Data Privacy Policy
This Privacy Policy explains what we do with your personal data, whether you are an employee, we are in the process of dealing with an enquiry, processing an order, continuing our ongoing customer relationship with you, receiving a service from you, requesting your feedback, or you are visiting our website.
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Policy applies to the personal data of our Customers, Potential Customers, Suppliers and Potential Employees.
What kind of personal data do we collect?
- Potential Employees ( Job Applicants )
To meet our contractual agreement with you and for legal and lawful reasons we will collect, store, and use the following categories of personal information about you:
Personal contact details such as name, title, addresses, telephone numbers and personal email addresses, Salary, pension and benefits information, Start date. Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process). Employment records (including job titles, work history, working hours, holidays, training records and professional memberships), Compensation history, Performance information and Disciplinary and grievance information. Information about criminal convictions and offences
- Customer Data
In order to provide the best possible products and services to our customer’s we need to process certain information. Stephens Bakery Foundation. only ask for details that will genuinely help us to deliver these products and services, such as your name, job role, and contact details; including but not limited to: Telephone number, email address, first and last name and in some instances your home address details. Where Stephens Bakery Foundation. are required by you to process payments for goods and services by way of debit or credit card we will also process these details, but only for this purpose.
- Supplier Data
We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. Stephens Bakery Foundation. will collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
How do we collect your personal data?
- Employees, ex-employees and agency workers
We collect employee data directly from you and DVLA if applying for a Drivers position
- Customer Data
We collect customer data directly from you, supplied references and credit check bureaus
- Supplier Data
We collect supplier data directly from you.
How do we use your personal data?
- Employees, ex-employees and agency workers
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Situations in which we will use your personal information
We need your personnel information to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.
- Making a decision about your recruitment or appointment.
- Determining the terms on which you work for us.
- Checking you are legally entitled to work in the UK.
- Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs).
- Providing benefits to you.
- Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties.
- Liaising with the trustees or managers of a pension arrangement operated by a group company, your pension provider and any other provider of employee benefits.
- Administering the contract, we have entered into with you.
- Assessing qualifications for a particular job or task.
- Making decisions about your engagement.
- Education, training and development requirements.
- Ascertaining your fitness to work.
- To prevent fraud/theft
- Equal opportunities monitoring.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
- Customer Data
There are two main reasons for using your personal details. Firstly, details will be used to help Stephens Bakery Foundation. process ongoing requests that you have made of us, i.e. raising a quote or processing an order, through to delivery.
- Supplier Data
The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
- Website Users
If you send us an application form, your CV or contact us with personal information for employment purposes, we may store that information for 6 months. We do not share your information with any third parties and would only contact you within that 6 month period should a suitable post arise.
How do we safeguard your personal data?
We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
Those processes include but are not limited to; encrypted server access, Laptop devices are encrypted, all antivirus and gateway security settings are up to date and monitored.
How long do we keep your personal data for?
- Employees, ex-employees and agency workers
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Current employee data is held for the duration of your employment. Ex-employee data is retained for up to 7 years after your leaving date.
- Customer/Suppliers Data
Data is stored and processed in our Sales Order systems. If we have not had meaningful contact with you for a period of seven years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
How can you access, amend or take back the personal data that you have given to us?
If we are holding or using your personal information, you may change your mind at any time by writing to the Data Protection Officer, Stephens Bakery Foundation, Unit 21, Dunfermline Business Park, Primrose lane, Dunfermline, KY11 2RN or emailing us at privacy@stephensbakeryfoundation.org we will process the removal of your personal information within 30 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to erase
In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by Stephens Bakery Foundation. as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case please let us know.
Our legal basis for processing your data
Legitimate interests
Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
- Employees, ex-employees and agency workers
We hold personal information about you for legitimate interests to enable us to meet our contract with you.
- Customer data
We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our continued communication.
We want to provide potential customers with the opportunity to hear about our products and services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits from our products and services and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us. Personal details may be used to for administrative purposes including invoicing.
- Supplier data
We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.
Contractual reason
Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).