Privacy Statement

From time to time, you will be asked to tell us personal information about yourself (e.g. name and email address etc.) in order to become a client, to use HWV systems and services and so on. At the point of collecting the information, we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.

Any sensitive personal information will never be supplied to anyone outside of HWV without first obtaining your consent unless required or permitted by law.  We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our  Data Protection Registration (Registration Number: Z2299883). We also aim to meet current best practice.

Individuals whose personal information HWV holds have certain rights under the law. More information can be found on the  Information Commissioner’s website.

This document explains what HWV does with the personal information you provide us.

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our website.

Responsibilities

HWV as a Registered Charity and A Company Limited by Guarantee is the data controller under the Data Protection Act, and the Board of Directors is therefore ultimately responsible for implementation.

The designated data controller who is appointed to ensure compliance with the Act is the Data Compliance Manager; and appointed to deal with day-to-day matters are the Senior Management Team.

Further Information

If you have any questions about Data Protection at HWV, please contact:

Matt Griffin,
Email -  mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

If you have a data protection concern that cannot or have not been resolved by HWV, you have the right to raise it with the  Information Commissioner’s Office.


Please click on the following headings to see how this affects you as a
....

As a Student

General

From time to time, you will be asked to tell us personal information about yourself (e.g. name and email address etc.) in order to become a client, to use HWV systems and services and so on. At the point of collecting the information, we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.

Any sensitive personal information will never be supplied to anyone outside of HWV without first obtaining your consent unless required or permitted by law.  We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our  Data Protection Registration (Registration Number: Z2299883). We also aim to meet current best practice.


Individuals whose personal information HWV holds have certain rights under the law. More information can be found on the  Information Commissioner’s website.





Enrolment

This section explains how HWV uses the personal information that you give us on the enrolment form.

How HWV and its Prime Providers use your information


HWV act as a sub-contractor to deliver ESFA funded training and education for a number of Prime Providers. All personal information is shared with these Prime Providers who are all governed by the same laws and legislation as HWV. Please see the list of current Prime Providers below, and links to the Privacy Statements on their websites.


City of Bristol College


The Learning Curve


Bristol City Council



The personal information that you provide us will be used for purposes relating to education, training, employment, general advice services, well-being and research. HWV and its Prime Providers may share non-sensitive personal information about you with other organisations, for example the Local Authority (see below), for these purposes. We do not share your information for purposes that are incompatible, such as product marketing.


Sensitive personal information you provide (e.g. disability or ethnicity) may be used by HWV and its Prime Providers for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. HWV will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and is necessary.


How government departments use your information


We pass most of the information to government agencies to meet funding arrangements. HWV is a Data Processor for the Education and Skills Funding Agency through its Prime Providers. This means that HWV will pass most of the personal information and some of the sensitive information you provide to the Education and Skills Funding Agency and the Department for Business, Innovation and Skills (BIS). Where necessary it is also shared with the Department for Education (DfE).


The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).


The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Act 1998.


You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.


You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.


Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at:  http://www.gov.uk/government/publications/sfa-privacy-notice


The legal basis for collecting the information


Most of the information on the form is collected because it is necessary for your enrolment as a student or is required by law. You must provide it in order to enrol at HWV.


The following information we are collecting based on your consent, and you may withdraw your consent without this affecting your status as a student: emergency contact details and parent/carer contact details.




Parents, carers and guardians

Under the GDPR (General Data Protection Regulation), young people aged 16 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.

HWV has found that it is very beneficial to the young person’s progress as a student if HWV is able to engage with the parents (or guardian/carer). Therefore it is very important that we have the parents’ details recorded on our systems.


When a student is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the student’s information. We can only release information about our students if we have their consent for this recorded on the HWV system. Students are asked for their consent for sharing information with parents/others on the enrolment form or when enrolling face-to-face. Students can also inform HWV later on of who HWV may discuss with about their College matters. Students may withdraw their consent the same way which they gave it.


In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.



Participation in Learning: Sharing information with Local Authorities

This section applies to:

  • 16 and 17 year olds
  • Vulnerable 18 year olds (‘vulnerable’ is defined locally by individual Local Authorities)
  • 18-25 year olds with an Education Health Care Plan (EHCP)

in the local authorities (LAs) of Bath and North East Somerset, Bristol, North Somerset and South Gloucestershire.


The Education and Skills Act 2008 (the Act) places duties on LAs to promote the effective participation in education or training of all 16 and 17 year olds resident in their area, and to make arrangements to identify young people resident in their area who are not participating. It is part of the LA’s duties to secure sufficient suitable education and training provision for all 16-19 year olds, and to encourage, enable and assist young people to participate in learning.


Under the Act, it is HWV’s duty to provide relevant information about their students to the LA of each student’s residence, when requested to do so, and notify local LAs when a young person leaves learning at HWV. All educational institutions are required to share information with LAs as part of their duty under the Act.


Section 72 of the Act provides the legal basis for sharing information between LAs and educational institutions. Link to relevant section is referenced here:  www.legislation.gov.uk/ukpga/2008/25/section/14
When you give us your information we will use your details to inform the LA where you live about the learning that you are participating in so that they are able to report monthly to the Department of Education and deliver their duties listed above.


Please note that some of the services for young people provided by the LA to fulfil their duties are provided by commissioned external contractors and organisations and they are required to use the same security standards as the LA.


If you wish to opt out of the sharing of your basic details for this purpose, or wish to see information held by HWV about you for this purpose, please contact Bristol City Council: foi@bristol.gov.uk or by writing to The Data Compliance Manager, Bristol City Council, City Hall, College Green, Bristol, BS1 5TR.





Top

As a Parent with children in the Nursery

The introduction of a new data privacy law introduced to the UK at the end of May 2018 sets new rules on how data about you and your child is collected and stored. To help you with this we have created this new Privacy Notice informing you on how we use and protect your information.

We are not changing the ways we use your personal information, the notice is being shared to inform you of your increased rights in relation to the information held on you, including what information we collect about parents/carers and their children, how we use it and the legal grounds for this.






Privacy Notice (How we use parents/carers and children’s information)

All information that we collect is necessary to meet our contractual and legal requirements as an Early Years Setting, from Ofsted, Local Authorities and the EYFS.

The categories of information that we collect, hold and share include:

  • Personal information (such as name, date of birth and address)
  • Characteristics (such as ethnicity, language, nationality, country of birth and funding eligibility) for children
  • Attendance information (such as sessions attended, number of absences and absence reasons) for children
  • Relevant Medical information for children
  • Special Educational Needs information for children
  • Assessment information for children
  • Bank details for adults
  • Proof of identity for adults
  • Birth certificates for funding for children
  • Details of any accidents / incidents / existing injuries
  • Relevant documentation for child protection and safeguarding concerns
  • Funding information and details

Why we collect and use this information

We use the data:


  • to support children’s learning
  • to monitor and report on their progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to comply with the law regarding data sharing
  • to comply with the requirements of the EYFS and Ofsted
  • to ensure children are eligible for funding
  • to process nursery fees
  • to ensure children’s health, safety and wellbeing

The lawful basis on which we use this information

We collect and use pupil information under the Statutory Framework for the Early Years Foundation Stage (given legal force by the Childcare Act 2006), The Limitation Act 1980. By completing and signing the nursery registration form you are giving consent for us to process yours and your child’s personal data for the specific purposes of being part of the nursery setting. The processing of the information you have provided about yourself and your child is necessary for the contract you have completed in the registration form. We have a legal obligation to process the information provided to comply with the law.

Collecting Children’s Information

Whilst the majority of children’s information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Storing children’s data

We hold children’s data such as their registration details, accidents and medication forms etc. until each child has reached the age of 21. Learning and assessment for the children is stored for up to three months after the child has left the setting, then removed from electronic storage. Parents are able to download or print this themselves at any point up until this time.

Who we share children’s information with

We routinely share pupil information with:

  • Department for Education (DfE)
  • Schools that the children attend after leaving us
  • Our local authority
  • Ofsted
  • Health Visitors
  • Social Workers
  • Inclusion teams, SEN panels, funding etc
  • Local Children’s safeguarding boards / LADO
  • Other providers that children attend
  • Multi-agency professionals working with individual children
  • Area SENCO’s

Why we share pupil information

We do not share information about children with anyone without consent unless the law unless we are obliged to as part of a lawful process/investigation.

Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of the data requested and the arrangements in place to store and handle the data. To be granted access to pupil level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data. For more on information on how this sharing process works, please visit http://www.gov.uk/guidance/national-pupildatabase-apply-for-a-data-extract . For information on which third party organisations (and for which project) pupil level data has been provided to, please visit https://www.gov.uk/government/publications/national-pupildatabase-requests-recieved . If you require more information about how we and/or the DfE use this information please visit DfE’s website https://www.gov.uk/data-protection-how-we-collect-and-share-researchdata or email us at mattghwv@yahoo.co.uk.

Requesting access to your personal data

Under data protection legislation, parents and children have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact our Data Compliance Manager at mattghwv@yahoo.co.uk.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance at compoff@mamabear.co.uk . Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact our Data Compliance Manager at:

Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN








Top

As a Work Zone user

What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in “What Personal Data Do You Collect?”, below.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions by contacting our Data Compliance Manager:
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have, that we are not required to hold by Law.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact our Data Compliance Manager –

Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What Personal Data Do You Collect?

We will collect information from you, which we will refer to as “Required Personal Data”: We need this “Required Personal Data” to work with you as part of our funding agreement with Bristol City Council.

  • Name
  • Date of birth
  • Gender
  • Address
  • Housing status
  • Support needs
  • Email address
  • Telephone number
  • NI Number (if available)
  • Employment status
  • Benefit information
  • Disability / Health information
  • Barriers to employment
  • Criminal convictions
  • Qualifications and training history
  • Ethnicity
  • Equality & Diversity monitoring information



We also collect additional personal data, which we will refer to as “Optional Personal Data”. This information is not necessary for us to work with you as a Work Zone client but it helps us to deliver a better service to you and others. We will only hold this information if you give your consent. You may withdraw your consent at any point and still continue as a Work Zone client. This “Optional Personal Data” includes -

  • Right to work in the UK
  • Right to publically funded training in the UK
  • Emergency contact details
  • Photographs;


How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:

  • Providing and managing your service.
  • Supplying our services to you. Your personal details are required in order for us to enter into a contract with you.
  • Personalising and tailoring our services for you.
  • Communicating with you. This may include responding to emails or calls from you.
  • Supplying you with information by email
  • Holding a centralised register for Work Zone which will contain information such as name, address, qualifications, etc, as well as the contact that we have with you.
  • For audit purposes
  • To produce anonymised reports on performance of the program

You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than
is
necessary
in light of the reason(s) for which it was first collected. In this case, your data will be kept for 7 years.

How and Where Do You Store or Transfer My Personal Data?


We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law. In this case, all your data will be processed by Work Zone, as a program of Hartcliffe & Withywood Ventures. The data will be stored by Buzz Lockleaze under contract to Hartcliffe & Withywood Ventures and Bristol City Council.

Do You Share My Personal Data?

Your personal data will not 
be shared with, or transferred to Bristol City Council but they may be given access to your data purely for audit purposes.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the following email or postal address

Matt Griffin,
Email - mattghwv@yahoo.co.uk
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 2 weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details

(for the attention of) Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.



Top

As a Member of staff

GDPR PRIVACY NOTICE for staff


Data controller (“the Company”): ................................................ (HWV)

Controller’s representative (if any): ............................................. (Matt Griffin)



Introduction


The Company collects and processes personal information, or personal data, relating to its employees, workers and contractors to manage the working relationship. This personal information may be held by the Company on paper or in electronic format.


The Company is committed to being transparent about how it handles your personal information,
to
protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your working relationship with the Company. We are required under the GDPR to notify you of the information contained in this privacy notice.

This privacy notice applies to all current and former employees, workers and contractors. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.


The Company has appointed a data compliance manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact


Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN



Data protection principles

Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:


  • Processed lawfully, fairly and in a transparent manner.
  • Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to those purposes.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits your identification for no longer than is necessary for those purposes.
  • Processed in a way that ensures appropriate security of the data.

The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.

What types of personal information do we collect about you?


Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.


The Company collects, uses and processes a range of personal information about you. This includes:


  • your contact details, including your name, address, telephone number and personal e-mail address
  • your emergency contact details/next of kin
  • your date of birth
  • your gender
  • the start and end dates of your employment or engagement
  • recruitment records, including personal information included in a CV, any application form, cover letter, interview notes, references, copies of proof of right to work in the UK documentation, copies of qualification certificates, copy of driving licence and other background check documentation
  • the terms and conditions of your employment or engagement (including your job title and working hours), as set out in a job offer letter, employment contract, written statement of employment particulars, casual worker agreement, consultancy agreement, pay review and bonus letters, statements of changes to employment or engagement terms and related correspondence
  • details of your skills, qualifications, experience and work history, both with previous employers and with the Company
  • your professional memberships
  • your salary, entitlement to benefits and pension information
  • your National Insurance number
  • your bank account details, payroll records, tax code and tax status information
  • any disciplinary, grievance and capability records, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans and related correspondence
  • appraisals, including appraisal forms, performance reviews and ratings, targets and objectives set
  • training records
  • annual leave and other leave records, including details of the types of and reasons for leave being taken and related correspondence
  • any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence
  • information about your use of our IT systems, including usage of telephones, e-mail and the Internet
  • photographs

The Company may also collect, use and process the following special categories of your personal information:


  • information about your health, including any medical condition, whether you have a disability in respect of which the Company needs to make reasonable adjustments, sickness absence records (including details of the reasons for sickness absence being taken), medical reports and related correspondence
  • information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation (anonymised at recruitment)
  • information about criminal convictions and offences (as per DBS guidelines).

How do we collect your personal information?


The Company may collect personal information about employees, workers and contractors in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party such as an employment agency. We may also collect personal information from other external third parties, such as references from former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).


We will also collect additional personal information throughout the period of your working relationship with us. This may be collected in the course of your work-related activities. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.


Your personal information may be stored in different places, including in your personnel file, in the Company's HR management system and in other IT systems, such as the e-mail system.

Why and how do we use your personal information?

We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:


  • where we need to do so to perform the employment contract, casual worker agreement, consultancy agreement or contract for services we have entered into with you
  • where we need to comply with a legal obligation
  • where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.

We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).


We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you as its employee, worker or contractor; pursuing our business by employing (and rewarding) employees, workers and contractors; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on employees, workers and contractors. We believe that you have a reasonable expectation, as our employee, worker or contractor, that we will process your personal information.


The purposes for which we are processing, or will process, your personal information are to:


  • enable us to maintain accurate and up-to-date employee, worker and contractor records and contact details (including details of whom to contact in the event of an emergency)
  • run recruitment processes and assess your suitability for employment, engagement or promotion
  • comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
  • comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
  • maintain an accurate record of your employment or engagement terms
  • administer the contract we have entered into with you
  • make decisions about pay reviews and bonuses
  • ensure compliance with your statutory and contractual rights
  • ensure you are paid correctly and receive the correct benefits and pension entitlements, including liaising with any external benefits or pension providers or insurers
  • ensure compliance with income tax requirements, e.g. deducting income tax and National Insurance contributions where applicable
  • operate and maintain a record of disciplinary, grievance and capability procedures and action taken
  • operate and maintain a record of performance management systems
  • record and assess your education, training and development activities and needs (CPD)
  • plan for career development and succession
  • manage, plan and organise work
  • enable effective workforce management
  • operate and maintain a record of annual leave procedures
  • operate and maintain a record of sickness absence procedures
  • ascertain your fitness to work
  • operate and maintain a record of maternity leave, paternity leave, adoption leave, shared parental leave, parental leave and any other type of paid or unpaid leave or time off work
  • ensure payment of SSP or contractual sick pay
  • ensure payment of other statutory or contractual pay entitlements, e.g. SMP, SPP, SAP and ShPP
  • meet our obligations under health and safety laws
  • make decisions about continued employment or engagement
  • operate and maintain a record of dismissal procedures
  • provide references on request for current or former employees, workers or contractors
  • prevent fraud
  • monitor your use of our IT systems to ensure compliance with our IT-related policies
  • ensure network and information security and prevent unauthorised access and modifications to systems
  • ensure effective HR, personnel management and business administration, including accounting and auditing
  • ensure adherence to Company rules, policies and procedures
  • monitor equal opportunities
  • enable us to establish, exercise or defend possible legal claims

Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.


What if you fail to provide personal information?


If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights.


Why and how do we use your sensitive personal information?


We will only collect and use your sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law allows us to.


Some special categories of personal information, i.e. information about your health or medical conditions and trade union membership, and information about criminal convictions and offences, is processed so that we can perform or exercise our obligations or rights under employment law or social security law and in line with our data protection policy. Information about health or medical conditions may also be processed for the purposes of assessing the working capacity of an employee or medical diagnosis, provided this is done under the responsibility of a medical professional subject to the obligation of professional secrecy, e.g. a doctor, and again in line with our data protection policy.


We may also process these special categories of personal information, and information about any criminal convictions and offences, where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is entirely your choice whether to consent. Your consent can be withdrawn at any time.


The purposes for which we are processing, or will process, these special categories of your personal information, and information about any criminal convictions and offences, are to:


  • assess your suitability for employment, engagement or promotion
  • comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
  • comply with the duty to make reasonable adjustments for disabled employees and workers and with other disability discrimination obligations
  • administer the contract we have entered into with you
  • ensure compliance with your statutory and contractual rights
  • operate and maintain a record of sickness absence procedures
  • ascertain your fitness to work
  • manage, plan and organise work
  • enable effective workforce management
  • ensure payment of SSP or contractual sick pay
  • meet our obligations under health and safety laws
  • make decisions about continued employment or engagement
  • operate and maintain a record of dismissal procedures
  • ensure effective HR, personnel management and business administration
  • ensure adherence to Company rules, policies and procedures
  • monitor equal opportunities

Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring and in line with our data protection policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is entirely your choice whether to provide such personal information.


We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.


Change of purpose


We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.


Who has access to your personal information?


Your personal information may be shared internally within the Company, including with members of the HR department, payroll staff, your line manager, other managers in the department in which you work and IT staff if access to your personal information is necessary for the performance of their roles.


The Company may also share your personal information with third-party service providers (and their designated agents), including:


  • external organisations for the purposes of conducting pre-employment reference and employment background checks
  • benefits providers and benefits administration, including insurers
  • pension scheme provider and pension administration
  • occupational health providers
  • external auditors
  • professional advisers, such as lawyers and accountants
  • Prime Providers and the ESFA.

The Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all of its business. In those circumstances, your personal information will be subject to confidentiality undertakings.


We may also need to share your personal information with a regulator or to otherwise comply with the law.


We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).


How does the Company protect your personal information?


The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our data compliance manager.


Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.


The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.


For how long does the Company keep your personal information?


The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.


The Company will generally hold your personal information for the duration of your employment or engagement. The exceptions are:


  • personal information about criminal convictions and offences collected in the course of the recruitment process will be deleted once it has been verified through a DBS criminal record check, unless, in exceptional circumstances, the information has been assessed by the Company as relevant to the ongoing working relationship
  • it will only be recorded whether a DBS criminal record check has yielded a satisfactory or unsatisfactory result, unless, in exceptional circumstances, the information in the criminal record check has been assessed by the Company as relevant to the ongoing working relationship
  • if it has been assessed as relevant to the ongoing working relationship, a DBS criminal record check will nevertheless be deleted after six months or once the conviction is “spent” if earlier (unless information about spent convictions may be retained because the role is an excluded occupation or profession)
  • disciplinary, grievance and capability records will only be retained until the expiry of any warning given (but a summary disciplinary, grievance or performance management record will still be maintained for the duration of your employment).

Once you have left employment or your engagement has been terminated, we will generally hold your personal information for 6 years after the termination of your employment or engagement, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to ten years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court. We will hold payroll, wage and tax records (including salary, bonuses, overtime, expenses, benefits and pension information, National Insurance number, PAYE records, tax code and tax status information) for six years after the termination of your employment or engagement. Overall, this means that we will “thin” the file of personal information that we hold on you one year after the termination of your employment or engagement, so that we only continue to retain for a longer period what is strictly necessary.


Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.


In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.


Your rights in connection with your personal information


It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.


As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:


  • request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
  • request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
  • request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
  • restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
  • object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
  • data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.

If you wish to exercise any of these rights, please contact our data compliance manager. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data compliance manager. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.

If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.

Transferring personal information outside the European Economic Area

The Company will not transfer your personal information to countries outside the European Economic Area.

Automated decision making


Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.
We do not envisage that any employment decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes.

Changes to this privacy notice


The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.


Contact


If you have any questions about this privacy notice or how we handle your personal information, please contact our data compliance manager as follows: ………

Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN








Top

As a User of HWV Internet Services

Websites and Cookies

This section applies to anyone accessing HWV websites.

A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access HWV website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.


Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.


Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.


You may delete or control the use of cookies through your browser settings.


To find out more about cookies and what cookies might be stored on your device, visit  www.aboutcookies.org or  www.allaboutcookies.org


During 
the course oyour study you may be asked to use third party websites or services or access linked content (eg. Youtube, Mahara) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.
Top

As a business that rents a unit/s from HWV

What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in “What Personal Data Do You Collect?” below.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions by contacting our Data Compliance Manager:
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have, that we are not required to hold by Law.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact our Data Compliance Manager –

Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What Personal Data Do You Collect?

You are not under any obligation to provide us with personal data. However, should you decide that you prefer not to provide us with the personal data we request, we may not be able to rent a unit to your business/organisation.

As a business that rents a unit from 
HWV we will collect information from you about your business/organisation and key people within your business/organisation which is deemed to be personal data. This would include -

  • Name of business owner / head of organisation
  • Name of main key holder / s
  • Address of the above;
  • Email address of the above
  • Telephone number of the above;
  • Information necessary to set up a standing order for payments
  • Evidence of current and up-to-date Public and/or Employers Liability Insurance

How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:

  • For business correspondence
  • As an emergency contact for when your business premises is unstaffed
  • For administrative purposes
  • To set up a standing order for payments

You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary 
in light of the reason(s) for which it was first collected. In this case, your data will be kept for the length of your tenancy, and for 7 years after the tenancy is terminated.

How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.

Do You Share My Personal Data?

Your personal data will not be shared 
with
or transferred to any other parties without your permission and consent, other than for audit (Elliot Bunker) and business purposes required by law.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the following email or postal address

Matt Griffin,
Email - mattghwv@yahoo.co.uk
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 2 weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details

(for the attention of) Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our website.  


Top

As a Conference / Facility User

What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in “What Personal Data Do You Collect?” below.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions by contacting our Data Compliance Manager:
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have, that we are not required to hold by Law.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact our Data Compliance Manager –

Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What Personal Data Do You Collect?

You are not under any obligation to provide us with personal data. However, should you decide that you prefer not to provide us with the personal data we request, we may not be able to progress with access to The Gatehouse services and facilities.

As a 
Conference / facility User we will collect information from you about your business/organisation and key people within your business/organisation which is deemed to be personal data. This would include -

  • Business / organisation name and address
  • Name of contact
  • Contact phone number
  • Contact email address
  • Contact address (if different from business address)
  • Service requirements

How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:

  • For business correspondence
  • For administrative and charging purposes

You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is 
necessary
in light of the reason(s) for which it was first collected. In this case, your data will be kept until the service provided is complete and payment has been received, and for 1 year after this date.

How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenste
in. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.

Do You Share My Personal Data?

Your personal data will not 
be shared with, or transferred to any other parties without your permission and consent, other than for audit (Elliot Bunker) and business purposes required by law.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the following email or postal address

Matt Griffin,
Email - mattghwv@yahoo.co.uk
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 2 weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details

(for the attention of) Matt Griffin,
Email - mattghwv@yahoo.co.uk
Tel – 0117 9781 708
The Gatehouse, Hareclive Road, Bristol, BS13 9JN.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our website.




Top