Privacy notice

BHSF Group Limited and its subsidiaries ("BHSF") are committed to protecting your data and complying with data protection legislation and the General Data Protection Regulation (GDPR). BHSF is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. This statement sets out how and why we are processing the information we have on you. It also explains your rights as a data subject.

It is important that you read this notice, together with any specific privacy notice to inform you of what personal information we are collecting or processing about you.

What is our commitment to you?

Our aim in processing your data is to successfully deliver our service to you with an appropriate level of data sharing whilst recognising the need to protect your fundamental rights to privacy.

BHSF is committed to:-

  • Protecting the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with the GDPR, and international good practice, and to meet its legal requirements and contractual obligations.
  • Explaining why it needs personal information and only asking for the personal information it needs.
  • Processing data only in a manner that is compatible with the specified, explicit and lawful purposes.
  • Maintaining the accuracy and completeness of data.
  • Only sharing personal information with other organisations as necessary, where the person concerned has given their consent to share their personal data, or where another legal basis of sharing the data overrides the need to give consent.
  • Ensuring the individual can make requests in relation to their data subject rights.
  • Not keeping personal information for longer than necessary or as required by legislation.
  • Investigating and reporting data breaches and suspected breaches, and to being open and honest when things have gone wrong.
  • Assessing its information security controls annually.
  • Applying the above standards to its supply chain and delivery partners.
  • Keeping data in a form that permits identification of individuals no longer than necessary for the purposes for which the personal data is processed, in accordance with the BHSF data record.
  • Applying appropriate technological and organisational controls to ensure the security of personal data.

In order to meet its commitment, BHSF operates a wide range of technical, physical and procedural controls to maintain the confidentiality, integrity and availability of information. BHSF maintains an information security policy which provides further details regarding the minimum standards of control to which it operates.

What are your rights?

At BHSF we recognise that your data is important to you and therefore we are committed to supporting you with your data protection rights. Within legal and regulatory constraints, you have the right to:

  • Have information about how your information is being processed
  • Request a copy of your data at any time (commonly known as a data subject access request)
  • Port (move/transfer) your data to an alternative service provider
  • Have your data rectified or corrected if it is factually inaccurate
  • Be forgotten or have your data erased
  • Restrict the processing of your data, in certain circumstances
  • Object to the processing of your data, in certain circumstances
  • Appropriate decision making
Do you have a right to withdraw consent?

You have the right to withdraw your consent to specific processing at any time. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law.

How can you contact us about your data or your data rights?

If you wish to contact us about your data, or if you require any further information in addition to what is included in this privacy notice, please contact our Data Protection Officer at;
DPO, BHSF Group Limited, Gamgee House, 2 Darnley Road, Birmingham, B16 8TE
Telephone: 0800 0744 315
Email: dpo@bhsf.co.uk

What should you do if you want to make a complaint about the way your data is being processed?

At BHSF we make every endeavour to protect your data. In the unfortunate circumstance that you are not happy with the manner in which we process your data, you may wish to make a complaint. In the first instance, please contact the BHSF Data Protection officer in writing, stating your name, date of birth, contact details and the nature of your complaint against BHSF.

If you are not happy with the response you receive you may also wish to contact the UK data protection regulator, the Information Commissioner, whose contact details are available at https://ico.org.uk

How and why do we process your personal data?

We will only process your personal information for the purpose for which we collected it. Please see below for further information. If we need to use your information for an unrelated purpose we will contact you and we will explain the legal basis that allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with our obligations in the case of criminal investigation.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time.

Who do we process the personal data of?

We are committed to being transparent about (a) what the legal basis for processing your data is and (b) how we process it. At BHSF we process personal information of:-

  • addExisting, former and prospective customers

    BHSF processes data on former, current and prospective customers. This section applies to all corporate clients, corporate client employees, and individual customers. We collect and use personal information about you during and after your commercial relationship with us.

    BHSF processes your personal information in order to provide a range of services.

    • addHealth insurance

      Why are we processing your data?

      BHSF is processing your data for the purposes of providing health insurance to fulfil an insurance policy held directly with you or with your employer as part of your employee benefits package.

      Where your data has been provided by your employer or by your partner for family policies, BHSF have a legitimate interest in processing your data for the purpose of providing health insurance as part of your employee benefits package or family cover.

      What kinds of information do we process?

      As part of our health insurance provision we process:-

      • Your personal details such as name, address, date of birth, email address and telephone number. If you pay your premiums via your wages/salary then we will use your National Insurance number or payroll number for reconciliation purposes.
      • Claims records
      • Complaints records
      • Your bank details and details of payment made by us and you.

      Who has provided us with your data?

      Your data has been provided either

      • Directly by you through application forms, claim forms or other correspondence; or
      • By your employer (directly or through a broker) in order to provide you with health insurance coverage as part of your employment benefits package; or
      • For family policies details have been provided by your partner directly or through their employer.

      Will we share your data with anyone?

      We only share your data if it is absolutely necessary for providing you with insurance coverage. We share your data under three different circumstances:-

      • Claims payment: - To process your insurance claims it may be necessary to share your data with medical practitioners. You will always be asked for your consent in these circumstances.
      • Fraudulent claim: - In the event of a fraudulent claim it will be necessary for us to share your data with statutory bodies such as the police and the county courts.
      • In addition, on some occasions it may be necessary to share your data with our reinsurers who will also process claims data.

      At BHSF we only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the requirements of the General Data Protection Regulations.

      Your data will only be processed within the United Kingdom.

      How long will we keep your data for?

      At BHSF, we store your data in line with regulatory and contractual requirements. For litigation purposes this means retaining data for seven years after the cancellation of a health insurance policy. We are committed to storing all of your data securely for the full duration of its retention.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      If you have completed an application form either online or in paper then we will process your data in order to meet our contractual obligations to you, in providing you with the insurance you have applied for.

      If you have your policy as part of your benefits package offer from your employer or trade body then we have legitimate interest to lawfully process your data in order to provide the insurance cover. You have the right to opt out of this insurance and can do this by contacting your employer or trade body.

      We may require medical information (such as details of hospital stays) to process claims for some benefits and we will ask for your express written permission prior to processing this information.

      Trade Union Members -
      In addition to the above, if you are a member of a trade union and you have taken your policy out via your union, then we will process the knowledge that you are a trade union member and your membership number under the Data Protection Bill 2018 - Public Interest (Insurance) derogation to Article 9 of the General Data Protection Regulations.

      What happens if you fail to provide personal information?

      If you fail to provide personal information we may not be able to meet the terms of the insurance policy (such as registering a new policy or making a claims payment) or we may be prevented from meeting our regulatory obligations for preventing fraud and financial crime.

    • addBrokered insurance

      Why are we processing your data?

      BHSF are processing data for the purposes of providing term life insurance, travel insurance, income protection insurance, funeral, and bereavement insurance coverage to you under a contract with you.

      Where your data has been provided by your employer or by your partner for family policies, BHSF have a legitimate interest in processing your data for the purpose of providing term life insurance, travel insurance, income protection insurance, funeral, and bereavement insurance coverage to you under an employee benefits package or for family cover.

      What kinds of information do we process?

      • Your personal details such as name, address, date of birth, email address and telephone number. If you pay your premiums via your wages/salary then we will use your National Insurance number or payroll number for reconciliation purposes.
      • Claims records
      • Complaints records
      • Your bank details and details of payment made by us and you.

      Who has provided us with your data?

      • Your data has been either provided directly by you through application forms and other correspondence; or
      • Your data has been provided by your employer (directly or through a broker) in order to provide you with insurance cover; or
      • For family policies details have been provided by your partner directly.

      Will we share your data with anyone?

      At BHSF we try to meet all your health and wellbeing requirements. On occasion, in order to provide full coverage, some insurance cover is underwritten by an alternative insurance provider. In this instance the alternative provider will also process claims data. We only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the requirements of the General Data Protection Regulation.

      Your data will only ever be processed within the United Kingdom.

      How long will we keep your data for?

      At BHSF, we store your data in line with regulatory and contractual requirements. For litigation purposes this means retaining data for seven years after the cancellation of an insurance policy. We are committed to storing all of your data securely for the full duration of its retention.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      We will process your data in order to meet our contractual obligations to you, in providing you with the insurance you have applied for. We may require medical information (such as GP reports or hospital notes) to process claims for some claims and we will ask for your express written permission prior to processing this information.

      What happens if you fail to provide personal information?

      If you fail to provide certain personal information we may not be able to meet the terms of the insurance policy (such as making a claims payment) or we may be prevented from meeting our regulatory obligations for preventing fraud and financial crime.

    • addEmployee benefits

      Why do we process your data?

      BHSF are processing data for the purposes of providing you with access to employee benefits and employee support services. BHSF provides a range of employee benefits and health and wellbeing services through a network of approved providers. These services include employee assistance programmes (EAPs); confidential helplines; salary sacrifice schemes; employee discount schemes; and flexible benefits. These services are provided to you under a contract with either you or your employer.

      What kinds of information do we process?

      As part of our employee benefits provision we process:-

      • EAP referral records
      • Flexsme profile data
      • Network Benefits records
      • Complaints records

      Who has provided us with your data?

      Your data has either been provided directly by you through an online application, or by your employer in order to provide you with access to a specific employee benefit or support service.

      Will we share your data with anyone?

      In order to provide you with a broad range of services, some services are facilitated through our approved partners. At BHSF we only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement, so as to safeguard your information and in accordance with the requirements of the GDPR.

      How long will we keep your data for?

      At BHSF, we store your data in line with contractual requirements. For litigation purposes, this means retaining data for seven years after the cancellation of a contract with your employer. We are committed to storing all of your data securely for the full duration of its retention.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      We will only process your data if you provide us with consent. If you are referred to one of our counselling services consent will be requested at the point of referral.

      What happens if you fail to provide personal information?

      If you fail to provide certain personal information we may not be able to provide you with employee benefit services that your employer or you have paid for under a contractual agreement.

    • addOccupational health services

      Why are we processing your data?

      BHSF are processing your data for the purposes of occupational health medicine, for the assessment of working capacity, medical diagnosis and the provision of health or social care treatment under a contract with your employer.

      What kinds of information do we process?

      As part of our occupational health provision we process:-

      • Management referral records
      • Health surveillance records- ionising radiation
      • Health surveillance records- non-radiation
      • New starter screening records
      • Health screening records upon which a job depends
      • Lifestyle Health screening records
      • Counselling referrals records
      • Physiotherapy records
      • Vaccinations records
      • Appointment records
      • Equipment calibration records
      • Clinical audit records
      • Medical equipment use records
      • Complaints records
      • Private GP Records

      Will we share your data with anyone?

      We only share your data if it is absolutely necessary for providing you with the occupational health services. To provide the contracted service your data may be shared with your employer and other medical practitioners to meet your occupational health requirements. Your consent will be sought for this data sharing. In addition, periodically, your anonymised data may be shared with statutory bodies in order to undertake clinical audits that ensure we continually improve our clinical standards.

      We only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement, to treat your information as respectfully as we do, and in accordance with the requirements of the General Data Protection Regulation. Your data will only ever be processed within the United Kingdom, except where customers have a base in the Republic of Ireland. Suppliers may include individual occupational physicians or organisations providing counselling, physiotherapy or blood screening services for example.

      How long will we keep your data for?

      At BHSF, we store your data in line with regulatory and contractual requirements. Different types of occupational health data must be retained for different periods of times due to regulatory requirements and litigation law. For example, health surveillance data will be kept for up to 40 years in compliance with the Care of Substances Hazardous to Health Regs. 2002 (COSHH 2003 Northern Ireland, Safety Health & Welfare at Work 2015 RoI). We are committed to storing all your data securely for the full duration of its retention. We will take appropriate technical and organisational security measures to safeguard information.

      Will we transfer your data to another provider?

      In the event that your employer terminates their contract with us and commences a contract with a new OH provider, you will be asked if you would like your data to be transferred to the new OH provider or returned to you. Once your data has been transferred we will permanently delete all of our records.

      Will we use your data to make automated decisions?

      No. If you are completing a new starter questionnaire via the BHSF OH portal, there is an element of automated processing of your data. However, this aspect of processing cannot negatively affect you as no decision would be made regarding your fitness for a role without the involvement of a BHSF OH clinician.

      Do you have to agree to us processing your data?

      As a provider of occupational health services we can legitimately process your data under clause 6(f) and 9(h) of the GDPR without requiring your consent. This processing does not include the release of all or any part of your personal data and your explicit consent will always be sought for this.

      This consent must be given freely by you once you have understood exactly how and why your data is being shared. Prior to your initial contact with us, your employer (who holds a contract with us to provide OH services), will have directed you to sources of information on how we will be processing your data. On your initial contact with us, we will provide further information should you require it.

      Is this Privacy Statement translated in to any other languages?

      Yes. It is available in the following languages:

      Polish, Romanian, Portuguese, Lithuanian and Slovakian.

    BHSF processes your personal information in order to provide you with the most up to date information regarding our range of products and services in order to optimise your customer experience.

    • addMarketing

      Why do we process your data?

      Data is processed in order to provide you with the most up to date information regarding our range of products and services.

      What kinds of data do we process?

      As part of informing you about our products and services we process the following kinds of data:-

      • Marketing campaign records eg press releases, advertising campaigns, design assets
      • Prospect records eg marketing leads of corporate organisations and individuals, names and email addresses of contacts
      • Profile records eg market sector, volume of employees for corporate organisations and lifestyle data, age, occupation for individuals
      • Consent/ marketing subscription records eg subscription to newsletters, consent to receive marketing information
      • Social media records eg email address of a corporate client who has clicked on LinkedIn advert.

      Who has provided us with your data?

      If you are a direct customer your data will have been provided directly by you.

      If you represent a business your data will either have been provided by you or by a corporate data house. All corporate data services suppliers used by BHSF only provide data where the corporations have consented to their data being shared by the data house.

      Will we share your data with anyone?

      In order to provide you with up to date information about our products and services we may share your data with emailing partners, public relations agencies or data profiling companies.

      At BHSF we only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the requirements of the General Data Protection Regulation.

      How long will we keep your data for?

      We will keep your data for marketing purposes until your consent is withdrawn or the data is refreshed.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      Yes. As a direct customer, you will be asked if you consent to the use of data for marketing via post, telephone, SMS and email separately. Consent will be obtained at the point of application or via the helpdesk at the first possible contact point. You may withdraw your consent for processing data for marketing purposes at any time. As a representative of a corporate customer, you will have been asked for consent for the processing of your data by the corporate data house. You can withdraw your consent at any time by contacting us requesting details of the data house. We will amend our records to show that consent has been withdrawn.

    • addCustomer relationship management

      Why do we process your data?

      Data is processed in order to provide corporate customers with the most appropriate information with regards to health and wellbeing services that BHSF provide, to optimise the customer experience and to provide services to you under our contractual obligations.

      What kinds of records do we process?

      In order to manage our relationship with you we process business contact details, details of appointments attended and telephone calls made. We also process any correspondence received, contractual documentation, lifestyle data and corporate customer employee data.

      Who has provided us with your data?

      Your personal information will either have been provided directly by you through a BHSF sales representative or indirectly through a broker.

      Will we share your data with anyone?

      Contractual documentation may be shared with legal advisors. Corporate customer employee data may be shared with your broker if that is your preferred route of obtaining services. At BHSF, we only work with trusted brokers and legal advisors who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the requirements of the GDPR.

      How long will we keep your data for?

      Contractual documentation is retained for seven years after the cessation of the contract in accordance with Section 5 Limitation Act 1980. Other records will be retained only until the cessation of the contract or the data is refreshed.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      Your personal information is processed for the performance of service level agreements to which you are a party or in order to take steps at your request prior to entering into a contract. Lifestyle data is collected in line with BHSF's legitimate business interests for the purpose of maintaining effective business relationships with our corporate contacts.

      What happens if you fail to provide personal information?

      If you fail to provide certain necessary personal information we may not be able to meet our service level agreement to you.

  • addExisting, former and prospective employees

    BHSF processes data on former, current and prospective employees. This section applies to all employees, workers and contractors. We collect and use personal information about you during and after your working relationship with us.

    BHSF processes your personal information to perform the employment contract we have entered into with you and to enable us to comply with regulatory and legislative obligations as an employer, such as health and safety regulations. In some cases we may use your information to pursue legitimate interests of our own or those of third parties provided your interests and fundamental rights do not override those interests. We also may use your information for publicity purposes. The situations in which we will process your information are listed below.

    • addHuman resources

      Why do we process your data?

      BHSF Group Limited (BHSF) processes data on former, current and prospective employees, agency workers and contractors, work experience students and apprentices. We collect and use personal information about you prior to, during and after the end of your working relationship with us.

      BHSF processes your personal information in order to enter into and perform the employment contract we have with you. To meet and comply with our regulatory and legislative obligations as an employer, BHSF processes your personal information to undertake recruitment, performance management, absence management, making appropriate workplace adjustments, learning and development, employee contract management and for monitoring equality and diversity.

      What kinds of information do we process?

      In order to manage our relationship with you we process lawfully the following kinds of personal data;

      • Employment contract records
      • Right to work records
      • Performance records
      • Absence records
      • Dispute records
      • Recruitment records
      • Reward records
      • Training and personal development records

      We also process the following personal sensitive data;

      • Racial and ethnic origin
      • Religious belief
      • Gender
      • Physical and mental health information
      • Criminal records

      Who has provided us with your data?

      We collect your personal information through the recruitment process either directly from you, as the candidate, or through third parties including recruitment agencies, a vetting and screening provider, former employers, credit agencies, current BHSF employees through our recruitment referral scheme and psychometric profiling agencies. Data from vetting and screening is used to comply with the Disclosure and Barring Service and for other legal requirements.

      We may also collect your personal information through a transfer under the Transfer of Undertakings (Protection of Employment) Regulations (TUPE), which applies when BHSF enters into a business transfer from one employer to another and employees of the incoming business transfer as part of that business transfer.

      We will collect other personal information in the course of job related activities throughout the period that you are working with us.

      Will we share your data with anyone?

      We only share your data if it is absolutely legally and contractually necessary for us to do so to enable us to provide human resource services, and if it is in your interest. For example:-

      • At your request we will share your personal information when recruiting and appointing a prospective employee through a recruitment agency;
      • At your request we will share your personal information with a future employer, and property agency, for reference purposes;
      • To provide you with workplace adjustments your personal information may be provided to an occupational health specialist or other medical practitioners to meet your occupational health requirements;
      • To satisfy immigration law your personal information may be provided to the Home Office;
      • In the unfortunate instance of early conciliation or an employment tribunal your personal information may be provided to ACAS and / or an Employment Tribunal;
      • As part of an outgoing TUPE transfer arrangement to a transferring organisation where we are legally required to do so as part of the outgoing TUPE transfer;
      • Periodically, and with your consent, we may share your data with a third party survey provider in order to monitor staff morale and equality and diversity. With regard to processing for survey purposes, BHSF utilises outsourced providers to conduct the survey, who send links to surveys which are then completed by employees anonymously. Basic demographic information is provided in survey responses according to pre-agreed demographic categories. The demographic categories are defined in a broad enough way to ensure that identification of the employee is not possible from the employee responses to survey questions.

      How long will we keep your data for?

      Your personal information is retained for six years after the end of your relationship with us (one year in the case of agency workers) and, in the case of Director-level positions, for a period of 12 years after the end of the Directorship. There is an exception in respect of Right to Work information, which is retained for two years after the end of your relationship with us.

      Personal information from unsuccessful candidates will be retained for one year; from work experience students, this will be six months.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      We only use your information when the law allows us to. Most commonly:-

      • to perform a contract we have with you;
      • where we need to comply with a legal obligation;
      • where it is necessary for our legitimate interests and your interest and fundamental rights do not override these interests.

      In addition we may also need to process:

      • To protect your vital interests;
      • Where it is in the public interest to do so.

      What happens if you fail to provide personal information?

      If you fail to provide the information when requested we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.

    • addHealth and Safety

      Why do we process your data?

      We collect and use personal information about you during your working relationship with us. BHSF processes your personal information to meet the legislative requirements under reporting of injuries, diseases and dangerous occurrences regulations 2013/1472. This includes conducting health and safety assessments, and holding licenses, permits and certificates.

      What kinds of information do we process?

      In order to meet our legislative health and safety requirements we process the following kinds of personal information:-

      • Health and safety incident records
      • Health and safety assessments
      • Permits, licences, certificates
      • CCTV with DVR recording/playback

      Who has provided us with your data?

      We collect your personal information directly from you. In the case of an unfortunate health and safety incident this may be collected through your health and safety representative.

      Will we share your data with anyone?

      We only share your data if it is absolutely necessary for complying with health and safety legislation or if it is in your interest. For example, we will share the information relating to a health and safety incident with the health and safety executive using the RIDDOR database.

      How long will we keep your data for?

      Your personal information is retained for 3 years after the cessation of your relationship with us in accordance with health and safety law.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      No. We are legally required to process your data under health and safety regulation and legislation.

      What happens if you fail to provide personal information?

      If you fail to provide the information when requested we may be prevented from complying with our legal obligations under reporting of injuries, diseases and dangerous occurrences regulations 2013/1472.

    • addPension administration

      Why do we process your data?

      We collect and use personal information about you during and after your working relationship with us. BHSF processes your personal information to meet the pension obligations to you under our contractual relationship.

      What kinds of information do we process?

      In order to deliver your pension benefits and meet legislative pension scheme requirements we process the following kinds of personal information:-

      • Pension scheme records
      • Membership and communication records
      • Pension scheme deeds
      • Pension application forms

      Who has provided us with your data?

      We typically collect your personal information directly from you.

      Will we share your data with anyone?

      We only share your data if it is absolutely necessary and it is in your interest. To meet our pension obligations it is necessary to share your personal information with:-

      • Pension providers
      • Pension administrators
      • Statutory bodies
      • Pension fund auditors, professional parties
      • Pension fund trustees and pension governance bodies

      How long will we keep your data for?

      Your pension fund personal information will be retained for 12 years after the cessation of your pension benefits.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      No. We are legally required to process your data under pension scheme legislation.

      What happens if you fail to provide personal information?

      If you fail to provide the information when requested we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.

    • addSenior insurance manager governance

      Why do we process your data?

      If you are, or are applying to be, or have been a senior insurance manager as defined under the senior insurance management regime, we collect and use personal information about you during and after your working relationship with us, to meet regulatory requirements, for senior insurance managers under the FCA handbook - Systems and Controls and regulation under the PRA for senior insurance managers.

      What kinds of information do we process?

      In order to be compliant with the senior insurance managers regime, we process the following kinds of personal information

      • Regulatory approval records
      • Governance map records
      • Conflicts of interest records
      • Hand over records
      • Regulatory references records
      • Updated SIMF records after employment
      • Criminal records
      • Credit references

      Who has provided us with your data?

      We typically collect your personal information through the recruitment process either directly from you, the candidate, or through a recruitment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit check referencing agencies, or other background check agencies. We may also collect information from the regulatory authorities, the FCA and the PRA.

      We will collect other personal information in the course of job related activities throughout the period that you are working with us.

      Will we share your data with anyone?

      We only share your data if it is a regulatory requirement. In order to meet the Senior Insurance Management Regime requirements it is necessary to share your personal information with statutory bodies in particular:-

      • The Financial Conduct Authority
      • The Prudential Regulatory Authority

      How long will we keep your data for?

      In most cases, your senior insurance management personal information will be retained for 6 years after the cessation of your relationship with us or from when your role changes. However, we are required to retain governance map records for 10 years after the approval date.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      No. We are legally required to process your data under the senior insurance management regime.

      What happens if you fail to provide personal information?

      If you fail to provide the information when requested we may not be able to process your application for a senior insurance manager role or we may be prevented from complying with our regulatory obligations.

    • addWage provision

      Why do we process your data?

      We collect and use personal information about you during and after your working relationship with us in order to pay your wages and in order to meet taxation legislative requirements.

      What kinds of information do we process?

      In order to deliver your benefits and to be compliant with taxation law, we process the following kinds of personal information

      • Payroll and wages records
      • National insurance records
      • Employee PAYE records
      • Maternity pay/ absence pay records

      Who has provided us with your data?

      We typically collect your personal information directly from you, although further personal information may be provided by the HMRC.

      Will we share your data with anyone?

      We only share your data if it is absolutely necessary, if it is a legislative requirement and if it is in your interest. For taxation legislative requirements, it is necessary to share your personal information with:-

      • Auditors,
      • Tax advisors,
      • HMRC

      How long will we keep your data for?

      Your personal information will be retained for 6 years after the cessation of your relationship with us.

      Will we use your data to make automated decisions?

      No.

      Do you have to agree to us processing your data?

      No. We are legally required to process your data.

      What happens if you fail to provide personal information?

      If you fail to provide the information when requested we may not be able to pay you your wages or we may be prevented from complying with our legal obligations.

Cyber Essentials badge SEQOHS logo - we are SEQOHS accredited