Statement of Purpose
ExtraCare are committed to safeguarding the privacy of all individuals who interact with us and we respect the privacy choices you make.
This privacy notice explains how we collect, use, share and protect the information we collect through our interaction with you, and your rights in relation to that.
Who We Are and How to Contact Us
When we refer to ‘ExtraCare’, we are referring to The ExtraCare Charitable Trust (ExtraCare). ExtraCare was established in 1988. We develop and run retirement villages and smaller housing developments. ExtraCare is the Data Controller. We are a registered charity number 327816, and a company limited by guarantee and registered in England and Wales as company number 2205136. Our registered head office is:
7 Harry Weston Road
Binley Business Park
ExtraCare Retail Limited is a wholly owned trading subsidiary which operates our charity shops across the Midlands and the North of England.
If you have any questions regarding this Privacy Notice or how to exercise your individual rights afforded under data protection legislation, please contact our Data Protection Officer:
Data Protection Officer:
The ExtraCare Charitable Trust
Tel: 02476 509023
ExtraCare has an established framework of policies, procedures, contracts and training in place dealing with data protection, confidentiality and security across our organisation and regularly review the appropriateness of the measures we have in place to keep the personal information we hold secure.
We recognise that we have an ongoing responsibility of transparency with data subjects so we keep this privacy notice under regular review and therefore encourage you to check it regularly. We will include a notification on our website’s home page if we make any significant changes to this privacy notice.
Your Data and How We Process It
ExtraCare only collects and processes data which is necessary for the purpose intended. We do not keep data for longer than it is needed. We look after your data and use up to date security and technical measures to keep it safe. We use your data in order to:
- manage and administer our employment relationship with you
- comply with legal and regulatory obligations
- monitor and improve equality and diversity
- assess suitability for a position of employment with ExtraCare
Personal Information, What and Why We Use It
- Personal details: your title, name, previous or maiden name, gender, nationality, civil/marital status, date of birth, age, personal contact details, national ID number, eligibility-to-work information, passport, driving licence, languages spoken; emergency contact information, details of any disability and any reasonable adjustments required as a result, next of kin details in the event of an emergency
- Recruitment and selection information: skills and experience, qualifications, references, CV and application, interview and assessment data, background and verification information related to the outcome of your application, details of any offer made to you
- Information related to your employment: contract of employment or engagement, work contact details, employee or payroll number, photograph, work location, your worker ID and various system IDs, your work biography, your assigned business unit or group, your reporting line, your employee/contingent worker type, your termination/contract end date, the reason for termination, your last day of work, exit interviews
- Regulatory information: records of your registration with any applicable regulatory authority, your regulated status, including any criminal record or credit background checks which may be necessary, and any regulatory certificates and references
- Remuneration and benefits information: your remuneration information (including salary/hourly plan/contract pay/fees information as applicable, allowances, overtime, bonus and commission plans), payments for leave/, bank account details, grade, tax information, details of any benefits you receive or are eligible for, benefit coverage start date, expense claims and payments, information and agreements
- Leave and absence management information: attendance records, absence records, holiday dates, requests and approvals and information related to family leave or other special or statutory leave, absence history, fit notes, details of incapacity, details of work impact and adjustments, manager and Human Resources (HR) communications, return to work interviews
- Performance management information: colleague and manager feedback, your appraisals and performance review information, outcomes and objectives, talent programme assessments and records, succession plans, formal and informal performance management process records
- Training and development information: data relating to training and development needs or training received or assessments completed
- Monitoring information (to the extent authorised by applicable laws): closed circuit television footage, system and building login and access records, photo on access card, download and print records, call or meeting recordings, information captured by IT security programmes and filters
- Employee claims, complaints and disclosures information: subject matter of employment or contract based litigation and complaints, pre claim conciliation, communications, settlement discussions, claim proceeding records, employee involvement in incident reporting and disclosures
- Equality and diversity information (where authorised by law and consent provided voluntarily): information regarding gender, age, nationality, religious belief, sexuality and race (stored anonymously for equal opportunities monitoring purposes)
How We May Use Your Personal Data
Subject to applicable law, your personal data may be stored and processed by us for the following purposes:
Recruitment and selection
- To evaluate applications for employment and make decisions in relation to selection of employees
- Pre-employment screening including, where relevant and appropriate, identity check, right to work verification, reference check, credit check, financial sanction check, criminal record checks
- To make job offers, providing contracts of employment or engagement and preparing to commence your employment or engagement where you accept an offer from us
- To contact you should another potentially suitable vacancy arise
- To deal with any query, challenge or request for feedback received in relation to our recruitment decisions
- To monitor programmes to ensure equality of opportunity and diversity
Ongoing management of all aspects of employees’ relationships with ExtraCare
- To manage and maintain HR hard copy records, files and systems, including technical support and maintenance of HR systems and managing electronic and hard copy records in line with ExtraCare retention schedules
- Providing and administering remuneration, benefits, pensions and incentive schemes
- To make appropriate tax and national insurance deductions and contributions
- To set and change building and system access permissions
- Identifying and communicating effectively with employees
- Where appropriate, publishing appropriate internal or external communications or publicity material, including via social media
- Managing and operating performance reviews, capability, attendance and talent programmes
- Managing grievances, allegations (e.g. whistleblowing, harassment), complaints, investigations and disciplinary processes, and making related management decisions
- Training, development, promotion, career and succession planning
- Business contingency planning and response to active incidents
- Processing details with employee consent of membership of trade unions, works councils and other employee representative bodies and to administer any associated subscriptions paid direct from salaries
Absence management and health and safety
- Processing information about absence
- Processing medical information regarding physical or mental health or condition to assess eligibility for incapacity or permanent disability related remuneration or benefits:
- determine fitness for work
- facilitate a return to work
- make adjustments or accommodations to duties or the workplace
- make management decisions regarding employment or engagement or continued employment or engagement or redeployment
- conduct related management processes
Compliance monitoring, security and systems use
- Measuring the performance of ExtraCare IT systems by monitoring employee usage of systems; this includes analysing times, locations and activities whilst users are logged into the network.
- Auditing, monitoring, investigation and compliance monitoring activities in relation to ExtraCare policies, the ExtraCare Code of Conduct, applicable law, the prevention and detection of criminal activity and to protect ExtraCare assets and premises
Responding to legal and regulatory requests
- Comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorised by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country
Termination of employment and managing post-employment relationships
- Complying with reference requests where ExtraCare is named by the individual as a referee
- Administering termination and post-termination matters, e.g. outplacement services, liaison with employee legal representatives, enforcing restrictive covenants, loan repayments, overpayments, expense reimbursements, employee benefits, conduct termination and post-termination litigation
To the extent authorised by local laws, ExtraCare may collect and process a limited amount of personal information falling into special categories, sometimes called ‘sensitive personal information’. This term means information relating to:
- health-related details, including any special dietary requirements and any reasonable adjustments that the Company may be required by law to make to your working arrangements
- information revealing racial or ethnic origin
- judicial information, including the results of criminal or police records checks which can include details of offences, alleged offences and sentences and information from other intelligence sources (subject to relevant local laws and record retention periods)
- marital status and next of kin
- political opinions or contributions, religious beliefs or other similar beliefs and sexual orientation, should you choose to provide any such information to the Company
- Your vaccination status may be collected. This information will be securely stored in iTrent along with your personnel record. This data will also be used after anonymisation for statistical, research and analytical purposes. Anonymisation of the data means that all personal identifiers are removed which prevents identification of an individual.
How We Collect Your Personal Information
We collect your personal information from a variety of sources, but in most circumstances directly from you. You will usually provide this information directly to your managers or local HR contact, or enter it into our systems, your participation in HR processes (including recruitment), emails and instant messages which may be recorded electronically or manually. In addition, further information about you will come from your managers, HR or occasionally from your colleagues.
We may also obtain some information from third parties, e.g. references from a previous employer, medical reports from external professionals, information from tax authorities, benefit providers or where we employ a third party to carry out a background check (where authorised by applicable law) or, occasionally, from clients.
In some circumstances, personal information may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings, instant message logs and email and Internet access logs), if and to the extent authorised by applicable laws.
Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated. The failure to provide mandatory information will mean that we cannot carry out certain HR processes. For example, if you do not provide us with your bank details, we will not be able to pay you.
Apart from personal information relating to you, you may also provide ExtraCare with personal information of third parties, notably your dependants and other family members, for purposes of HR administration and management, including the administration of benefits and someone to contact in an emergency. Before you provide such third-party personal information to ExtraCare you must first inform these third parties of any such information that you intend to provide and of the processing to be carried out by ExtraCare, as detailed in this notice.
Legal Basis For Processing Your Data
Your personal information is collected and processed for various business purposes, in accordance with applicable laws and collective bargaining agreements.
We will only collect, use and share your personal information where we are satisfied that one or more of the following legal bases apply:
- The processing is necessary for compliance with a legal obligation to which ExtraCare is subject, for example, disclosing information to local tax authorities, making statutory payments, avoiding unlawful termination, avoiding unlawful discrimination, meeting statutory record keeping requirements or health and safety obligations
- The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, prior to entering into such a contract, for example collecting bank details to pay your salary or processing information to provide you with the contractual benefits to which you are entitled
- The processing is based on your consent. Where consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from ExtraCare
- The processing is necessary for the legitimate interests pursued by ExtraCare or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. ExtraCare considers that it has a legitimate interest in processing personal information for the purposes set out above, and to support the achievement of its immediate and long-term business goals and outcomes
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
For the above purposes, personal information may be transferred within or outside of the jurisdiction where you are employed or perform work, either within ExtraCare or to third parties, including, but not limited to:
- certain third party including suppliers and service providers including; payroll, pension providers to whom ExtraCare may disclose personal information when required by law or court order, or as requested by any government or regulator or law enforcement authority or agency
ExtraCare may also disclose personal information to a third party where it is necessary to do so in order to protect or pursue ExtraCare legitimate interests (ensuring this is proportionate and limited to that information which is strictly necessary in the circumstances). This may include, but not be limited to, disclosure to a party with whom ExtraCare is in negotiation for the sale or transfer of a business, assets or services. ExtraCare will take appropriate steps to ensure that the recipient of personal information in such circumstances puts in place an adequate level of protection for such personal information in accordance with applicable legal requirements.
Where ExtraCare transfers personal information internally within ExtraCare or to any third party between different jurisdictions, including, but not limited to, transfers outside of the European Economic Area (EEA) including the USA, and to other jurisdictions that have not been deemed to offer adequate protection, for the purposes outlined in this document, it will take appropriate steps to ensure that there is an adequate level of protection for personal information in place in accordance with applicable legal requirements.
Your Rights As A Data Subject
You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the end of this document. These rights include:
the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so
in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us
the right to request that we correct your personal data if it is inaccurate or incomplete the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we must retain it
the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we must refuse that request
the right to lodge a complaint with the ICO if you think that any of your rights have been infringed by us.
when we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated to you.
In the UK, your rights arise from the General Data Protection Regulation as retained, amended EU law, and the supervisory authority is the UK Information Commissioner (https://ico.org.uk/).
You may also contact the Data Protection Team who will be pleased to assist you. The team can be contacted as follows: