BladeBUG Limted

HR Privacy Notice
  1. Home
  2. HR Privacy Policy

This HR Privacy Notice outlines for employees and contractors, and candidates and potential employees, the personal data that BladeBUG Limited processes relating to them, how they can expect their personal data to be used and protected, and for what purposes.

BladeBUG Limited is committed to protecting the privacy and security of your personal information and being transparent about how it collects and uses that data and to meeting its data protection obligations.

BladeBUG Limited collects and processes personal data relating to:

  • Candidates and potential employees to manage application and recruitment processes
  • Current and former employees to manage the employment relationship and other legal obligations, and
  • Prospective, current and former contractors to manage the contracts for services.

The data will be:

  • used lawfully, fairly and in a transparent way
  • collected only for specified, explicit and legitimate purposes and not be used in a way that is incompatible with those purposes
  • limited to what is necessary for the purposes for which they are processed
  • accurate and amended on request
  • kept in identifiable form for no longer than is necessary for the relevant purpose
  • processed and held securely.

    • This Notice sets out all information we are required to provide under applicable data protection laws including the UK Data Protection Act and the EU General Data Protection Regulation (GDPR).

    This policy does not form part of any employment contract or other contract to provide services. We may update this policy at any time and inform you of the updates.

    1. Data Controller and Data Protection Officer Details

    The organisation responsible for how your personal information is handled – referred to as a “Data Controller” - is:

    BladeBUG Limited Limited, a company registered in England with company number 09347013 and registered office at 33 Cleveley Crescent, London, W5 1DZ.

    For any personal data-related issues you can contact:

    • (a) your line manager;
    • (b) the BladeBUG Limited manager responsible for human resources matters; or
    • (c) BladeBUG Limited’s Data Protection Officer at:
      Data Protection
      BladeBUG Limited
      33 Cleveley Crescent, London, W5 1DZ
      Email: DPO@bladebug.co.uk

    2. What personal information does BladeBUG Limited collect to manage our relationship with you?

    Personal information means any information about an identifiable individual. It does not include data where the identity has been permanently removed so we cannot reasonably know who it refers to (“anonymised”).

    BladeBUG Limited collects and processes personal information about you including:

    • your name, title, address, other contact details including personal email address, telephone number, date of birth and gender
    • marital status, next of kin, dependants and emergency contacts
    • recruitment information including your application form or letter, CV, tests, work samples, references, copy of qualification certificates
    • education, qualifications, professional memberships
    • start and end dates, with previous employers and with BladeBUG Limited
    • non-work related information (pastimes, interests) that you choose to share with us
    • information about your nationality and entitlement to work in the UK
    • the terms and conditions of your employment and any amendments to them
    • correspondence with or about you, for example offer letters or communications to you about a pay rise or benefits or, at your request, to a third party such as a bank or mortgage provider regarding your salary
    • information about your salary, annual leave, pension and benefits information
    • details of your bank account, national insurance number, payroll records and tax status information
    • employment records, including job titles, work history, remuneration
    • details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave, or other absences from work
    • details of any disciplinary, capability or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
    • assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence
    • passport information including photographs
    • termination of employment including reasons and related correspondence for your contract with BladeBUG Limited coming to an end
    • results of HMRC employment status check
    • details of the intermediary through which you are employed, or your services are supplied

    BladeBUG Limited may also collect and process “special categories of data” which consist of more sensitive personal information which requires a higher level of protection, i.e.: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person’s sex life or sexual orientation. Information about a person’s criminal convictions are subject to similar protections.

    In practice the special categories of data that BladeBUG Limited processes are primarily in the areas of health or medical conditions. We use information relating to leave of absence, including sickness absence or family related leave to comply with employment and other laws. We may need to assess your fitness for work, provide appropriate workplace adjustments, monitor and manage sickness absence and to administer benefits including occupational and statutory sick pay, maternity, paternity or parental leave pay, pensions. It is also processed to carry out our employment law obligations (e.g. those in relation to employees with disabilities and for health and safety purposes, occupational health referrals and reports, sickness meetings and formal reviews including sickness improvements plans and related correspondence). Where you leave BladeBUG Limited and the reason is related to your health, information about the condition and any information relating to ill-health retirement may also need to be kept on record.

    Other processing of special categories of data includes:

    • equal opportunities monitoring information, which may include information about your race, ethnic origin, sexual orientation, religion or beliefs
    • information about any criminal record checks: BladeBUG Limited does not currently process such data and would do so only where this is expressly permitted by the law and in accordance with all applicable restrictions.

    The only other times we would process special categories of personal data are where this information is:

    • necessary for compliance with laws or carrying out employment-related rights and obligations;
    • required to protect your health or safety in an emergency;
    • something that you have given us your explicit consent to use.

    3. Where does BladeBUG Limited obtain data from?

    BladeBUG Limited collects this information in a variety of ways. For example, data is collected through the application process, CVs, obtained from your passport or other identity documents (e.g. driving licence), from forms completed by you at the start of or during employment (e.g. benefit nomination forms), from correspondence with you, through interviews, meetings or other assessments. We will collect additional personal information in the course of job-related activities throughout the period that you work with us.

    Much of the personal data we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources (e.g. referees, doctors or third party pension or benefits providers).

    4. Why does BladeBUG Limited process personal data?

    BladeBUG Limited generally needs to process data in order to manage its relationship with you including under an employment contract or a contract for services. The legal bases for BladeBUG Limited’s data processing are as follows:

    a. Data processing is necessary for performance of the contract:

    BladeBUG Limited needs to process your data in order to:

    • provide you with an employment contract or a contract for services
    • pay you in accordance with your contract
    • administer any relevant benefits or pension entitlements
    • determine the terms on which you work for us and make decisions on salary and remuneration
    • operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that you are receiving the pay or other benefits to which you are entitled
    • obtain occupational health advice, ascertaining fitness for work, and ensure that you are receiving the pay or other benefits to which you are entitled
    • process the ending of the contract relationship
    • allow you access to BladeBUG Limited offices.

    b. Data processing is necessary for compliance with BladeBUG Limited’s legal obligations:

    In some cases, BladeBUG Limited needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee's entitlement to work in the UK, deduct tax and social security contributions, manage pension rights, comply with health and safety laws and enable employees to take periods of leave to which they are entitled.

    Other data processing that may be required by law includes BladeBUG Limited’s obligations to:

    • maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights
    • operate and keep a record of disciplinary, capability and grievance processes, to ensure acceptable conduct and performance within the workplace
    • operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that BladeBUG Limited complies with duties in relation to leave entitlement
    • ensuring compliance with duties in relation to individuals with disabilities, meet its obligations under health and safety law
    • maintain and promote equality in the workplace.

    c. Data processing is necessary for BladeBUG Limited’s legitimate interests

    In other cases, BladeBUG Limited has a legitimate interest in processing personal data before, during and after the end of the relationship. Processing data allows BladeBUG Limited to:

    • run recruitment and promotion processes
    • assess qualifications, experience and skills for a particular task
      • operate and keep a record of your performance, to plan for career development, and for succession planning and workforce management purposes
    • ensure effective general HR and business administration
    • ensure efficient collaboration with internal or external business contacts including current and potential clients, suppliers, candidates, consultants, or contractors
    • to refer to you and your role and work in documents and records that are produced by you and your colleagues in the course of carrying out your duties and the company’s business
    • monitor your use of our information and communication systems to ensure compliance with our IT and social media policies
    • ensure network and information security, including preventing unauthorised access to our computers and electronic communication systems
    • for workforce monitoring and to conduct data analysis to plan for workforce changes or development
    • provide references on request for current or former employees
    • respond to and defend against legal claims
    • manage office security and use of the company’s property
    • business continuity: to check your email and stored files if you are absent from work or after you leave BladeBUG Limited.

    Where BladeBUG Limited relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not. These processes relate to your professional life and so there will normally be no negative impact on your privacy or rights; and such use is necessary for the business interests described and within what staff should reasonably expect. We will revisit this assessment periodically to ensure that this ground remains valid for processing the particular data.

    d. Data processing is necessary to safeguard vital interests

    We may need to process data to protect your (or others’) safety and health in emergencies (e.g. informing medical or emergency services).

    e. You have given your consent for data processing

    Most data processing referred to in this notice is necessary for the purpose indicated. However, there may be some activities (e.g. a social event, or use of your photo on our website) where we will ask for your consent for processing of your data.

    5. Change of Purpose

    We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal information without your knowledge or consent, in compliance with this notice, where this is required and permitted by law.

    6. Who has access to data?

    Personal information will be shared internally, including with members of the Executive team, managers responsible for human resources, your line manager and other senior managers within BladeBUG Limited, where applicable, in the course of their duties. On occasion IT or audit staff may have access to data if it is necessary for the performance of their roles.

    BladeBUG Limited has internal policies and controls in place to prevent your data from being lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those employees or third parties who have a specific need to know in the performance of their duties. Access to personal information in your employee file is restricted to specific individuals as is access to the HR IT system.

    We may transfer personal data about you to other BladeBUG Limited offices for purposes connected with your employment or services or the management of the business. Clients, suppliers or business partners may be located in other places and may also receive your data.

    BladeBUG Limited may share data with third parties in order to obtain pre-employment reference and other checks. BladeBUG Limited also shares your data with third parties that process data on its behalf, in connection with payroll, pensions, the provision of other benefits and the provision of occupational health services.

    We may also need to share your data with a regulator or other public authorities or with other third parties in the performance of the contract or to comply with the law. This may include making returns to HMRC or with BladeBUG Limited’s employment solicitors.

    Data is stored in a range of places, including on your employee file, in BladeBUG Limited’s HR systems and other IT systems including the BladeBUG Limited email system. Our systems are hosted by Dropbox for files and Google for email, notes and calendars.

    Where BladeBUG Limited engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

    Key third party processors who need access to staff personal data include the following:

    If we transfer data internationally to other places, then we will always do so on the basis of legal safeguards to ensure the security of your data which may include:

    • the EU-US Privacy Shield for transfers to business partners in the US; or
    • European Commission approved standard contract clauses for other transfers outside the European Economic Area.

      • Where this is required by law, we will provide a copy of the safeguards applicable to your personal data, if requested.

      7. For how long does BladeBUG Limited keep data?

      Your personal data will be stored only for as long as it is needed for the purpose for which it was obtained.

      Employee information held on your employee file, is usually held for the duration of your employment (or other contract with BladeBUG Limited) plus up to seven years in order to ensure information is available in the event of any legal proceedings.

      Otherwise, BladeBUG Limited will retain data for the longer of the following periods:

      • a. For job applicants and candidates: not more six months after the role has been filled (unless you ask or authorise us to keep it for longer)
      • b. If you were injured or became sick during or as a result of your employment: six years from the date that we became aware of the injury or sickness or that it related to your employment.
      • c. If any legal claims or proceedings have arisen in relation to your employment or other relations with BladeBUG Limited: until such claims or proceedings are finally resolved.

      8. Your rights

      It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. It is your duty to inform us of changes.

      You also have a number of rights in connection with personal information that relates to you. In particular, you can:

      • request access to your data
      • require BladeBUG Limited to change incorrect or incomplete data
      • require BladeBUG Limited to delete or stop processing your data, e.g. where the data is no longer necessary for the purpose for which it was collected
      • object to the processing of your data for specific purposes e.g. where BladeBUG Limited is relying on its legitimate interests as the legal ground for processing
      • ask BladeBUG Limited to restrict processing of data for example pending resolution of a dispute over necessity of processing or where deletion is not an available option; and
      • request the transfer of your information to another party.

      BladeBUG Limited’s processing of your data is normally necessary for the reasons set out above and we do not usually require or ask for your consent. In cases where we do rely on your consent, then you may withdraw that consent at any time, although any processing prior to withdrawal will remain lawful.

      If you would like to exercise any of these rights, please contact BladeBUG Limited’s Data Protection Officer at DPO@BladeBUG Limited.com

      If you believe that BladeBUG Limited has not complied with your data protection rights, you have a right to complain to the relevant Supervisory Authority which in the UK is the Information Commissioner’s Office.

      9. What if you do not provide personal data?

      Almost all data processing referred to in this Notice is mandatory. For example, you have obligations under your employment contract to provide BladeBUG Limited with data. In particular, you are required to provide correct personal details, report absences from work and may be required to provide information about disciplinary or other matters. You may also have to provide BladeBUG Limited with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

      Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable BladeBUG Limited to enter into a contract of employment with you. If you do not provide other information, this may hinder BladeBUG Limited’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

      If you do not provide information requested or wish to request deletion of information already provided this may either not be possible (e.g. if data is required to be provided by law) or may affect BladeBUG Limited’s ability to meet all requirements of your contract. In these cases we will explain to you our decision and any particular consequences of not providing such data.