to provide our services jointly with them
s) Emergency Services should the need arise for yours or others health, safety and wellbeing
t) Certain basic personal information, such as your name, location, job title, contact information and any published skills and experience may also be accessible to other employees via the Company’s intranet. Where required, certain other information such as your home location may be accessible to other employees with operational responsibilities via Company systems.
a) We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data
b) We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
c) Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
a) We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed including satisfying any legal, tax, health and safety, reporting or accounting requirements.
b) We will generally retain your data for the duration of your employment or contract with us and for a period after termination of your employment or contract, which will be a minimum of six years after termination.
This is subject to any minimum statutory or other legal requirement.
c) Personal data which is no longer required will be securely and effectively destroyed.
a) You have the right to:
I. Request access to any personal data we hold about you.
II. Ask to have inaccurate data held about you amended, as long as proven inaccurate.
III. Request the erasure of your personal data – this enable you to ask us to delete or remove your personal data where there is no compelling reason for its continued processing.
IV. . In certain situations, you have the right to ask us to temporarily stop using your personal information. This might apply, for example, if:
i. You believe the information we hold about you is incorrect, and we’re checking it.
ii. You think we’re using your data unlawfully but don’t want us to delete it.
iii. You’ve asked us to delete your data, but we need to keep it for legal reasons.
iv. You’ve objected to how we’re using your data, and we’re considering that request.
While the restriction is in place, we’ll store your data securely but won’t use or share it unless you agree, it’s required by law, or we need it to protect someone’s rights.
V. Object to the processing of your personal data.
VI. Request data portability – this is a request to transfer personal data to a third party so it can be reused.
VII. Request a review of automatic decision making – we do not envisage that any employment decisions will be taken solely on automated decision making. However, we will notify you if this position changes.
b) If you wish to know what personal data we hold about you, you must make the request in writing to the Human Resources Team, this will then be recorded, reviewed and approved in line with relevant procedures.
c) If you are not satisfied with the way in which we deal with your request, you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk.
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the EEA.
DHU reserves the right to update or amend this privacy notice at any time, including where DHU intends to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data.
We will issue you with a new privacy notice when we make significant updates or amendments.
a) If you have any questions about this privacy notice or how we handle your personal data please contact the Information Governance & Data Protection Team at information.governance@dhuhealthcare.nhs.uk.
b) If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with your line manager or contact information.governance@dhuhealthcare.nhs.uk.
Any breach of the DPA will be taken seriously and may result in the commencement of an investigation in line with the DHU disciplinary Procedure.
The full Privacy Policy is available on the DHU website www.dhuhealthcare.com.
If any further information is required on the content of this privacy notice or policy, please contact either the People & Culture team or your line manager. people & culture We are required to hold details of your personal mobile number and email address on DHU Employees Management databases for administrative and process purposes (e.g. for shift vacancies, sickness and emergency cover situations) and will use these methods to communicate with you for item such as, but not limited to; you being part of a process in line with the DHU procedures, such as but not limited to Investigation, sending organisational updates via email if you are out of the business and changes to shift coverage, additional cover requests, emergency notifications by phone, email or SMS where the need arises
|
Ref |
Purpose for processing |
Necessary for Performance of Contract |
Necessary to comply with a Legal Obligation |
Legitimate Interest |
What is the Company's Legitimate Interest |
|
a) |
Recruitment and selection |
Y |
Y |
Y |
The Company considers it has a legitimate interest in fully assessing applications for employment to ensure only suitable and appropriate candidates are both assessed and selected, so that the Company identifies the right people for its business who will be able to contribute to its operations and to the culture. |
|
b) |
Appropriate vetting for recruitment and team allocation including, where relevant and appropriate credit checks, right to work verification, identity fraud checks, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and professional qualifications; |
|
Y |
Y |
The Company considers it has a legitimate interest in managing its business operations in the most effective way and needs to make decisions relating to the future of its business in order to preserve its business operations or grow its business, including the interests of the workforce as a whole and the Company customer base. |
|
c) |
Providing and administering remuneration, benefits, pension and incentive schemes and reimbursement of business costs and expenses and making appropriate tax and social security and other deductions and contributions as required; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business, including ensuring that employees are properly remunerated, and that remuneration is set to an appropriate level and in undertaking normal business operations. |
|
d) |
Allocating and managing duties and responsibilities and the business activities to which they relate, including business travel; |
Y |
|
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including ensuring each employee undertakes appropriate duties, is properly trained and undertakes their role correctly and in accordance with appropriate procedures and in undertaking normal business operations. |
|
e) |
Identifying and communicating effectively with employees; |
Y |
|
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including undertaking normal business operations and maintaining a dialogue with employees. |
|
f) |
Managing and operating appraisals, conduct, performance, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal P&C processes and making related management decisions; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including ensuring each employee undertakes appropriate duties, is properly trained and undertakes their role correctly and in accordance with appropriate procedures. It also includes addressing and resolving employee related concerns and issues and complying with applicable laws and regulations. |
|
g) |
Training, development, promotion, career, talent management and succession planning and business contingency planning; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including ensuring that each employee undertakes appropriate duties, is properly trained and undertakes their roles correctly and in accordance with appropriate procedures. |
|
h) |
Consultations or discussions with representatives of employees; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including undertaking normal business operations and maintaining a dialogue with employees and complying with applicable laws and regulations. |
|
i) |
Conducting statutory reporting and surveys for benchmarking, identifying improved ways of working, employee relations and engagement at work (these will often be anonymous but may include profiling data such as age and gender to support analysis of results); |
|
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business. This includes ensuring that each employee undertakes appropriate duties, is properly trained and undertakes their roles correctly and in accordance with appropriate procedures, undertaking normal business operations and maintaining a dialogue with employees, ensuring that employees are properly remunerated, and that this remuneration is set to an appropriate level and complying with applicable laws and regulations. The Company has a legitimate interest in seeking the views of its workforce and giving them the opportunity to raise concerns or suggest improvements.
Effective employee engagement helps ensure the Company makes the best decisions for the business and is important to attract and retain high calibre employees. This will support the Company to achieve its immediate and long-term business goals and outcomes. |
|
j) |
Processing information about absence or medical information regarding physical or mental health or condition in order to: assess eligibility for remuneration and benefits related to health, sickness absence and long-term incapacity; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and conduct |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business, including ensuring each employee undertakes appropriate duties, is properly trained and undertakes their roles correctly and in accordance with appropriate procedures and managing employee absence and leave entitlements.
The Company considers that it has a legitimate interest in managing health and safety risks and operating its business. This includes supporting the welfare of employees and taking steps to identify and mitigate risks to employees’ health, safety or welfare, ensuring fitness for work and to manage absence and incapacity impacting on the ability of employees to perform their roles. Effective support and management of employees supports business performance and the attraction and retention of high |
|
|
related management processes; |
|
|
|
calibre employees. This supports the Company's immediate and long-term business goals and outcomes. |
|
k) |
For planning, managing and carrying out restructuring or redundancies or other change programmes including appropriate consultation, selection, alternative employment searches and related management decisions; |
|
Y |
Y |
The Company considers it has a legitimate interest in managing its business operations in the most effective way. The Company needs to make decisions relating to the future of its business in order to preserve its business operations or grow its business. These interests include the interests of the workforce as a whole and the Company customer base. |
|
l) |
Complying with reference requests where the Company is named by the individual as a referee; |
|
|
Y |
The Company considers it is in the legitimate interests of a new employer to receive confirmation of employment details from the Company for the purposes of confirming the former employee's employment history. |
|
m) |
Operating Company IT systems and other business and communication tools and technologies including operating email, IT, internet, social media, P&C related and other company policies and procedures. To the extent permitted by applicable laws, the Company carries out monitoring of the Company's IT systems and other business and communication tools and technologies to protect and maintain confidentiality, integrity and security; to ensure compliance with the Company's policies, procedures and other standards and to locate information through searches where needed for a legitimate business purpose or required by law; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in operating its IT systems and other business and communication tools and technologies effectively and managing its workforce and operating its business. The IT function is essential to ensuring that this can be carried out in the most effective way. This includes maintaining the confidentiality, integrity and security of data and facilitating records management. |
|
n) |
Satisfying its regulatory obligations to supervise the persons employed or appointed by it to conduct business on its behalf, including preventing, detecting and investigating a wide range of activities and behaviours, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities; |
|
Y |
Y |
The Company considers it has a legitimate interest in ensuring that its business, clients, employees and systems are protected including detecting and preventing crimes or criminal activity; ensuring only appropriate employees are engaged in our business; and ensuring compliance with export control and other legal requirements placed upon us (both by EU and non-EU laws). |
|
o) |
Protecting the private, confidential and proprietary information of the Company, its employees, its clients and third parties; |
|
Y |
Y |
The Company considers it has a legitimate interest in ensuring that its business, clients, employees and systems are protected including protecting our assets and the integrity of our systems, detecting and preventing loss of our confidential information and proprietary information. |
|
p) |
Complying with applicable laws and regulation (for example maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulation to which the Company is subject in the conduct of its business); |
|
Y |
Y |
The Company considers that it has a legitimate interest in managing its workforce and operating its business. This includes ensuring that each employee undertakes appropriate duties, is properly trained and undertakes their roles correctly and in accordance with appropriate procedures. It is also necessary to undertake normal business operations and maintain a dialogue with employees and comply with applicable laws and regulations. |
|
q) |
Monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws; |
|
Y |
Y |
The Company considers it has legitimate interests in ensuring that it takes action to prevent discrimination and promote an inclusive and diverse workplace. |
|
r) |
Planning, due diligence and implementation in relation to a commercial transaction or service transfer involving the Company that impacts on your relationship with the Company for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules; |
|
Y |
Y |
The Company considers it has a legitimate interest in managing its business operations in the most effective way. The Company needs to make decisions relating to the future of its business in order to preserve its business operations or grow its business. These interests include the interests of the workforce as a whole and the Company customer base.
In the event that the Company makes a decision to outsource a function or acquire or transfer a business or part of a business the Company and the third party with whom the Company is seeking to transact each have a legitimate interest in ensuring that the workforce, employee costs and liabilities are sufficiently understood prior to committing to the transaction and to ensure a smooth transition of employees if a transaction goes ahead.
Business change programmes and transformation support business continuity and improvement and support the Company in achieving its long-term business goals and outcomes. |
|
s) |
For business operational and reporting documentation such as management and headcount reporting, the preparation of annual reports or tenders for work or client team records including the use of photographic images; |
Y |
|
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including ensuring each employee undertakes appropriate duties and undertaking normal business operations. |
|
t) |
To operate the relationship with third party customer and suppliers including the disclosure of relevant vetting information in line with the appropriate requirements of customers to those customers, contact or professional CV details or photographic images for identification to clients or disclosure of information to data processors for the provision of services to the Company; |
Y |
|
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business, including ensuring each employee undertakes appropriate duties and undertaking normal business operations. This includes the sharing of appropriate information with existing and prospective customers and suppliers about who is or will be working with them in order to develop strong relationships and support the effective performance of commitments with customers and suppliers. In some cases, this may also include supporting customers and suppliers to comply with their legal or regulatory obligations or security requirements by having sufficient information about those providing services to them. The Company also has a legitimate interest in ensuring that it can engage with customers and suppliers effectively and that they can access the information they need to provide the service for which they have been engaged. |
|
u) |
Where relevant for publishing appropriate internal or external communications or publicity material (including photographic images) via the Company Intranet, social media and other publicity and communication channels in appropriate circumstances; |
Y |
|
Y |
The Company has a legitimate interest in communicating effectively with its workforce, customers, its audience and other stakeholders as well as carrying out appropriate business development activity.
That includes giving information to the workforce or, where appropriate customers, our audience, other stakeholders or the wider market about relevant business activities, plans or projects.
That can include making reference to those of our employees who are involved in the relevant matters being communicated above.
Effective employee, and other stakeholder communication and engagement contributes to attraction and retention of high calibre employees, development and retention of customer relationships, audience engagement and participation, strong business performance, business growth and maintaining and enhancing the Company's reputation. This supports the Company's immediate and long-term business goals and outcomes. |
|
v) |
To support P&C administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business including ensuring that each employee undertakes appropriate duties, is properly trained and undertakes their roles correctly and in accordance with appropriate procedures; managing employee absence and leave entitlements; undertaking normal business operations; maintaining a dialogue with employees; and complying with applicable laws and regulations. |
|
w) |
To change access permissions; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business. The IT function is essential to ensuring this can be carried out in the most effective way including complying with the Company policies and access controls. |
|
x) |
To provide technical support and maintenance for P&C information systems; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in managing its workforce and operating its business. The IT function is essential to ensuring that this can be carried out in the most effective way including maintaining the integrity and security of data and facilitating records management. |
|
y) |
To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in protecting its organisation from breaches of legal obligations owed to it and to defend itself from litigation. This is needed to ensure that the company’s legal rights and interests are managed appropriately. |
|
z) |
To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country; |
Y |
Y |
Y |
The Company considers it has a legitimate interest in ensuring that it complies with all legal requirements placed on it, whether those are EU or non-EU obligations. The Company wishes to maintain its reputation as a good corporate citizen and to act appropriately in all the countries in which it does business. This includes cooperating with authorities and government bodies. Indeed, the Company is required to comply with laws and regulations in those countries in which it does business and to require otherwise would lead to conflicts of laws issues. |
|
aa) |
Production and exploitation of audio-visual programming for commercial purposes, including retaining the programme and your personal data in it in our archive, for the purpose of repeating the programme or otherwise using it for commercial purposes |
|
|
Y |
The Company has a legitimate interest in producing audio visual programming for commercial exploitation, as such "off-screen" contributions from individuals are crucial to this production activity and require the processing of personal information about these individuals. |
|
bb) |
Other purposes permitted by applicable laws, including legitimate interests pursued by the Company where these are not overridden by the interests or fundamental rights and freedoms of employees. |
|
|
|
|
|
Ref |
Purpose for processing |
Necessary for Performance of Contract |
Necessary to comply with a Legal Obligation |
Legitimate Interest |
What is the Company's Legitimate Interest |
|
a) |
Recruitment and selection |
Y |
Y |
Y |
The Company considers it has a legitimate interest in fully assessing applications for employment to ensure only suitable and appropriate candidates are both assessed and selected, so that the Company identifies the right people for its business who will be able to contribute to its operations and to the culture. |