GENERAL PRIVACY POLICY
General
The new General Data Protection Regulation (GDPR) brings new responsibilities to both data controllers and data processors who offer services to people within the European Union (EU).
Statement Content
▪ Overview
▪ What information we collect
▪ How we use it
▪ Legal basis for holding the information
▪ Data on Backups
▪ Changes to our Compliance Statement and Privacy Notice
▪ How to contact us
▪ Privacy Policy for People
Overview
We’ve always taken data security and data privacy very seriously. We welcome the new GDPR as we believe it clarifies individual privacy rights and brings greater responsibilities onto organisations who control or process data.
GDPR brings new regulations on how organisations manage personal data. Personal data is any information which could be used directly or indirectly to identify a person.
What information we collect
▪ Full Name
▪ Work Address
▪ Work Telephone Number
▪ Work Email Address
▪ Bank / Payment Details of the Organisation
We will not share or sell your data with any 3rd party or store on any unsecured device.
How we use it
For our customers & clients, we collect this information to allow us to correctly generate invoices, allocate payments, verify identity and to ensure for communication purposes we send messages to the correct location.
Legal Basis for holding the information
Midshire collects and uses customers’ personal data because is it necessary for the pursuit of our legitimate business interests and for the purposes of complying with our duties in exercising our rights under a contract or, complying with our legal obligations.
Data on back-ups
Should any personal data be required to be changed on our systems, we will only amend the live version of the data. Back-ups will not be altered unless they are used to replace the current live version.
Changes to our privacy policy notice
We keep our privacy notice under regular review, and we will place any updates on our web page. This privacy notice was last updated in July 2019.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data.
How to contact us
▪ By email – jude@midshirecatering.co.uk
▪ By post – Midshire Signature Services Ltd, Unit A3, Elm House, Oaklands Office Park, Hooton Road, Hooton, CH66 7N
Introduction
This part of the document explains how Midshire collects and uses information about potential, existing and former colleagues for employment or service-related purposes.
It provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your information and the rights that you have in relation to your information.
This section does not form part of any contract of employment.
If there are any changes to the way in which your personal information is used, this section will be updated, or a new privacy notice provided on our website.
Personal information is any information that tells us something about you. This could include information such as name, contact details, date of birth, medical information and bank account details.
How do we collect personal information?
We collect personal information about you from various sources including:
▪ from you when you contact us directly through the application and recruitment process or during your employment;
▪ from other people when we check references or carry out background checks.
What information do we collect?
We collect the following categories of information about you:
▪ Personal contact details such as name, title, address, telephone number and personal email addresses;
▪ Date of birth;
▪ Gender;
▪ Marital status and dependents;
▪ Next of kin and emergency contact information;
▪ National insurance number;
▪ Bank account details, payroll records and tax status information;
▪ Salary, annual leave, pension and benefits information;
▪ Start and end date of employment;
▪ Location of employment or workplace;
▪ Recruitment information (including copies of right to work documentation, references and other information in your CV or cover letter or otherwise provided as part of the application process);
▪ Employment records (including job titles, work history, working hours, training records and professional memberships);
▪ Disciplinary and grievance information;
▪ CCTV footage and other information obtained through electronic means
▪ Information about your use of our information and communication systems;
▪ Photographs;
▪ Information about your race or ethnicity, and religious belief; sexual orientation.
▪ Trade union membership;
▪ Information about your health, including any medical condition, health and sickness records; and
▪ Information about criminal convictions and offences committed by you.
How do we use your information?
We use your information for the following purposes:
▪ To make decisions about your recruitment and appointment;
▪ To determine the terms on which you work for us;
▪ To check you are legally entitled to work in the UK;
▪ To pay you and, if you are an employee, to deduct tax and national insurance contributions;
▪ To provide benefits to you, which may include, life assurance
▪ To liaise with your pension provider;
▪ To administer the contract, we have with you.
▪ To conduct performance reviews, manage performance and determine performance requirements;
▪ To make decisions about salary reviews and compensation;
▪ To assess your qualifications for a particular job or task, including decisions about promotions;
▪ To gather evidence for possible grievance or disciplinary hearings;
▪ To make decisions about your continued employment or engagement;
▪ To make arrangements for the termination of our working relationship;
▪ For education, training and development;
▪ To deal with legal disputes involving you or other employees, workers or contractors, including accidents at work;
▪ To ascertain your fitness for work;
▪ To manage sickness absence;
▪ To comply with health and safety obligations;
▪ To prevent fraud;
▪ To monitor your use of our information and communication systems to ensure compliance with our IT policies;
▪ To carry out equal opportunities monitoring.
What is the legal basis that permits us to use your information?
Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal bases to use your information for employment-related purposes:
▪ Where we need information to perform the contract, we have entered into with you;
▪ Where we need to comply with a legal obligation; and
▪ Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
▪ In more limited circumstances we may also rely on the following legal bases:
▪ Where we need to protect your interests (or someone else’s interests); or
▪ Where it is needed in the public interest or for official purposes.
Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive, and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information and criminal conviction information in the following circumstances:
▪ In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent;
▪ We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
▪ We will use information about your race or ethnic origin, religious, philosophical beliefs, your sexual life or sexual orientation to ensure meaningful equal opportunity monitoring and reporting. The legal basis of this processing is that it is in the public interests to carry out diversity monitoring; and
▪ We will use trade union membership information to pay trade union premiums, register the status of a protected employee and comply with employment law obligations.
What happens if you do not provide information that we request?
We need some of your personal information in order to perform our contract with you. For example, we need to know your bank details so that we can pay you. We also need some information so that we can comply with our legal obligations. For example, we need information about your health and fitness to work to comply with our health and safety obligations.
Where information is needed for these purposes, if you do not provide it, we will not be able to perform our contract with you and may not be able to offer employment or continue with your employment. We explain when this is the case at the point where we collect information from you.
How do we share your information?
We share your personal information in the following ways:
▪ Where we use third party services providers who process personal information on our behalf in order to provide services to us. This includes IT systems providers and IT contractors, payroll / expense providers and pension administration providers.
▪ We will share your personal information with regulators, including the Food Standards Agency, where we are required to do so to comply with our regulatory obligations.
▪ We will share your personal information with third parties where we are required to do so by law. For example, we are required to provide tax-related information to HMRC.
▪ We will also share your personal information with the benefit providers we work with in order to provide the benefits that you are entitled to as part of your employment with us eg pension providers and life insurance providers.
▪ Where we share your personal information with third parties, we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this section.
How do we keep your information secure?
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. Maintaining data security means using appropriate technical or organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage
For how long do we keep your information?
As a general rule we keep your personal information for the duration of your employment and for a period of six years after your employment ends. If you are an applicant, we will keep your information for a period of twelve months in case appropriate opportunities arise. However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer
Your rights in relation to your information
You have several rights in relation to your personal information, these include the right to:
▪ be informed about how we use your personal information (which we do in this section);
▪ obtain access to your personal information that we hold;
▪ request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate;
▪ request that we erase your personal information in the following circumstances:
▪ if Midshire is continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
▪ if Midshire is relying on consent as the legal basis for processing and you withdraw consent;
▪ if Midshire is relying on legitimate interests as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
▪ if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation); and/or
▪ if it is necessary to delete the personal data to comply with a legal obligation.
▪ where our processing of your personal information is unlawful;
▪ where we no longer need the personal information, but you require us to keep it to enable you to establish, exercise or defend a legal claim; or
▪ where you have raised an objection to our use of your personal information;
▪ request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
▪ object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection, we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information; and
▪ not be subject to automated decisions which produce legal effects, or which could have a similarly significant effect on you.
Complaints
If you have any complaints about the way we use your personal information, please contact us via email at jude.mcmanus@midshiresignatureservices.co.uk who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority (the Information Commissioner).
GDPR PRIVACY NOTICE FOR CUSTOMERS,
CLIENTS IN THE EDUCATION SECTOR
The new General Data Protection Regulation (GDPR) brings new responsibilities to both data controllers and data processors who offer services to people within the European Union (EU).
Statement Content
• Overview
• What information we collect
• How we use it
• Legal basis for holding the information
• Data on Backups
• Changes to our Compliance Statement and Privacy Notice
• How to contact us
Overview
We’ve always taken data security and data privacy very seriously. We welcome the new GDPR as we believe it clarifies individual privacy rights and brings greater responsibilities onto organisations who control or process data.
The GDPR brings new regulations on how organisations manage personal data. Personal data is any information which could be used directly or indirectly to identify a person.
What information we collect
• Full Name
• Work Address
• Work Telephone Number
• Work Email Address
• Bank / Payment Details
We also receive personal data from trusted third parties who provide services to our clients and customers such as Parent Pay or equivalent and is only accessed by authorised personnel on secure encrypted and password protected equipment.
We will not share your data with any 3rd party or store on any mobile device.
How we use it
For our customers & clients, we collect this information to allow us to correctly generate invoices, allocate payments, verify identity and to ensure for communication purposes we send messages to the correct location.
Legal Basis for holding the information
Midshire collects and uses customers’ personal data because is it necessary for the pursuit of our legitimate business interests and for the purposes of complying with our duties in exercising our rights under a contract or, complying with our legal obligations.
Data on back-ups
Should any personal data be required to be changed on our systems, we will only amend the live version of the data. Back-ups will not be altered unless they are used to replace the current live version.
Changes to our privacy policy notice
We keep our privacy notice under regular review, and we will place any updates on our web page. This privacy notice was last updated in July 2019.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data.
How to contact us
By email – jude.mcmanus@
By post – Midshire Signature Services Ltd, Unit A3, Elm House, Oaklands Office Park, Hooton Road, Hooton, CH66 7NZ
CANDIDATE POLICY
CANDIDATE PRIVACY NOTICE
Data controller: Midshire Signature Services Ltd (‘the Employer’)
Data protection officer: Jude McManus, Business Support Manager,
Contact E: jude.mcmanus@midshiresignatureservices.co.uk
As part of any recruitment process, the Employer collects and processes personal data relating to job applicants. The Employer is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the Employer collect?
The Employer collects a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number;
- Details of your qualifications, skills, experience and employment history;
- Information about your current level of remuneration, including benefit entitlements;
- Whether or not you have a disability for which the Employer needs to make reasonable adjustments during the recruitment process; and
- Information about your entitlement to work in the UK.
The Employer may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
The Employer may also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The Employer will seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
Why does the Employer process personal data?
The Employer needs to process data to take steps at your request prior to entering into a contract with you. It may also need to process your data to enter into a contract with you.
In some cases, the Employer needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.
The Employer has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Employer to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Employer may also need to process data from job applicants to respond to and defend against legal claims.
The Employer may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. It may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. The Employer processes such information to carry out its obligations and exercise specific rights in relation to employment.
The Employer is obliged by its customers and clients to seek information about criminal convictions and offences. Where the employer seeks this information, it does so because it is necessary and proportionate for the performance of a contract.
If your application is unsuccessful, the Employer may keep your personal data on file in case there are future employment opportunities for which you may be suited. The Employer will ask for your consent before it keeps your data for this purpose and you are free to withdraw your consent at any time.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
The Employer will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The Employer will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
The Employer will not transfer your data outside the European Economic Area.
How does the Employer protect data?
The Employer takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
For how long does the Employer keep data?
If your application for employment is unsuccessful, the Employer will hold your data on file for 3 months after the end of the relevant recruitment process. [If you agree to allow the Employer to keep your personal data on file, the Employers will hold your data on file for a further 6 months for consideration for future employment opportunities.
At the end of that period or once you withdraw your consent, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
Your rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the Employer to change incorrect or incomplete data;
- require the Employer to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data where the Employer is relying on its legitimate interests as the legal ground for processing.
- Withdraw your consent at any point, where processing is based upon your consent.
If you would like to exercise any of these rights, please contact:
Jude McManus, Business Support Manager
Contact email: jude.mcmanus@midshiresignatureservices.co.uk
If you believe that the Employer has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the Employer during the recruitment process. However, if you do not provide the information, the Employer may not be able to process your application properly or at all.
Automated decision-making
Recruitment processes are not based solely on automated decision-making.
MODERN SLAVERY
MODERN SLAVERY AND HUMAN TRAFICKING
Introduction
This statement sets out Midshire Signature Service’s, (Midshire), approach to understanding and addressing any potential slavery and human trafficking risks within its business and supply chains.
Midshire’s board of Directors takes this matter seriously and is committed to improving our practices to combat slavery and human trafficking.
Policy statement
The organisation’s policies in relation to slavery and human trafficking
We are committed to ensuring that there is no modern slavery or human trafficking within our supply chains or any part of our business. The organisation operates the following policies that describe its approach to the identification of modern slavery risks and steps to be taken to prevent slavery and modern trafficking in its operations:
They may include, but are not limited to, the following:
• Whistleblowing policy
• Employee code of conduct
• supplier and procurement] code of conduct
The organisation’s due diligence processes in relation to slavery and human trafficking and in its business and supply chains
As part of our initiative to identify and mitigate the risk of slavery and human trafficking occurring within our business and supply chains, the organisation undertakes due diligence when taking on new suppliers and regularly reviews its existing ones.
Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person’s liberty by another in order to exploit them for personal or commercial gain. We have a zero-tolerance approach to modern slavery and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains.
We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the MSA. We expect the same high standards from all of our contractors, suppliers and other business partners, and as part of our contracting processes, we will include specific prohibitions against the use of forced, compulsory or trafficked labour, or anyone held in slavery or servitude, whether adults or children, and we expect that our suppliers will hold their own suppliers accountable to the same high standards.
This Policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners.
This Policy does not form part of any employee’s contract of employment and we may amend it at any time.
Responsibility for the Policy
The Board of Directors has overall responsibility for ensuring this Policy complies with our legal and ethical obligations, and that all those under our control comply with it.
The Senior Management team has primary and day-to-day responsibility for implementing this Policy, dealing with any queries about it, and overseeing systems and procedures to ensure they are effective in countering modern slavery.
Management at all levels are responsible for ensuring those reporting to them understand and comply with this Policy and are where necessary are given adequate training.
Compliance with the Policy
You must ensure that you read, understand and comply with this Policy.
The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control. You are required to avoid any activity that might lead to, or suggest, a breach of this Policy.
You must notify your manager or the operations manager as soon as possible if you believe or suspect that a conflict with this Policy has occurred, or may occur in the future.
You are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of our business or supply chains of any supplier tier at the earliest possible stage.
If you believe or suspect a breach of this Policy has occurred or that it may occur, you must notify your manager or the operations manager or report it in accordance with our Speaking Up/Whistleblowing Policy & Procedure as soon as possible.
If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains constitutes any of the various forms of modern slavery, raise it with your manager or the operations manager.
We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this Policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any of our supply chains. Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern. If you believe that you have suffered any such treatment, you should inform the Senior management immediately. If the matter is not remedied, and you are an employee, you should raise it formally with the Board of Directors.
Communication and awareness of this Policy
Our zero-tolerance approach to modern slavery must be communicated to all suppliers, contractors and business partners at the outset of our business relationship with them and reinforced as appropriate thereafter.
Breaches of this Policy
Any employee who breaches this Policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organisations working on our behalf if they breach this Policy.
Policy Review
If there are amendments to the applicable legislation or regulatory requirements, the Policy will be amended to reflect these. There will be an annual review by the person responsible for the Policy to ensure the document is fit for purpose and remains effective. Any changes will be communicated by way of internal updates, team briefings or training, depending on the complexity of the amendment.
GENDER PAY GAP REPORT APRIL 2023
Introduction
Under the new pay gap legislation organisations with over 250 employees are required to report specific information regarding the pay gap between genders.
The date to which this report refers to is 5th April 2023
As a facilities Management company this means the majority of our workforce are based on client sites. Our employees are engaged in business such as catering and cleaning, in schools, B&I and extra care schemes. The majority of MSS’s roles are operational which has resulted and attracts mainly women. As a result, 80.6% of our workforce are female making comparison based on gender challenging.
Midshire currently have 320 employees:
MSS’s gender pay gap identifies the average paid between men and women across Midshire Signature Services Ltd. At individual site level it is MSS’s policy to transfer staff on their existing terms and conditions of employment, in line with TUPE regulations. Pay enhancements are reviewed annually, with recognition of the National Living Wage and NJC pay reviews.
Hourly Pay
The hourly pay for women is:
Mean hourly pay: 15.5% lower than men.
Median Hourly pay: 7.9% lower than men.
Thank you for your time and consideration in reading this report. I confirm that the information contained within is accurate and in line with government reporting regulations.
Sue Bradwell
Managing Director
Date of Report: March 2023
Midshire Signature Services
Unit A3 Elm House, Oaklands Office Park,
Hooton Road, Wirral CH66 7NZ
sales@midshiresignatureservices.co.uk
info@midshiresignatureservices.co.uk