Airswift Data Protection & Privacy Notice

For Workers, Contractors And Employees

    Last Updated - July 2022

    Introduction

    We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your working relationship with us.

    • We adhere to the principles set out in the General Data Protection Regulation (GDPR) which require personal data to be:
    • Processed lawfully, fairly and in a transparent manner
    • Collected only for specified, explicit and legitimate purposes
    • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
    • Accurate and where necessary kept up to date
    • Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed
    • Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage
    • Not transferred to another country without appropriate safeguards being in place
    • Made available to identifiable individuals about whom we hold personal data and allow such individuals to exercise certain rights in relation to their personal data
    • We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.

    Document Scope

    This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. You must read, understand and comply with this notice when processing personal data on our behalf. This privacy notice sets out what we expect from you in order for the company to comply with applicable law. Your compliance with this notice is mandatory.

    This privacy notice applies to all personal information we process regardless of the media on which that data is stored.

    This privacy notice does not apply to you if you are a client (our engagement letter and terms of business state the nature and purposes of our processing).

    References to we, our or us in this privacy notice are to the Airswift Group (being Airswift Holdings Limited a company registered in England and Wales under number 09913703, and each of its direct and indirect subsidiaries, trading under the "Airswift" brand).

    Roles and Responsibilities

    All Directors and Supervisors are responsible for ensuring compliance with this privacy notice and need to implement appropriate practices, processes, controls and training to ensure such compliance.

    The Data Protection Officer is responsible for overseeing this privacy notice and, as applicable, developing related policies and guidelines. That post is held by the Chief Operations Director.

    Please contact the Data Protection Officer with any questions about the operation of this notice if you have any concerns that this privacy notice is not being or has not been followed. In particular, you must always contact the Data Protection Officer in the following circumstances:

    • if you are unsure of the lawful basis which you are relying on to process personal information;
    • if you are unsure about the retention period for the personal information being processed;
    • if you are unsure about what security or other measures you need to implement to protect personal information;
    • if there has been a personal data breach;
    • if you are unsure on what basis to transfer personal information outside the EEA;
    • if you need any assistance dealing with any rights invoked;
    • whenever you are engaging in a significant new, or change in, processing activity which is likely to impact data protection or if you plan to use personal information for purposes others than what it was collected for;
    • if you need help with any contracts or other areas in relation to sharing personal information with third parties (including our clients and suppliers).

    1. Personal Information

    When you interact with us in relation to your work with us, you may provide us with or we may obtain personal information about you, such as information regarding your:

    • personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
    • date of birth;
    • gender;
    • marital status and dependants;
    • next of kin and emergency contacts;
    • national insurance number and other tax or governmental identifiers;
    • bank accounts, payroll and tax status
    • salary, annual leave, pension and benefits;
    • start date;
    • location of employment or workplace;
    • driving licence (including copies thereof where we are required to hold such information for identification or insurance purposes where you are to use our vehicles);
    • recruitment (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
    • employment records (including job titles, work history, working hours, training records and professional memberships);
    • compensation history;
    • pension and pension entitlements;
    • performance including that generated through our appraisal systems;
    • disciplinary and grievance information;
    • movements though CCTV footage and other information obtained through electronic means such as swipe card and key fob records;
    • use of our information and communications systems;
    • image in photographic form;
    • shareholding, option, SARS and dividend entitlement; and
    • loans that you have made to us.

    We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:

    • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
    • information about your health, including any medical condition, health and sickness records; and
    • information about criminal convictions and offences

    Depending on the nature of our interactions with you, there may be certain essential personal information that we must collect from you in relation to your relationship with us. This will vary depending on the relationship we have with you.

    We may also ask you for additional personal information which it is optional for you to provide but which will allow us to better tailor our relationship with you. For example, you may provide us with additional contact details to make it easier for us to get in touch with you, or with additional information about your dietary preferences in connection with a social engagement.

    We will always aim to make it clear which personal information it is necessary for you to provide, and which personal information is optional. However, if you are unsure as to whether you are required to provide any particular piece of personal information please ask.

    We typically collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies. We will also collect additional personal information in the course of job-related activities throughout the period of you working for us.

    Please note that all calls may be recorded for training, monitoring and quality purposes. All recordings will be handled strictly in accordance with the provisions of this privacy notice.

    2. Uses Made of the Information

    We are committed to protecting your privacy and will only use your personal information in accordance with applicable data protection legislation, including the Data Protection Act 1998 and (once applicable) the General Data Protection Regulation and the UK implementing legislation. Most commonly, we will use your personal information in the following circumstances:

    • where we need to perform the contract we have entered into with you;
    • where we need to comply with a legal obligation; and
    • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

    We may also use your personal information in the following situations, which are likely to be rare:

    • where we need to protect your interests (or someone else’s interests); and
    • where it is needed in the public interest.

    We need all the categories of information in the list in section 1 above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. There are more limited circumstances where we process personal data pursuant to your consent. The situations in which we will process your personal information are listed below.

    • making a decision about your recruitment or appointment;
    • determining the terms on which you work for us;
    • checking you are legally entitled to work in the country of employment/assignment
    • paying you and, if you are an employee, deducting tax and Social Security contributions or legal statutory contributions;
    • providing benefits of employment, including flexible benefits
    • liaising with your pension provider;
    • administering the contract we have entered into with you;
    • business management and planning, including accounting and auditing;
    • conducting performance reviews, managing performance and determining performance requirements;
    • making decisions about salary reviews and compensation;
    • assessing qualifications for a particular job or task, including decisions about promotions;
    • gathering evidence for possible grievance or disciplinary hearings;
    • making decisions about your continued employment or engagement;
    • making arrangements for the termination of our working relationship
    • education, training and development requirements
    • dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
    • ascertaining your fitness to work;
    • managing sickness absence;
    • complying with health and safety obligations;
    • to prevent fraud;
    • to monitor your use of our information and communication systems to ensure compliance with our IT policies;
    • to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution; and [to conduct data analytics studies to review and better understand employee retention and attrition rates;
    • equal opportunities monitoring;
    • shareholding, options and dividend details.

    Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

    If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

    We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

    ”Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

    • in limited circumstances, with your explicit written consent;
    • where we need to carry out our legal obligations or perform a contract with you;
    • where it is needed in the public interest, such as for equal opportunities monitoring [or in relation to our occupational pension scheme]; and
    • where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

    Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

    We will use your personal information in the following special categories in the following ways:

    • we will use information relating to your absence from work, which may include sickness absence or family-related absences, to comply with employment and other laws;
    • we will use information about criminal convictions to comply with law and in order to determine your eligibility to undertake particular types of work;
    • we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
    • we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting; and
    • We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

    We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

    Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in paragraph 9. Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.

    You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.

    3. Disclosure of Your Personal Information

    We may share your personal information where it is necessary to administer the working relationship, or we have a legitimate interest in so doing. We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply such other terms as apply to our relationship, or to protect rights, property, or safety of our other employees, workers and contractors our customers, ourselves or others. with you or where we have a legitimate interest in doing so. This includes exchanging information with other companies and organisations for the purposes of providing references and fraud protection.

    ”Third parties” includes third-party service providers (including contractors and designated agents) and other entities within the Airswift Group.

    The third parties we share your personal information with where required by law are courts and governmental agencies.

    The third parties we share your personal information with where it is necessary to administer the working relationship with you include (where you are a contractor) the client of ours for whom you are ultimately providing services to.

    The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration and IT services. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

    We will share your personal information with other entities in our group [as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data. All members of the Airswift Group are bound by this privacy policy.

    We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

    In certain cases the disclosure of your personal information to a third party as described in this section 3 may involve your personal information being transferred outside of the United Kingdom. This may be to:

    • a country in the European Economic Area or that is otherwise considered to have data protection rules that are equivalent to those in the United Kingdom; or
    • a country which is not considered to have the same standards of protection for personal data as those in the United Kingdom, in which case we will take all steps required by law to ensure sufficient protections are in place to safeguard your personal information, including where appropriate putting in place contractual terms approved by the relevant regulatory authorities.

    For more information about the circumstances in which your personal information may be disclosed to third parties and the safeguards we put in place to protect your personal information when we do so, please contact us as described in section 9.

    4. Data Security

    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

    You should take all reasonable steps to keep your personal information held on out IT systems secure, including choosing a secure password for your accounts and not disclosing your passwords to anybody else. You should use a unique password for every account. Further details are in our IT and password policies.

    5. Retention, Updating and Removal of Your Personal Information

    The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.

    It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you through our customer portal. Alternatively, you can contact us using the details in paragraph 9.

    Under certain circumstances, by law you have the right to:

    • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
    • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
    • request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground;
    • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
    • request the transfer of your personal information to another party.

    If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please use the contact details in section 9.

    You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

    We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

    6. Enquiries, Issues and Complaints

    In the unlikely event that you have any concerns about how we use your personal information, please contact us as described in section 9.

    If you make a complaint about our handling of your personal information, it will be dealt with in accordance with our complaints handling procedure accessible on our website – www.airswift.com/contact/

    If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office. Please see https://ico.org.uk/for-the-public/raising-concerns/ for more information.

    7. Cookies

    This Website uses analytics services provided by Google Analytics a web analytics service provided by Google, Inc. (Google).

    Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyse how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the Website. By using the Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

    You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.

    You can choose to delete Cookies at any time however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

    It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

    8. Changes to this Privacy Notice

    We reserve the right to alter this privacy notice at any time. Such alterations will be posted on our website. You can also obtain an up-to-date copy of our privacy notice by contacting us as described in paragraph 9. Should you object to any alteration, please contact us.

    9. Contacting Us

    If you need to contact us about this notice or any matters relating to the personal information we hold on you, you can write to the Data Protection Officer, 4th Floor, Delphian House, New Bailey Street, Salford, Manchester, M3 5FS, United Kingdom or email dpo@airswift.com.

    10. Further Information

    We hope that the contents of this privacy notice address any queries that you may have about the personal information we may hold about you and what we may do with it. However, if you do have any further queries, comments or requests, please contact us as described in paragraph 9 above.

    Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.

    Back to top