Net Talent - Privacy Notice for our Employees

This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during your employment and after it ends.

We are required to notify you of this information under data protection legislation.

Please ensure that you read this notice and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

Who collects the information

Net Talent trading as Net Talent Limited ("the Company") is a "data controller" and gathers and uses certain information about you. Some of this information (your name, work email address, work telephone number and job title) is shared with our affiliated entities and group companies (see list  (our "group companies") via the intranet and our phone system and so, in this notice, references to "we" or "us" mean the Company and our group companies.

Our associated company, myBPOS, processes payroll and provides HR support so all of your personnel records (as set out in the Schedule) including your name, address and bank details are shared with myBPOS for this purpose.

Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our GDPR Data Protection Policy (Employment) 

About the information we collect and hold

The table set out in the Schedule summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.

We may also need to share some of the categories of personal information set out in the Schedule with other parties, such as external contractors and our professional advisers and potential purchasers of some or all of our business or on a restructuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information as required to comply with the law.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Where information may be held, shared or accessed

The following third parties may have access to your personal information and, in some circumstances, your special category data (if applicable), for the purposes noted below:

•           our document disposal management company, Restore, who deal with confidential shredding and document waste disposal requirements

Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. The information narrated above contained on the intranet may be accessed from the USA, UAE and Qatar and other countries around the world, including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above.

Whenever we transfer your personal data outside of the European Economic Area (EEA) (including when we allow your personal data to be accessed from other countries via our intranet), we seek to ensure that a similar degree of protection is afforded to your personal data by ensuring that appropriate safeguards are implemented or by ensuring that an applicable derogation from the restrictions under the data protection legislation applies, including any of the following:

  • We will only transfer your personal data to organisations in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. Currently this includes Andorra, Argentina, Canada (commercial organisations only), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers and within our group companies, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the USA (such as Microsoft) and within our group companies, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the European Union and the USA. For further details, see European Commission: EU-US Privacy Shield.
  • We may transfer your personal data outside of the EEA where this is necessary for the purposes of performing a contract between us and you (including your employment contract).
  • We may transfer your personal data outside of the EEA where you have provided your explicit consent to such transfer, provided that you are able to provide such consent freely in accordance with the data protection legislation.
  • We may transfer your personal data outside of the EEA where the transfer is necessary for the establishment, exercise or defence of legal claims.

We have security measures in place to seek to ensure that there is appropriate security for information we hold. Your personal data is stored in a secured premises in a locked cabinet and on a secure client relationship management (CRM) database enforced by password protocols.

How long we keep your information

We keep your information during and after your employment for no longer than is necessary for the purposes for which the personal information is processed. Further details on this are available in our Employee Data Retention Policy (insert hyperlink to where policy is stored on the website).

Your rights to correct and access your information and to ask for it to be erased

Please contact our Data Protection Officer (DPO), Robert Little, who can be contacted by telephone on 0141 270 5118 if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice.

You also have the right to ask our Data Protection Officer for some but not all of the information we hold and process to be erased (the "right to be forgotten") in certain circumstances. Our Data Protection Officer will provide you with further information about the right to be forgotten, if you ask for it.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

If you have any queries or concerns about this notice or about our use of your personal information, please contact our Data Protection Officer.

If our Data Protection Officer is not able to address your query or concern, you can contact the Information Commissioner at   or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.





The Schedule

About the information we collect and hold

The information we collect

How we collect the information

Why we collect the information

How we use and may share the information

Your name, contact details (i.e. address, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and home and mobile phone numbers)


From you

To enter into/perform the employment contract


Legitimate interest: to maintain employment records and good employment practice

To enter into/perform the employment contract

Details of salary and benefits, bank/building society, National Insurance and tax information, your age


From you

To perform the employment contract including payment of salary and benefits


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice


To ensure you receive the correct pay and benefits


Information shared with our payroll administrators myBPOS and with HM Revenue & Customs (HMRC)

Details of your spouse/partner and any dependants

From you

To perform the employment contract including employment-related benefits, e.g. private medical insurance and pension

To ensure you receive the correct pay and benefits


Information shared with our payroll administrators myBPOS and with HM Revenue & Customs (HMRC)

Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information


From you and, where necessary, the Home Office

To enter into/perform the employment contract


To comply with our legal obligations


Legitimate interest: to maintain employment records


To carry out right to work checks


Information may be shared with the Home Office

For those who are required to use their own car or a pool car for their duties only - A copy of your driving licence 

From you

To perform the employment contract


To comply with our legal obligations


To comply with the terms of our insurance

To ensure that you have a clean driving licence


Information may be shared with our insurer

Details of your pension arrangements, and all information included in these and necessary to implement and administer them


From you, from our pension administrators NOW Pensions and (where necessary) from your own pension fund administrators

To perform the employment contract including employment-related benefits


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice


To administer your pension benefits and/or to comply with our auto-enrolment pension obligations


Information shared with our pension administrators NOW pensions and with HMRC

Information in your sickness and absence records (including sensitive personal information regarding your physical and/or mental health)

From you, from your doctors, from medical and occupational health professionals we engage and from our insurance benefit administrators WPA

To perform the employment contract including employment-related benefits


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices


To maintain employment records, to administer sick pay entitlement, to follow our policies and to facilitate employment-related health and sickness benefits


To comply with our legal obligations to you as your employer

Information shared with your doctors, with medical and occupational health professionals we engage and with our insurance benefit administrators WPA


For further information, see * below


Information on grievances raised by or involving you

From you, from other employees and from consultants we may engage in relation to the grievance procedure

To perform the employment contract


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice


For staff administration, to follow our policies and to deal with grievance matters


Information shared with relevant managers, HR personnel and with consultants we may engage

Information on conduct issues involving you

From you, from other employees and from consultants we may engage in relation to the conduct procedure


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices


For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters


Information shared with relevant managers, HR personnel and with consultants we may engage


Details of your appraisals and performance reviews

From you, from other employees and from consultants we may engage in relation to the appraisal/performance review process


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices


For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters


Information shared with relevant managers, HR personnel and with consultants we may engage


Details of your performance management/improvement plans (if any)

From you, from other employees and from consultants we may engage in relation to the performance review process


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices


For staff administration and assessments, to follow our policies and to monitor staff performance


Information shared with relevant managers, HR personnel and with consultants we may engage

Details of your time and attendance records

From you and from management (office managers collect this information)

To perform the employment contract


Legitimate interest: to monitor and manage staff access to our systems and facilities and to record staff absences

For payroll and staff administration and assessments, to follow our policies and to monitor staff performance and attendance


Information shared with relevant managers, HR personnel and with consultants we may engage


Information regarding your work output

From our IT Department

To perform the employment contract


Legitimate interests: to maintain employment records

For payroll and staff administration and assessments, to follow our policies and to monitor staff performance and attendance


Information shared with relevant managers, HR personnel and with consultants we may engage


Information in applications you make for other positions within our organisation


From you

To enter into/perform the employment contract


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice


To process the application


Information shared with relevant managers, HR personnel and with consultants we may engage

Information about your use of our IT, communication and other systems

Automated monitoring and/or recording of our websites and other technical systems, such as our computer networks and connections, communications systems, remote access systems, email and instant messaging systems, intranet and Internet facilities, telephones, voicemail, mobile phone records


Unified Threat Management, proxy filters, firewalls and Mobile Device Management

Legitimate interests:


to monitor and manage staff access to our systems and facilities;


to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage;


to ensure our business policies, such as those concerning security and internet use, are adhered to for operational reasons, such as maintaining employment records, recording transactions, training and quality control and transaction verification;


to ensure that commercially sensitive information is kept confidential;


to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with for statistical analysis to prevent unauthorised access and modifications to our systems as part of investigations by regulatory bodies, or in connection with legal proceedings or requests


To protect and carry out our legitimate interests (see adjacent column


Information shared with relevant managers, HR personnel and with consultants we may engage



Details of your use of business-related social media, such as LinkedIn


From relevant websites and applications

Legitimate interests:


to monitor and manage staff access to our systems and facilities;


to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage;


to ensure our business policies, such as those concerning security and internet use, are adhered to;


for operational reasons, such as maintaining employment records, recording transactions, training and quality control;


to ensure that commercially sensitive information is kept confidential;


to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with;


as part of investigations by regulatory bodies, or in connection with legal proceedings or requests


To protect and carry out our legitimate interests (see adjacent column)


Information shared with relevant managers, HR personnel and with consultants we may engage



Your use of public social media (only in very limited circumstances, to check specific risks for specific functions within our organisation; you will be notified separately if this is to occur)


From relevant websites and applications

Legitimate interests:


to monitor and manage staff access to our systems and facilities;


to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage;


to ensure our business policies, such as those concerning security and internet use, are adhered to;


for operational reasons, such as maintaining employment records, recording transactions, training and quality control;


to ensure that commercially sensitive information is kept confidential


to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with;


as part of investigations by regulatory bodies, or in connection with legal proceedings or requests


To protect and carry out our legitimate interests (see adjacent column)


Information shared with relevant managers, HR personnel and with consultants we may engage



Details in references about you that we give to others

From your personnel records, our other employees

To perform the employment contract


To comply with our legal obligations


Legitimate interests: to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice


To provide you with the relevant reference


To comply with legal/regulatory obligations


Information shared with relevant managers, HR personnel and the recipient(s) of the reference



You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of information marked ‘☐’ above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits, such as to administer statutory payments such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, to make these payments or provide these benefits.


* Further details on how we handle sensitive personal information is set out in our GDPR Data Protection Policy (Employment)