This privacy notice (Privacy Notice), sets out the ways in which HACHETTE UK LIMITED and its associated companies which are part of the Hachette UK Group of companies and the UK companies within the Lagardère France Group collect, use and share personal data (your personal information) of its employees and workers in connection with our publishing business. It also explains what rights you have to access or change your personal data.
The Hachette UK company which employs you (we, us our) is the data controller which means we decide how your personal information is held, used and protected. We are required under Data Protection Law to notify you of the information set out in this Privacy Notice.
This Notice applies to current employee and workers. It does not form part of an employment contract or other contract to perform services. Employees and Workers should comply with the Hachette UK Data Protection Policy.
This Privacy Notice sets out your rights under data protection laws which are the Data Protection Act 2018 and any successor legislation and, from 25 May 2018 and whilst EU laws remain in force in the UK, the EU General Data Protection Regulation 2016.
We take your privacy and our responsibility to protect your information seriously. Read our privacy notice to understand:
- What information we collect about you
- How we use information we collect about you
- Who can see your information
- When we share your information
- How we look after your information
- How long we keep your information
- International Transfers of your information
- Rights and choices
COMPLIANCE WITH DATA PROTECTION PRINCIPLES
We will comply with all applicable data protection laws.
Under the Data Protection principles contained in the GDPR the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way
- collected only for a valid purpose that has been clearly explained to you and not used in a way that is incompatible with these purposes
- relevant to the purposes you have been informed about and limited to these purposes
- accurate and kept up to date
- kept only as long as necessary for the purposes you have been informed of
- kept securely
WHAT INFORMATION WE COLLECT ABOUT YOU
Personal information means any information about a living individual from which that individual can be identified. The information you provide to us might include:
Your name, postal address, email address, phone number, (contact details).
Date of birth
Marital status and dependents
National insurance number and employee number
Next of kin and emergency contact details
Bank account details.
Tax status and HMRC tax codes
Salary, bonus, pension and benefits information
Annual leave unpaid leave, sickness leave, compassionate leave and jury service
Start date / continuous employment start date.
Leaving date and reason for leaving, exit interview information
Location of employment and workplace
Copy of passport and driving licence
Recruitment information, CV, copies of any right to work documents and cover letters, references or previous employers
Employment records including job titles, work history, working hours, holiday leave, training records, professional memberships
Disciplinary and grievance information
CCTV footage and information obtained through electronic means (e.g. swipe cards, scanners)
Information on your use of company IT systems and communication systems such as mobiles and telephones and personally owned bring your own devices (BYOD) where used for work purposes
Blog contributions made on twitter accounts or social media held under the Company’s name
Your payment and other details listed on expense receipts if you claim back expenses via Concur.
Special Category Information
You may provide us with more sensitive information, known as Special Category (“Sensitive”) information which may include details about your racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, genetics, biometrics, health, sexual life, sexual orientation or about criminal offences or proceedings. We will explain why we are collecting this and it will only be used where you have given your explicit consent or for various purposes which include the performance of your contract, our legal obligations and other legitimate interests set out in this Privacy Notice.
We may collect and use the following Special Category information about you:
- Information about your race, or national or ethnic origin, religious, philosophical or moral beliefs, your sexual life or sexual orientation philosophical beliefs, disability for example where you provide these to us voluntarily in a survey or via our applicant tracking system.
- Trade union membership
- Information about your health which may include mental or physical health, disability and your medical condition, health or sick records prior to or during your employment or engagement
- When you leave employment if this is due to any health reason, or if linked to making a claim for income protection insurance or to receive a pension
- Genetic or biometric data (e.g. fingerprint images)
- Absence records details including parental leave
- Genetic information or biometric data
- Information about criminal convictions or criminal offences where the law allows us to do so including DBS checks where these are relevant
HOW WE COLLECT INFORMATION
We collect information during the recruitment process directly from candidates or from a recruitment agency or background check provider where these are used
During your employment or whilst you are working with us we will also collect personal information about you during job- related activities
Information we receive from third parties:
We may sometimes collect information from third parties such as:
– recruitment agencies, former employers, credit references agencies, Disclosure and Barring Service (DBS) or other background check agencies
– trustees or managers of pensions formerly operated by a group company
– medical or occupational health practitioners
Information about how you use our website and apps:
We will also collect certain information about how you use our website and apps and the devices that you use to access them. Our website may include links to third party websites, plug-ins and applications. By clicking on those links or enabling these connections you may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy notices. Please ensure that you read the privacy notices on any such external websites.
HOW WE USE INFORMATION ABOUT YOU
We use your personal information lawfully. We do not sell your information to third parties. However we may share your personal information as set out in the section ‘When we share your information’. The details of how we use your personal information and the legal bases for our use are set out below: Where it is necessary in order to perform our contract with you:
- to administer your contract
- to pay you and provide you with any remuneration in accordance with your contract
- to make decisions about your continued employment or engagement
- to process your requests to purchase our products from our website;
- to liaise with any managers of any pension or life insurance arrangement operated by the Company or any other provider of employee benefits.
Where it is necessary to comply with a legal obligation
- to check you are legally entitled to work on the UK
- To provide you with -statutory sick pay; maternity or paternity pay or other benefits]
- to enrol you in a pension arrangement under the statutory automatic enrolment obligations
- to comply with health and safety obligations
- to ascertain your fitness to work
- to manage sickness absences
- to respond to queries from HMRC or tax authorities relating to tax or National insurance and where you are an employee deduct any tax or national insurance contributions
- to respond to requests for information required by the Government
Where it is necessary for our ‘legitimate business interests’ (legitimate interests) or those of a third party and your interests and fundamental rights do not override those interests.This means our legitimate interests in conducting and managing our business and our employment or working relationship with you.
Where we use your personal information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests do not automatically override yours and we will not use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing you have rights and choices which include the right to object (please see the section headed ‘Your Rights and Choices’).
We may use your information for the purposes listed below on the basis of our legitimate interests:
- to process any job applications you submit to us;
- to work with our third party recruitment agency to process any job applications you submit to us;
- to decide whether to recruit you
- to operate a safe and lawful business or where we have a legal obligation;
- to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees;
- to detect and prevent fraud and unauthorised access or illegal activity;
- to improve security and optimisation of our network sites and services including trouble shooting, testing and software development and support;
- for business management and planning including accounting and auditing
- for education, training and development requirements
- for performance reviews, and succession planning
- to make arrangements for the termination for your employment or engagement
- to gather information and evidence for possible grievance and disciplinary procedures
- to conduct performance reviews, manage performance and determine performance requirements
- to monitor your use of our information and communication systems to ensure compliance with our IT policies
- to deal with any legal disputes or claims involving you or other employees, workers or third parties relating to your work or which occur in the course of the performance of your duties including accidents at work.
- To conduct data analytics studies to review and better understand employee retention and attrition rates.
We will process special category data in the following cases:
- where we need to carry our legal obligations in relation to employment;
- we will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws
- where you have given your express consent ( for example medical reports)
- we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to administer benefits including statutory maternity pay, statutory sick pay, pensions and income protection insurance.
- Where needed in the public interest or needed to protect your interest or someone else’s interests
- where the personal information is required for legal claims or if needed to protect your interest (or another personal interests) and you are not capable of giving your consent we may process this type of information
- we will use information about your race or national or ethnic origin, religious philosophical or moral beliefs or your sexual life or sexual orientation to ensure meaningful equal opportunities monitoring and reporting
- we will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations
- we may also process it where you have already made the information public
We do not need your consent if we use special categories of your personal information in accordance with our written notice to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
You may withdraw any consent previously given and should inform the Company if you wish to do so. However withdrawal of a consent may adversely affect the ability of the Company to perform some aspects of the employment relationship, for example, to be able to provide certain benefits to you.
If you do not provide personal information:
If you fail to provide certain personal information when requested we may not be able to perform our contract with you (such as paying you or arranging for your tax code to be updated or obtain benefits for you). In some case we may be prevented from performing our legal obligations such as health and safety.
WHO CAN SEE YOUR INFORMATION
Your information may be processed by our staff or by the staff of third parties we work with to deliver our business. Processing can mean any activity that involves the use of information about someone that can identify them. All uses, for example, obtaining, recording, storing, disclosing, organising, retrieving, deleting and destroying are types of data processing. We take measures to ensure that third parties processing your information on our behalf are acting lawfully in accordance with our instructions and are subject to appropriate confidentiality requirements. We also have adequate technical and organisational safeguards in place in our company and with third party processors to protect your information. Third party processors of your information include:
- our website hosts and operators, IT support providers, database operators, site analytics providers and software developers;
- our marketing or publicity services providers;
- our editorial and production service providers,
- our financial services, payroll and payment service provider;
- our warehousing and delivery service providers;
- our pension providers where the information is not provided by you to them direct under the Group Pension Plan
- our life insurance providers
- our couriers and delivery services
- our auditors, technical consultants and legal advisors;
- our fraud detection services;
Special category data
Unless specified, only HR staff employed by the Company of the Hachette Group will have authorised access to your special category data. Other personal data may be accessed by other agents or employees who have a legitimate business reason to access it.
WHEN WE SHARE YOUR INFORMATION
We may share your information within the companies that make up the Hachette UK group of companies as well as with our parent company, Hachette Livre S A and their parent company, Lagardère SCA.
We may share your personal information with third party service providers who carry out the following activities:
- Payroll providers, pension administration, benefits provision
- IT services,
- Training and professional development providers
- Catering service providers, vehicle leasing company
- Any prospective seller or buyer of businesses or assets, only in the event that we decide to acquire, transfer or sell any business or assets;
- Any other third parties (including legal or other advisors, regulatory authorities, HMRC, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law or where we have a legal obligation to do so.
Before we share your information we require third parties to enter into an agreement committing to processing the data only in accordance with our written instructions, to maintain appropriate security measures in place to protect your information to protect your information from unauthorised access, processing or use and not to use the information for their own purposes.
HOW WE LOOK AFTER YOUR INFORMATION
We look for opportunities to minimise the amount of personal information we hold about you. Where appropriate we anonymise and pseudonymise your information. It is held in electronic and paper form. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- ensuring the physical security of our offices, Human resource departments, or other sites;
- ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
- maintaining a data protection policy for, and delivering data protection training to, our employees;
- limiting access to your personal information to those in our company who need to use it in the course of their work.
Where members of Hachette’s IT division have access to Personal information relating to employees or workers for IT maintenance and problem solving purposes they must have signed an NDA letter committing them not to access the personal information without appropriate prior approval.
HOW LONG WE KEEP IT FOR
We will retain your information during the term of your contract with us or for as long as we reasonably require to retain the information for our legitimate interests, such as for the purposes of exercising our legal rights.
We retain information on former employees for seven (7) years after the date of termination of the employee’s contract date. It is then destroyed unless we have a legal requirement to retain it. This is to enable us to provide references and to ensure that relevant information is available for any post-employment or post contract query relating to HMRC or Employment litigation.
Information relating to an unsuccessful candidate in any recruitment is kept for six months after the start date of the successful candidate. This includes application forms, letters, cvs, interview scoring sheets and any recruitment-related correspondence.
In the case of a collective redundancy situation where notification is provided to the Secretary of State, the redundancy notification form is retained for 6 years from the date of redundancy.
Trade union agreements which are no longer effective are retained for a period of 10 years after their final effective date.
We operate a data retention policy (See Hachette UK Document Retention Guidance and Data Protection Policy).
INTERNATIONAL TRANSFERS OF YOUR INFORMATION
Whenever we transfer your personal information out of the European Economic Area (EEA) we will take all steps necessary to ensure that it is adequately protected and processed in accordance with this Privacy Notice by using all appropriate cross-border transfer safeguards where there is not an adequacy decision from the EU Commission in place, such as:
– by entering into the European Commission’s Standard Contractual Clauses with the provider which give personal data the same protection it has in the EEA; and
– where the provider is in the US, the EU-US Privacy Shield if the provider is part of the EU-US Privacy Shield Framework.
– Please contact Legal Department if you would like additional information on the specific means used by us when transferring your personal data outside of the EEA.
AUTOMATED DECISION MAKING
You will not be subject to automated decisions which have a significant impact on you based solely on automated means unless we have a lawful basis for doing so and have notified you.
We do not envisage making any decisions about you by automated means but we will notify you in writing if this position changes.
KEEPING THE INFORMATION UP TO DATE AND ACCURATE
If your personal information changes during the term of your contract you should update the information held on systems to which you have access or inform us if you do not have the relevant access. This is important so we can ensure that the information we hold about you is correct and up to date.
YOUR RIGHTS AND CHOICES
You have choices and rights in respect of the information that we hold about you, including:
Your right to request access to the information that we hold about you (“data subject access request or DSAR)
This is the right to receive a copy of any information we hold about you in a structured, commonly-used, machine readable format or in another format of your choice;
You will not have to pay a fee to obtain access to your information unless your request is clearly unfounded or excessive. In such case a reasonable fee may be charged. We may require you to provide us with information to help confirm your identity and ensure your right to access the information. This is to make sure that the personal data is disclosed to a person lawfully.
This right can be exercised by contacting us at firstname.lastname@example.org or by sending us a written request by post to Carmelite House 50 Victoria Embankment, London EC4Y 0DZ, UK for the attention of Legal.
Your right to ask us, in certain circumstances, to delete information we hold about you;
Your right to ask us correct information we hold about you if it is inaccurate or incomplete;
Your right to ask us, in certain circumstances to restrict processing of your information.
Your right to object to our using your information on the basis of our legitimate interests (refer to section ‘How we use your information’ above to see when we are relying on our legitimate interests).
Your right to withdraw Consent for our use of your information in reliance of your consent (refer to section ‘How we use your information’ to see when we are relying on your consent).
All the above rights may be exercised by contacting us at contacting us at email@example.com or by sending us a written request by post to Carmelite House 50 Victoria Embankment, London EC4Y 0DZ, UK for the attention of Legal
Your right to Complain
Please contact us if you have any questions or are unhappy about the way your information is used. We hope we will be able to resolve any problems or issues you may.
You also have the right to lodge a complaint about us and our use of your information to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.
CHANGES TO THIS PRIVACY NOTICE
We may make changes to this Privacy Notice from time to time. We will post any changes on Novel, the company intranet site and Company websites and other relevant communication methods. You can request a copy from your HR contact if you do not have access to the company intranet or websites.
This Privacy Notice was issued on 16 August 2018.