Redrow: Privacy Notice for Employees

Privacy Notice for Employees

About this Notice

Barratt Redrow plc is committed to protecting and respecting your privacy. This notice explains why we collect your personal information and how we use it when you engage with us.

Who we are

The Barratt Redrow plc Group (referred to in this document as “we”, “us”, “our” and “Barratt Redrow”) is the Data Controller for your personal information under the Data Protection Legislation.

Our Head Office address is:

Barratt Redrow plc
Barratt House
Cartwright Way
Forest Business Park
Bardon Hill
Coalville
Leicestershire
LE67 1UF

Barratt Redrow consists of several companies and brands that share your information to better manage your relationship with us. Our brands include:

Barratt Homes
David Wilson Homes
Barratt London
Redrow
BD Living

The Companies in our group including their ICO registration numbers are as follows:

Company name	ICO Registration Number
Barratt Redrow plc	Z541067X
BDW Trading Limited	Z5581083
Redrow Limited	Z2113206
Redrow Real Estate Limited	Z1634659
Redrow Homes East Midlands Limited	Z287434X
Wilson Bowden Limited	Z7069084
Oregon Timber Frame Limited	ZB566965
Gladman Developments Limited	ZA025013
David Wilson Homes Limited	Z7584911
Kingsoak Homes Limited	Z4786181

In addition to the above we operate several joint ventures with other organisations that we have a material interest in.

Please note that this notice does not apply if you are an investor or if you navigate to the Barratt Redrow plc website operated on our behalf by Investis. The Notice for this site can be found here.

All data protection matters are managed at Barratt Redrow Group head office. Inquiries can be sent to dataprotectionmanager@barrattredrow.co.uk

This Employee Privacy Notice applies to UK based employees and prospective employees of Barratt Redrow plc (the "Company", "we", "us" or “Barratt”).

This policy applies to all employees of Barratt Redrow Plc, all subsidiaries, all temporary employees, apprentices, permanent employees, all contractors, suppliers and people working on behalf of Barratt Redrow and all joint venture partnerships.

We are required under data protection legislation to notify you of the information contained in this Privacy Notice.

The Company is a "data controller" in relation to your personal data and for some purposes, also a "data processor". This means that we are responsible for deciding how we hold and use personal information about you.

We value the privacy of those who provide personal information to us. Please read this Privacy Notice carefully to understand how we handle your personal information. This Privacy Notice describes:

1.1	what personal information we collect about our UK-based employees and potential employees, contractors and potential contractors;
1.2	how we use and otherwise process it;
1.3	the basis upon which we process it;
1.4	with whom it is shared; and how it is stored;

This notice also describes other important topics relating to information privacy. The overarching legislation is the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who does this notice apply to?
1. This Privacy Notice applies to all employees, agency workers, prospective and temporary employees, contractors and prospective contractors of the Company who are based in the UK.
2. It applies to all of your personal data that we process in the context of your employment, prospective employment, engagement or prospective engagement in the UK.
Data protection principles
1. We will comply with applicable data protection and privacy laws. These provide that the personal data we hold about you must be:
1. Used lawfully, fairly and in a transparent way;
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
3. Relevant to the purposes we have told you about and limited only to those purposes;
4. Accurate and kept up to date;
5. Kept only as long as necessary for the purposes we have told you about; and
6. Kept securely.

The information that we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data which cannot be linked to an individual in any way (i.e. anonymous data).
There are "special categories" of more sensitive personal data which require a higher level of protection and we have set out more details about this at section 7 below.
Information collection

We collect, store and use any of the following categories of information about you and we refer to this as “personal information” or "personal data" throughout this Privacy Notice:

Your personal details: name and title, gender, birth date, national insurance number/social security number, home address and home/personal phone number and email address and proof of identification and address, and marital status.
Your family’s details: emergency contact information, spouse or civil partner name and contact information, spouse's or civil partner's national insurance number, names of dependents and co-insured family members' details.
Documentation required under immigration laws: citizenship details, national identification number, other documents required to show your right to live in your current country and to work for the Company there and details required for residency, work permit and/or visa processes.

Employment/compensation records and information:

i	current and any former titles and positions held with us (and information about such positions, including start date, how long in position, location of position/place of work, employee identification number, promotions, training records, overall work history, disciplinary actions, grievances, retirement eligibility, transfers);
ii	identification or verification search results, including employment searches, and references (subject to applicable law);
iii	current and historic compensation or terms with or provided/offered by us, base salary, bonus, pension contributions, commissions, benefits, sales compensation plans and information relating to any such plans or benefits;
iv	work contact information (phone number, postal address, mailing address, email address);
v	size requirements in relation to company provided clothing, images in photographic form, movements through CCTV footage, call recordings, mystery shopping footage, if you are issued with a lone worker alarm we will capture yours and the location of the alarm; or if you drive a company van, the vans location and data regarding how its driven as well as dash cam footage;
vi	performance reviews and information (including any career development plans), conduct and capability information and training records;
vii	workplace accident information, sickness absence information and medical or health information (relevant to your employment and/or provided by you to us, for example, medical assessments and occupational health reports), records of any disabilities;
viii	work hours/pattern and annual leave information (including overtime and shift work, hours worked, breaks and department standard hours);
ix	absence information and details of any leave taken (for any reason);
x	travel bookings, expense related claims, records and information;
xi	details regarding the termination of your employment or engagement, including the leaving date and reason for leaving and exit interviews;
xii	written, electronic and phone communications;
xiii	Information about your race or ethnicity; and
xiiii	Information about criminal convictions and offences.

Payroll data: bank details, working time records, current compensation, tax and social security information, IDs related to payroll processing and student loan information (where applicable).
System and application access data: information required to access company systems and applications (such as system ID/ facial recognition).
Talent management/resume/CV information: when you apply for a job or work with us/for us, we need to collect and hold details contained in an application and resume/CV or otherwise provided to or obtained by us, including personal and contact details, previous employment background, professional qualifications and memberships, references. We may also collect and hold career development and skills analysis, training, education, departmental changes, performance and calibration details.
Management records: details of any shares or options of common stock or directorships that you may hold.
Miscellaneous information: information that you submit or input into our systems through completion of forms, information about your use of our email and IT systems (including system IDs, device IDs, back-ups and log on data), information obtained through electronic means.
Records of your interactions with us such as assessment notes and decisions (from initial recruitment and subsequent internal vacancy applications); use of our information and communication systems, including the computer, email, tablets, fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifiers; and records of any company procedures which either you or we initiate during your employment.

How is your information collected?
1. We will receive most of this personal information from you directly (including through the application and recruitment process), although we may also receive some of this information from third parties, such as recruitment agencies, social media or online searches (including LinkedIn), training providers, medical professionals or occupational health providers, former employers or public agencies. We will collect additional personal information in the course of job-related activities throughout the period of you working for us.
2. We may collect this information in a variety of ways. For example, data might be collected through application forms, CVs/resumes, obtained from your passport or other identity documents such as your driving licence, from forms completed by you at the start of or during employment/engagement (such as benefit nomination forms), from correspondence with you, or through interviews, meetings or other assessments.
3. We may sometimes collect additional information from other third parties including former employers, occupational health advisors, academic or professional bodies.
Use of your personal information
1. We collect, use and store your personal information for a number of purposes, including those set out in appendix 1 of this Privacy Notice.
2. Your family and emergency contact information: Separately, we may process personal information about your family, next of kin, emergency contacts or nominated beneficiaries, for the provision of benefits or so that we can contact them in an emergency type situation. If you disclose information about your family to us or include it in written, electronic or phone communications, we may also have access to this in our systems. If you share personal information with us that relates to other people (for example, former employees or your next of kin), you will need to check with that person that they are happy for you to share it with us, and for us to use it in accordance with this Privacy Notice.
Our legal bases for using your personal information
1. In order to comply with data privacy laws, we need to have legal bases for using your personal information for the purposes set out in this Privacy Notice. We have set out more detail about the legal bases we rely on to process your data in appendix 1. We consider that in nearly all cases, our legal basis will be one or more of the following:
  1. our use of your personal information is necessary for the performance of our obligations under our contract with you (for example, to pay you, communicate with you or to confer a benefit under the terms of your employment contract); or
  2. our use of your personal information is necessary for complying with our legal obligations, particularly as your employer/engager (or prospective employer/engager) (for example, providing employee personal information to HMRC, health and safety at work or conducting legally required checks on your right to work in the UK); or
  3. where our use of your personal information is not necessary for the performance of our contractual obligations, or compliance with our legal obligations, it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party (for example, to enable us to centralise our HR systems and to use dedicated third party systems, to ensure a safe working environment, to ensure the reliability of our employees or to maintain adequate personnel records).
2. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
3. Where we are relying on our legitimate interests or the legitimate interests of a third party, we have explained, in this Privacy Notice, what those legitimate interests are.
Why we collect and use sensitive personal data
1. Sensitive personal data, so called "special categories" of personal data, require higher levels of protection. We need to have further justification for collecting, storing and using this. Special category data is personal data relating to racial or ethnic origins; political opinions; religious and philosophical beliefs; trade union membership; genetic data; biometric data; health data; sex life or sexual orientation. We may process special categories of personal data in the following general circumstances:
  1. In limited circumstances, with your explicit written consent.
  2. Where we need to carry out our legal obligations and/or exercise rights conferred on us by law and in line with our data protection and information handling policy.
  3. Where it is needed in the public interest, such as, in some circumstances, for equal opportunities monitoring or in relation to an occupational pension scheme, and in line with our data protection and information handling policy.
  4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards
  5. Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your (or someone else's) interests and you are not capable of giving your consent, or where you have already made the information public.
  6. We may undertake drugs and alcohol testing
  7. We may send special category data for DE&I reporting, the reporting will always be an anonymised aggregate level
2. We will use sensitive personal data in the following ways:
  1. We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws and to administer benefits including statutory maternity pay, statutory sick pay, pensions and health insurance.
  2. We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance.
  3. If you leave employment and under any Company stock option plan the reason for leaving is determined to be ill-health, injury or disability, we will use information about your physical or mental health, or disability status in reaching a decision about your entitlements under the stock option plan.
  4. We will use information about your physical and/or mental health, or disability status, to meet our health and safety obligations and to assess fitness for work, including testing for drugs and alcohol; to provide appropriate workplace adjustments; for the purpose of preventative or occupational medicine or medical diagnosis; to provide appropriate workplace adjustments; to monitor and manage sickness absence and to administer the provision of healthcare or treatment.
3. We do not need your consent if we use special categories of your personal data in accordance with this Privacy Notice to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may ask you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us for the processing of your personal information or special categories of personal data. Consent may be withdrawn at any time by contacting @dataprotectionmanager@barrattredrow.co.uk.
4. We currently take deductions through payroll for trade union membership, whilst we do not actively process this data, we do capture it.
Information about criminal convictions
1. We may carry out background checks relating to criminal convictions (DBS checks) and request or hold information regarding criminal convictions. We also collect data on unspent convictions during your application process.
Monitoring
1. We reserve the right to monitor, audit, copy, store or delete any network traffic over our systems. This includes a right to retrieve or access the contents of messages, inboxes or to undertake searches of our email systems for the purposes of monitoring or investigating wrongful acts, to comply with any of our legal or regulatory obligations, or, occasionally to ensure the effective operation of our business (for example in the event of unexpected absence and where access to business emails is required). Anything learned by us as a result of such monitoring may be used in relation to disciplinary proceedings. All monitoring activities will be undertaken in accordance with the laws that apply to us.
How we share your personal information (and who with)
1. We may have to share your data with third parties, including third-party service providers and other entities in our group.
2. We require third parties to respect the security of your data and to treat it in accordance with the law.
3. Disclosure within the Company's group:
  1. Your business-related information will be made available to other Company employees, temporary employees and contractors and with customers, suppliers and agencies in the course of administering your employment or providing our services. This includes your name, work contact details, position related information, employee photo and other related details.
  2. Your personal information may be shared with any company that is a member of the Company's group, where it is in our legitimate interests to do so for internal administrative purposes, to effectively operate the employment relationship with you and/or the workforce generally, for management purposes, corporate strategy, auditing and monitoring, system maintenance support and hosting of data and/or research and development. Access to your personal information is limited to those employees who need to know the personal information, and may include your managers and their designees, as well as employees in the HR, recruitment, corporate services, legal, information technology, and finance departments.
  3. We may also share your personal information with our group companies where they provide products and services to us, such as IT systems, data hosting, HR services, legal support, payroll and benefits administration and recruitment.
4. Disclosure to other third parties:
  1. We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
  2. We will share your personal information with the following categories of third parties:
    1. other parties such as legal and regulatory authorities (including government departments and HMRC), accountants, auditors, lawyers, insurers and other outside professional advisors;
    2. customers, clients or suppliers (to the extent they need it) – this will usually just be your business contact details and related information; and
    3. companies that provide products and services to us, such as:
      1. payroll providers and our bank;
      2. benefits and pension providers/administrators;
      3. insurance companies, including those providing medical insurance and group income protection (and our insurance brokers);
      4. training providers and travel/hotel/venue providers;
      5. parties requesting an employment reference for you;
      6. HR services, such as external advisors, applicant tracking providers/systems, for surveys;
      7. cloud storage providers;
      8. police and immigration authorities;
      9. occupational health assessment providers and medical professionals; and/or
      10. IT systems suppliers and support, including providers of HR systems and benefits management, email archiving, telecommunications suppliers, back-up and disaster recovery and cyber security services; and other outsourcing providers, such as contract lease management, and off-site storage providers.
  3. We will also disclose your personal information to third parties in some other circumstances:
    1. if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
    2. if the Company or substantially all of its assets are acquired by a third party, in which case personal information held by the Company will be one of the transferred assets;
    3. if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
    4. to enforce our contract with you, to respond to any claims, to protect our rights or rights of a third party, to protect the safety of any person or to prevent any illegal activity; and/or
    5. to protect the rights, property or safety of the Company, our employees or other persons.
5. Restrictions on use of your personal information by those we share it with
6. Some of these companies may use your data in countries which are outside of the European Economic Area.
7. Any third parties with whom we share your personal information are limited (by law and/or by contract) in their ability to use your personal information and the purposes for which they use it. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws. In respect of third-party service providers who are processing data on our behalf, we only permit them to process personal data for specified purposes and in accordance with our instructions.
8. Other than as we have set out in this Privacy Notice, we will not share your personal information to any third party without notifying you and/or obtaining your consent. Where our actions are based on you having given your consent for us to use your information in a particular way, but you later change your mind, you should contact us at dataprotectionmanager@barrattredrow.co.uk to notify us of this and we will stop doing so.
Transfers of information
1. As set out above, personal information may be processed outside of the UK by employees working for us outside the UK, or other members of our group or third parties located outside of the UK. Please be aware that countries which are outside the UK may not offer the same level of protection for personal information as in the UK, although our collection, storage and use of your personal information will continue to be governed by this Privacy Notice.
2. When transferring personal information outside the UK, we will:
  1. ensure that the country in which your personal information will be processed has been deemed "adequate" by the relevant UK authorities under Article 45 of the UK GDPR; or
  2. ensure Compliance with the International Data Transfer regime
3. Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting us at: dataprtectionmanager@barrattredrow.co.uk
Retention of personal information
1. We have identified retention guidelines for different types of HR data taking into account the purpose for which data is collected, statutory obligations in respect of the retention of data and limitation periods for the bringing of claims where the data may be evidentially relevant.
2. The indicative retention periods are:
Recruitment records:
1. 6 months after the later of the point of collection, notification to candidates of the outcome of the recruitment exercise or last contact with the candidate on this. Recruitment information may be transferred to a successful candidate's employment file to the extent it is relevant to the ongoing relationship*.
Personnel records:
1. While employment continues and up to 7 years after employment ceases. However, we will review your records at intervals during employment and upon termination of employment to assess whether earlier deletion of any particular record is appropriate (where the data is no longer required for the purposes for which it was collected, and any relevant limitation periods have expired). There may be some aspects of your information we need to keep for longer such as pension data.
2. *We retain personal information following recruitment exercises to demonstrate, if required, that candidates have not been discriminated against on prohibited grounds and that recruitment exercises are conducted in a fair and transparent way.
1. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
2. Once it is no longer necessary to retain your personal information, we will securely destroy it in accordance with applicable laws and regulations.
Change of purpose
1. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
2. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your rights
1. You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any one of them, please contact dataprotectionmanager@barrattredrow.co.uk
2. In certain circumstances, you have the right to request that we:
  1. provide you with a copy of any personal information which we hold about you;
  2. update any of your personal information, which is out of date, incorrect or incomplete;
  3. delete any personal information which we hold about you if it is no longer necessary in relation to the purposes for which it was collected or processed (or, in some instances, where you have withdrawn your consent or objected to the processing);
  4. restrict the way that we process your personal information;
  5. provide your personal information to a third party;
  6. consider any valid objections which you have to our use of your personal information (where we are relying on our legitimate interests (or those of a third party) as the basis for the processing or that the processing is in the public interest); and
  7. provide a copy of any agreement under which your personal data is transferred outside of the UK.
3. We will consider all such requests and provide our response within the time period stated by applicable law. Please note, however, that certain personal information may be exempt from such requests in certain circumstances, which may include if we need to keep processing your personal information for our legitimate interests or to comply with a legal obligation. There will be certain circumstances where the right does not apply to you under law and we will review this when we consider a request.
4. We may request you provide us with information necessary to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
5. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
6. If you have any questions or concerns about our use of your personal information, please contact dataprotectionmanager@barrattredrow.co.uk
Right to withdraw consent
1. In the limited circumstances where our processing is based on your having provided consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
2. To withdraw your consent, please contact: dataprotectionmanager@barrattredrow.co.uk. Where these circumstances apply, once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Keeping us updated
1. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Security
1. The Company is committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and takes all appropriate precautions to safeguard the confidentiality of personal information. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge that we cannot guarantee the security of your personal information transmitted to us over the internet that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access.
2. Where we have given you (or where you have chosen) a password which enables you to access any account with us, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Automated decision-making
- Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless the following exceptions apply: 1. When the decision is authorised by law; 2. When the decision is necessary for a contract; 3 When the decision is based on your explicit consent.
Third party websites
1. You may, from time to time, during your employment, access links to or other websites operated by third parties (e.g. training providers, industry news sources and bulletins). Please note that this Privacy Notice only applies to the personal information that we collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.
Changes to our Privacy Notice
1. Any significant changes we make to our Privacy Notice in the future will be notified to you in writing. Please check back frequently to see any updates or changes.
Further questions or making a complaint
1. If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact: dataprotectionmanager@barrattredrow.co.uk. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
2. You may also make a complaint to the data protection supervisory authority in the UK, the Information Commissioner's Office (https://ico.org.uk/). Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

The practices described in this Privacy Notice statement are current personal information protection policies, as of June 2025.

If you have any questions about this Privacy Notice, please contact:

dataprotectionmanager@barrattredrow.co.uk

If you still have a concern about how we process your personal information you also have the right to report it to the Information Commissioners Office (ICO).

Appendix 1 - Lawful Grounds for processing Personal Data

Reason for Processing	Types of HR Personal Data	Basis for Processing
Recruitment and/or appointment process.	Your personal details (including name, address, contact information); covering letters; CV/resume data*; references; passport; visa; interview notes; suitability assessments, tax information, location (potential job title), current salary	Legitimate interests: recruitment decisions
Checking you are legally entitled to work in the UK.	Documentation required under immigration law; meeting/interview notes	Compliance with a legal obligation: right to work
Offer and onboarding process	Name; bank account details; compensation information; social security number; tax information; benefits and expenses records; details of next of kin and benefits beneficiaries; time and attendance records; contact details for next of kin/emergency contact	Necessary for performance of the contract Legitimate interests: Operation of the employment relationship/engagement
Processing payroll	Name; IDs relating to payroll processing; bank account details; compensation information; NI number benefits and expenses records; tax information; student loan information	Compliance with a legal obligation Necessary for performance of the contract
Administering employee benefits.	Name; bank account details and financial information; social security number; benefits and expenses records; contact details for next of kin and benefits beneficiaries; tax information	Necessary for performance of the contract
Liaising with your pension provider	Name; bank account details and financial information; social security number; contact details for next of kin and benefits beneficiaries	Necessary for performance of the contract Compliance with a legal obligation
Business management and planning, including accounting and auditing.	Financial information; benefits and expenses records	Legitimate interests: business management and controls Compliance with legal obligation
Conducting performance reviews, managing performance and determining performance requirements, performance awards.	Appraisal forms; interview and meeting notes; performance and development records; time and attendance records	Necessary for performance of the contract Legitimate interests: attracting and retaining talent; effective business operations.
Making decisions about salary reviews and compensation.	Name; pay details; appraisal forms; bank details and financial information; benefits and expenses records; interview or meeting notes; performance and development records; time and attendance records	Necessary for performance of the contract
Assessing qualifications for a particular job or task, including decisions about promotions.	Name; CV/Resume data; performance reviews; interview or meeting notes; performance and development records; time and attendance records	Necessary for performance of the contract
In connection with grievance, disciplinary, probationary or capability hearings.	Time and attendance records; performance reviews; disciplinary records; appraisal forms; interview notes; performance and development records; disciplinary and grievance records; time and attendance records	Legitimate interests: Dealing with internal processes; management of workforce
Processing a leaver	Name; pay details; bank details and financial information; benefits and expenses records; interview or meeting notes/references out	Legitimate interests: Management of workforce and effective business operations
Education, training and development requirements (including quality improvement).	Appraisal forms; interview or meeting notes; performance and development records; disciplinary and grievance records; training records	Legitimate interests: Employee training and development; effective business operations
Dealing with legal disputes involving you, or other employee or third parties, including accidents at work.	Names; medical and health related information; checks; occupational health data; accident records; appraisal forms; court, tribunal or inquiry proceedings; interview notes; performance and development records; disciplinary and grievance records; time and attendance records	Legitimate interests: Responding to and defending legal disputes/claims; managing our risks
Ascertaining your fitness to work and occupational health.	Names; medical and health related information; checks; occupational health data; accident records; interview or meeting notes; time and attendance records	Compliance with a legal obligation: health and safety Performance of contract Legitimate interests: Management of workforce and effective business operations
Managing sickness absence.	Names; medical and health related information; checks; occupational health data; accident records; interview or meeting notes; time and attendance records	Compliance with a legal obligation Performance of employment contract Legitimate interests: management of absent employees/dealing with capability issues
Paying sick pay	Names; medical and health related information; checks; occupational health data; accident records; bank details and financial information; time and attendance records; tax information	Compliance with a legal obligation: payment and administration of sick pay Performance of employment contract
Arrangements relating to family related leave (for example: maternity, paternity, adoption, shared parental leave).	Names; dependents' details; service period; financial information; bank details; medical and health related information; co-parent's details	Compliance with a legal obligation: payment and administration of family related leave Performance of employment contract
Complying with health and safety obligations and health and safety records and management.	Medical and health related information; medical checks; occupational health data; accident records; interview notes; time and attendance records	Compliance with a legal obligation
Expenses reimbursement	Travel and expenses records	Necessary for performance of the contract
To prevent fraud.	Bank details and financial information; benefits and expenses records	Compliance with a legal obligation Legitimate interests: Fraud prevention and proper conduct of our business
To monitor your use of our information and communication systems to ensure compliance with our IT policies.	Emails in and out; recorded telephone calls	Compliance with a legal obligation Legitimate interests: network and information security, preventing improper use of systems, protecting workforce
To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.	E-mails in and out; network use	Legitimate interests: ensuring system and data security
Whistleblowing procedures	Meeting notes; hearing records; investigation records	Legal obligations Legitimate interests: public interest, protecting our business and people
Maintaining internal organisational charts and personnel/contact databases and contact details.	Name; job title; employee ID; start date; place of work; work contact details	Legitimate interests: Operation of our business
Employee profiles / quotes for marketing purposes and promoting us on social media and internal websites	Name; job title; photo; start date	Legitimate interests: Attracting and retaining talent; operation of our business

*CV/Resume data includes name, personal address, personal telephone, e-mail address, date of birth, age, government I.D, citizenship status, academic record or qualifications/skills/accreditations/career history.