Employee and Contractor Privacy Notice

EMPLOYEE AND CONTRACTOR PRIVACY NOTICE

1. Who is the data controller?

This Privacy Notice is provided to you by WE ARE CORPORATE LTD (also referred to here as “the Company”), which is the data controller for your data.

This is for the purposes related to the performance of the working relationship (as further described below) with you. You can contact us at the following email address info@wearecorporate.co.uk

2. Who does this Privacy notice cover?

This Privacy Notice applies to:

a) any employee, subject to any type of (employment) agreement, including any internship or apprenticeship contract, training programme, access-to-work contract, on-call contract, and, when necessary (for example in emergency situations and for benefits administration), to such employee’s spouse, domestic/civil partner or dependents (together dependents);

b) self-employed workers and independent contractors and freelancers;

c) any other individual performing a work activity or professional performance for the benefit of the Company.

(the above listed individuals are collectively defined as you and the relevant agreement with the Company, whatever form it takes as described under a), b) and c) above, is also defined as the working relationship).

3. What personal data do we collect from you?

Before entering into a working relationship or in the course of the working relationship with the Company, the Company will collect data or may have data collected about you. We refer to such information as personal data which includes, for example, the following:

Personal Details: name, employee identification number, work and home contact details (email, phone numbers, physical address), language(s) spoken, gender, date and place of birth, national insurance number, driving licence information, marital/civil partnership status, domestic partners, dependents, emergency contact information and photographs, employment status (eg active, inactive, maternity replacement), footage (for social media purposes when showcasing ‘behind the scenes’).

Documentation Required under Immigration Laws: Citizenship, passport data, details of residency or any work permit.

Compensation and Payroll: Base salary, bonus, benefits, compensation type, details on stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, banking details, working time records (including vacation and other absence records, leave status, hours worked), pay data and life insurance beneficiaries.
Position: Description of positions, job title, management category, job code, salary plan, pay grade or level, job function(s) and sub function(s), details of any directorships, company name and code (legal employer entity), branch/unit/department, location, employment status and type, full-time/part-time, terms of employment, employment contract, work history, hire/re-hire and termination date(s) and reason, length of service, business travel details, retirement eligibility, promotions and disciplinary records, date of transfers, and line manager(s) information.

Talent Management Information: Details contained in letters of application and resume/CV (e.g., previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates), development programmes planned and attended, e-learning programmes, performance and development reviews, willingness to relocate and information used to populate employee biographies.

Management Records: Details of any shares of common stock or options.

System and Application Access Data: Information required to access company systems and applications such as active directory, email address, employee ID, other system and application user IDs and passwords, electronic content produced using company systems, building access information from any access control card system, office premises CCTV footage, access to documents and other materials, as well as incident response data (to the extent permitted by local legislation.

We may also process special categories of data, when permitted by local law. Such data include criminal background checks (if authorised under local laws), health/medical information or disability status, trade union membership information, religion, race or ethnicity when necessary. We collect this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; and diversity-related personal data (such as gender, race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination. We will only use such sensitive information for the purposes as described in paragraph 5 and as provided and permitted by law.

4. How do we use your personal data?

We will process your personal data in compliance with applicable laws for the following purposes:

a) Managing Workforce: HR administration and managing work activities and personnel generally, including recruitment, absence, performance management, promotions and succession planning, rehiring, salary and payment administration, pension and benefits administration, managing business expenses and reimbursements, planning and monitoring of training requirements and career development activities and skills

b) Communications and Emergencies: facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others.

c) Business Operations and security: operating and managing IT and communications systems, managing product and service development and improvement, managing and allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, re-organizations or disposals and integrations, building security and crime prevention.

d) Compliance: Complying with legal and other requirements, including audits, inspections and other requests from government or other public authorities.

e) Dispute resolution, responding to legal process such as subpoenas, pursuing legal rights and remedies.

f) Health and safety: Complying with legal obligations on occupational safety and health.

(defined together as the Contractual Purposes).

g) Corporate and commercial matters: if the Company is involved in a merger or transfer of all or a material part of its business, the Company may transfer your information to the party or parties involved in the transaction (the Other Purposes);

5. On what legal basis do we process your personal data?

We process your personal data to perform the obligations under the contract with you, to comply with legal obligations arising in the context of your contract, as well as to pursue the legitimate interests of the Company.

The processing of your personal data for Contractual Purposes is mandatory as the refusal to provide the personal data would make it impossible to sign and perform the contract between you and the Company.

The processing of your personal data for Intranet Purposes and Other Purposes, are carried out in compliance with the legitimate interest of the Company which adequately balances the interests of the Company and you. That processing is not mandatory and, for this reason, you may oppose the processing as described in Paragraph 9 of this Privacy Notice. If you object to this data processing, data will not be processed for the legitimate interest purposes, but we will continue to process any relevant data on another legal basis as appropriate.

6. How do we process your personal data?

We process your personal data through both electronic and manual means and it is protected by reasonable security measures. We will take appropriate administrative, technical, personnel and physical measures designed to protect personal data that are consistent with applicable privacy and data security laws and regulations that in particular include protecting personal data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access. This includes requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.

7. Who has access to your personal data?

All personnel within WE ARE CORPORATE LTD will generally have access to your business contact information such as name, position, telephone number, business postal address and email address.
We may share your personal data for the purposes specified in this Privacy Notice with the following categories of entities that can be located within and, in compliance with Paragraph 8 below, outside the European Union as follows:

a) Other entities in WE ARE CORPORATE LTD which need access to your personal data in order to manage services and activities.

b) Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, and other professional advisors in all of the countries in which WE ARE CORPORATE LTD operates.

c) Service Providers and Clients: Companies that provide products and services to WE ARE CORPORATE LTD such as payroll, pension scheme, benefits, human resources, performance management, training, expense management, IT systems supply and support, assistance with equity compensation programmes, credit cards, medical or health services, trade bodies and associations services, travel services and others. Companies WE ARE CORPORATE LTD provide products or services to such as broadcasters and/or the organizations that commission its projects or programmes.

d) Public, Judicial, Governmental Authorities and Litigants: Entities that regulate or have jurisdiction over WE ARE CORPORATE LTD such as regulatory authorities, law enforcement, public bodies and judicial bodies or other third parties in connection with judicial or regulatory proceedings.

e) Other Purposes: A third party in connection with any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of WE ARE CORPORATE LTD business, assets or stock (including in connection with any bankruptcy or similar proceedings).

The types of data processors appointed by WE ARE CORPORATE LTD to support the Company’s operations. Access to personal data within the Company will be limited to those who have the “need to know” for the purposes described in Paragraph 4 of this Privacy Notice, and may include your managers and their designees, personnel in HR, IT, Compliance, Legal, Finance and Accounting and Internal Audit.

8. Is your personal data transferred abroad?

For certain projects we may share your personal data outside of the European Economic Area (EEA).  When we send your personal information outside of the EEA to a country not recognised as providing appropriate protections, we will put in place appropriate contracts or other safeguards to ensure your rights are protected.

9. Your rights and your personal data

You have the following rights with respect to your personal data:

When exercising any of the rights listed below, in order to process your request, we may need to verify

your identity for your security. In such cases we will need you to respond with proof of your identity

before you can exercise these rights.

a) The right to access personal data we hold on you

At any point you can contact us to request the personal data we hold on you as well as why

we have that personal data, who has access to the personal data and where we obtained

the personal data from. Once we have received your request we will respond within one

month.

There are no fees or charges for the first request but additional requests for the same personal

data or requests which are manifestly unfounded or excessive may be subject to an

administrative fee.

b) The right to correct and update the personal data we hold on you

If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your

data will be updated.

c) The right to have your personal data erased

If you feel that we should no longer be using your personal data or that we are unlawfully using

your personal data, you can request that we erase the personal data we hold.

When we receive your request we will confirm whether the personal data has been deleted or

the reason why it cannot be deleted (for example because we need it for to comply with a

legal obligation).

d) The right to object to processing of your personal data or to restrict it to certain purposes only

You have the right to request that we stop processing your personal data or ask us to restrict

processing. Upon receiving the request we will contact you and let you know if we are able to

comply or if we have a legal obligation to continue to process your data.

e) The right to data portability

You have the right to request that we transfer some of your data to another controller. We will

comply with your request, where it is feasible to do so, within one month of receiving your

request.

f) The right to withdraw your consent to the processing at any time for any processing of data to

which consent was obtained

You can withdraw your consent easily by email (see Contact Details

below).

g) The Special Purposes

The General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“the Act”) require us to use your personal data within the legal framework explained in this Privacy Statement and in accordance with your rights under the GDPR (which we explain above).

However, the GDPR and the Act contain an exemption which allows us and the project or programme broadcaster not to apply aspects of this legal framework and your rights if they are not compatible with the artistic purposes of the project or programme and there is a public interest in broadcasting the project or programme.  This exemption is known as the “Special Purposes” exemption.  Consequently, please be aware that aspects of the legal framework explained in this Privacy Statement and your rights under the GDPR may not apply where they are not compatible with the Special Purposes.

h) The right to lodge a complaint with the Information Commissioner’s Office.

You can contact the Information Commissioners Office on 0303 123 1113 or via email

https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office,

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

10. Retention period applying to your personal data

The personal data collected pursuant to this Privacy Notice is retained for the duration of the working relationship and, after the termination of the working relationship up to seven (7) years, except for longer periods where the retention of the personal data is necessary due to litigation, requests filed by competent authorities or in compliance with applicable laws.
In any case, we will take steps to ensure that the personal data processed is relevant and not excessive for its intended use, and is accurate and complete for carrying out the purposes described in this Privacy Notice. Accordingly, we will retain personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After the applicable retention period has ended, the Company shall securely destroy or delete the personal data or anonymise it.

11. Your obligations

Please keep personal data up to date and inform us of any significant changes to personal data. You agree to inform your dependents, whose personal data you provide to the Company, about the content of this Privacy Notice, and to obtain their consent (provided they are legally competent to give consent) for the processing of that personal data by the Company as set out in this Privacy Notice.

You further agree to follow applicable law and the Company’s standards and procedures that are brought to your attention when handling any personal data that you have access to in the course of your working relationship with WE ARE CORPORATE LTD.  You will not access or use any personal data for any purpose other than in connection with and to the extent necessary for your working relationship with the Company. You understand that these obligations continue to exist after termination of your working relationship with the Company.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Changes to this notice

We keep this Privacy Notice under regular review and we will place any updates on http://www.wearecorporate.co.uk/privacy This Notice was last updated in March 2019.

Contact Details

Please contact us if you have any questions about this Privacy Notice or the personal data we hold

about you or to exercise all relevant rights, queries or complaints at:

The Data Controller, WE ARE CORPORATE LTD email: info@wearecorporate.co.uk