Record of Processing Activities

Categories of Data Subjects

We collect personal data from the following categories of data subjects:

• Employees and contractors.

Categories of Personal Data

We collect the following categories of personal data about employees and contractors:

• Personal details including name and contact information.
• Date of birth.
• Gender.
• Marital status.
• Beneficiary and emergency contact information.
• Government identification numbers.
• Education and training details.
• Bank account details and payroll information.
• Wage and benefit information.
• Performance information.
• Employment details.
• Special categories of personal data relating to an employee’s health.
• Where applicable, criminal records data in relation to DBS searches.

Purposes of Data Processing

We collect and process personal data about employees and contractors for the following purposes:

• Recruitment and selection of employees.
• Personnel management.
• Workplace monitoring.
• Human resources administration including payroll and benefits.
• Complying with legal obligations.

Categories of Personal Data Recipients

We pass personal data to the following categories of recipients:

• Accountants and professional advisors, such as lawyers and consultants.
• Law enforcement officials.
• Third-party service providers, such as providers of:
  • IT system management;
  • Information security;
  • Human resources management;
  • Payroll administration; or
  • Retirement plan administration.

Personal Data Retention Periods

Except as otherwise permitted or required by applicable law or regulation, the Company only retains personal data for as long as necessary to fulfil the purposes for which we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether we can fulfil the purposes of processing by other means, and any applicable legal requirements.

We typically retain personal data for the periods set out below, such period start from when the data subject leaves or terminates employment or the working relationship and shall be subject to any exceptional circumstances or to comply with laws or regulations that require a specific retention period:

• Information about employees and contractors:
  • Personal details including name and contact information: 6 years;
  • Date of birth: 6 years;
  • Gender: 6 years;
  • Marital status: 6 years;
  • Beneficiary and emergency contact information: 2 years;
  • Government identification numbers: 6 years;
  • Education and training details: 2 years;
  • Bank account details and payroll information: 6 years;
  • Wage and benefit information: 6 years;
  • Performance information: 6 years;
  • Employment details: 6 years;
  • Special categories of personal data relating to health: 2 years.
  • Criminal convictions data from DBS searches (where applicable): 6 months.

Technical and Organizational Security Measures

We have implemented the following technical and organizational security measures where appropriate to protect personal data in accordance with the UK GDPR:

• Pseudonymisation of personal data.
• Encryption of personal data.
• Segregation of personal data from other networks.
• Access control and user authentication.