Plan Communications Limited (“Plan”, “we”, “us” or “our”) and all of the other entities in the Plan Group are committed to ensuring that the personal data of our employees is handled in accordance with the principles set out in the General Data Protection Regulation (EU 2016/679) (“GDPR”).
Plan is the controller for this information unless this notice specifically states otherwise. Our Data Protection Officer is Gregg Knowles. You can contact him at email@example.com.
This notice should be read in conjunction with the Plan Privacy Notice which can also be found here link to www.plan.com/privacy, our other corporate policies and procedures can be found here https://plancom.sharepoint.com/sites/Compliance and with reference to the Employee Handbook. When appropriate we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this document.
We may obtain information about you from the following sources:
We process the following categories of personal data.
We use the following information to carry out the contract we have with you, provide you access to business services required for your role and manage our human resources processes.
We process this information for the payment of your salary, pension and other employment related benefits. We also process it for the administration of statutory and contractual leave entitlements such as holiday or maternity leave.
We use this information to assess your performance, to conduct pay and salary banding reviews and to deal with any employer / employee related disputes. We also use it to meet the training and development needs required for your role.
We use this information to assess your compliance with corporate policies and procedures and to ensure the security of our premises, IT systems and employees.
We may record all calls made to and from the business, which will include calls made and received by you. Please see our Telephone Usage Policy which sets out the basis on which we record and monitor calls. Each recording is encrypted and stored on a secure server. Access to the call recordings is tightly controlled in accordance with our Call Recording Access Policy and can only be obtained on the authority of our Data Protection Officer.
We use the following information to comply with our legal obligations and for equal opportunities monitoring. We also use it to ensure the health, safety and wellbeing of our employees.
Depending on the processing activity, we rely on the following lawful basis for processing your personal data under the GDPR:
How long we keep your personal data
For information about how long we hold your personal data, see our data retention schedule here.
In some circumstances, such as under a court order, we are legally obliged to share information. We may also share information about you with third parties including government agencies and external auditors. For example, we may share information about you with HMRC or the Isle of Man Tax Office for the purpose of collecting tax and national insurance contributions.
Do we use any data processors?
Yes – a list of our current data processors can be found at Annex A.
Your rights in relation to this processing
As an individual you have certain rights regarding our processing of your personal data, including a right to lodge a complaint with the Isle of Man Information Commissioner as the relevant supervisory authority.
For more information on your rights, please see “Your rights as an individual”
Transfers of personal data
We routinely transfer staff personal data overseas due to the fact that certain of our third-party processors (listed in Schedule A) have servers that are located outside the Isle of Man or the UK. When it is necessary to transfer the data, we ensure that we have appropriate safeguards in place.
Physical and electronic records are held for each member of staff. Data is held securely on Plan IT systems and at our premises and/or with externals software providers who are compliant in terms of GDPR.
You can request your personnel file by emailing the People Experience team or by submitting an access request to firstname.lastname@example.org. You can also make a verbal request for your information. You will not be able to take away your physical file. Your request will be handled outside the case management area with restricted access. We will consult internally with members of staff who might hold personal data about you.
The data collected from staff surveys is held in the cloud based platform15Five and Survey Monkey. Any data collected by 15Five, PeopleHR and/or Survey Monkey for us is stored on UK or US servers.
A link to their privacy notice can be found in Annex A. Staff at these providers cannot gain access to this data. The data is only available to a small number of Plan staff who are responsible for running or administrating the particular survey.
Most survey questions require quantitative responses, however some free text boxes are included. We would advise you not to share identifiable information about yourself in these boxes if you wish to remain anonymous. When appropriate we will also provide ‘just in time’ privacy information regarding specific surveys.
Workforce Development and Planning
Our People Experience department use online learning platforms for the facilitation of work related courses. Links to their privacy notices can be found in Annex A. We will share some information about you with these providers both prior to you joining Plan and during your employment to ensure you have the necessary access to complete training required for your role.
We will also share information about you with our training providers. For example this will include information such as your name, contact details and job role.
Monitoring of staff
All of our ICT systems are auditable and can be monitored, though we don’t do so routinely.
We are committed to respecting individual users’ reasonable expectations of privacy concerning the use of our ICT systems and equipment.
However, we reserve the right to log and monitor such use in line with our legitimate and reasonable expectations of acceptable use.
Any targeted monitoring of staff will take place within the context of our disciplinary procedures.
We use a financial accounting system (Sage) to log every financial transaction. This includes any transactions by or loans made to staff. If an outstanding debt by a member of staff is highlighted via this process, Plan may use this information to take steps to recover the outstanding amount.
Staff may be issued with a security pass that may display their name, department, staff reference number and photograph. In such a situation, staff pass details (names, numbers and photographs) are held on a standalone machine controlled by our facilities management team and can only be accessed by a restricted number of people. Should you lose your pass you will need to complete a lost security pass form and return it to People Experience. When you leave Plan, your details are deleted as soon as possible from this system subject to our Retention Schedule.
We operate CCTV inside our premises to monitor access to certain areas of the office.
Requests for references
If you leave, or are thinking of leaving, we may be asked by your new or prospective employers to provide a reference. For example, we may be asked to confirm the dates of your employment or your job role. If you are still employed by us at the time the request for a reference is received we will discuss this with you before providing this.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the processing is in our legitimate interests. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Changes to this privacy statement
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
This privacy notice was last updated on 13 July 2020 when we changed the layout and sought to set out examples of the information that was contained in the previous version of the notice.
|Provider of payroll services
|Applicant tracking system for recruitment. HR Records and Database system.
|Pension and life insurance provider
|Performance Management Software Platform
|Online Survey Provider
|Online Survey Provider
|Provider of workflow management
|Provider of Online Compliance and Training Courses