GDPR Privacy Notice

This privacy notice details Enigma Industrial Services’ privacy policy relating to personal information that we collect if you are an employee or work for us as a consultant, contractor or temporary worker. This privacy notice describes how we collect and use personal information about you before, during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR). This notice does not form part of any contract of employment or other contract to provide services.

Last updated

This privacy notice was last updated on the 1st February 2019. We will update this Notice from time to time and you should review it on a regular basis and especially before providing us with any further personal data about yourself.

Who we are

We are Enigma Industrial Services Limited. We provide Access and Industrial solutions in and around the UK. For the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), Enigma Industrial Services is a data controller in respect of any personal data we collect.

Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only as long as necessary for the purposes we have told you about; and
  6. kept securely.

How we collect your personal data

Personal data, or personal information, means any information about an individual from which that person can be
identified, and any data linked to that identifiable person. It does not include data where the identity has been removed
(anonymous data). There are certain types of more sensitive personal data which require a higher level of protection,
such as information about a person’s health. Information about criminal convictions also warrants this higher level of
protection.

We will only collect and use your personal data where we have legitimate reasons to do so. We will obtain personal data from you in connection with your employment or engagement with Enigma Industrial Services. We collect this data:

  • from recruitment agencies;
  • when you contact us about employment with Enigma Industrial Services; or
  • when we receive referrals from our employees.

We may also collect your data when we search websites where you have posted your data to be found in relation to job opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.

We may sometimes collect additional information from third parties including former employers and/or from other agencies where we request background checks.

We may collect additional personal information during the course of your employment.

The personal data we collect

We only collect the data we need, and we will ensure we have appropriate physical and technological security measures to protect your personal data. For employees or candidates applying for a job with Enigma Industrial Services, depending on the relevant circumstances, we may collect some or all of the following information: name, title, date of birth, gender, marital status, photograph, email address, postal address, telephone numbers, education details, employment history, emergency contacts and details of any dependants, referee details, immigration/visa status (whether you need a work permit), nationality/citizenship/place of birth, a copy of your driving licence and/or passport/identity card, financial information (where we need to carry out financial background checks) and any other tax-related information, diversity information, including age, gender, race, ethnic origin, religious or other similar beliefs, physical or mental health, including disabilityrelated information, details of any criminal convictions, details about your current remuneration, pensions and benefits arrangements, information on your interests, needs regarding future employment and any extra information that you
or your referees choose to tell us.

We may also hold information gathered during the interview process and any relevant feedback and information gained from appraisals. We may also hold limited health information where you have made us aware or where you have told us to justify an absence. During your engagement with Enigma Industrial Services we will also collect data about you regarding the use of our systems and services. For safety and security reasons we record CCTV footage.

What we use your information for

Enigma Industrial Services collects and processes your personal data for legitimate Business Management and Human Resource purposes including:

  • managing your engagement and / or employment with Enigma Industrial Services;
  • internal record-keeping;
  • creating user accounts for internal and external system access;
  • for payroll and benefits purposes;
  • in connection with legal and dispute management;
  • for compliance with legal, regulatory and tax reporting obligations;
  • releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes;
  • to contact you from time to time with company information or events; and
  • where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.

There may be situations in which we will use your sensitive personal information. In general, we will not process particularly sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so. We may use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory paternity pay, statutory adoption pay, statutory sick pay, pensions, life insurance and private health insurance (where these benefits are applicable).

If you leave employment and the reason for leaving is determined to be ill-health, injury or disability, we will use information about your physical or mental health, or disability status in reaching a decision about your entitlements.

We may use information about your age, gender, race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing your personal data

Where appropriate and in accordance with local laws and requirements, we may share your personal data with:

  • individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
  • regulatory, tax, audit, or other authorities, when we consider in good faith that the law or other regulation requires us to share this data;
  • third party service providers who perform functions on our behalf including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems;
  • third party service providers where we have an appropriate processing agreement (or similar protections) in place; and
  • in the case of potential Enigma Industrial Services employees, third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws.

If Enigma Industrial Services acquires, merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.

Your Rights

You have individual rights under the GDPR. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have:

The right to be informed – you have the right to be informed of what we do with your data. The detail of this is within this privacy notice.

The right of access – you have the right to ask us to confirm what information we hold about you. You can exercise this right by submitting a Data Subject Access Request. We may ask you to verify your identity and for more information about your request. We will respond to any request to access your data within one month. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

The right to rectification – you have the right to update your data if you think it’s incorrect. We may ask you to verify your identity and for more information about your request.

The right to erasure – You have the right to have your personal data deleted (right to be forgotten). We will make every reasonable effort to remove your personal data, however, this may not always be possible there are legal requirements for us to keep your data. We may ask you to verify your identity and for more information about your request. We will respond to any request to delete your data within one month and let you know the outcome of your request.

The right to restrict processing – you have the right to ask us to stop processing your data. Where consent has been given to process your data, you can withdraw that consent at any time by contacting us using the details at the bottom of this notice. You can raise any concerns to the processing or use of your personal data by us either to us or to the appropriate data protection authority.

The right to data portability – you have the right to have the personal data you have given us transferred to another company and we will make every reasonable effort to comply with your request.

The right to object – you have the right to object to us processing your personal data where we do so under legitimate interests or to enable us to perform a task in the public interest or exercise official authority or for scientific, historical, research or statistical purposes. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests, or we are processing your data for the establishment, exercise or defence of a legal claim.

Rights in relation to automated decision making and profiling – Automated individual decision-making is a decision made by automated means without any human involvement,such as a recruitment aptitude test which uses pre-programmed algorithms and criteria. Profiling is where we use the information we have on you to classify you into different groups or sectors, using algorithms and machine-learning. This analysis identifies links between different behaviours and characteristics to create profiles for individuals. Enigma Industrial Services do not use any automated decision-making tools or profiling techniques. However, if you think we are doing so you have the right to ask us to explain and to ask us to stop.

Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Transfer of data outside the EEA

Normally your data will not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms or you have consented for us to do so.

Retention

It is our policy only to keep records of your personal data for as long as required under the legal obligations of employment or engagement, or as required by relevant authorities or other legislation, whichever requirement is longer after which it will be erased from our systems and any paperwork will be destroyed.

Our retention policies are currently as follows:

  • for business and regulatory reasons, we will keep your data for six years after the end of your engagement with us; we may in certain circumstances need to hold your personal information for longer, for example in relation to an insurance claim, a legal dispute or because of regulatory requirements;
  • if we are recruiting for permanent staff or looking at engaging you as a consultant, contractor or temporary worker or if we are not currently recruiting but are interested in your profile we may keep your details for a period of one year.

Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Contact Us

To exercise any relevant rights, queries or complaints please contact us via our website or by one of the following means:

By Phone: +44 (0)1925 294 970

By Post:
Enigma Industrial Services
2nd Floor, Hawthorne House
Woodlands Park
Ashton Road
Newton Le Willows
WA12 0HF

By Email: info@enigma-is.com

Contact your local supervisory authority

If you wish to make a complaint, then you can contact your local supervisory authority. If you are in the UK, your local Supervisory Authority is the Information Commissioners Office (ICO) who can be contact in the following ways:

By Phone: +44 (0)303 123 1113

By Post:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Other contact options can be found on the ICO website at https://ico.org.uk/global/contact-us/.
Supervisory Authorities for other countries can be found on the European Commissioners website
at https://ec.europa.eu/info/index_en