Employee Privacy Policy V3.1

Last updated: 21st December 2023

We are a well-established Audiology and Optical Provider. We undertake all our testing and care remotely. We’ve been looking after people’s sight and hearing in the comfort of their own homes for over 35 years. We have a wide range of employees who help us deliver a high standard of care to our customers.

We are a registered Data Controller with the Information Commissioner.

Your Privacy matters to us

We appreciate the trust you place in us when sharing your personal data, the security of your data is very important to us. In this notice, we will explain how we collect, use, and protect your personal data. We will also provide information on what rights you have with regards to your personal data and how you can exercise those rights.

We appreciate that the world of data protection can seem a little complicated, we will try to explain things in a simple and straight forward way.

For the purposes of this privacy notice the term employee(s) will collectively refer to all employees, contractors, sub-contractors, and agency workers.

  • You, when you provide it directly to us either as an applicant or an employee
  • A guardian or appointed representative
  • Trusted recruitment agencies
  • Online enquiries via our website
  • Trusted pension providers
  • Trusted employee benefit scheme providers
  • Disclosure Barring Service where applicable
  • HMRC & other statutory agencies
  • Courts & tribunals where salary deductions have been ordered
  • Contact details & identifiers (such as name, address, phone, email and national insurance numbers)
  • Health information (such as disability information, capacity information, health conditions)
  • Contact information for representatives & guardians where appropriate
  • Information to help us manage your employment & performance
  • Information to help us assess your suitability for employment
  • To keep you informed about business and employment matters
  • To provide you with employment support
  • To manage training and development
  • To manage your employment and/or contract with us
  • To manage the information and keep it secure & UpToDate
  • To process payments and invoices
  • To enable access to health & wellbeing services
  • To respond to statutory returns including equality returns
  • To process your employee benefits
  • To process any voluntary deductions you request
  • To manage and support employment claims
  • To manage employee performance and skills
  • To authenticate access to IT systems and information
  • To ensure an effective response to the COVID-19 epidemic to ensure the safety, wellbeing and care of employees and customers
  • To ensure that health & safety risks are addressed
  • To manage complaints related to employment matters
  • To investigate and manage grievances and complaints
  • To manage quality of service provision
  • To comply with official investigations. This include sharing information with the Information Commissioner, Police and the General Optical Counsel and so on.
  • To monitor, identify and prevent information and cyber security incidents Facilitate technological development
  • To (where applicable) monitor the use of equipment & assets, staff performance and conduct
  • To record calls for training and monitoring purposes
  • Assess your suitability for employment and tasks

In accordance with the schedule 1 (1), (2) & schedule 2 of the Data Protection Act 2018, & Article 6 (b), (c) & (f) of the UK General Data Protection Regulation; we may monitor the use of company assets, employee conduct & records of time keeping for purposes such as preventing and detecting criminal acts, investigating unauthorised use, making sure that policies are being followed and for training and quality control.

Examples of such monitoring may include but is not limited to: CCTV, surveillance, access logs, system audits, remote working, IT usage, conduct, performance and the use & management of financial assets.

Please note that all employees are not routinely monitored in a blanket manner – all monitoring will be proportionate and justified.

We process a lot of employee information in line with our legal obligations under the following laws:

  • The Employee Rights Act 1996
  • The National Minimum Wage Act 1998
  • The Employee Relations Act 1999
  • The Maternity and Parental Leave etc. Regulations 1999
  • The Transfer of Undertakings (Protection of Employment) Regulations 2006
  • The Agency Workers Regulations 2010:
  • The Equality Act 2010
  • The Working Time Regulations 1998
  • The Data Protection Act 2018
  • The Coronavirus Act 2020
  • The Health Protection (Notification) Regulations 2010
  • The Public Health (Control of Disease) Act 1984 and associated Regulations
  • The Care Act 2014
  • The Safeguarding Vulnerable Groups Act 2006
  • Health and Safety at Work Act 1974
  • Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021

We may at times rely on our ‘legitimate interests.’ This is another way of saying we treat information in line with our business needs… but don’t worry we balance your privacy rights to ensure that the business needs pass privacy tests before using personal information in this way!

We might occasionally ask you for consent – we’ll be clear if we do.

We also use information to fulfil our contract – for example ensuring you are paid your agreed rate or salary.

In addition to employment laws, there are other laws we have to follow so there may be some cases where we are legally required to share information with statutory partners & Ombudsman – these are official Organisations like the Police or the General Optical Counsel. We’ll tell you more about this in the ‘who we share information with’ section.

If we relied on consent you can opt out by emailing info@outsideclinic.com

If we have relied on legitimate interests you may also be able to opt out, for more information contact info@outsideclinic.com

There may be some cases where we have to hang on to some information – we explain this in the ‘information we keep’ section.

OutsideClinic internal departments where appropriate.

Both internal colleagues & external customers will have access to information relating to you acting in your professional capacity and your personal contact details. We will of course balance disclosures with our duty of confidence to you and your expectation of privacy.

External organisations such as; H M Revenue & Customs, Disclosure and Barring Service, H M Court Service, Police Authority, Department of Work and Pensions, Pensions Administrators, employee benefits provider, external auditors, internal software providers, external organisation linked to TUPE legislation, external training providers supporting personal development or apprenticeships.

Health and Social care partners to ensure that care is accessible and where applicable administered to employees.

Organisations such as the Information Commissioner, Police, General Optical Counsel, Health and Care Professional Council and so on.

  • ask for a copy of the personal data we hold about you. Assuming your request is reasonable, we will provide a copy of all the personal data we hold about you and you can check that we’re processing it lawfully
  • ask us to correct the personal data that we hold about you
  • ask us to delete your personal data. This one’s a little tricky! If, for some reason, we still hold your data, but without good reason, at your request we’ll delete it. To be honest, this is a pretty unusual scenario, because we’re pretty hot on getting rid of data we’re not obliged to hold!
  • object to us processing your personal data. This applies where we’re relying on a “legitimate interest” of ours or a third party, and you have a situation which makes you want to object to us processing your data.
  • ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
  • ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible
  • withdraw consent for processing – we’ve mentioned this above in the ‘can you opt out?’ section
  • Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically. Here at the OutsideClinic, we don’t make automatic decisions, we carefully reach decisions about you and your information

We keep your personal data for as long as we have to and always do this in line with data protection laws. We don’t want to keep your data any longer than we need to!

We store information securely, we mainly keep this digitally on our protected devices, we may also keep paper records for a certain period of time but don’t worry we’ll keep these secure as well.

For more information please refer to our Employment Data Retention Schedule.

We care so much about privacy that we have got a helping hand from some data protection experts, Midland Data Protection act as our registered Data Protection Officer. Their contact details are below:

You can email: info@midlanddataprotection.co.uk

Or call: 0333 577 0646

Outside Clinic Contact details can be found at https://www.outsideclinic.co.uk/contact-us/

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

  • By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit www.ico.org.uk or email icocasework@ico.org.uk