GDPR Privacy Notice & Retention Policy: Employees, Volunteers, & Applicants for Operational Roles
This boring but important page contains our privacy policy as it relates to people who volunteer or work for us, or who have applied to do so.
2050 Climate Group is committed to protecting the privacy and security of your personal information that we collect as a "data controller". This privacy notice describes how we collect and use personal information about you during and after your working or volunteering relationship with us, in accordance with the General Data Protection Regulation (GDPR).
It applies to all job and volunteer applicants, employees, volunteers, trustees, workers and contractors. It does not form part of any contract you have with us. It is important that you read this policy, together with any updates or other privacy notice we may provide. We may update this privacy notice from time to time as required by law or due to changes in practice. This statement is effective from May 2019.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, store, and use the following categories of personal information about you:
Personal details such as name, address, date of birth, gender, dependents, photographs, telephone number, personal email address, and emergency contact information.
For employees, or where needed to reimburse expenses, financial details such as your National Insurance number, bank account details, and any payroll records, tax status, salary, annual leave, pension and benefits information.
Recruitment information (including any copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
Records (including as applicable start date, working location, job title, work history, hours, training records and professional memberships, and any performance, disciplinary, and grievance records).
Information about your use of email, Slack, and other IT systems.
We may also collect, store and use "special categories" of more sensitive personal information, including information about your race or ethnicity, religious beliefs, sexual orientation, marital status, political opinions, and health where this is required by law or to use on an anonymous basis for diversity monitoring.
How is your personal information collected?
We typically collect personal information about you through the recruitment or application process, either directly from applicants or sometimes from one of your referees. We will also collect personal information in the course of you volunteering or working for or providing services to us.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information where we need to perform any contract we have entered into with you, where we need to comply with a legal or regulatory obligation, and/or where it is necessary for our legitimate interests (or those of a third party) in the effective running of the charity and your interests. We may also use your personal information where we need to protect your interests (or someone else's interests), or where it is needed in the public interest or for official purposes. These circumstances are likely to be rare.
Examples of situations in which we will use your personal information:
To maintain accurate records.
For purposes connected with recruitment and/or training.
To reimburse expenses, or for the payment of fees or salary, or the calculation of payroll data, sick pay and holiday and leave entitlement for employees.
For processing or payment of certain benefits, including pension.
To deal with legal disputes involving you, or other employees, workers, volunteers and contractors, including accidents at work.
To contact next of kin in an emergency.
Where applicable, for conduct or performance purposes affecting your ability to perform your job or to provide services to us.
For business management and planning, including accounting, auditing, and equal opportunities monitoring.
To deal properly with any absence caused by sickness or injury.
To comply with requests from HMRC and any other statutory regulatory bodies.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law or regulation.
We will use your particularly sensitive personal information in the following ways:
We will use information relating to leaves of absence, which may include sickness absence or family related leave, to comply with employment and other laws (as applicable).
We will use information about your physical or mental health, or disability status, to ensure your health and safety, to provide appropriate adjustments, to monitor and manage sickness absence and to administer benefits.
We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
For trustees, we will use information about your nationality to comply with our bank's regulatory requirements.
Do we need your consent?
We do not need your consent if we use your personal information in accordance with our written policy to carry out our legal obligations as an employer or exercise specific employment law rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Data sharing
We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
The main place where data is stored electronically is on Google Drive and SurveyMonkey. Access to this data is locked down to people within the organisation who need access to it to perform their role.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, for the defence of any legal claims and for the legitimate interests of the organisation as applicable. We will retain and securely destroy your personal information in accordance with this privacy notice, and applicable laws and regulations.
For non-successful applicants for operational volunteer, employee, or trustee roles, we will keep recruitment information for up to six months following the close of the selection process.
For volunteers, we will retain the majority of your personal data for up to one year after we are notified that you wish to stop volunteering with us. We may retain your name and the team with which you volunteered indefinitely for record-keeping purposes. We will keep a record of expenses reimbursed to you in line with HMRC guidance.
For employees, we will retain employment records for seven years after the termination of your employment including contact and next of kin details, payroll records, personnel file, benefits information, training records, disciplinary and grievance records, family leave records and details of sickness records. The only information which will be retained indefinitely will be basic information including name, role and salary/fee, and dates of employment/service.
For consultants, and trustees, we will destroy most of your personal information after one year following the termination of our relationship. The only information which will be retained indefinitely will be basic information including name, role and salary/fee (if any), and dates of engagement.
Rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. You have a duty to keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
Request access to your personal information (known as a "data subject access request").
Request correction of the personal information that we hold about you.
Request the erasure of your personal information, or ask us to stop processing personal information where we are relying on a legitimate interest and you object to processing on this ground.
Request the suspension or restriction of processing of your personal information.
Request the transfer of your personal information to another party.
If you have any questions about this privacy notice, or to exercise any rights under it, please contact compliance@2050.scot. If you believe that 2050 Climate Group has not complied with your data protection rights, you have the right to complain to the Information Commissioner.