Emmaus Dover (“We”) promises to respect and keep safe any personal data you
share with us, either directly or through third parties. We aim to be clear about how
we will use your data and not do anything you wouldn’t reasonably expect from us.
For the purpose of the General Data Protection Regulation and the Data Protection
Act 1998 the data controller is Emmaus Dover of Archcliffe Fort, Archcliffe Road,
Dover CT17 9EL, a registered charity with Charity Number: 1047354.

What information will we collect?

When you apply for a role at Emmaus Dover, we will collect the following
information:

  • Your name and contact details
  • Your academic history
  • Your employment history
  • Medical/disability information
  • Criminal convictions (spent and unspent)
  • Any additional personal information provided by you on your CV

Please note: when your application is considered by the panel, the personal
information will be removed from your CV, including your name, address, age and
marital status. This is to protect your personal information, but also to enable us to
shortlist ‘blind’, so that we are fair and equitable to encourage a diverse workforce.

When you are offered employment at Emmaus Dover and during your employment
with us, we will collect the following additional information:

  • Your bank details
  • A copy of your passport, birth certificate or other proof of eligibility to work in
    the UK (e.g. biometric residence permit or residence card)
  • References from previous employers
  • Next of kin / emergency contact information
  • P45 from a previous employer
  • A copy of your driving licence
  • A copy of your MOT and insurance if you use your personal vehicle on
    Emmaus business
  • Records of 1:1 meetings, appraisals, management meeting

We may also collect, store and use the following “special categories” of more
sensitive personal information:

  • Information about your race or ethnicity
  • Information about your health, including any medical condition, health and
    sickness records
  • Maternity and paternity information
  • Information about criminal convictions and offences

How is your personal information collected?

We collect information:

  • When you apply for a job at Emmaus and submit a CV or application form
  • If you apply for a role through a third party organisation and they provide
    personal information to us, with your consent. You should check their Privacy
    Policy when you provide your information to understand fully how they will
    process your data
  • When you take up employment with us and provide information we need
    during your employment

Why do we collect your information?

We need all the categories of information in the list above primarily to allow us to
perform our contract with you and to enable us to comply with legal obligations. In
some cases we may use your personal information to pursue legitimate interests of
our own or those of third parties. The situations in which we will process your
personal information are listed below:

  • Making a decision about your recruitment or appointment
  • Determining the terms on which you work for us
  • Checking you are legally entitled to work in the UK
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions

Providing the following benefits to you:

  • Workplace pension
  • Childcare vouchers
  • Liaising with your pension provider
  • Administering the contract we have entered into with you
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining
    performance requirements
  • Making decisions about salary reviews and compensation
  • Assessing qualifications for a particular job or task, including decisions about
    promotions
  • Gathering evidence for possible grievance or disciplinary hearings
  • Making decisions about your continued employment or engagement
  • Making arrangements for the termination of our working relationship
  • Education, training and development requirements
  • Dealing with legal disputes involving you, or other employees, workers and
    contractors, including accidents at work
  • Ascertaining your fitness to work
  • Managing sickness absence
  • Complying with health and safety obligations
  • Preventing fraud
  • Monitoring your use of our information and communication systems to ensure
    compliance with our IT policies
  • Ensuring network and information security, including preventing unauthorised
    access to our computer and electronic communications systems and
    preventing malicious software distribution
  • Conducting data analytics studies to review and better understand employee
    retention and attrition rates
  • Equal opportunities monitoring

If you fail to provide certain information when requested, we may not be able to
perform the contract we have entered into with you (such as paying you or providing
a benefit), or we may be prevented from complying with our legal obligations (such
as to ensure the health and safety of our workers).

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher
levels of protection. We need to have further justification for collecting, storing and
using this type of personal information. We may process special categories of
personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations and in line with our data
protection policy.
3. Where it is needed in the public interest, such as for equal opportunities
monitoring [or in relation to our occupational pension scheme], and in line with
our data protection policy.
4. Where it is needed to assess your working capacity on health grounds,
subject to appropriate confidentiality safeguards.
5. Less commonly, we may process this type of information where it is needed in
relation to legal claims or where it is needed to protect your interests (or
someone else’s interests) and you are not capable of giving your consent, or
where you have already made the information public.

Our obligations as an employer

We will use your particularly sensitive personal information in the following ways:

  • We will use information relating to leaves of absence, which may include
    sickness absence or family related leaves, to comply with employment and other
    laws
  • We will use information about your physical or mental health, or disability status,
    to ensure your health and safety in the workplace and to assess your fitness to
    work, to provide appropriate workplace adjustments, to monitor and manage
    sickness absence and to administer benefits
  • We will use information about your race or national or ethnic origin to ensure
    meaningful equal opportunity monitoring and reporting

Do we need your consent?

We do not need your consent if we use special categories of your personal
information in accordance with our written policy to carry out our legal obligations or
exercise specific rights in the field of employment law. In limited circumstances, we
may approach you for your written consent to allow us to process certain particularly
sensitive data. If we do so, we will provide you with full details of the information that
we would like and the reason we need it, so that you can carefully consider whether
you wish to consent. You should be aware that it is not a condition of your contract
with us that you agree to any request for consent from us.

Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us
to do so. This will usually be where such processing is necessary to carry out our
obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is
necessary in relation to legal claims, where it is necessary to protect your interests
(or someone else’s interests) and you are not capable of giving your consent, or
where you have already made the information public.

We envisage that we will hold information about criminal convictions and we collect
information about unspent criminal convictions as part of the recruitment process or
we may be notified of such information directly by you in the course of you working
for us.

We will use information about criminal convictions and offences in the
following ways:

  • During recruitment – this is only considered after the shortlisting process if
    the candidate is invited to interview. The recruiting manager will determine
    whether this is likely to impact on your ability to carry out the role, or pose
    any potential risk to the organisation.
  • During employment – if you receive a criminal conviction during your
    employment at Emmaus Dover, you would be expected to disclose this to
    your departmental senior manager, who would determine whether the
    conviction is likely to impact on your ability to carry out the role, or pose any
    potential risk to the organisation.

We are allowed to use your personal information in this way under the Rehabilitation
of Offenders Act 1974 (Exceptions) Order 1975, which includes ‘Any office or
employment which is concerned with the provision of care services to vulnerable
adults’.

How we store your information

All personal information held by Emmaus Dover will be stored in locked cabinets or
password protected or restricted access electronic folders. It will only be accessible
by people who need to be able to access it to do their role.

The timescales we will retain personal information for are:

  • Job applicants – six months from the closing date for the job to enable
    equality monitoring and also enable us to contact you in the future should any
    other suitable posts become available.
  • Employees – for the duration of employment and for six years from the date
    you cease working at Emmaus Dover.

At the end of these time periods, all personal information we hold about you will be
securely disposed of except for (employees only):

  • Name, position on leaving and employment dates for the purposes of
    providing employment references.
  • Any employment reference stipulated in a settlement agreement

Data Sharing

We may have to share your data with third parties, including third-party service
providers. We require third parties to respect the security of your data and to treat it in
accordance with the law.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law,
where it is necessary to administer the working relationship with you or where we
have another legitimate interest in doing so.

Which third-party service providers process my personal information?

The following third-party service providers process personal information about you
for the following purposes:

  • Stones Accountancy Limited, 5 North Court, Armstrong Road, Maidstone,
    Kent ME15 4JZ. Payroll records.
  • HMRC
  • NEST and STANDARD LIFE – pension records

How secure is my information with third-party service providers and other
entities in our group?

All our third-party service providers, communities and other entities in the group are
required to take appropriate security measures to protect your personal information
in line with our policies. We do not allow our third-party service providers to use your
personal data for their own purposes. We only permit them to process your personal
data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal information with other third parties, for example in the
context of the possible sale or restructuring of the business. We may also need to
share your personal information with a regulator or to otherwise comply with the law.

Data security

We have put in place measures to protect the security of your information. Details of
these measures are available upon request.

Third parties will only process your personal information on our instructions and
where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal
information from being accidentally lost, used or accessed in an unauthorised way,
altered or disclosed. In addition, we limit access to your personal information to
those employees, agents, contractors and other third parties who have a business
need to know. They will only process your personal information on our instructions
and they are subject to a duty of confidentiality. Details of these measures may be
obtained from the senior management team.

We have put in place procedures to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach where we are
legally required to do so.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a
    “data subject access request”). This enables you to receive a copy of the
    personal information we hold about you and to check that we are lawfully
    processing it
  • Request correction of the personal information that we hold about you.
    This enables you to have any incomplete or inaccurate information we
    hold about you corrected
  • Request erasure of your personal information. This enables you to ask us
    to delete or remove personal information where there is no good reason
    for us continuing to process it. You also have the right to ask us to delete
    or remove your personal information where you have exercised your right
    to object to processing (see below)
  • Object to processing of your personal information where we are relying
    on a legitimate interest (or those of a third party) and there is something
    about your particular situation which makes you want to object to
    processing on this ground. You also have the right to object where we are
    processing your personal information for direct marketing purposes.
    Request the restriction of processing of your personal information. This
    enables you to ask us to suspend the processing of personal information
    about you, for example if you want us to establish its accuracy or the
    reason for processing it
  • Request the transfer of your personal information to another party.
    If you want to review, verify, correct or request erasure of your personal information,
    object to the processing of your personal data, or request that we transfer a copy of
    your personal information to another party, please contact us on 01304 204550 or
    [email protected] or send a description of the information
    you want to see and proof of your identity by post to Emmaus Dover, Archcliffe Fort,
    Archcliffe Road, Dover, Kent CT17 9EL.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise
any of the other rights). However, we may charge a reasonable fee if your request
for access is clearly unfounded or excessive. Alternatively, we may refuse to comply
with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your
identity and ensure your right to access the information (or to exercise any of your
other rights). This is another appropriate security measure to ensure that personal
information is not disclosed to any person who has no right to receive it.

Keeping our records up to date

It is your responsibility to inform us of any changes to your personal details, such as
change of address, during your time working for Emmaus Dover.
We may change this Privacy Policy from time to time. If we make any significant
changes in the way we treat your personal information we will make this clear by
contacting you directly.

If you have any questions, comments or suggestions, please let us know by
contacting us at Emmaus Dover, Archcliffe Fort, Archcliffe Road, Dover CT17 9EL/
[email protected].