Policy aims

To provide staff with a comprehensive and transparent understanding of the requirements under GDPR and how Leo Group Ltd are adhering to those legal requirements when collecting, processing, storing and destroying staff data.

How your information will be used

As your employer, Leo Group (and all associated group companies) need to keep and process information about you for normal employment purposes. The information we hold and process will be used for legitimate management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately:
• during the recruitment process
• whilst you are working for us
• at the time when your employment ends and
• after you have left.
This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees and / or recruitment agencies or job boards.
The sort of information we hold includes:
• your CV and references
• your contract of employment and any amendments to it
• correspondence with or about you, for example letters to you about a pay review or, at your request, a letter to your mortgage company confirming your salary
• information needed for payroll, benefits and expenses purposes
• contact and emergency contact details
• records of holiday, sickness and other absence, and
• records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory sick pay and pension provision.
Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency.
Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
In addition, we monitor computer use, as detailed in our Communication and Email Policy.
We a keep records of your hours of work by way of our office access system and Actin Time in order to manage attendance and remunerate staff.
Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you.
We may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business, such as professional references.
Your personal data will be stored for the required length of time to allow us to carry out our contractual obligations whilst you are in our employment. Relevant data required for us to uphold our legal obligations will be held for the timeframes as stipulated by these organisations, but typically no longer than 6 years for the purpose of HMRC and litigation purposes.
If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

Your rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data:
• You have the right to request from us access to and rectification or erasure of your personal data,
• The right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
Leo Group Ltd is the controller and processor of data for the purposes of the DPA 18 and GDPR.
If you have any concerns as to how your data is processed you can contact the Group General Manager via email or in writing to Biopower Oostende, Kuipweg 44, Ostend.