fbpx

Company Privacy Notice

3 October 2021 — Pobl Tech

1. Introduction

The Company (referred to as “we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and protect personal data about you in accordance with data protection legislation, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Data Controller

The Company is the data controller responsible for the personal data that it collects and processes. Should you have any questions about this notice or how your data is handled, please contact our Data Protection Officer (DPO) at hello@pobl.tech.

3. What Information

We Collect We collect and process the following types of personal data:

Identity Data: Name, title, date of birth, gender, and other identifiers.
Contact Data: Home address, email address, telephone numbers.
Employment Data: Job title, employment history, salary, payroll information, tax status, national insurance number.
Performance Data: Appraisals, performance reviews, disciplinary records.
Health Data: Details of sick leave, medical conditions, or disabilities where relevant.
Financial Data: Bank account details for salary payments.
Usage Data: Information about how you use our systems, including IT and communication systems.

4. How We Use Your Data

We collect and process your personal data for the following purposes:

To manage your employment relationship with the Company.
To pay your salary and manage pension and other employee benefits.
To ensure compliance with legal and regulatory requirements, such as tax and employment law.
To monitor performance and manage disciplinary and grievance procedures.
To assess eligibility for promotions, bonuses, and other rewards.
To communicate with you about Company news, policies, and updates.
For health and safety purposes, such as recording accidents and managing sick leave.
For IT security and monitoring purposes to protect Company systems.
We only collect the minimum amount of data necessary to fulfil these purposes.

5. Legal Basis for Processing

We rely on the following legal bases to process your personal data:

Performance of a Contract: Processing is necessary to fulfil the terms of your employment contract.
Legal Obligation: We are required to process certain data to comply with legal obligations, such as employment law, tax, and social security obligations.
Legitimate Interests: We process data to manage our business operations, including monitoring employee performance, ensuring network security, and managing employee benefits.
Consent: In certain cases, we may rely on your explicit consent to process sensitive personal data, such as health information.

6. Who We Share Your Data With

We may share your personal data with third parties under certain circumstances:

Service Providers: We share data with external payroll providers, pension administrators, and IT support companies to facilitate payments and benefits.
Legal Authorities: We may share data with HMRC, regulators, or law enforcement if required by law.
Occupational Health Providers: If relevant for assessing your fitness for work or to support your health and wellbeing.

We ensure that any third parties with whom we share your data adhere to strict data protection standards.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Once your data is no longer needed, we will securely delete or anonymise it.

The retention period for different categories of personal data is outlined below:
-Employee Records: Retained for the duration of employment and up to 6 years after termination for legal and audit purposes.
-Payroll Information: Retained for 6 years to comply with tax regulations.
-Health and Safety Records: Retained for 3 years after the date of the incident.

8. Your Data Protection Rights

As a data subject, you have the following rights under data protection legislation:

Right of Access: You can request access to the personal data we hold about you.
Right to Rectification: You can request corrections to inaccurate or incomplete data.
Right to Erasure: You can request the deletion of your data under certain circumstances.
Right to Restrict Processing: You can request that we limit the processing of your data in specific cases.
Right to Object: You can object to the processing of your data in certain situations.
Right to Data Portability: You can request a copy of your data in a structured, commonly used format.

To exercise any of these rights, please contact our DPO using the contact details provided.

9. Security of Your Data

We are committed to protecting your personal data and have implemented appropriate technical and organisational measures to prevent unauthorised access, loss, or disclosure. Access to your personal data is restricted to employees,
contractors, and third parties who need it to fulfil their duties.

10. International Transfers

In certain cases, your personal data may be transferred to countries outside the UK or the European Economic Area (EEA). Where we transfer data internationally, we ensure that the appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms, to protect your data.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any significant changes will be communicated to you through appropriate channels. Please review this notice periodically to stay informed about how we are protecting your data.

12. Complaints

If you have concerns about how we process your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

13. Contact Us

If you have any questions about this Privacy Notice or how we handle your personal data, please contact us:

hello@pobl.tech
14 Neptune Court, Cardiff, CF245PJ