Privacy Policy

Privacy Policy - Staff

Introduction

Mears Group PLC is committed to ensuring that your privacy is protected. We ask you to read this Privacy Policy very carefully as it sets out what personal data we collect about you, how we will use it and who your information may be shared with.

Who we are

In this Privacy Policy, “we”, “us” and “our” refer to Mears Group PLC, 1390 Montpellier Court, Gloucester Business Park, Brockworth, Gloucester, GL3 4AH, company number 03232863. For the purpose of UK data protection laws, Mears Group PLC is the data controller and processes and stores information in accordance with the data protection legislation of the UK and our own policies and procedures.

Details on how you can contact our Data Protection Officer can be found at the bottom of this Privacy Policy. 

Mears Group and its subsidiaries deliver housing, housing management, care and other services on behalf of clients across the United Kingdom.  The information we collect and process about you will depend on the services we provide to you.  A number of our subsidiaries maintain their own privacy policies which are available on their individual websites. 

This Privacy Policy applies to:

  • Employees
  • Prospective employees

The Personal Information collected by us

What information do we collect?

We collect, process and store information about you in order to provide our housing, housing management, care and other services.  The data we collect may include:

  • Your name, home address, date of birth and contact details (including your telephone number, email address) and emergency contacts (i.e. name, relationship and home and telephone numbers)
  • Your allergies and any medical, physical or mental conditions
  • Your religious beliefs or other beliefs of a similar nature, racial or ethnic origin, politics, genetics, health, sex life, marital status and sexuality trade union membership or biometrics
  • Bank details
  • Any accidents and incidents or near misses you may have been involved with
  • Any other information produced in the course of your employment or contact with Mears

How do we collect your information?

We may collect your information directly by:

  • Engagement and interaction with you
  • Being provided with information as a result of a query, complaint, service or other work request or any other matter raised with us by post, email, phone or other format
  • Other correspondence with you by phone, letter, email or otherwise 

We may also be provided with information about or relating to you by a third party, including:

  • Recruitment companies
  • Previous employers for references
  • GPs and other medical professionals
  • Next of kin 
  • Professional advisors, insurance companies, solicitors and other legal providers
  • Social media organisations where you have permitted the organisation to share with us information you have provided

How do we use your information?

We use the information provided to us to fulfil various duties and obligations as set out below:

Legal basis for collection of data

Why we need your data and how we will use it

Processing necessary for our legitimate business interests

  • Personal data
    • Article 6(1)(a) – processing images of you with your consent, which include.
    • Article 6(1)(b) – processing is necessary in order to fulfil the employment contract.
    • Article 6(1)(c) – we are legally required to auto-enrol employees into a pension scheme.

 

  • Sensitive personal data
    • Article 9(2)(b) – processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment such as not to discriminate against an employee, dismiss them unfairly and process sickness absence.

 

We will only use your information for the purpose(s) it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where there is a legal requirement for us to use that information. We may process your information without your knowledge or consent only where this is required or permitted by law.

Who we share your information with

In order to deliver our services and fulfil our legal obligations, we may share your information with:

Other companies or subsidiaries within the Mears Group, including but not limited to - 

  • Mears Group PLC (our parent company)
  • TerraQuest Solutions Limited (who provide an internal records management and archive service to companies within the Mears Group)
  • Other companies that are part of the Mears Group PLC.

Client organisations to whom we are contracted to provide services. We are required to provide such entities with reporting around our service provision.

Individuals whom you have agreed we should share information about you with or who are acting in your interest.

Third parties instructed by us to provide services on our behalf, such as – 

  • Providers of IT services and IT hosting environments where software providers are commissioned to provide specialist support and resolve issues with the software and individual records may need to be accessed.
  • Data archiving providers.
  • Organisations who conduct customer satisfaction and feedback services.
  • Our professional advisors (including legal services providers, banks, auditors).
  • Insurance companies and claims handling organisations.
  • Debt collection and management agencies.
  • HMRC.
  • Pensions providers.
  • Disclosure Scotland and DIO for DBS, BPSS and Security Clearance.

Third parties to whom we may choose to sell, transfer or merge parts of our business or assets with. This information will be shared via the most appropriate communication channels and will consist of email, secure email, in writing, phone or verbally including face to face.

Third parties where we have to share information for statistical purposes such as for equality and diversity. 

Transfer of your information outside the EEA

Mears Group PLC is a UK based business with operational bases in the UK only, however some of the data we collect from you may be transferred to third parties who will store data outside of the European Economic Area (EEA).  Examples of where this may occur include where we use a cloud IT service to manage and deliver operational and business processes (such as Survey Monkey, IBM or our HR system, Workday).  We endeavour to only instruct suppliers that can provide the same level of data security that we have here in the UK and where it is necessary to transfer your personal information to a country outside of the EEA which has not been approved by the European Commission, we will ensure that appropriate safeguards are in place.  This will ordinarily be through the use of approved EU standard contractual clauses or an approved framework, such as the U.S. Privacy Shield, that are designed to help safeguard your privacy rights and give you remedies in the event of your information being misused.

How long your information will be kept for

We will keep your information for as long as is necessary to provide services to you, to fulfil our legitimate business interests or to meet our legal obligations.  In order to meet our legal obligations, it may be we need to keep your information even when you are no longer actively receiving services from us. 

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the purposes for which we were originally processing it, the potential risk of harm from its unauthorised disclosure or loss and any legitimate interests or legal obligations its retention may be required to meet.

Your information will be kept in line with our Retention Policy and internal procedures.

Your Rights

You have various legal rights in relation to the personal information that we collect and process:

  • A right to access the information that we process about  you, together with information about why and how we are using it, who we have shared it with and other information
  • A right to ask us to rectify any information we hold about you that is inaccurate or incomplete
  • A right to ask us to erase information if we no longer have a legal basis for processing or storing it (please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not)
  • A right to ask us to restrict processing your information in certain circumstances
  • A right to ask us to transmit (‘port’) information about you in a structured, commonly used and machine readable format
  • A right to object to us using particular information, or using it in a particular way
  • A right to object to us using and storing your information for direct marketing purposes

If you would like to exercise any of the above rights, you can do so by contacting our Data Protection Officer via the contact details at the end of this privacy policy or by speaking to your local office or regular contact point.  We may require you to provide proof of identity, address or other details.  Where we are unable to fully action your request, we will explain why and outline any next steps.

We do not use automated decision-making processes within the scope of this privacy policy.

For more information on your privacy rights under current data protection law, including the circumstances under which they apply, we recommend you visit the Information Commissioner’s Office website at: www.ico.org.uk

Keeping your information secure

We take seriously the need to keep the personal information we process secure and have in place various organisational and technical measures to prevent information being accidently lost, stolen, accessed or disclosed in an unauthorised way.  We limit access to your information to those with a genuine business need to see it so those processing your information will do so in an authorised manner and subject to a duty of confidentiality.

We maintain various industry standard security technologies and tools to prevent and detect unauthorised access and amendments to our systems, including firewalls and other perimeter devices, anti-virus and threat protection systems and email and internet security software.

We maintain policies and procedures to help ensure a consistent approach to security best practices and behaviours across our company, including keeping paper records safe, physically securing buildings, the safe transfer and handling of data and the secure use of our systems.

Unfortunately, the transmission of information via the internet is not completely secure and while we do our best to protect information you transmit to us via our websites and email, we cannot guarantee its security and transmission is at your own risk.

Get Safe Online (www.getsafeonline.org) provide more detailed information on how to protect your information and devices against fraud, identify theft, viruses and other online treats and is supported by HM government and leading businesses.

How to complain

If you are concerned about any aspect of how we handle your personal information or your rights as outlined above, you can contact our Data Protection Officer on the details below.  Alternatively you can log a complaint directly with the UK’s supervisory authority, the Information Commissioner.  The address for the Information Commissioner’s Office is:

The Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.  The ICO website is available at: www.ico.org.uk

How to contact us

Our Data Protection Officer can be contacted by email at [email protected] or via post by writing to The Data Protection Officer, 1390 Montpellier Court, Gloucester Business Park, Brockworth, Gloucester, GL3 4AH.