· web viewprimarily for security purposes although we may also use the cctv footage when...

Employee Record of Processing – relating to individuals who apply to the company for work, whether as an employee, worker, contractor agency worker, consultant or direction (“Job Applicants)

Data Controller (name of person in business and contact details)Data Processing Lead (name of person in business and contact details, if different from controller)Ordinary Personal DataCategory of Personal Data

Purpose of Processing

Lawful basis for processing

Retention Period

Categories of recipients to whom sent

Transferred outside the EEA

Technical and organisational security measures adopted

Biographical details (including name, title, contact details, DOB, gender, emergency contacts, photograph)

Administration of the contract, emergency contact details so we can look after Employee welfare in an emergency, gender for equal opportunities monitoring, DOB for checking rates of pay and BHA stable employee information, photograph for BHA stable employee information

Legal Obligation

Performance of the Contract

Legitimate interest to hold emergency contact details in order to inform an Employee nominated person in an emergency situation

As a legitimate interest for safeguarding in relation to overnight racecourse stays, photograph for stable identity pass, gender for

See Employee Data Retention Process [if possible insert envisaged time limit for erasure of this category of data]

N/A or insert recipients. This template includes some suggestions as to recipient for businesses to amend and add to as appropriate.

British Horseracing Board and Weatherbys under contract to the BHA

Other racing jurisdictions if employee

N/A or [insert details of country/countries to which data is transferred – consider if you have runners outside of the EEA what personal information you have to transfer in connection with that)

See the [Information Security Policy] OR [[insert details of measures relevant to this category of data]

Record of Processing Employee Data 1

stable employee industry record and for overnight racecourse stays

accompanying horses racing outside of UK

Recruitment information (inc correspondence/references/right to work checks and related documents)

Administration of the contract and to aid and demonstrate that Employees have the legal right to work in the UK

Legal Obligation


Legitimate interest to maintain relevant and appropriate records of recruitment for business administration and administration of employment


N/A or insert recipients

N/A or [insert details of country/countries to which data is transferred]


Employment details (inc start date, contractual terms, location, job title, career history)

Administration of the contract

Managing our relationship with Employee on an ongoing basis

Details about role/experience etc may be used in communications with customers and potential

Legal Obligation


Legitimate interest to manage ongoing relationships and to promote goods/services to customers and potential customers



Consider if likely to be shared with NARS or other trade union, RIABS

N/A or [insert details of country/countries to which data is transferred



customers Payroll and tax/NI and bank details

Paying employees, deducting tax and NI as appropriate, keeping appropriate records

Legal Obligation


NI number for BHA Stable Employee Records



HMRC Payroll providerWeatherbysBHA



Working hours and arrangements

Paying employees correctly

Complying with legal obligations regarding working time

Managing attendance, day to day operational management and dealing with requests to alter hours

Arrangements – if employee under 18 to seek consent to overnight stays away whilst accompanying horses racing

Legal obligation

Performance of the contract

Legitimate interests to manage working hours/arrangements to ensure effective business operations

Legitimate interest to safeguard young workers and in line with BHA safeguarding advice


N/A or insert recipientsHMRCHSEInformation on working hours may be shared with NARS or other trade union if correspondence from them is received Employee under 18, seeking consent from parent or carer to overnight stays at racecourses



Pay and benefits including pensions and RIABS

Providing employees with agreed pay, benefits and expenses, making decision about

Legal Obligation


Legitimate

See Employee Data Retention Process [if





future compensation, tracking and reviewing pay, benefits, expenses, making strategic decisions about compensation, auditing and reporting on company financial position

interest to analyse pay, benefits and expenses and make decisions about appropriate compensation on an individual and company level

possible insert envisaged time limit for erasure of this category of data]

Performance and career progression (including appraisals, performance management, target/objective setting, consideration of new duties)

Ensuring employees perform in accordance with their contract and the standards required, and considering future duties/roles, setting performance related pay increases, determining eligibility for performance bonuses

Performance of the Contract Legitimate interest to manage performance and duties/roles to ensure effective business operations (and set appropriate levels of remuneration)





Qualifications (including educational, vocational, driving licenses where appropriate) and training

Ensuring Employees are appropriately qualified and trained for current or potential roles

Legal Obligation


Legitimate interest to ensure that there are appropriate qualifications and training for






current or potential roles

Holiday and other leave

Managing statutory and non-statutory holiday and leave

Legal Obligation


Legitimate interest to ensure leave is taken is compatible with business requirements and that any consequence operational adjustments are made



Information on holiday and other leave may be shared with NARS or other union if a query from them is received


Disciplinary, conduct and grievance matters about or involving Employees

Investigating and dealing with disciplinary, conduct and grievance matters related to or otherwise involving Employees

Legal Obligation


Legitimate interest to deal effectively with disciplinary, conduct or grievance matters, whether Employees are subject to them or otherwise connected to the issues raised

Public interest in detecting or preventing unlawful acts



Information may be shared with NARS or other union if a query from them is received



Employee representation Establishing and facilitating

Legal ObligationSee Employee

N/A or [insert details of country/countries

See the [Information Security Policy] OR


consultation with staff on relevant matters

Legitimate interest to engage with appropriate Employee representative on relevant matters

Data Retention Process [if possible insert envisaged time limit for erasure of this category of data]


to which data is transferred

[[insert details of measures relevant to this category of data]


Health and Safety Conducting risk assessments; establishing safety measures to mitigate identified risks; providing a safe working environment; keeping required records

Legal obligation

Legitimate interest to ensure Employees are able to performance their duties in a safe environment for the efficient operation of the businessLegitimate interest relating BHA requirements on health and safety




Changing terms of employment or termination of employment

Administration of the contract, making changes to the terms of employment to fit business requirements managing relationships with Employees on an ongoing basis including during notice, promotions, role changes, and other career progression, termination of working relationship however instigated, managing post employment

Legal Obligation


Legitimate interest to manage, alter and where relevant to terminate the contractual relationship or respond to resignations and deal effectively with post employment issues






issues

CCTV footage

Primarily for security purposes although we may also use the CCTV footage when investigating allegations of misconduct by employees

Legal Obligation


Legitimate interest to deal effectively with allegations of misconduct and to maintain the security of our premsies





Information about Employee’s use of business equipment, technology and systems including our computers/telephones/mobile phones/software/applications/social media [door entry systems/clocking in and out system/time recording]

Maintaining the operation, security and integrity of our business communication systems (e.g. protection from hackers, malware), providing IT and communications systems support, preventing excessive personal use, keeping premises secure, manging time record


In our legitimate interest to maintain, operation, security and integrity of communication systems, prevent excessive use of business resources for personal purposes, to record time worked





Personal data produced by employees in the course of carrying out their job (e.g. job-related emails, minutes of meetings, written reports, business social media presence, etc)

Performance of job duties by Employees, carrying on the business of the company, monitoring business social media presence

Performance of the contractIn our legitimate interest to carry out the company business




to ensure expected standards are complied with

Personal data, which may include any of the types of data set out in this appendix that is relevant to our strategic decision-making processes, to planning business operations, actual and potential legal claims, corporate reporting and business risk analysis

To carry out the company business, analyse current business performance, plan for the future, present information in reports to relevant audiences such as shareholders where applicable, protect the company from legal claims, seek professional advice as and when required in the course of running our business

Legal obligationPerformance of the contractIn our legitimate interest to carry out the company business including taking strategic decisions in the interest of the business, communicating about the business with relevant audiences and seeking professional advice where appropriate





Personal data, which may include any of the types of data set out above, that is relevant to strategic decision making process, to planning business operations, actual and potential legal claims, corporate reporting and business risk analysis

To carry out the company business, analyse current business performance, plan for the future, present information in reports to relevant audiences such as shareholders, protect the contact from legal claims, seek professional

Legal obligation


Legitimate interest to carry out the company business, including making strategic decisions in the interest of the business, communicating about the






advice as and when required in the course of running our business

business with relevant audiences and seeking professional advice where appropriate

Special Category Data

Category of personal data Purpose of processing

Lawful basis for processing

Additional lawful basis for processing and safeguards for special categories of personal data or data relating to criminal convictions and offences

Retention Period

Categories of recipients to whom disclosed

Transferred outside EEA


Sickness absence and medical information (including records relating to absence and its management, information about any medical condition and doctor’s reports and notes)[drug and alcohol testing if applicable]

Payment of company and statutory sick pay, providing employment benefits, managing absence and ensuring appropriate cover

Legal obligation

Performance of contract

Legitimate interest to manage Employees with health conditions, maintain a safe working environment, and to manage sickness absence of the workforce and ensure appropriate cover

Legal obligation/right in relation to employmentAssessment of working capabilityIn exceptional circumstances, to protect your or someone else’s interests where consent cannot be given

Data is retained and erased in accordance with the Employee Data Retention Process





Family leave (including maternity, paternity,

Facilitating the taking of family

Legal obligationPerformance of

Legal obligation right in relation to

See Employee


N/A or [insert

See the [Informatio


adoption and shared parental leave, parental leave and time off for depends (which could include information about Employee health, religious beliefs, sexual life or sexual orientation)

related leave, payment of maternity, paternity, adoption and shared parental, pay, managing absence and ensuring appropriate cover

the contractIn our legitimate interest to manage absences and ensure appropriate cover

employment

Assessment of working capacity


Data Retention Process [if possible insert envisaged time limit for erasure of this category of data]

details of country/countries to which data is transferred

n Security Policy] OR [[insert details of measures relevant to this category of data]

Trade Union Membership

Facilitating meetings with union representatives for collective bargaining purposesCompliance with legal obligations to allow time off for trade union activities, training etc.

Legal obligation

Legitimate interest to engage with trade union representatives and manage and facilitate time off, etc., for trade union representatives where applicable

Legal obligation/right in relation to employment






Equal opportunities and diversity which could include information about Employee race or ethnicity, religious beliefs, sexual orientation or health

To monitor equality of opportunity and diversity in our organisation, comply with company policies

legitimate interest to understand how our organisation is doing with regard to diversity and equal opportunities

Public interest in monitoring equal opportunities within the workforce






[Biometric data used to identify Employees (e.g. finger print laptop

[To ensure security of laptops]

Legitimate interest in the security of the

[(Employee’s explicit consent (given voluntarily – if there

See Employee Data Retention Process [if


N/A or [insert details of country/countries to


recognition or finger print banking recognition)

business is no consent then alternative means of access to laptops will be made available). If there is consent, Employees have the right to withdraw consent at any time, in which case alternative means of access will be made available]


possible insert envisaged time limit for erasure of this category of data]

which data is transferred

Criminal convictions/offences/if you have disclosed that you are known to a local authority as being a risk or potential risk to young people/ and or adults at risk, or that you are subject to disciplinary investigations or sanctions by any organisation due to concerns about your behaviour towards young people or adults at risk

If a criminal conviction comes to light or a safeguarding concern is identified, to investigate and assess the impact, if any, on your continued employment (see the company Disciplinary Policy)

Legal obligation


Legitimate interest to determine whether to employee individuals with criminal convictions in particular roles

Employee has manifestly made the information public

Establishing, exercising or defending legal claims

Legal right in connection with health and safety

Public interest in detecting or preventing unlawful acts







Job Applicant Record of Processing – relating to individuals who apply to the company for work, whether as an employee, worker, contractor agency worker, consultant or direction (“Job Applicants)

Data Controller (name of person in business and contact details)Data Processing Lead (name of person in business and contact details, if different from controller)Category of personal data

Purpose of Processing

Lawful basis for Processing

Additional lawful basis for processing and safeguards for special categories of personal data or data relating to criminal convictions and offences

Retention Period

Categories of recipients to whom disclosed

Transferred outside EEA?


Information contained in application forms/CVs/covering letters or otherwise provided to the Company by the Job Applicant, including name, title, contact details, employment history, experience, skills, qualifications, training including educational vocational, driving licences where appropriate, referees’ names and contact details

Processing application and corresponding with Job Applicant about itAssessing whether Job Applicant has the skills, experience, qualifications and training for a role

Making informed recruitment decisionVerifying information provided by Job Applicant

Entry into a contract

Legal obligation

Legitimate interest to review and consider Job Applicants’ personal data in order to select the most appropriate candidate for the job

N/A






Keeping appropriate records of the recruitment process

Publicly available information about Job Applicants, such as their business social media presence

Processing application and corresponding with Job Applicant about it

Assessing whether Job Applicant has required skills, experience, qualifications and training for a role

Making informed recruitment decisions

Verifying information provided by Job Applicant

Keeping appropriate records of the recruitment process


Legal obligation


N/A





Selection information, including correspondence, interview notes, internal notes, results of any written, online or practical selection tests


Assessing whether Job Applicant has


Legal obligation N/A

See Employee Data Retention Process [if possible insert envisaged




required skills, experience, qualifications and training for a role


Verifying information Provided by Job Applicant

Keeping appropriate records of recruitment process


time limit for erasure of this category of data]

Pre-employment check information, including references and verification of qualifications




Verifying information Provided by Job Applicant

Keeping


Legal obligation


N/A






appropriate records of recruitment process

Complying with BHA rules of racing requirement to take up a reference on the previous trainer if previously employed in racing

Right to work checks and related documentation




Checking and demonstrating that Job Applicant has right to work in UKVerifying information provided by the Job Applicant

Keeping appropriate


Legal obligation

Legitimate interest to ensure we are compliant with obligation not to employ individuals who do not have a legal right to work in the UK

N/ASee Employee Data Retention Process [if possible insert envisaged time limit for erasure of this category of data]





records if recruitment process

Equal opportunities and diversity which could include information about race or ethnicity, religious beliefs, sexual orientation or health

To monitor equality of opportunity and diversity in our organisation, comply with company policies

In our legitimate interest to understand how our organisation is doing with regard to diversity and equal opportunities

Public interest in monitoring equal opportunities within the workplace






Information relevant to the request by the Job Applicant for adjustments to recruitment process as a result of medical condition/disability

To carry out a fair, non-discriminatory recruitment process by considering/making reasonable adjustments to the process as appropriate


Legal obligation

Legitimate interest to make appropriate adjustments to ensure recruitment process is accessible and allows Job Applicants to fully engage with it

Legal obligation/right in relation to employment




[Pre-employment health questionnaires/medicals]

(see separate guidance notes)

[To assess whether successful Job Applicant is fit to do the job with adjustments, to consider/arrange suitable adjustments, and to comply with

[Entry into a contract

Legal obligation

Legitimate interest to ensure that successful Job Applicants are

[Legal obligation/right in relation to employment

Data is retained and erased in accordance with the

See Employee Data Retention Process [if possible insert envisaged time limit

See the [Information Security Policy] OR [[insert details of measures relevant to this


health and safety requirements]

fit to do their job and any necessary adjustments are put in place]

Employee Data Retention Process]

for erasure of this category of data]

category of data]

Criminal convictions/offences/if you have disclosed that you are known to a local authority as being a risk or potential risk to young people/ and or adults at risk, or that you are subject to disciplinary investigations or sanctions by any organisation due to concerns about your behaviour towards young people or adults at risk

To assess suitability for the role and verify information provided by the Job Applicant

Legitimate interest to determine whether to employ individuals with criminal convictions in particular roles

[Job Applicant has given consent]

[OR in limited circumstances, see separate notes: Legal obligation/right in relation to employment [safeguarding]]







· web viewprimarily for security purposes although we may also use the cctv footage when...

Documents