This Fair Processing Notice (“Notice”) describes how Renault Retail Group UK Ltd collects and uses personal information relating to Renault Retail Group UK Ltd people in the UK and Ireland.
Please note that there may be additional guidance issued in Ireland which may be required to enable compliance with any local law or regulation, if that local guidance is in any respect inconsistent with this document, this document shall only apply to the extent that it is consistent or may be made consistent, with that local guidance from time to time.
This Notice tells you what personal information Renault Retail Group UK Ltd collects about Renault Retail Group UK Ltd people, why we need it, how we use it and what protections are in place to keep it secure. If you are an external candidate and seek further information, but are unable to use any links referred to in this Notice, please speak with your Recruitment Officer.
“Renault Retail Group UK Ltd ” “we” and “us” mean Renault Retail Group UK Ltd .
“Renault Retail Group UK Ltd People” and “you” mean prospective, present and past employees, contractors, and agency staff and people connected to them (such as the person you nominate to contact in an emergency).
“Personal information” means information about you, and from which you could be identified, including information which may be protected under the privacy or data protection laws of the country in which you are employed.
It is Renault Retail Group UK Ltd’s policy to:
- Process your information fairly and in accordance with applicable laws:
- Tell you (either directly or in our policies) about how we will use your personal information;
- Only collect personal information from you when we need it for legitimate purposes, or legal reasons;
- Ensure that your personal information is adequate, relevant and not excessive for the purpose for which we collect it;
- Not keep your personal information for longer than we need to;
- Keep your personal information secure, and limit the people who can access it;
- Ensure that you know how to access your personal information and exercise your rights in relation to it, including being able to keep it accurate and up to date; and
- Ensure that any third parties we share your personal information with take appropriate steps to protect it.
More information about Renault Retail Group UK Ltd’s policy to privacy and data protection is outlined in the General Data Protection Regulations Policy available on the company intranet.
We collect and use different types of personal information about you, depending on your circumstances, your role and the law, which may include:
|Type of information||Examples
Please note that the examples are illustrative and non-exhaustive
|Information about you||Name, address, date of birth, nationality, race, gender, and preferred language, details of any disabilities, work restrictions.|
|Information to contact you at work or home||Name, address, telephone number and email addresses|
|Information about who to contact in a case of emergency (yours or ours)||Name, address, telephone number, email addresses and their relationship to you|
|Information to identify you||Photographs, passport and driving licence details, electronic signatures and proof of address|
|Information about your suitability to work for us||References, interview notes, recruitment tests, work visas ID information such as passport details and driving licence information, records / results of pre-employment checks, including DBS check, credit, fraud checks, birth certificate and psychometric tests|
|Information about your skills and experience||CVs, application forms, references, records of qualifications, skills, training and other compliance requirements|
|Information about your terms of employment with Renault Retail Group UK Ltd||Letters of offer and acceptance of employment, your employment contract, bonus schemes, job descriptions, shared parental leave, flexible working requests, training agreements, policy signature sheets and attendance logs|
|Information that we need to pay you||Bank account details, national insurance or social security numbers, P45 / new starter checklist|
|Information that we need to provide you with benefits and other entitlements||Length of service information, health information, leave requests, pension details, staff loans, beneficiary information and various payroll reports|
|Information to allow you to access our buildings and systems||Employee identification number (ARCA), computer or facilities access and authentication information, identification codes, passwords, answers to security questions|
|Information relating to your performance at work||Performance ratings, targets, objectives, records of performance reviews, records and / or notes of 1:1s and other meetings, personal development plans, personal improvement plans, correspondence and reports|
|Information relating to disciplinary or grievance||Interview / meeting notes or recordings, correspondence, CCTV (as applicable)|
|Other employment related processes||Recruitment requests (AO1), salary adjustments (AO2), SAR requests, redundancy data, resignation correspondence, references to third parties, organisation charts, exit interviews, photos, using personal mobile numbers for certain roles to receive leads, leaver form and driving penalty notifications|
|Information relating to your work travel and expenses||Bank account details, passport, driving licence, vehicle registration and insurance details|
We need to collect and use your personal information for a number of purposes. These may include:
|Purposes for which we need your personal information||Examples
Please note that the examples are illustrative and non-exhaustive
To conduct pre-employment checks, including determine your legal right to work and carrying out criminal record and credit checks where applicable;
|HR, Finance and other Business administration purposes||
|Information Technology administration purposes||
Sometimes, you might provide us with another person’s personal data – e.g. details of your emergency contact or next of kin. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.
We have security arrangements in place to guard against unauthorised access, improper use,
alteration, destruction and accident loss of your personal information. You are required to help with this by ensuring that your own personal information and that of your colleagues and third parties are kept secure. You should not share your (or anybody else’s) personal information unless there is a genuine business reason for doing so.
We make appropriate organisation and technical security measures and have rules and procedures in place to ensure that any personal information we hold on computer systems is not accessed by anyone it shouldn’t be. Information about the IT security standards we use to protect your personal information can be found in the IT Security Policy.
We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. Commonly, this could include situations where we are legally obliged to provide the information (e.g. to HMRC for tax purposes), to comply with our contractual duties (e.g. to providers of your contractual benefits such as occupational pension, health insurance, etc., or where it is necessary in our legitimate interest e.g. to an IT service provider for maintenance of our IT systems.
We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us.
Some of the personal data you provide to us is required by law. For example, if you do not provide your national insurance number, we will not be able to make correct tax/NI deductions on PAYE, and, if you are pregnant, we require a MATB1 in order to pay statutory maternity pay.
We may require you to provide other personal data, where it is necessary for us [or our pensions/benefits providers] to fulfil our contractual obligations to you, or for you to fulfil your contractual obligations to us, or where our use of the data is necessary in our legitimate interests. For example, if you do not provide us with a timesheet, we cannot pay you for the [overtime] hours you have worked / if you do not provide us with your driving licence details we cannot issue you a loan plan or ECOP car, or if you do not provide us with change of address details we cannot accurately communicate with you.
If you choose not to provide us with personal data requested, we will tell you about the particular implications of any such decision at the relevant time.
We will not keep your personal data for longer than we need it for our legitimate purposes.
We take into account the following criteria when determining the appropriate retention period for Employees’ personal data:
- the amount, nature, and sensitivity of the personal data;
- the risk of harm from unauthorised use or disclosure;
- the purposes for which we process your personal data and how long we need the particular data to achieve these purposes;
- how long the personal data is likely to remain accurate and up-to-date;
- for how long the personal data might be relevant to possible future legal claims;
- any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept.
Given the variety of Employees’ personal data that we use and the varying circumstances in which
we use it, it is difficult to specify ahead of time precisely how long we will keep particular items of
personal data. Where possible, the HR Retention Policy (available on Connect) identifies retention
periods applicable to your personal data, which have been determined on the basis of the above
criteria and which represent the longest period for which we will ordinarily keep it. We may often
keep particular items of your personal data for less time. However, there may also be circumstances in which it is appropriate for us to keep particular items of your personal data for a longer period than that set out in the HR Retention Policy. In particular, we will always keep your personal data for so long as we are required to do so under legal, accounting, reporting or regulatory requirements.
In addition, for some types of personal data, it is more appropriate to decide retention periods on a case by case basis (also using the criteria described above), and this is indicated in the HR Retention Policy where applicable.
We will base these decisions on relevant circumstances, taking into account the criteria listed above.
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If you have any questions about the personal information that we hold about you we suggest that
you speak to your line manager or HR in the first instance.
If you would like to exercise any of the above rights or if you have any concerns about how your personal data is being used by Renault Retail Group UK Ltd, please contact your HR Coordinator in writing. Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.
Note too that you have the right to make a complaint at any time and in the first instance you are encouraged to use the complaints procedure detailed within the Renault Retail Group UK Ltd GDPR Policy. If however we are unable to satisfactorily resolve your complaint you can complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk
Further guidance on this notice can be found in the General Data Protection Regulations Policy.
Head of HR
Notice to be reviewed at least annually.