Emmaus Bolton promises to respect and keep safe any personal data you share with us, either directly or through third parties. We aim to be clear about how we will use your data and not do anything you wouldn’t reasonably expect from us.

For the purpose of the General Data Protection Regulation and the Data Protection Act 1998 the data controller is Emmaus Bolton of Emmaus Bolton, Derby Barracks, Fletcher Street, Bolton, BL3 6NF , a registered charity with Charity Number: 1080391.

What information will we collect?

When you apply for a role at Emmaus Bolton, we will collect the following information:

  • Your name and contact details
  • Your academic history
  • Your employment history
  • Medical/disability information
  • Criminal convictions (spent and unspent)
  • Any additional personal information provided by you on your CV

Please note: when your application is considered by the panel, the personal information will be removed from your CV, including your name, address, age and marital status. This is to protect your personal information, but also to enable us to shortlist ‘blind’, so that we are fair and equitable to encourage a diverse workforce.

When you are offered employment at Emmaus Bolton and during your employment with us, we will collect the following additional information:

  • Your bank details
  • A copy of your passport, birth certificate or other proof of eligibility to work in the UK (e.g. biometric residence permit or residence card)
  • Your nomination for the organisational life assurance scheme
  • References from previous employers
  • Next of kin/emergency contact information
  • P45 from a previous employer
  • A copy of your driving license
  • A copy of your MOT and insurance if you use your personal vehicle on Emmaus business
  • Records of 1:1 meetings, appraisals, management meetings

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your race or ethnicity,
  • Information about your health, including any medical condition, health and sickness records.
  • Maternity and paternity information.
  • Information about criminal convictions and offences.

How is your personal information collected?

We collect information:

  • When you apply for a job at Emmaus and submit a CV or application form. If you apply for a role through a third party organisation and they provide personal information to us, with your consent. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.
  • When you take up employment with us and provide information we need during your employment.

Why do we collect your information?

We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties. The situations in which we will process your personal information are listed below:

  • Making a decision about your recruitment or appointment
  • Determining the terms on which you work for us
  • Checking you are legally entitled to work in the UK
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions
  • Providing the following benefits to you:
  • Workplace pension
  • Liaising with your pension provider
  • Administering the contract we have entered into with you
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining performance requirements
  • Making decisions about salary reviews and compensation
  • Assessing qualifications for a particular job or task, including decisions about promotions
  • Gathering evidence for possible grievance or disciplinary hearings
  • Making decisions about your continued employment or engagement
  • Making arrangements for the termination of our working relationship
  • Education, training and development requirements
  • Dealing with legal disputes involving you, or other employees, workers, and contractors, including accidents at work
  • Ascertaining your fitness to work
  • Managing sickness absence
  • Complying with health and safety obligations
  • Preventing fraud
  • Monitoring your use of our information and communication systems to ensure compliance with our IT policies
  • Ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
  • Conducting data analytics studies to review and better understand employee retention and attrition rates
  • Equal opportunities monitoring

If you fail to provide personal information:

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations and in line with our data protection policy.
  • Where it is needed in the public interest, such as for equal opportunities monitoring [or in relation to our occupational pension scheme], and in line with our data protection policy.
  • Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
  • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Our obligations as an employer

We will use your particularly sensitive personal information in the following ways:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
  • We will use information about your race or national or ethnic origin to ensure meaningful equal opportunity monitoring and reporting.

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We envisage that we will hold information about criminal convictions and we collect information about unspent criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences in the following ways:

  • During recruitment – this is only considered after the shortlisting process if the candidate is invited to interview. The recruiting manager will determine whether this is likely to impact on your ability to carry out the role, or pose any potential risk to the organisation.
  • During employment – if you receive a criminal conviction during your employment at Emmaus Bolton, you would be expected to disclose this to your departmental senior manager, who would determine whether the conviction is likely to impact on your ability to carry out the role, or pose any potential risk to the organisation.
  • We are allowed to use your personal information in this way under the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975, which includes ‘Any office or employment which is concerned with the provision of care services to vulnerable adults’.

How we store your information

All personal information held by Emmaus Bolton will be stored in locked cabinets or password protected or restricted access electronic folders. It will only be accessible by people who need to be able to access it to do their role.

The timescales we will retain personal information for are:

  • Job applicants – six months from the closing date for the job to enable equality monitoring and also enable us to contact you in the future should any other suitable posts become available.
  • Employees – for the duration of employment and for six years from the date you cease working at Emmaus Bolton.

At the end of these time periods, all personal information we hold about you will be securely disposed of except for (employees only):

  • Name, position on leaving and employment dates for the purposes of providing employment references.
  • Any employment reference stipulated in a settlement agreement

Data Sharing

We may have to share your data with third parties, including third-party service providers.

We require third parties to respect the security of your data and to treat it in accordance with the law.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

The following third-party service providers process personal information about you for the following purposes:

  • TBC – please contact Emmaus Bolton for a list if required

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers, communities and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

Data security

We have put in place measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the senior management team.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us on 01204 398056or [email protected] or send a description of the information you want to see and proof of your identity by post to Emmaus Bolton, Derby Barracks, Fletcher Street, Bolton, BL3 6NF .

No fee usually required.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Keeping our records up to date

It is your responsibility to inform us of any changes to your personal details, such as change of address, during your time working for Emmaus Bolton.

We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting us at Emmaus Bolton, Derby Barracks, Fletcher Street, Bolton, BL3 6NF or [email protected]