Keeping your data safe
Who's in control of your personal data?
The following of our Group companies may from time to time be the "controller" of all personal data collected and used for the purposes of providing and promoting our services:
This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
Where do we collect data from?
We collect personal data from a variety of sources and in a variety of ways, including the following:
What data do we collect and why?
We collect the following personal data about you and use it for the following purposes:
Some personal data is designated as "special category" personal data. This is personal data which is subject to higher levels of protection because it is more sensitive. This includes information about health, race, religion and political opinions. We don't usually collect any special category data, but we do need to know about any dietary requirements that you or any guests have. Usually this will only tell us what food is required (e.g. "gluten-free" or "no pork") but occasionally it might include some special category data (e.g. "coeliac disease" or "Muslim"). You should note the following points specifically about this type of data:
What do we use your personal data for?
We use your personal data for the following purposes:
What is our legal basis for using your personal data?
Where we process your personal data for the purposes of fulfilling a booking you have made and corresponding with you in relation to that booking, we do this on the basis that it is necessary to perform our contract with you to provide our services. Similarly, if you make an enquiry about a booking and we process your personal data in order to communicate with you regarding your enquiry, we do this on the basis that it is necessary to take steps at your request prior to entering into a contract with you.
For all other purposes listed above, we process your personal data on the basis that it is in our legitimate interests to do so. The legitimate interests that we rely on are as follows:
You have a legal right to object to us using your personal data where we process your data on the basis of our legitimate interests. To object to marketing, you can respond to our emails and confirm “Unsubscribe” or tell the Elior representative making a marketing call to you or email GDPRenquiry@elior.co.uk. To object to all other uses set out above, you can either choose not to provide us with the data in the first place (e.g. by not entering a competition or completing a feedback form anonymously) or you can email GDPRenquiry@elior.co.uk. We may not always be required to stop processing your data if we have compelling legitimate reasons to continue to do so.
Who do we share your personal data with?
We need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us, such as IT service providers and hosting providers.
We will also share your personal data with third parties in the following circumstances:
If we hold your personal data as a result of a relationship or potential relationship with the business that you work for, your business details will be stored in our client relationship management system. Some of the information within this system (including your contact name and contact details, business name and details, revenue, employee numbers and market) will be visible by employees across the Elior Group in the EEA, Dominican Republic, Chile, India, Mexico and the USA.
We do not transfer or store your personal data outside the European Economic Area (EEA). If we do transfer your data outside the EEA, we will inform you and we will ensure that equivalent protections to those in the UK are put in place to protect your personal data.
How long do we keep your personal data for?
We will keep all your personal data for up to 6 years from our last event or contract with you, or if we feel that your personal data is not needed for such a period of time we will delete your personal data sooner.
What rights do you have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
If you want to exercise any of these rights, please email us at GDPRenquiry@elior.co.uk or write to us at The Courtyard, Catherine Street, Macclesfield, Cheshire, SK11 6ET.The rights you have are as follows:
How can you contact us?
What if you have a complaint?
You have a right to complain to the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
You can find out how to do this by visiting www.ico.org.uk.
What if this policy changes?
Last updated: 23 May 2018
This document explains how the Company collects and uses information about potential, existing and former colleagues, workers and contractors / consultants for employment or service related purposes.
It provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your information and the rights that you have in relation to your information.
This section does not form part of any contract of employment or other contract to provide services. If there are any changes to the way in which your personal information is used, this section will be updated, or a new privacy notice provided and we will notify you of the changes.
The contact details of the Company for the purposes of data protection compliance are as follows:
Address: People Services, Elior UK, The Courtyard, Catherine Street, Macclesfield, SK11 6ET
Telephone: 01625 448777
What is personal information?
Personal information is any information that tells us something about you. This could include information such as name, contact details, date of birth, medical information and bank account details.
How do we collect personal information?
We collect personal information about you from various sources including:
What information do we collect?
We collect the following categories of information about you:
How do we use your information?
We use your information for the following purposes:
What is the legal basis that permits us to use your information?
Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal bases to use your information for employment-related purposes:
In more limited circumstances we may also rely on the following legal bases:
Some information is classified as "special" data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive, and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information and criminal conviction information in the following circumstances:
What happens if you do not provide information that we request?
We need some of your personal information in order to perform our contract with you. For example, we need to know your bank details so that we can pay you. We also need some information so that we can comply with our legal obligations. For example, we need information about your health and fitness to work to comply with our health and safety obligations.
Where information is needed for these purposes, if you do not provide it we will not be able to perform our contract with you and may not be able to offer employment or continue with your employment. We explain when this is the case at the point where we collect information from you.
How do we share your information?
We share your personal information in the following ways:
Where we share your personal information with third parties we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this section.
How do we keep your information secure?
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. Maintaining data security means using appropriate technical or organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.
When do we transfer your information overseas?
We do not routinely transfer your data outside of the UK and the European Economic Area. If we ever do transfer your personal data to countries outside of the UK and the European Economic Area which do not offer an equivalent level of protection for personal information to the laws in the UK, we will ensure that appropriate safeguards are put in place to protect your personal information.
For how long do we keep your information?
As a general rule we keep your personal information for the duration of your employment and for a period of six years after your employment ends. If you are an applicant we will keep your information for a period of twelve months in case appropriate opportunities arise. However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer. Full details of the retention periods that apply to your information are set out in our Data Retention Policy which is available on the extranet.
Your rights in relation to your information
You have a number of rights in relation to your personal information, these include the right to:
If you would like to exercise any of your rights or find out more, please contact email@example.com
If you have any complaints about the way we use your personal information, please contact People Services via email on firstname.lastname@example.org who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority (the Information Commissioner).