Privacy Notice for Employees

WHAT IS THE PURPOSE OF THIS DOCUMENT?

Redrow Homes Limited is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you before, during and after your working relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR).

Redrow Homes Limited is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to current and former employees. This notice does not form part of any contract of employment. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

DATA PROTECTION PRINCIPLES

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are "special categories" of more sensitive personal data which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

• Contact details: information that allows us to contact you directly such as your name, personal email address, telephone number and current address.
• Specific information about you: such as information regarding your date of birth, gender, marital status, nationality, size/requirements in relation to company provided clothing, images in photographic form, movements though CCTV footage, call recording (to/from our sales centres); or if you are a Sales Consultant, mystery shopping footage; or if you are issued with a lone worker alarm, yours and the location of the alarm; or if you drive a company van, the van's location and data regarding how it is driven.
• Payment, transaction and financial information: details of your bank account for payment of your salary and any other monies you are due during your employment, tax status information, any other deductions we make at your request e.g. charitable giving, save as you earn, childcare vouchers, cycle to work scheme, or we have a statutory obligation to do, e.g. student loan repayments, court orders, shareholding, options, SARS and dividend entitlement.
• Identifiers: your national insurance number, copies of right to work documentation (and if applicable, CSCS card); employee reference number; passport and driving licence(s) (including copies where we are required to hold such information for identification or insurance purposes where you [or other members of your family] are to use our vehicles (including fork lift trucks)).
• Previous employment and qualifications history: details you provide as part of your application of your employment history, education and professional records/qualifications and referees. If within the 12 years prior to your application you were previously employed by Redrow, historical data retained within Your Redrow and Your Learning, or in paper files retained by HR will be incorporated within your latest employment and qualifications record.
• Employment, qualifications and professional memberships: during the course of your employment we retain current (and all previous) information such as your job title and start/end dates, location of employment, working hours, salary and compensation history, annual leave, pension membership, contribution and auto-enrolment history; benefits (which may include insurance policies), promotions; performance, including that generated through our appraisal processes; training and qualification records,  professional memberships and any other company roles you may hold such as first aider, mental health first aider, wellbeing champion, engagement group memberships, construction ambassador, or company champion.
• Records of your interactions with us: such as assessment notes and decisions (from initial recruitment and subsequent internal vacancy applications); use of our information and communications systems, including the computers, email, tablets, fixed and mobile phones that we allow you to use, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information; and records of any company procedures which either you or we initiate during your employment e.g. disciplinary, grievance or any statutory right which you exercise e.g. to request flexible working.
• Emergency contacts and family members: information about your emergency contacts and dependants, if provided e.g. in relation to an insurance purpose e.g. cover under benefits such as group life, healthcare or company car insurance; or to exercise your entitlements to statutory leave e.g. maternity, paternity, shared parental leave, time off for domestic emergencies.

We may also collect, store and use the following "special categories" of more sensitive personal information:

• Information about your race or ethnicity.
• Information about your health, including any medical condition, health and sickness records.
• Information about criminal convictions and offences.

HOW IS YOUR PERSONAL DATA COLLECTED?

We collect personal information about employees through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider e.g. Disclosure and Barring Service. We may sometimes collect additional information from other third parties including former employers, occupational health advisers, academic or professional bodies.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us. This may include you setting up various accounts on the systems which Redrow operates.

HOW WE WILL USE INFORMATION ABOUT YOU?

We are committed to protecting your privacy, and will only use your personal information in accordance with applicable data protection legislation from time to time in force in the United Kingdom including but not limited to, the Data Protection Act 2018 ("Act"); any legislation which succeeds the Act; the retained EU law version of the General Data Protection Regulation (EU) 2016/679) (the "UK GDPR), as it forms part of the law of England & Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018; and, where applicable, guidance and codes of practice issued by the Information Commissioner.

Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract we have entered into with you.

2. Where we need to comply with a legal obligation.

3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information where we need to protect your interests (or someone else's interests), or where it is needed in the public interest or for official purposes; both of which are likely to be rare.

This could include processing your data as a result of extraordinary event or circumstances beyond the control of Redrow, such as war, strike, riot, crime, epidemic, pandemic or an Act of God. This would mean your data may be processed in a different manner from that which is expected, including but not limited to the use of Redrow's apps and systems.

Redrow will only process your data if we have a lawful reason to do so and for the purpose consistent with your instructions and our services.

Situations in which we will use your personal information

We need all the categories of information in the list above (1.3) primarily to enable us to comply with legal obligations allow us to perform our contract with you. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The list below describes the main situations in which we will process your personal information:

Compliance with legal obligations

• Checking you are eligible to work in the UK;
• to comply with our legal obligations, in relation to for example: PAYE, National Insurance, Companies House filings, Stock Market regulations, company car related fines/penalties, production of earnings data for HMRC e.g. P11D benefits, exercising our legal responsibilities in relation to UK GDPR;
• providing you with family related benefits e.g. maternity, paternity or adoption leave/pay,
• auditing and producing statutory accounts,
• for the purposes of workforce monitoring e.g. equal opportunities, gender pay and required statutory reporting,
• complying with health and safety obligations including driving licence checking,
• for the purposes of ensuring the security of our systems and information as well as client information,
• to prevent and detect criminal or improper acts,
• to monitor your use of our information and communication systems to ensure compliance with our IT related legal obligations,
• to ensure network and information security, including preventing malicious software distribution,
• storage of records relating to you and also records relating to our business.

Performance of a contract

Administering the contract we have entered into with you, and which may change as your career with the company progresses, this includes:

• prior to you joining the company we will follow up on employment references you have provided and make other relevant employment or eligibility checks e.g. verifying qualifications or eligibility to work in the UK; and for some roles, making checks with the Disclosure and Barring Service,
• paying you through our company payroll, and on occasions via the award of share options, and making required statutory deductions,
• reviewing your level of pay and remuneration,
• providing you with benefits under your contract e.g. pension and for some roles, company clothing, company car benefits; and benefits provided through Group insurance contracts,
• providing you with access to other benefits of being our employee e.g. voluntary discount schemes, payroll giving, save as you earn,
• retention of records relating to you and your employment with us,
• administering the contract we have entered into with you and any changes e.g. role/promotion, working hours,
• producing and maintaining internal business documentation and communication materials e.g., intranet, staff directories,
• ascertaining your fitness to work and managing sickness absence,
• producing and maintaining external business documentation and communication materials e.g. websites, contact information to purchasers, news stories and public relations,
• providing you with training, some of which will be mandatory (e.g. Induction Health, Safety and Environmental training relating to legislation relevant to your role); and some may relate to your personal development,
• retention of records relating to your membership(s) of professional bodies,
• managing your performance, this includes reviews and appraisals or gathering evidence in accordance with a company investigation or procedure e.g. disciplinary, grievance or whistle blowing,
• processing a request from you, which may be in relation to family members who are eligible for cover under benefits provided to yourself; this can include named drivers on company car insurance, healthcare benefits, emergency contact or next of kin details,
• for the purposes of ensuring the security of our systems and information as well as client information,
• complying with health and safety obligations, including tracking company vans, locating a lone worker alarm or protecting an individual's work space with CCTV cameras e.g. inside sales offices,
• storage of records relating to you and also records relating to our business,
• for the purposes of managing any entitlements you have to shares;
• holding details of your shareholding and/or your entitlement to any share options in Redrow.

Legitimate interests of the company (data controller), and third parties

• making a decision about your recruitment or appointment and managing the recruitment process,
• business management, business intelligence, reporting and planning for example to review and better understand employee retention and attrition rates or review the competitiveness of our reward frameworks,
• producing and maintaining external business documentation and communication materials e.g., websites, contact information to purchasers, news stories and public relations,
• liaising with third parties relevant to your employment and/or benefits e.g. travel and accommodation arrangements, pension, life cover, income protection, company car, sending hampers, gifts and other awards,
• gathering evidence for possible grievance or disciplinary hearings,
• making decisions about your continued employment,
• making arrangements for the termination of our working relationship,
• education, training and development requirements; including records of professional memberships and accreditations,
• dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work,
• to monitor your use of our information and communication systems to ensure compliance with our IT policies;
• photographs and video footage - company intranet (team working), case studies (internal employer branding materials e.g. posters, websites, including third parties, e.g. HBF, Go Construct); PR, including via social media e.g. Twitter.
• to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
• In order to support our sales teams as well as our customers, we use mystery shopping and recordings of calls made to our sales centres to help assess ongoing customer service and enhance our sales skills,
• responding to requests from third parties you are seeking to enter into agreements with e.g. for your mortgage or to rent a property, or to provide an employment reference for you; or third parties you have otherwise nominated, e.g. solicitors or other professional advisers,
• allowing entry to building sites.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent
2. Where we need to carry out our legal obligations, relating to employment law, social security law or social protection law; and in line with our Data Protection policy.
3. Where it is needed in the public interest, such as for equal opportunities monitoring and in line with our Data Protection policy.
4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Our obligations as an employer

We will use your particularly sensitive personal information in the following ways:

• We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
• We will use information about your physical or mental health where necessary to administer claims under Group insurance contracts in order to provide you with benefits under your employment contract.
• We will use information about your physical or mental health, or disability status, to meet our health and safety obligations and to assess your fitness to work, including testing under our drug and alcohol policy; for the purposes of preventative or occupational medicine or medical diagnosis; to provide appropriate workplace adjustments; to monitor and manage sickness absence and to administer the provision of healthcare or treatment We will use information about your race or national or ethnic origin, to ensure meaningful equal opportunity monitoring and reporting.
• storage of records relating to you and also records relating to our business.

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

INFORMATION ABOUT CRIMINAL CONVICTIONS

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our Data Protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

AUTOMATED DECISION MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.

• You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless the following exceptions apply: 1. When the decision is authorised by law; 2. When the decision is necessary for a contract; 3 When the decision is based on your explicit consent.

As a Redrow employee, you may be asked to participate in a profiling exercise as part of your training. We may engage vairous external providers, such as Belbin, to deliver this service. This will be done with your explicit consent, and you will be subject to the provider's Privacy statements.

DATA SHARING

We may have to share your data with third parties, including third-party service providers, contractors and designated agents.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the UK If we do, you can expect a similar degree of protection in respect of your personal information.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

”Third parties” include third-party service providers. The following activities are carried out by third-party service providers:

• recruitment application, administration e.g. references or background checks; and on-boarding,
• HR, L&D and Payroll processing,
• benefits provision, administration and benchmarking, including pensions, company cars, company vans, voluntary benefit schemes and insured benefits,
• third party career related websites e.g. Go Construct and HBF,
• employee recognition, feedback and communications e.g. newsletters, company intranet and surveys,
• training, education and professional accreditations,
• filming and recording eg mystery shopping and call recording to/from sales centres, and video messages sent to customers,
• occupational health support,
• photography;
• government bodies, e.g. CITB and in respect of the Apprenticeship levy; tax authorities and other regulatory bodies.

How secure is my information with third-party service providers?

All our third-party service providers, where we are the data controller, are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers, where they are the data processor, to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Some third parties we share your personal information with will be a data controller in their own right. And therefore process it for their own purposes. This is usually where they are providing you with their own services or fulfilling a regulatory or legal function. This would include for example tax authorities, pension providers and insurance providers. They should provide you with their own privacy notice which is equivalent to this privacy notice to explain how your personal information will be used.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

Transferring information outside the UK

As far as we are currently aware personal information is not transferred to a country outside the UK, however if under the contractual arrangements that we have in place with contractors and suppliers we are notified that personal information is proposed to be transferred to a country outside the UK then we will ensure that your personal information does receive an adequate level of protection.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our internal procedures have been accredited as meeting the UK Government’s Cyber Essentials Plus standard.  We also have a dedicated IT security team who monitor our company network for vulnerabilities. Our servers are housed in secure environments. We follow strict procedures on accessing personal and other data. We operate professional backup and disaster recovery procedures and test them regularly.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of the main third parties who may process your data are listed in our Retention policy, which is available on our intranet.

The core systems holding employee personal data are :-

• Midland HR, iTrent, Your Redrow
• Synergy, Your Learning
• Harbour On-boarding
• Sorce, ‘Engage’ Intranet
• Lex Autolease, TTC Continuum
• Digital Apprenticeship Service,
• CITB Training Register
• Research Metrics LLC (sales mystery shopping)
• Engage EHS (RedHSE)

Through our contractual arrangements, we require confirmation that they have good access control, backups and disaster recovery plans.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

The use of privacy screens

To preserve the integrity and security of data the use of a privacy screen is mandatory when using your company laptop in a confined and restricted public space e.g. travelling on a train. This will help to reduce the likelihood of your screen being seen or photographed by an unauthorised person. Suitable privacy screens are produced by 3M and Targus, and are available from an office stationary supplier, costing between £30-60 depending on the size required.

DATA RETENTION  

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our Data Retention policy which is available on the intranet. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.-

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our Data Retention policy.

YOUR RIGHTS AND RESPONSIBILITIES   

Your duty to inform us of changes

It is important to ensure that the personal information we hold about you is accurate and up­ to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address.

Your rights

In accordance with the UK General Data Protection Regulations (UK GDPR), you have the right to access the information we hold about you, to correct it, erase it, and ask us to discontinue or restrict processing it, to object to how we are using it, the right to data portability and the right to withdraw any consent previously given.

Not all of these rights are absolute rights and they may be subject to exceptions. Also it is unlikely that the right to data portability will apply to personal information regarding you that we process. However the right to withdraw consent previously provided and to object to direct marketing are absolute rights.

You are able to view and update some of the personal information we hold about you through our employee self-service portal, 'Your Redrow'. Alternatively, you can contact a member of the HR department. Alternatively you may write to us providing a) details of the information you wish to see, correct or have removed and b) a means by which we may verify your identity. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Contact Details

You may contact us as the data controller to exercise any of the above mentioned rights or if you have any concerns regarding how we use your personal information at GDPR@redrow.co.uk; DPO@redrow.co.uk or by writing to us at: The Office for Data Protection, Redrow Homes Limited, St David's Park, Flintshire, CH5 3RX.

If you still have a concern about how we process your personal information you also have the right to report it to the Information Commissioner's Office (ICO)                                                                                                        see https://ico.org.uk/concerns.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Version 12.0     06.09.2024