GENERAL DATA PROTECTION PRIVACY NOTICE
FOR EMPLOYEES AND JOB APPLICANTS
1. What is the Purpose of this Privacy Notice?
1.1. This privacy notice adopted by Vernons (hereinafter referred to as “Vernons”, “We” and “Us”) is committed to protecting the privacy and security of personal information.
1.2. This privacy notice describes how Vernons collects, uses, and manages personal data and information about our employees, former employees, job applicants, interns, secondees, and apprentices in accordance with the EU General Data Protection Regulation (the “GDPR”).
1.3. The term “personal data” or “personal information” refers to all personally identifiable information about you and includes all the information incorporated in your curriculum vitaes, referral details, interview notes, employment contract, employee form, employee performance appraisal form and all other information which may arise throughout your employment relationship with Vernon’s, that can be identified with you personally.
1.4. The term “data protection legislation” refers to the relevant data protection and privacy laws including the GDPR and the Data Protection Act, Chapter 586 of the Laws of Malta, as may be amended from time to time.
1.5. The provision, collection and processing of your personal data, apart from arising as a result of a contractual requirement, may also arise out of a legal requirement which Vernons is obliged to abide by and any other legitimate interest that Vernons may have to do so.
1.6. If you fail to provide the necessary information when requested, We may not be able to enter into a contract with you or perform the contract We have already entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
1.7. All your personal data collected shall be processed exclusively for the purposes of your employment and shall be processed in line with Vernons legal obligations.
1.8. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
1.9. We may update this privacy notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practicable.
1.10. It is important that you read and retain this privacy notice, together with any other privacy notice or policy we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
2. The Type of Information we Hold about You
2.1. We will collect, store, and use the following categories of personal information about you:
2.1.1. Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
2.1.2. Date of birth, Gender/marital status and dependants;
2.1.3. Next of kin and emergency contact information;
2.1.4. National Insurance number;
2.1.5. Bank account details, payroll records and tax status information;
2.1.6. Salary, annual leave, pension and benefits information;
2.1.7. Start date and, if different, the date of your continuous employment;
2.1.8. Leaving date and your reason for leaving;
2.1.9. Location of employment or workplace;
2.1.10. Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
2.1.11. Employment records (including job titles, work history, working hours (including overtime records), holidays, training records and professional memberships);
2.1.12. Compensation history;
2.1.13. Performance information and appraisals;
2.1.14. Disciplinary and grievance information;
2.1.15. Your logs and tracking on various software applications that you use; and
2.1.16. Information about your use of Our information and communications systems.
2.2. We may also collect, store and use the following “special categories” of more sensitive personal information:
2.2.1. Information about your health, including any medical condition, health and sickness records, such as:
- When you take leave from employment due to ill-health, injury or disability, the records relating to that decision;
- Reasons for any absences (other than holidays) from work including time on statutory parental leave;
- Where you leave employment due to a particular health condition, information about that condition for pensions and permanent health insurance purposes; and
- During your employment in general, where required, to be able to provide you with sickness or illness benefits.
3. How is Your Personal Information Collected
3.1. We collect personal information about applicants through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider.
3.2. You are under no statutory or contractual obligation to provide data to Us during the recruitment process. However;
3.2.1. If you do not provide Us with the relevant information, We will not be able to process your application; and
3.2.2. Once you submit your personal data to Us, you are declaring that;
- You have read, understood and accepted this privacy notice;
- The information given is complete and true to the best of your knowledge, and understand that incorrect statements could lead to your application being rejected;
- That consent was obtained from any third party whose details are included in the information provided;
- Authorise Us to verify the statements contained in your application and to make any necessary checks.
3.3. We will collect additional personal information in the course of job-related activities throughout the period of you working for Us.
3.4. Your personal data will not be subject to any automated decision-making or profiling practices.
3.5. Where data is not collected from you, you also have a right to be informed of the source from which the personal data originates and to have any inaccuracies corrected.
3.6. Any monitoring will be proportionate to the purpose that the data is collected for, taking into account your legitimate expectations to privacy and other interests. Any personal data held or used in the course of monitoring shall be adequate, relevant and not excessive for the purpose for which the monitoring may be justified and will be carried out in the least intrusive way possible.
4. How Vernons will Use Information about You
4.1. We will only use your personal information when the law allows Us to. Our legal bases for processing your personal data include:
4.1.1. The performance of the employment agreement and taking the steps necessary to enter into the employment agreement or any of its amendments at your request;
4.1.2. Compliance with our legal obligations, including carrying out our obligations and specific rights in the fields of employment, social security and social protection law (insofar as authorised under the applicable law); and/or
4.1.3. Our legitimate interests or that of a third party, which legitimate interests arise during the course of an employment relationship, including The establishment, exercise or defence of legal claims.
5. Data Sharing
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where We have another legitimate interest in doing so. Recipients of your personal data include selected individuals within Vernons, companies and/or affiliates and/or agents and/or third parties that provide services to Vernons such as IT, legal and accountancy services. Any selected individuals with access to your data shall be subject to the same data protection responsibilities as Vernons.
6. Transferring Information outside the EU
At the time of issuing these this notice, We do not intend on transferring your personal data to a recipient located outside the European Economic Area (“EEA”). However, should a transfer to a country located outside of the EEA become necessary, We shall ensure that adequate safeguards are in place for the secure transfer of your personal information. You may request details on the safeguards implemented from Us by contacting Dorita Mangion on 25498125.
7. Data Security and Data Retention
7.1. We have put in place appropriate security measures to prevent your personal information from being accidentally or unlawfully destroyed, lost, used, altered, disclosed or accessed in an unauthorised way. In addition, We limit access to your personal information to an as-needed basis, and any such persons will only process your personal information on Our instructions and they are subject to a duty of confidentiality. Details of these security measures are set out in our IT security policy and clear desk and clean screen policy which are available at Vernons office at Dragonara Stores, Industrial Estate, Imriehel, Malta.
7.2. We have implemented procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where We are legally required to do so. Details of the measures that we have put in place may be obtained from Our data breach response and notification procedure accessible at Vernons office at Dragonara Stores, Industrial Estate, Imriehel, Malta.
7.3. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in Our retention policy which is available at Vernons office at Dragonara Stores, Industrial Estate, Imriehel, Malta.
7.4. Although the collection of personal data would normally terminate at the end of your employment relationship, employment records and information will be kept for as long as necessary for Vernons to be in compliance with its legal obligations and/or accepted standards (including where processing may be necessary for the establishment, exercise or defence of legal claims).
8. Data Subject Rights
8.1. For as long as Vernons will retain your personal data you may, under certain circumstances by law, have the right to:
8.1.1. Right of access – you have the right to ascertain the personal data We hold about you and to receive a copy of such personal data;
8.1.2. Right to complain – you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority for data protection matters. In Malta this is the Information and Data Protection Commissioner (contact details provided below);
8.1.3. Right to Erasure – in certain circumstances you may request that We delete the personal data that We hold about you;
8.1.4. Right to Object – you have a right to object and request that We cease the processing of your personal data where We rely on Our, or a third party’s legitimate interest for processing your personal data;
8.1.5. Right to Portability – you may request that We provide you with certain personal data which you have provided to Us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that We transmit such personal data to a third party controller indicated by you;
8.1.6. Right to Rectification – you have the right to update or correct any inaccurate personal data which We hold about you;
8.1.7. Right to Restriction – you have the right to request that We stop using your personal data in certain circumstances, including if you believe that We are unlawfully Processing your personal data or the personal data that We hold about you is inaccurate;
8.1.8. Right to withdraw your consent – where Our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the Processing based on your consent prior to the withdrawal of your consent; and
8.1.9. Right to be informed of the source – where the personal data We hold about you was not provided to Us directly by you, you may also have the right to be informed of the source from which your personal data originates.
8.2. Please note that in terms of the applicable laws, your rights in relation to your personal data are not absolute.
8.3. If you want to exercise any of the abovementioned rights in relation to your personal data, please contact our offices on 25498125.
8.4. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
9. IDPC Contact Details
You have the right to make a complaint at any time with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt).
10. Changes to this Privacy Notice
If you have any complaints regarding Our processing of your personal data, please contact Us. You also have a right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (https://idpc.org.mt).