1. Privacy and Your Personal Data
1.4 All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below address or via email at Datacontrol@ice-clean.com
Data Control, ICE, Sauber House, Rushington Business Park, Totton, Hampshire, SO40 9AH
1.5. ICE are the controllers of your information for the purposes of the GDPR and is registered under number 02732684 and VAT number is 568 6984 63.
1.6. The Company’s Data Protection Officer is Emily Digby. She can be contacted on email@example.com.
2. What Information Do We Collect and How?
2.1 You may provide us with personal information such as name, address, postcode, email address, phone numbers, date of birth, bank account details and information about other members of your organisation or family (“Information”). You may provide us with Information in a number of ways:
- By supplying us with the information as listed above by subscribing to receive updates or offers from us;
- By corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
- By providing information when entering into or fulfilling a contract with us for the supply of goods and services either as a supplier, customer, agent or partner;
- By providing information when entering into or fulfilling a contract of employment with us;
- By providing information when you use our Apps, operating systems or website; and
- By providing information when you use our mobile optimised systems and website from our portable hand-held device including details of your physical location
2.2 Employees may also provide other types of Information, including their national insurance number, tax status information, a copy of their driving licence or passport and photographs. From time to time we may give you the option to provide us with Information about other people in your life, for example as an employee, you have the option to tell us the contact details of your next of kin. We do not use this information unless contact is required in the case of an emergency during your employment with us.
2.3 We may collect Information about your computer, mobile phone or device, including where available your IP address, operating system, browser type and the geographical location of your computer, phone or device for system administration purposes. This is statistical data about our operational performance and service delivery and any Information that we share does not include personal data.
2.4 We may also collect, store and use some more sensitive types of Information including health information relating to our workers, contractors or employees which could include absence information, information about medical information and sickness records.
2.5 For some of our employee roles, we may have to process criminal conviction data. We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. ICE may lawfully process information about criminal convictions as it is in our legitimate interests to do so for some of the sites our employees may have to attend, for example, School sites. We consider that ICE meets the further condition that the processing of criminal convictions is necessary to protect the interests of our clients and that it is in the public interest for us to do so.
2.6 This information can be collected through the recruitment and application process from candidates directly but in some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references, background check providers, credit reference agencies etc. Additional Information will be collected throughout the period of individuals working for us, in the course of job-related activities.
3. What Information do we collect on our Apps, operating systems and website?
3.1 When using our Apps, operating systems, or website, you may provide us with the following Information:
a) your name, site address and contact details (email address and telephone number) if you use our Apps to track equipment, vehicles or field-based staff;
b) Informationthatallowsustoidentifyyourphysicallocation, where you have agreed to it being used for the contact at sites using our goods and services; and
c) Information that may be provided by you when adding content to our App, website or other web- based tools or operating systems.
4. What information do we collect from our suppliers, customers, agents and partners?
4.1 When you enter into a contract with us for goods and services, we may collect the following information when you purchase from us or supply to us:
a) Your name and contact details, email address, job title, address, telephone number
b) Your physical location
c) Bank account details for payment for suppliers, partners, and agents
5. How we use your information
5.1 We only use Information when the law allows us to.
5.2 We will hold, use and disclose your Information for our legitimate business purposes including:
a) to keep you up to date about important changes to our business;
b) to direct-market products and services (including push notifications), advise you of news and industry updates, events, promotions and competitions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
c) to answer your queries;
d) to provide further services to you by sharing your Information with other companies within our group of companies;
e) to release Information to regulatory or law enforcement agencies if we are required or permitted to do so.
5.3 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health in your employee induction process. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
5.4 No decision will be made about you solely on the basis of automated decision-making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
6. The legal basis for processing your Information
6.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency (*);
b) Where we need the Information to perform a contract that we have entered into with you(**);
c) Necessary for the purposes of legitimate interests – either we or a third party, will need to process your Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, fulfilling customer, supplier and employment contracts, managing our operational performance and customer service delivery, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner (***);
d) Consent–in some circumstances,wemayaskforyourconsenttoprocessyourInformationina a particular way. Please note that we can process your Information without your knowledge or consent, in compliance with this policy and where this is either required or permitted in law. (****)
6.2 We have set out the situations in which we will process your Information and indicated using asterisks the purpose or purposes for which we are processing or will process your Information:
6.2.1. Making a decision about your recruitment or appointment (** and ***);
6.2.2. Determining the terms on which you work for us (** and ***);
6.2.3. Checking you are legally entitled to work in the UK (*);
6.2.4. Paying you and if you are an employee or deemed employee for tax purposes, deducting tax and NICs (* and **);
6.2.5. Providing benefits for employees/workers (**);
6.2.6. Enrolling you into a pension arrangement (* and **);
6.2.7. Liaising with trustees or managers or a pension arrangement operated by us, your pension provider and any other provider of employee benefits (* and **);
6.2.8. Administering the contract, we have entered into with you (**);
6.2.9. Business management and planning, including accounting and auditing (***);
6.2.10. Making decisions about salary reviews and compensation (***);
6.2.11. Assessing qualifications for a particular job or task, including decisions about promotions
6.2.12. Gathering evidence for possible grievance or disciplinary hearings (* and ***);
6.2.13. Making decisions about your continued employment or engagement (*, ** and ***);
6.2.14. Making arrangements for the termination of our working relationship (*, ** and ***);
6.2.15. Education, training and development requirements (** and***);
6.2.16. Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work (* and ***);
6.2.17. Ascertaining your fitness to work (* and ***);
6.2.18. Managing sickness absence (*, ** and ***);
6.2.19. Complying with health and safety obligations (*);
6.2.20. To prevent fraud (* and ***);
6.2.21. To monitor your use of our information and communication systems to ensure compliance with our IT policies (***);
6.2.22. To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution (***);
6.2.23. To conduct data analytics studies to review and better understand employee retention and attrition rates (***); and
6.2.24. Equal opportunities monitoring (* and ***).
6.2.25. To process orders for customers and suppliers and to administer related invoices, bills and purchase orders (**)
6.2.26. To administer payment processes (**)
6.2.27. To provide ICE services and related support (**)
6.2.28. To send operational information about ICE services (**)
6.2.29. To provide you with customer service messages and information regarding your account (***)
6.2.30. To tell you about ICE services and ICE products which may be of interest to you, as well as related news and promotions. We keep you informed by email, phone or similar direct messages (***)
6.2.31. To enable us to gain customer insights and to review, develop and improve our products, services and special offers (***)
6.2.32. To check your organisations credit information with credit rating agencies to guarantee payment of our services (***)
6.2.33. To respond to any questions or complaints you may have regarding your ICE account or the ICE business (***)
6.3 Sensitive personal information may also be processed by us where this is necessary for performing or exercising obligations or rights in connection with employment or other laws. On rare occasions, there may be other reasons for processing, such as public interest. We may process particularly sensitive information as below:
6.3.1. We may use information about your physical or mental health or disability status to ensure your health and safety at work, assess fitness to work, provide appropriate workplace adjustments, monitor and manage sickness absence and administer benefits including statutory maternity, statutory sick pay and pensions.
6.3.2. If we reasonably believe that you or another person are at risk of harm and the processing is necessary to protect you or them from physical, mental or emotional harm or to protect wellbeing.
6.3.3. We will use information about race or national or ethnic origin, religious or philosophical belief or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
6.4. One of the reasons for processing your data is to allow us to carry out our duties in line with contractual obligations and/or to comply with statutory obligations. If you do not provide us with the data needed to do this, we will be unable to perform those duties e.g. if you are an employee, ensuring you are paid correctly. We may also be prevented from continuing the contract with you in relation to our legal obligations and/or prevented from complying with a legal obligation if you do not provide us with this information e.g. an employee confirming their right to work in the UK or ensuring the health and safety of our workers.
7. How we share your Information
7.1 In certain circumstances we will share your Information with other parties for example where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Details of those parties are set out below along with the reasons for sharing it.
a) Other parties within our group of companies: Your information may be shared within our Group of UK companies as certain processing functions are centralised.
b) Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as IT infrastructure companies, payroll and pension administrators, healthcare providers and email logistics providers. We will not share your data with any third party where it is not necessary to do so to provide a service to you or fulfil a contract with you.
c) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
d) New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.
7.2 We do not share your data with bodies outside of the European Economic Area.
7.3 All third-party providers and other entities in our group are required to take appropriate security measures to protect your personal information in line with our policies. Third-party providers can only process your personal information for specified purposes and in accordance with our instructions.
8. How long we hold your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application and maintain application statistics. For payroll-related Information it may be necessary to hold your Information for 6 years for third party regulatory purposes e.g. for HMRC. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
9. Your rights relating to your Information
9.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a) Right of Access.
You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have a good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
b) Right of Correction or Completion
If the Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
c) Right of Erasure
In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed, or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
d) Right to Object to or Restrict Processing.
In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
e) Right of Data Portability
In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
- you have provided to us previously; and
- is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
9.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
9.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication or contacting us at the address or email address set out above.
11.1 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies
11.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
11.3 Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular.
This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provided to us in your cookies.
11.4 We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.
11.5 We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that match your preferred interests.
12. Accessibility of Online Systems
12.1 ICE recognise the importance of providing online systems that are accessible to everyone and are easy to use. This section outlines our ongoing commitment to making our online systems accessible and explains some of the accessibility features of these systems.
12.2 System accessibility means that people with disabilities can use these systems. More specifically, system accessibility means that people with disabilities can perceive, understand, navigate, and interact with the website, Apps and operating systems, and that they can contribute. Accessibility features include Narration, Text to Speech and Magnification. We continually strive to keep our system access updated to maintain accessibility for all.
If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113 Website: https://ico.org.uk/concerns/ Post: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF