Privacy Notice

1. Background

This document relates to information we hold about you, through which you can be identified. 

Information of this nature is considered “personal data” under the General Data Protection Regulation (and other data protection legislation).  Where we determine the purposes for which, and the manner in which, your personal data is collected or is to be processed, we act as a “data controller”.                                                                                   

This Privacy Notice lets you know what happens to any personal data that you provide to us, or any that we may collect from you.

This notice applies only to personal information processed by or on behalf of Luxfer Superform and Luxfer Group.

Changes to this notice

The protection of your data is important to us, and as such we will keep this notice under review.  We may, therefore, change this notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.  We will update the date at the top of the notice accordingly.  We may also send you an updated copy (depending on whether we are required to do that).The up to date version of this notice can be found on the intranet or by contacting your HR department.

Who are we and how do you contact us?

We are Luxfer Superform, a division of Luxfer Gas Cylinders Limited legal entity, which is part of the Luxfer Group of companies, headquartered at Lumns Lane, Manchester, M27 8LN, and we are a data controller of your personal data.

The term personal data means information that is about you or from which we can identify you.  This privacy notice describes how we deal with your personal information.  We are the data controller of this information under relevant data protection laws, because in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this notice.  You can contact us at 01905 874300.

When we use terms such as we, us and our in this notice, we mean Luxfer Superform, Luxfer Gas Cylinders Limited and Luxfer group.

 

2. What kinds of personal information about you do we process?

This will depend on the nature of our relationship with you.  Personal information that we generally process in connection with all of our employees includes:  

  • Personal contact details (such as name, title, addresses, telephone numbers, and personal email addresses).
  • Date of birth.
  • Gender.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • National Insurance number or Social Security number.
  • Bank account details, payroll records and tax status information including tax codes.
  • Salary, annual leave, pension and benefits information.
  • Start date.
  • Location of employment or workplace.
  • Copy of driving licence.
  • Recruitment information (including copies of right to work documentation, references, proof of qualifications, psychometric tests, ability tests and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships).
  • Compensation history.
  • Share Award information.
  • Number of shares.
  • Performance information.
  • Disciplinary and grievance information.
  • CCTV footage and other information obtained through electronic means such as clocking records (Time & Attendance including time sheets).
  • Information about your use of our information and communications systems.
  • Photographs.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Trade union membership.
  • Information about your health, including any medical condition, health and sickness records.
  • Genetic information and biometric data.
  • Information about criminal convictions and offences.

We will process your data, however, some of your data will be processed by our third party suppliers which include training providers, recruitment agencies, occupational health providers and company benefit scheme administrators and providers.

 

3. What is the source of your personal information?

We will generally collect your personal information from you directly. We also collect personal information about employees, workers and contractors through the application and recruitment process, either directly from you or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, HMRC, DWP, credit reference agencies or other background check agencies.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

 

4. What are the legal grounds for our processing of your personal information (including when we share it with others)?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisation). For some processing, more than one legal ground may be relevant (except where we rely on a consent). We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official purposes.

Situations in which we will use your personal information

We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
  • Administering and providing the following benefits to you:
    • Cycle to Work
    • Share Incentive Plans, including liaising with our Scheme administrators
    • Childcare Vouchers
    • Any other benefits that we roll out
  • Liaising with our pension provider.
  • Administering the contract we have entered into with you.
  • Business management and planning, including accounting and auditing.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.
  • Equal opportunities monitoring.
  • Attendance Monitoring.
  • Organisational structure.
  • Company communications and networking.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

”Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations and in line with this notice.
  • Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme, and in line with this notice
  • Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We will use your particularly sensitive personal information in the following ways: 

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.  We will use information about criminal convictions and offences in the following ways: 

To assist recruitment decisions, including any restrictions in your ability to carry out a role.

How and when can you withdraw your consent?

As is set out above, most of what we do with your personal information is not based on your consent, and is instead based on other legal grounds.  For processing that is based on your consent, you have the right to take back that consent for future processing at any time.  You can do this by contacting us using the details above. The consequence of this might be that we cannot send you some marketing communications or that we cannot take into account special categories of personal data such as about your health (but these outcomes will be relevant only in cases where we rely on explicit consent for this).  

We will tell the employment agency or other intermediary who introduced you to us that you have withdrawn your consent only if it is our data processor (this means an organisation who is processing personal information on our behalf) or if we are required to do when you exercise certain rights under data protection laws.  You should make sure to contact them directly to withdraw your consent for what they do with your personal information as a data controller in their own right. 

 

5. Is your personal information transferred outside the UK or the EEA?

We are based in the UK, but sometimes your personal information may be transferred outside the UK or the European Economic Area.  If it is processed within Europe or other parts of the European Economic Area (EEA), then it is protected by European data protection standards.  Some countries outside the EEA do also have adequate protection for personal information under laws that apply to us.  We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA that do not have adequate protection under laws that apply to us, except in cases where what are called ‘derogations’ apply.  Your personal information may be transferred to:

  • United States of America.
  • Canada.
  • Australia.

For more information about suitable safeguards and (as relevant) how to obtain a copy of them or to find out where they have been made available you can contact us using the details above.

 

6. What should you do if your personal information changes?

It is important the personal information we hold about you is accurate and current. You should tell us without delay about any changes to your personal information so we can update our records.  Please contact your HR department to do this.

 

7. Do you have to provide your personal information to us?

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

 

8. Do we carry out any monitoring involving processing of your personal information?

In this section, monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person face to face meetings and other communications. 

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business; to prevent or detect crime; in the interests of protecting the security of our communications systems and procedures; to have a record of what we have discussed with you and actions agreed with you; to protect you and to provide security for you and for quality control and staff training purposes. 

Some of our monitoring may check for obscene or profane content in communications.

Telephone calls and/or in person meetings, between us and you, in connection with your application and employment with us may be recorded to make sure we have a record of what has been discussed. We may also record these types of calls for quality control and staff training purposes.

 

9. What about profiling and other automated decision making?

This section is relevant where we make decisions about you using only technology, and where none of our employees or any other individuals have been involved in the process. 

We can do this activity based on our legitimate interests (and they are listed in the section about legal grounds above) only where the profiling and other automated decision making does not have a legal or other significant effect on you.  In all other cases, we can do this activity only where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.  In those cases you have the right to obtain human intervention to contest the decision. Profiling for direct marketing can mean there is a separate right to object.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

 

10. How long is your personal information retained by us?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. [Details of retention periods for different aspects of your personal information can be viewed in our retention policy which is available on the intranet or from your HR Department.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations. 

 

11. What are your rights under data protection laws?

Here is a list of the rights all individuals have under data protection laws.  They do not apply in all circumstances.  If you wish to exercise any of them we will explain at that time if they are engaged or not. 

  • The right to be informed about our processing of your personal information.
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
  • The right to object to processing of your personal information.
  • The right to restrict processing of your personal information.
  • The right to have your personal information erased (the “right to be forgotten”).
  • The right to request access to your personal information and to obtain information about how we process it (see below for further details).
  • The right to move, copy or transfer your personal information (“data portability”).
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.

 

12. What about data anonymisation and use of aggregated information?

Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you.  It may then be used to produce statistical research and reports.  This aggregated data may be shared and used in all the ways described in this privacy notice.

 

13. What about data privacy notices from other organisations?

We have mentioned we may sometimes collect additional information about you from third parties including background check agencies. Where appropriate we will share with you their Privacy Notices about how they will use your personal information to perform their services or functions as data controllers in their own right.  These notices are separate to our own.

 

14. How do we secure your personal data?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place measures to protect the security of your information. Details of these measures are available upon request from the HR department.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place procedures to deal with any suspected data security breach and will notify you, and any applicable regulator, of a suspected breach where we are legally required to do so.

 

15. How do you request access to your personal data? 

In the first instance, you should make any request for access to your HR department.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure personal information is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, and in exceptional circumstances only, we may refuse to comply with the request in such circumstances.