This Privacy Notice has been developed to ensure contractors feel confident about the privacy and security of their Personal Data and to meet the I.T. Alliance Groups’ obligations under the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (the “Legislation”).
This Notice sets out guidelines for I.T. Alliance Resourcing Services and Auxilion (Auxilion Ireland Limited and I.T. Alliance N.I. Limited, subsidiaries of I.T. Alliance Group Limited, trading as Auxilion, I.T. Alliance and I.T. Alliance Resourcing Services herein referred to as ‘Auxilion’, ‘we’, ‘us’ or ‘our’).
Those obligations, set out below, apply to contract applicants and current contractors of I.T. Alliance Resourcing Services. Under the Legislation, Personal Data is information that identifies you as an individual or is capable of doing so (“Personal Data”).
To the extent that I.T. Alliance is a ‘data controller’, it must comply with the data protection principles set down in the Legislation (and referenced in detail below). This Notice applies to all Personal Data collected, processed and stored by us in the course of activities.
The purpose of this Notice is to set out the procedures that are to be followed when dealing with Personal Data and to outline how we will collect and manage personal information in accordance with all relevant legislation and standards. This Notice extends to all Personal Data whether stored in electronic or paper format.
Meet Tom Moxon
Tom heads up the team in I.T. Alliance Resourcing Services and a core member of the data privacy group. You can reach out to Tom via email info [at] italliancegroup.com or connect with Tom via LinkedIn.
Personal Data Stored
We only hold Personal Data that is directly relevant to our dealings with a given data subject. That data will be collected, held, and processed in accordance with the data protection principles (outlined below) and with this Notice in a reasonable and lawful manner. The types of information that we may be required to handle include:
- Identification data – name, address, phone number, E-mail address(s), date of birth, gender and relevant national identification number
- Contractor ID number & photograph
- Car registration
- Bank account details – sort code, account number and IBAN
- Pay and financial information (including tax and insurability classification)
- Emergency contacts
- Prior work experiences and qualifications (such that might be normally associated with a CV)
- Awards received & professional membership information.
- Marital status
- Garda vetting data
- Contract of employment and commencement details
- Interview and selection notes
- Various ongoing records that generated in the course of your engagement (such as data relating to leave, training, performance reviews etc.)
- Data required for the processing and progression of Policies and Procedures (e.g. Human Resources policies)
- Health and Safety issues
- Health data (including medical certificates and reports regarding fitness to work and, where relevant vaccination records)
- Visa and work permit details
- Driving licenses
- Details relating to pension and various contractor benefits
- CCTV (UK Only – Sheffield and Telford Units)
Job applications are received by us, both solicited and unsolicited, either directly or via job sites. There is no obligation on us to retain or reply to unsolicited applications made. Unsolicited applications, whether in writing or via e-mail or other form may be issued with written notification from us upon receipt of your application and if and where relevant processed through the appropriate recruitment procedure. Applications sought by the Group shall necessitate the furnishing of a range of Personal Data pursuant to the appropriate Recruitment procedure.
We will hold securely such applications and additional information which may be obtained during the course of any recruitment, interview and selection process, such as interview notes, education qualifications etc. electronically and/or manually. The general retention period for applications and interview notes is 12 months and documents are then securely destroyed, save for where applicants opt-in to retain data entered by them into the system in the course of their application, for ease of future applications made.
All provisions of this Notice will apply to the processing of your application. Your information may be shared with the Groups’ agents or partners in connection with services that these individuals or entities perform. These agents or partners are restricted from using this data in any way other than to provide the specified related services.
Data Protection Principles
Anyone processing Personal Data (including I.T. Alliance Resourcing Services) must comply with six core principles of good practice. These provide that Personal Data must be:
- Obtained and processed fairly, lawfully and in a transparent manner;
- Collected only for one or more specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Kept only to the extent that same is adequate, relevant and limited for what is necessary in relation to the purposes for which they are processed;
- kept accurate and up-to-date;
- Retained no longer than is necessary for the purpose for which the data is processed; and
- Processed in a manner that is safe and secure.
I.T Alliance Resourcing Services is responsible for and must be able to demonstrate compliance with the above principles.
Processing Personal Data
Personal Data collected by us is collated in order to ensure that it can provide the best possible service to our customers and wider stakeholders. The collection of that Personal Data allows us to efficiently manage our contractors. I.T. Alliance Resourcing Services uses contractors Personal Data in its legitimate interests. It may also use Personal Data in meeting certain obligations imposed by law.
Business processes or contractor administration uses for Personal Data include:
- recruitment, selection, promotion;
- reference and qualification checks;
Garda vetting (or equivalent)
- changing salary;
- changing department/job code;
- changing working hours;
- terminating an contractor contract;
- process offers of employment and processing work permits and visas where applicable;
- systems set up;
- processing payroll and tax;
- processing benefits and expenses;
- arranging travel visas;
- organising training programmes;
- initiating and progressing a policy or procedure
- other reasons for ordinary personnel administration not listed here.
We may also use your Personal Data to:
- assess performance and keep records of your development for the purposes of annual reviews, etc.
- communicate any changes to our policies, procedures or to your contract of employment (including changes to salary);
- contact you or your dependants if there are any health and safety or absence issues (including long term illness and maternity leave);
- calculate any changes in your payment for services provided and/or
- retain contact information for the purposes of returning our property e.g. security cards, mobile phones, laptops, in connection with your departure from us.
The I.T. Alliance Group shall employ reasonable means to keep Personal Data information accurate, complete and up to date in accordance with the purposes for which it was collected.
Contractors are responsible for ensuring that they inform their Manager/Human Resources of any changes in their personal details. We endeavour to ensure personal information held by it is up to date and accurate.
Where we provide email facilities and access to the internet, same are provided in line with the policies and procedures of our Information Technology Division. Those policies and procedures are there to protect against the dangers associated with email and internet use. They include a right to monitor email and web usage. Please refer to the e-mail and internet usage policies for further details.
CCTV cameras are in operation at a range of points across Auxilion’s UK units (only) and the primary purpose of having CCTV is for security and health and safety purposes. As an ancillary use, contractor monitoring will only take place in the event of an incident that requires investigation. Access to the recorded material is strictly limited to authorised personnel.
Contractors can be supplied with a security access card which allows them access to buildings and/or other secured areas depending on access requirements. The primary use of such systems is for security and access. Access to access records is strictly limited to authorised personnel.
Does the I.T. Alliance Group disclose information about you to anyone else?
Personal Data may be disclosed internally when passed from one department to another in accordance with the data protection principles and this notice. Personal Data is not passed to any internal department or any individual that does not reasonably require access to that Personal Data with respect to the purpose(s) for which it was collected and is being processed. Sensitive and/or restricted contractor information must have additional internal access restrictions as appropriate.
We shall disclose contractor information to third parties only when it is necessary as part of our operating practices or when there is a legal or statutory obligation to do so. Such third parties may include, but are not limited to:
- occupational health advisors.
- legal advisors.
Whenever the I.T. Alliance Group discloses contractor information to third parties, it will only disclose that amount of personal information necessary to meet such business need or legal requirement. Third parties that receive contractor information must satisfy the I.T. Alliance Group as to the measures taken to protect the Personal Data such parties receive and to ensure compliance with the Legislation and this Notice.
Appropriate measures will be taken to ensure that all such disclosures or transfers of contractor information to third parties will be completed in a secure manner and pursuant to contractual safeguards.
The I.T. Alliance Group may provide information, in response to properly made requests, for the purpose of the prevention and detection of crime and the apprehension or prosecution of offenders. It may also provide information for the purpose of safeguarding national security. In the case of any such disclosure, we will do so only in accordance with the Legislation.
- The I.T. Alliance Group may also provide information when required to do so by law, for example under a court order.
- The I.T. Alliance Group may transfer data to legal counsel where same is necessary for the defence of legal claims.
In the event that there was any change in the ownership of any part of the I.T. Alliance Group’s operations or any of its assets, the I.T. Alliance Group may disclose personal information to the new (or prospective) owner. If so, the I.T. Alliance Group will require the other party to keep all such information confidential.
How long does the I.T. Alliance Group keep personal information?
The time period for which the I.T. Alliance Group generally retains information varies according to the use of that information. In some cases there are legal requirements to keep data for a minimum period of time. Unless specific legal requirements dictate otherwise, the I.T. Alliance Group will retain information no longer than is necessary for the purposes for which the data were collected or for which they are further processed.
How would the I.T. Alliance Group protect data about you were it to be transferred out of Europe?
Countries in the European Economic Area (EEA) are required to have a similar standard of protection of Personal Data. This is not always the case outside that area. In the event that the Group would be required to transfer data outside the EEA (such as for a secondment), before doing so, steps would be taken to ensure that there is adequate protection as required by the Legislation.
How can you exercise your rights in respect of personal information the I.T. Alliance Group holds about you?
The I.T. Alliance Group shall vindicate all your rights under the Legislation. These rights are as follows:
- your right to request access to Personal Data held by the Group, and to have any incorrect Personal Data rectified;
- your right to the restriction of processing concerning you or to object to processing;
- your right to have Personal Data erased (where appropriate); and
- your right to data portability regarding certain automated Personal Data
- with regard to rights within the Legislation relating to “automated decision-making”, the I.T. Alliance Group does not use such processes and they do not arise.
Vindication of your rights shall not affect any rights which we may have under the Legislation. If you want to exercise any right, you can do so by making your specific request in writing to the I.T. Alliance Group Data Protection email DataProtection@auxilion.com. Your request will be processed within 30 days of receipt. If the information held about you is inaccurate, you are requested to advise the I.T. Alliance Group promptly so that the necessary amendments can be made and same can be confirmed as being made within 30 days of receipt of your request. Contractors also have the right to lodge a complaint with the Office of the Data Protection Commissioner.
How do we protect personal information about you?
The I.T. Alliance Group shall employ reasonable and appropriate administrative, technical, personnel, procedural and physical measures to safeguard contractor information against loss, theft and unauthorised uses access, uses or modifications. All personal information stored is either password protected or is locked away in cabinets. Only a limited number of authorised personnel have access to this information.
The following principles apply:
- Confidentiality – only people who are authorised to use the data can access it.
- The I.T. Alliance Group will ensure that only authorised persons have access to a contractor personnel file and any other Personal or Sensitive Data held.
- Contractor are required to maintain the confidentiality of any data to which they have access, including all data relating to fellow contractors, customers, clients, service providers as well as website users and administrators.
- Integrity – that the Personal Data is accurate and suitable for the purpose for which it is processed.
- Availability – that authorised users should be able to access the data if they need it for authorised purposes.
This Notice will be reviewed and updated from time to time to take into account changes in the law and the experience of the Notice in practice. Any and all changes will be advised. This Notice does not form part of any contractor’s contract of employment and it may be amended at any time. Any breach of this Notice will be taken seriously and may result in the invoking of appropriate disciplinary procedures