Employee, Contractor, Consultant and Worker Privacy Notice

Date of Issue: 01/05/2024 - for previous versions please contact us on hello@aztecuk.com

We are AZTEC EVENT SERVICES LIMITED. We’re a company registered in England and Wales with company number 05429795, whose registered address is at Ground Floor, Egerton House 68 Baker Street, Weybridge, Surrey, United Kingdom, KT13 8AL. In this privacy notice we will refer to ourselves as ‘we’, ‘us’ or ‘our’. We are the Data Controller of the personal information we collect, hold and use about you

We take the privacy, including the security, of personal information we hold about you seriously.

This privacy notice is designed to inform you about how we collect information about you and how we use that information during and after your employment (or other form of working relationship if you are a worker or a contractor) with us. This privacy notice does not form part of your contract of employment (for employees) or contract for services (for workers and contractors) and we are entitled to amend it from time to time, as we consider necessary. We will notify you of any substantial changes.

You should read this privacy notice carefully so that you know and can understand how we use the information we collect and hold about you.

You should also be aware of our data protection policy, which includes details about how we as an organisation, and you as employees or workers, should handle Personal Data relating to about other people, including information about our customers and suppliers. Our data protection policy includes obligations on you about how you handle personal information of others. Any breach of the data protection policy may result in disciplinary action being taken, which may include dismissal for gross misconduct.

We do not have a data protection officer, but if you have any questions about this privacy notice or issues arising from it, you should contact John Robson, who is responsible for matters relating to data protection at our organisation, including any matters in this privacy notice. You can contact them using the following details.

a. by phone on +44 (0)20 7803 4000;

b. by email at data.protection@aztec.events; or

c. by writing to Ground Floor, Egerton House 68 Baker Street, Weybridge, Surrey, United Kingdom, KT13 8AL.

We may issue you with other privacy notices from time to time, including when we collect Personal Data from you. This privacy notice is intended to supplement these and does not override them.

We may update this privacy notice from time to time and we will provide you with a copy or with access to the revised notice if and when we update it.

1. Key Definitions

1.1. The key terms that we use throughout this privacy notice are defined below, for ease:

1.2. Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how Personal Data is collected and stored and how it is used. We are the Data Controller in relation to the information we collect about you during your employment (or other working relationship) with us.

1.3. Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks on its behalf in relation to the Personal Data, on the written instructions of the Data Controller. (This might be IT support or payroll administrators).

1.4. Personal Data: in this privacy notice, we refer to your Personal Data as ‘Personal Data’. ‘Personal Data’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.

1.5. Special Categories – certain very sensitive Personal Data requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation. It also includes genetic information and biometric information.

2. Details of Personal Data that we collect and hold about you

2.1. Set out in the table below are the general categories and details of retention periods in relation to those categories (see Section 8 below for more details about retention) and in each case, the types of Personal Data that we collect, use, and hold about you:

Details of Special Categories that we collect and hold about you

3.1. Special Categories is explained in Section 1 above. 

Special information is explained in Section 1 above. We collect and hold the following types of Special Categories about you:

a. health;

Where we do hold Special Categories about you, then our retention periods are as follows:

3.2. We do not collect information from you relating to criminal convictions or offences.

4. Details of how and why we use Personal Data

4.1. We are only able to use your Personal Data for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below, but, in most cases, we will use your Personal Data for the following legal reasons:

a. Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you (which will usually be your contract of employment or contract for services);

b. Legitimate Interests Reason: this is where the use of your Personal Data is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms, or interests; and

c. Legal Obligation Reason: this is where we have to use your Personal Data in order to perform a legal obligation by which we are bound.

4.3. If you do not provide us with Personal Data we need, we may not be able to carry out our obligations under your employment (or services) contract or we may not be able to meet a legal obligation. For example, if you do not provide us with your bank account details, we will not be able to pay you.

4.4. It is important that you keep your Personal Data up to date. If any of your Personal Data changes, please contact us as soon as possible to let us know. For example, if you change address and do not tell us, we may send important documents to your previous address.

4.5. One other legal basis for use of Personal Data is where your consent has been obtained ("Consent Reason"). However, it is extremely unlikely that we will rely on consent as the legal reason for using your Personal Data. If for any reason we do wish to rely on your consent, we will provide you with details of what we require and why so that you are fully informed. Your employment (or services) contract is not conditional upon you providing your consent. Where we do rely on consent for a specific purpose as the legal reason for collecting and using your Personal Data, you have the right under data protection law to withdraw your consent at any time. If you wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your Personal Data for that purpose, unless we have another legal reason for processing your Personal Data, in which case, we will confirm that reason to you.

4.6. We explain in the table below the different purposes for which we use your Personal Data and, in each case, the legal reason(s) allowing us to use your Personal Data. We have also indicated whether or not those purposes may mean we collect and use Special Categories of Personal Data about you (and in each case an indication of what those Special Categories might be). Please also note the following:

a. if we use the Legitimate Interests Reason as the legal reason for which we can use your Personal Data, we have also explained what those legitimate interests are; and

b. for some of the purposes, we may have listed more than one legal reason on which we can use your Personal Data, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your Personal Data for that purpose, please contact us using the contact details set out at the start of this privacy notice.

4.7. We can use your Personal Data without your knowledge and without your consent where this is legally required or allowed.

4.8. Under data protection laws, we can only use your Personal Data for the purposes we have collected it, unless we consider that the new purpose is compatible with the purpose(s) for which we collected it. If we want to use your Personal Data for a different purpose that we do not think is compatible with the purpose(s) for which we collected it, we will contact you to explain this and state what legal reason is in place to allow us to do this.

4.9. Sometimes we may anonymise Personal Data so that you can no longer be identified from it, and use this for our own purposes. In addition, sometimes we may use some of your Personal Data together with other people’s Personal Data to give us statistical information for our own purposes. Because this is grouped together with other Personal Data and you are not identifiable from that combined data, we are able to use this.

5.      Details of how we collect Personal Data and Special Categories

5.1. We will usually collect information about you during recruitment directly from you (whether by application form, CVs, interviews or otherwise), but we may also collect information from third parties such as agencies, suppliers of background checks and references from your former employers.

5.2. During the course of your employment or working relationship with us, we may collect additional information about you, much of which we will collect directly from you.

5.3. We may also collect Personal Data about you from third parties (such as doctors and pension trustees).

5.4. During the course of your employment or working relationship with us, we may create and use Personal Data about you, which may include information from management and other staff.

6.      Details about who Personal Data may be shared with

6.1. We may need to share your Personal Data with other organisations or people. These organisations include:

a. Third parties who may include:

i. suppliers: such as contractors, agents, IT support services, payroll providers, administration providers, pensions administrators, parties who administer benefits (such as insurers);

ii.government bodies and regulatory bodies: such as HMRC, fraud prevention agencies;

iii.      our advisors: such as lawyers, accountants, auditors, insurance companies who are based in the UK;

iv.      our bankers who are based in the UK;

c. any organisations that propose to purchase our business and assets – in which case, we may disclose your Personal Data to the potential purchaser.

6.2. Depending on the circumstances, the organisations or people who we share your Personal Data with will be acting as either Data Processors or Data Controllers. Where we share your Personal Data with third parties, we require them to keep your Personal Data confidential, to keep it secure, and only to use it for the agreed purposes. Where we share your Personal Data with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them.

7.      Details about transfers to countries outside of the EEA

7.1. We do not transfer your Personal Data outside of the EEA.

If any transfer of Personal Data by us will mean that your Personal Data is transferred outside of the EEA, we will ensure that safeguards are in place so that a similar degree of protection is given to your Personal Data, as is given to it within the EEA. We will also ensure that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring Personal Data outside of the EEA which are available to us – these are known as ‘derogations’ under data protection laws). We may need to transfer Personal Data outside of the EEA to other organisations within our group or to the third parties listed above in Section 6 who may be located outside of the EEA.

The safeguards set out in data protection laws for transferring Personal Data outside of the EEA include:

a. where the transfer is to a country or territory which the EU Commission has approved as ensuring an adequate level of protection;

b. where Personal Data is transferred to another organisation within our group, under an agreement covering this situation which is known as 'binding corporate rules';

c. having in place a standard set of clauses that have been approved by the EU Commission;

d. compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);

e. certification with an approved certification mechanism;

8.      Details about how long we will hold your Personal Data

8.1. We will only hold your Personal Data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the Personal Data (see Section 4 above) and whether we are under any legal obligation to keep the Personal Data (for example, in relation to accounting or auditing records or for tax reasons). We may also need to keep Personal Data in case of any legal claims.

8.2. You can contact us (using the details at the beginning of this notice) to request a copy of our retention policy, which sets out how long different types of Personal Data will be kept for.

We have set out above the details of our retention periods for different types of data. You can find them in in Section 2 and also in Section 3.

9.      Automated decision-making

9.1. ‘Automated decision-making’ is where a decision is automatically made without any human involvement. Under data protection laws, this includes profiling. ‘Profiling’ is the automated processing of Personal Data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests, and preferences).

9.2. Data protection laws place restrictions upon us if we carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you.

9.3. We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. If we decide to do this, we will notify you and we will inform you of the legal reason we are able to do this.

10.    Your rights under data protection law

10.1.  Under data protection laws, you have certain rights in relation to your Personal Data, as follows:

a. Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the Personal Data that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your Personal Data is being used.

b. Right to correction: this is the right to request that any incorrect personal data is corrected, and that any incomplete personal data is completed.

c. Right to erasure: (this is often called the 'right to be forgotten').This right only applies in certain circumstances. Where it applies, you have the right to request that we erase your Personal Data.

d. Right to restrict processing: this right only applies in certain circumstances. Where it applies, you have the right to request that we restrict the processing of your Personal Data.

e. Right to data portability: this right allows you to request that we transfer your Personal Data to someone else.

f. Right to object: you have the right to object to us processing your Personal Data for direct marketing purposes. You also have the right to object to us processing Personal Data where our legal reason for doing so is the Legitimate Interests Reason (see Section 4 above) and there is something about your particular situation that means that you want to object to us processing your Personal Data. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).

10.2. In addition to the rights set out in Section 10.1, where we rely on consent as the legal reason for using your Personal Data, you have the right to withdraw your consent. Further details about this are set out in section 4.5.

10.3. If you want to exercise any of the above rights in relation to your personal information, please contact us in writing (which includes email), using the details set out at the beginning of this notice. If you make a request, please note:

a. we may need certain information from you so that we can verify your identity;

b. we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and

c. if your request is unfounded or excessive, we may refuse to deal with your request.

11.    Complaints

If you are unhappy about the way that we have handled or used your Personal Data, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your Personal Data, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.