Privacy Notice for Company Personnel

Like most businesses, we hold and use personal data about our employees, contractors, directors, officers and personnel (permanent or temporary) and individuals that apply to work with us from time to time.  Knowedgemotion Ltd is the “data controller” for your personal data. The purpose of this Privacy Notice is to help you understand what information we collect, why we collect it, and your rights. We are required to give you this information in order to comply with the privacy law, including Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR).

YOUR PRIVACY RIGHTS

PERSONAL DATA WE HOLD ABOUT YOU

In the course of your employment, engagement or interaction with us, we collect, store, and use personal data that you provide to us. This personal data may include your contact details (name, title, addresses, telephone numbers), date of birth and gender; employment records (including job titles, work history, working hours, training records and professional memberships); marital status and dependants, next of kin and emergency contact information; national insurance / social security / insurance number; payroll information; salary, annual leave, pension and benefits information; copy of driving licence; compensation history; performance information, disciplinary and grievance information; CCTV footage, swipecard records and similar information; information about your use of our IT and communications systems and your photograph.

We may also collect, store and use personal data considered “sensitive” by the law, such as information about your race or ethnicity, religious beliefs, sexual orientation and political opinions; health information (including medical condition, health and sickness records).

We also collect personal data from other sources where relevant for your employment, engagement or application. For example, we collect information that a training or certification provider may provide to us. In some circumstances (if permitted by applicable law), we may need to perform a background check relevant to your job, in which case we would receive the results of the background check from the provider. If we do so, we will provide you with notice regarding this use when we collect your personal data and your consent to the background check will be sought at that time.

HOW WE USE PERSONAL DATA

We use your personal data to perform our contract with you, to comply with employment and other laws and if we need it to make or defend legal claims. In some cases we or third parties may have legitimate interests in using your data. These are the situations in which we will use your personal data:

• evaluating eligibility for initial employment;
• payroll and benefits administration;
• administering our contract;
• liaising with your pension provider;
• business management and planning, including accounting and auditing;
• conducting and managing performance reviews;
• making decisions about salary reviews and compensation;
• assessing qualifications for a particular job or task, decisions about promotions;
• gathering evidence for possible grievance or disciplinary proceedings;
• making decisions about your continued employment or engagement;
• making arrangements for the termination of our working relationship;
• providing and assessing education, training and development needs or requirements;
• dealing with legal disputes involving you, or other employees, workers and contractors;
• managing sickness absence;
• preventing fraud;
• ensuring physical, network and information security;
• conducting data analytics studies in relation to employee retention and attrition rates; and
• complying with the law, including health and safety obligations, applicable equal opportunities monitoring and reporting obligations.

If you don’t provide certain personal data when requested, we may not be able to perform our contract with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure your health and safety).

MONITORING

Where we are allowed to do so by law, we may monitor and inspect your use of our IT and communications systems, specifically your web activity and work email, calendar and contacts and other content in our systems. We collect the IP addresses of websites visited by devices provided by us or connected to our network, but we do not monitor the content of those sites. We also use Data Loss Prevention tools to monitor outgoing communications for the purpose of preventing unauthorised transmission of proprietary data, such as your personal data.

We carry out this monitoring for certain legitimate business purposes, in particular to (i) operate and protect our IT and communications systems; (ii) protect our intellectual property or trade secrets; (iii) enforce compliance with our policies and procedures; (iv) prevent, detect or investigate crimes; (v) gather information in connection with an investigation by a legal or regulatory body or in connection with legal claims; (vi) verify compliance, and comply, with legal, regulatory and corporate governance requirements; (vii) as part of disciplinary proceedings, investigate a complaint or otherwise to establish the existence of facts in the context of business transactions or communications.We will not monitor your use of our IT and communications systems where the impact on you overrides our legitimate interests, except where monitoring is required or permitted by law.

DATA SHARING

Within the company: Your personal data may be disclosed to your managers, HR and administration functions for employment, administrative and management purposes as described in this Privacy Notice.

Service providers: We may share your personal data with service providers supporting our business operations, including payroll, pension administration, benefits provision and administration, recruitment screening, data management and destruction, hosting, cloud and other IT services providers. We require that these service providers protect your personal data and use the data solely to provide the services to us.

Other third parties: We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business, or to relevant third parties such as auditors, lawyers or professional advisors, our insurers.

We may also disclose your personal data to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of you or third parties, or the public at large.

DATA TRANSFERS

In connection with our business and for employment, administrative, management and legal purposes your personal data may be transferred to our affiliated businesses and service providers in countries outside the European Economic Area (“EEA”), notably in the United States, Singapore and UAE.

The data privacy laws in such countries may not have similar data privacy laws in the country in which you work or that are not subject to an adequacy decision of the European Commission, as permitted by applicable data protection laws. Where we transfer your personal data to our group entities that are outside the EEA, we do so in reliance on data transfer agreements based on standard terms adopted by the European Commission to ensure appropriate and suitable safeguards for the transfer of personal data outside of the EEA. Where your personal data is transferred to our third-party service providers and agents outside the EEA, this will be done under the European Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses), pursuant to Decision 2010/87/EU or in accordance with the service providers’ or agents’ certification to the EU-US or Swiss-US Privacy Shield framework. If you wish to see details of these safeguards, please ask legal@boclips.com.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know are subject to confidentiality obligations.

DATA RETENTION

If you are employed or engaged by us, we will only retain your personal data for as long as necessary for the purposes described above, this is six years following your last day of employment or engagement with us. If we processed your personal data in connection with a job application for which you were not successful, we will keep your personal data for 6 months in case further opportunities arise or other communications are required.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable law.

Once you are no longer an employee, contractor, director, officer or other personnel of the company we will retain and securely destroy your personal data in accordance with our data retention and destruction policy and applicable law. Details of the retention periods for your different aspects of your personal data are available in our retention policy which you can consult by contacting legal@boclips.com.

QUESTIONS

If you have any questions, please contact legal@boclips.com.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.