This policy was last updated on 9th January 2019
Exceed privacy principles
Exceed is committed to safeguarding the privacy of your information. By ‘your information’ we mean any information about you that you or third parties provide to us.
- We will only collect and use your information where we have lawful grounds and legitimate business reasons to do so.
- We will be transparent in our dealings with you and will tell you about how we will collect and use your information.
- If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained.
- We will not ask for more information than we need for the purposes for which we are collecting it.
- We will update our records when you inform us that your details have changed
- We will continue to review and assess the quality of our information
- We will implement and adhere to information retention policies relating to your information, and will ensure that your information is securely disposed of at the end of the appropriate retention period.
- We will observe the rights granted to you under applicable privacy and data protection laws, and will ensure that queries relating to privacy issues are promptly and transparently dealt with.
- We will train our staff on their privacy obligations.
- We will ensure we have appropriate physical and technological security measures to protect your information regardless of where it’s held.
- We will ensure that when we outsource any processes, the supplier has appropriate security measures in place and will contractually require them to comply with these Privacy Principles.
- We will ensure that suitable safeguards are in place before personal information is transferred to other countries.
If you are not satisfied with our response you can contact the Information Commissioner’s Office by visiting https://ico.org.uk.
The types of information we collect
Exceed collects and processes personal data and sensitive personal data about its current, past or prospective staff and others who are defined as data subjects under the Data Protection Act. This information is normally initially provided to Exceed by a prospective member of staff on an application form and is added to by Exceed over the course of employment.
Where you provide information about others (for example ‘referring a friend’) you must ensure that you have their consent or are otherwise entitled to provide this information to us:
Personal data is data relating to a living individual who can be identified from that information or from that data and other information in Exceeds possession (for example: name, address, telephone number, Job title, department, employment start date, hours worked, salary, marital status, date of birth, nationality, tax reference number, tax code, Ni Number, car model and registration, bank details, emergency contact details and death in service benefit details). It can also include expressions of opinions about an individual.
Sensitive Data relates to religious beliefs, health (including information about disabilities, and doctors details), and criminal convictions.
Use and disclosure of personal data
Personal data received by Exceed is used only for the following purposes:
- Managing Human Resources processes such as recruitment, payment of salaries and pensions, performance management and training and development
- Providing facilities such as IT services and car parking provision
- Monitoring equal opportunities
- Preventing and detecting crime
- Provide information about Company news and updates via our intranet
- To enforce compliance or contractual obligations of Exceed
- To comply with any legal requirements
- To provide employee benefits such as death in service and FPS Connect.
- To prosecute and defend a court, arbitration or similar legal proceeding
- To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements
- When we believe it is appropriate to do so to protect the rights, property, or safety of our company or other persons
Exceed processes sensitive personal data for a number of administrative purposes:
- Managing Human Resource processes such as administering sick pay and sick leave schemes, managing absence, administering maternity leave and related pay schemes
- Managing a safe environment and ensuring fitness for work
- Managing obligations under equal opportunities legislation
- Provision of occupational health and wellbeing services to individuals
Personally identifiable information collected by Exceed is not used for purposes unrelated to the purpose for which the information was originally collected.
You may at any time tell us you:
- would like to review and update your Personal Information from Exceeds Database. Please refer to the “Reviewing or Updating Your Personal Information” Section;
- would like to remove your Personal Information from Exceeds Database. Please refer to “The right to be forgotten” Section.
Please refer to the electronic communications policy.
Security and integrity of personal data
Exceed endeavours to protect the data from unauthorised access or disclosure; to maintain data accuracy and completeness; and to ensure the appropriate use of information.
Security measures – including firewalls, encryption and intrusion detection technology, back up procedures, external audits and encryption – are employed by Exceed to reduce vulnerabilities to security and privacy threats. Unique passwords and usernames are also required to log into the restricted interactive area.
All members of staff are subject to strict confidentiality clauses in their contracts of employment. Access to personal or sensitive data is restricted to authorised employees.
Access to personally identifiable information
Under applicable Data Protection Laws, data subjects may have the right to access the personal data held by Exceed in relation to them and to request that inaccuracies be amended or updated.
Individuals who wish to exercise such rights should contact Exceed. Any requests to access or amend personally identifiable information will be subject to rigorous KYC vetting procedures.
These rights are known as Subject Access Request and must be made to Exceed in writing, detailing the information that you require; please refer to contact details section.
Reviewing or updating your personal information
At the start of your employment with Exceed you will be provided with a unique Visual login name and password. The area provides you access to your Personal Information, which you can review. Any Personal Information changes must be emailed to the HR Manager. If you are unable to gain access to Visual for whatever reason please contact the HR Manager. Alternatively you can request any changes in writing to Exceed, Human Resources, 1st Floor, 69 – 70 Long Lane, London EC1A 9EJ.
Right to be forgotten
If you would like to remove your Personal Information from our database please contact us using the “Contact Us” details below. Please note that your Personal Information is required to be kept by law for 7 years following the end of the relationship.
If for any reason, we are unable to act in response to a request for erasure, we always provide a written explanation to the individual and inform them of their right to complain to the Supervisory Authority and to a judicial remedy. Such refusals to erase data include:
- Exercising the right of freedom of expression and information
- Compliance with a legal obligation for the performance of a task carried out in the public interest
- For reasons of public interest in the area of public health
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing
- For the establishment, exercise or defence of legal claims
Right to data portability
You can request your Personal Data that you have provided to be transferred to another data controller by providing the data controllers details by contacting us through one of the methods described in the “Contact Us” section.
Please note that such requests may take up to one (1) month. Exceed will provide the personal data in a structured, commonly used and machine readable form, such as csv and will transfer using a secure method.
Data Protection Officer
Second Floor Parsonage Chambers