top of page

EMPLOYEE PRIVACY NOTICE

1 ABOUT THIS NOTICE

1.1 Who should read this notice? This privacy notice covers how we look after your personal data if you work for us as an employee.

1.2 What is covered? This privacy notice will cover how we use, look after, and manage information that identifies you or could be combined with other information to identify you (referred to as personal data).

1.3 Who checks this notice is enforced? The Information Commissioner's Office (ICO) is the UK data protection regulator and is responsible for checking that businesses comply with UK data protection law. If you have a complaint or concern, you can complain to the ICO, although we hope that you would come to us first.

2 IMPORTANT INFORMATION ABOUT US

2.1 We are PIANOMATCH LTD, registered in England and Wales with company number 14868781 with our registered address at The Harley Building, 77 New Cavendish Street, London, W1W 6XB ( we, us or our).

2.2 We are a controller for your personal data. This means we decide how to use the information we hold about you and how long to keep it (in accordance with applicable data protection laws).

2.3 We are registered as a controller with the Information Commissioner's Office (ICO) under registered number ZB702393.

2.4 Where we have engaged your services through an agency or another company (e.g. a consultancy firm) we act as independent controllers in relation to your personal data (which means that we, and the other company, both separately decide how your personal data is used and use it for different reasons).

3 CONTACT DETAILS

3.1 If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:

Data Protection Officer

  • -  Name: Daniel Peattie

  • -  Email address: dataprotection@pianomatch.com

  • -  Phone number: 020 7870 1682

    4 THE INFORMATION WE COLLECT ABOUT YOU

    4.1 Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from

Page 1 (5)

below:

  • -  Identity Data: name, title, date of birth, job title, gender, emergency contact name and their relationship to you, passport, driving licence, etc.

  • -  Contact Data: personal email address, telephone numbers, home address, etc.

  • -  Financial Data: bank account details, payroll records, tax status information, national insurance

    number, salary, pension and benefits information, etc.

  • -  Location Data: your workplace, device location if you log into our systems remotely.

  • -  Recruitment Data: copies of right to work documents, interview notes, information you provided

    in your CV or cover letter as part of the application process, result of due diligence checks, etc.

  • -  Employment and Qualification Data: job titles, work history, working hours, training records,

    professional memberships, etc.

  • -  Performance Data: your set objectives, appraisals, ad hoc feedback, disciplinary and grievance

    information, etc.

  • -  Health Data: absences from work, allergies, information about your physical or mental health and

    any reasonable adjustments that may be required.

  • -  Feedback: information and responses you provide when completing surveys and questionnaires.

  • -  Photo and Image Data: profile picture, images, videos and audio (e.g. video calls), CCTV

    footage, etc.

  • -  Profile Data: username, password, chat logs, audit trail of systems used and documents accessed

    and downloaded, etc.

  • -  Special category Data: information about your racial or ethnic origin, political opinions, religious

    or philosophical beliefs, sex life or sexual orientation, trade union membership and/or information about criminal convictions and offences, which you may choose to provide to us, or information you choose to provide as part of our diversity or other questionnaires/surveys.

  • -  Technical Data: internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems, etc.

  • -  Usage Data: information about how you use our systems.

    5 HOW WE USE YOUR INFORMATION

    5.1 Under UK data protection law, we need a legal reason (also known as a lawful basis) for holding, collecting, and using your personal data. There are 6 main legal reasons which organisations can rely on. The most relevant are:

  • -  to enter into and perform our contract with you;

  • -  to comply with a legal obligation that we have;

  • -  pursue our legitimate interests (our justifiable business aims) but only if those interests are not

    outweighed by your other rights and freedoms (e.g. your right to privacy);

  • -  in very rare circumstances, to protect yours or another person's vital interests (e.g. disclose

    medical information to an attending paramedic, inform your nominated emergency contact); and

  • -  where you have consented to us using your personal data in a certain way.

    5.2 Below is set out when we rely on each lawful basis. 5.2.1 Contract

  • -  To administrate or perform our contract with you.

  • -  To provide the pay and any agreed benefits to you as set out in your contract.

    5.2.2 Legal Obligation

Page 2 (5)

  • -  To check that you are legally entitled to work in the UK.

  • -  To deduct tax and national insurance contributions.

  • -  To auto-enrol you in a pension scheme and pay contributions.

  • -  To make any required legal adjustments.

  • -  To comply with our health and safety obligations.

    5.2.3 Legitimate Interests

  • -  To monitor your performance at work including performance reviews and to make decisions about your salary (to the extent that this isn't covered in your contract with us).

  • -  To make decisions about promotion or a change of role.

  • -  To provide education, training, and development.

  • -  To ascertain your fitness to work.

  • -  To manage any grievance procedures or ending the working relationship.

  • -  To operate CCTV or other security systems at our premises.

  • -  To monitor your use of IT for the purposes of ensuring network and information security.

  • -  To deal with any disputes that arise.

  • -  In order to audit the business.

  • -  Where you are the named point of contact to deal with suppliers or customers.

    5.2.4 Vital Interests

  • -  To use your personal data in an emergency.

  • -  To inform your nominated emergency contact if required. 5.2.5 Consent

  • -  Where we ask you to provide diversity information.

  • -  Where we have otherwise asked you to provide your consent.

    5.3 Where we use personal data about you that is very sensitive (Special Category Data), we may require a second legal reason to use your personal data. This is most likely to occur where:

    a) you have provided your express consent for us to do so; or

    b) the processing is justified under UK law and the law allows us to use your data for a particular purpose.

    5.4 Explicit consent will be required as a second lawful basis to process your Special Category Data for one or more specific purposes. Explicit consent must be given in a clear oral or written statement signifying agreement to us processing your Special Category Data.

    6 WHO WE SHARE YOUR INFORMATION WITH

    6.1 We share (or may share) your personal data with:

  • -  Other personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations. Some examples are your line manager, members of the HR team, and members of the Finance team.

  • -  Agency companies: where you perform work for us on behalf of another organisation, e.g. an employment agency or a consultancy company. We always have a contract in place with the other organisation containing confidentiality and data protection obligations.

  • -  Our customers: you may be a named point of contact for our customers. Some of your personal data will be shared with them so we can administer our contract with them.

Page 3 (5)

  • -  Our supply chain: other organisations help us fulfil our employment contract with you and help manage our business. We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations.

  • -  Regulatory authorities: such as HM Revenue & Customs.

  • -  Our professional advisers: such as our accountants or legal advisors where we require specialist

    advice to help us conduct our business.

  • -  Any actual or potential buyer of the business.

    7 WHERE YOUR INFORMATION IS LOCATED OR TRANSFERRED TO

    7.1 We store your personal data on our servers in the UK.

    7.2 We will only transfer information outside of the UK or EEA where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).

    7.3 If you access our systems whilst abroad then your personal data may be stored on services located in that country.

    8 HOW WE KEEP YOUR INFORMATION SAFE

    8.1 We have put in place appropriate security and safety measures to prevent your personal data from being lost or illegally accessed by those who do not have permission. These measures include:

  • -  access controls and user authentication (including multi-factor authentication)

  • -  internal IT and network security

  • -  regular testing and review of our security measures

  • -  staff policies and training

  • -  incident and breach reporting processes

  • -  business continuity and disaster recovery processes

    8.2 If there is an event or incident affecting your personal data, we will keep you informed. We may also need to notify the regulator (where required under data protection law). If we make decisions about your data jointly with another entity (for example, if you work for us through an agency or a consultancy firm) we and the other entity act as independent controllers for your information (which means the other company and us separately decide how your information is used and use it for different reasons).

    9 HOW LONG WE KEEP YOUR INFORMATION

    9.1 Where we are responsible for making decisions about how to collect and use your personal data, we will only keep your personal data for as long as necessary to fulfil the purposes we collected it for or as long as required to fulfil our legal obligations.

    9.2 See our data retention policy for further details which can be found at www.pianomatch.com/legal/data-retention-policy.

    9.3 We may keep Identity Data, Contact Data, and certain other data (specifically, any exchanges between us by email or any other means) for up to 7 years after the end of our contractual relationship with you.

Page 4 (5)

10 YOUR LEGAL RIGHTS

10.1 You have specific legal rights in relation to your personal data. These are as follows:

  • -  Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

  • -  Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

  • -  Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

  • -  Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst we check that the personal data we hold for you is correct).

  • -  Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications. In other cases, if we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

  • -  Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

  • -  Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. You should speak to our Data Protection Officer in the first instance.

    10.2 If you would like to exercise any of your legal rights, please contact: dataprotection@pianomatch.com.

Page 5 (5)

bottom of page