This privacy notice (“Privacy Notice”) applies to people employed by Bookpoint Limited or Hachette UK Distribution Limited (“Hachette Companies” ”companies “company” “we” “us “our”) . It sets out how we collect use and share personal data (“Personal Information”) of our employees and workers (“employees”, “workers”, “you”, “your”) in connection with our distribution business. It also explains what rights you have to access or change your Personal Information.
We are your Data Controller which means we decide how your Personal Information is held, used and protected. We are required under data protection laws to notify you of the information set out in this Privacy Notice.
This Notice applies to current employees and workers. It does not form part of an employment contract or other contract to perform services. Employees and workers should comply with the Hachette UK Data Protection Policy and Employee Handbook.
This Privacy Notice sets out your rights under all applicable data protection and privacy legislation in force from time to time in the UK including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR); the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and the guidance and codes of practice issued by the Information Commissioner.
We take your privacy and our responsibility to protect your information seriously. Read our Privacy Notice to understand:
- – What information we collect about you
- – How we use information we collect about you
- – Who can see your information
- – When we share your information
- – How we look after your information
- – How long we keep your information
- – International transfers of your information
- – Rights and choices
COMPLIANCE WITH DATA PROTECTION PRINCIPLES
We will comply with all applicable data protection laws.
Under the Data Protection Principles contained in applicable data protection laws the Personal Information we hold about you must be:
- – used lawfully, fairly and in a transparent way
- – collected only for a valid purpose that has been clearly explained to you and not used in a way that is incompatible with these purposes
- – relevant to the purposes you have been informed about and limited to these purposes
- – accurate and kept up to date
- – kept only as long as necessary for the purposes you have been informed of
- – kept securely
WHAT INFORMATION WE COLLECT ABOUT YOU
Personal information means any information about a living individual from which that individual can be identified. The information you provide to us might include:
- – your name, postal address, home email address, phone numbers, (contact details);
- – gender;
- – date of birth;
- – marital status and dependents;
- – national insurance number and employee number;
- – nationality;
- – next of kin and emergency contact details;
- – bank account details;
- – tax status and HMRC tax codes;
- – salary, bonus, pension and benefits information;
- – annual leave unpaid leave, sickness leave, compassionate leave and jury service;
- – start date / continuous employment start date;
- – leaving date and reason for leaving, exit interview information;
- – location of employment and workplace;
- – copy of passport and driving licence;
- – recruitment information, CV, copies of any right to work documents and cover letters, references or previous employers;
- – employment records including job titles, work history, working hours, holiday leave, training records, professional memberships;
- – performance reviews;
- – disciplinary and grievance information;
- – CCTV footage and information obtained through electronic means (e.g. swipe cards, scanners);
- – information about your use of company IT systems and communication systems such as mobiles and telephones and personally owned bring your own devices (BYOD) where used for work purposes;
- – work email address and user names for company systems;
- – photographs;
- – blog contributions made on Twitter accounts or social media accounts in the name of any of the companies in the Hachette UK Group of companies;
- – your payment and other details listed on expense receipts if you claim back expenses via our expenses system.
Special Category Information
You may provide us with more sensitive information known as Special Category (“Sensitive”) information. This may include details about your racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, genetics, biometrics, health, sexual life, sexual orientation or about criminal offences or proceedings. This type of information will be treated differently, and we will explain why we are collecting it. Sensitive data will generally only be used with your explicit consent. However, we may collect sensitive data for example, to help us ensure equality of opportunity or treatment in our publishing business or where it is necessary to comply with employment or other laws for things like public health.
Information about criminal offences, proceedings and convictions
If you drive a vehicle on behalf of the company you will be asked to disclose any criminal convictions or proceedings relating to driving offences if necessary for insurance purposes. We will retain this information and pass on to fleet managers and insurers. If your job requires you to access schools we will facilitate a Disclosure and Barring Service check if required.
HOW WE COLLECT INFORMATION
We collect information during the recruitment process directly from candidates or from a recruitment agency or background check provider where these are used.
During your employment or whilst you are working with us, we will also collect Personal Information about you during job-related activities.
Information we receive from third parties:
- – We may sometimes collect information from third parties such as:
- – recruitment agencies, former employers, credit references agencies; Disclosure and Barring Service (DBS) where required;
- – trustees or managers of pensions formerly operated by an Hachette Group company;
- – medical or occupational health practitioners.
Information about how you use our website and apps:
Our website may include links to third party websites, plug-ins and applications. By clicking on those links or enabling these connections you may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy notices. Please ensure that you read the privacy notices on any such external websites.
HOW WE USE INFORMATION ABOUT YOU
We use your Personal Information lawfully. We do not sell your information to third parties. However, we may share your Personal Information as set out in the section ‘When we share your information’. The details of how we use your Personal Information and the legal bases for our use are set out below.
Where it is necessary in order to perform our contract with you:
- – to administer your employment contract;
- – to pay you and provide you with any remuneration in accordance with your contract;
- – to make decisions about your role or about your continued employment or engagement;
- – to process your requests to purchase our products from our website;
- – to liaise with any managers of any pension or life insurance arrangement operated by the company or any other provider of employee benefits.
Where it is necessary to comply with a legal obligation:
- – to check you are legally entitled to work in the UK;
- – to provide you with statutory sick pay, maternity or paternity pay or other benefits;
- – to enrol you in a pension arrangement under the statutory automatic enrolment obligations
- – to comply with health and safety obligations;
- – to ascertain your fitness to work;
- – to manage sickness absences;
- – to respond to queries from HMRC or tax authorities relating to tax or National Insurance and where you are an employee deduct any tax or National Insurance contributions;
- – to respond to requests for information required by the Government.
Where it is necessary for our ‘legitimate business interests’ (legitimate interests) or those of a third party and your interests and fundamental rights do not override those interests.
This means our legitimate interests in conducting and managing our business and our employment or working relationship with you.
Where we use your Personal Information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests do not automatically override yours and we will not use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing, you have rights and choices which include the right to object (please see the section headed ‘Your Rights and Choices’).
We may use your information for the purposes listed below on the basis of our legitimate interests:
- – to process any job applications you submit to us;
- – to work with our third party recruitment agency to process any job applications you submit to us;
- – to decide whether to recruit you;
- – to contact you or provide contact information to others for business purposes;
- – to process business documents or correspondence e.g. emails or records where your Personal Information appears;
- – for business management and planning including accounting and auditing;
- – for education, training and development requirements;
- – for performance reviews, and succession planning;
- – to make arrangements for the termination for your employment or engagement;
- – to gather information and evidence for possible grievance and disciplinary procedures;
- – to conduct performance reviews, manage performance and determine performance requirements;
- – to monitor your use of our information and communication systems to ensure compliance with our IT policies;
- – for business continuity purposes;
- – to deal with any legal disputes or claims involving you or other employees, workers or third parties relating to your work or which occur in the course of the performance of your duties including accidents at work;
- – to operate a safe and lawful business or where we have a legal obligation;
- – to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees;
- – to detect and prevent fraud and unauthorised access or illegal activity;
- – to improve security and optimisation of our network sites and services including trouble shooting, testing and software development and support;
- – to conduct data analytics studies to review and better understand employee retention and attrition rates.
We may use your Sensitive information in the following ways:
- – where necessary to carry out our legal obligations in relation to employment;
- – we will use information relating to leaves of absence, which may include sickness absence or family related leave, to comply with employment and other laws;
- – where you have given your express consent for example, medical reports or for processing of biometric information collected by our clocking in and time recording system;
- – other situations where you may give us express consent (for example medical reports or in employee surveys);
- – we will use information about your physical or mental health or disability status to ensure your health and safety in the workplace; to assess your fitness to work; to provide appropriate workplace adjustments; and to administer benefits including statutory maternity pay, statutory sick pay, life insurance, pensions and income protection insurance;
- – we may also use health information during your employment or after you leave employment due to any health reason if you are making a claim for income protection insurance;
- – where the Personal Information is required for legal claims or if needed to protect your interest (or someone else’s interests) and you are not capable of giving your consent;
- – we use information about your race or national or ethnic origin, religious philosophical or moral beliefs or your sexual life or sexual orientation to ensure meaningful equal opportunities monitoring and reporting;
- – we use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations;
- – we may also process Sensitive information where you have already made the information public or you have provided it to us voluntarily, for example, in a survey or via our applicant tracking system.
We do not need your consent if we use Sensitive information in accordance with our written notice to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly Sensitive information (for example where you consent to the processing of biometric information collected by our clocking in and time recording system). If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
You may withdraw any consent previously given and should inform us if you wish to do so. However, withdrawal of a consent may adversely affect our ability to perform some aspects of the employment relationship, for example, to be able to provide certain benefits to you.
If you do not provide Personal Information:
If you fail to provide certain Personal Information when requested, we may not be able to perform our contract with you (such as paying you or arranging for your tax code to be updated or obtain benefits for you). In some cases we may be prevented from performing our legal obligations such as health and safety.
WHO CAN SEE YOUR INFORMATION
Your information may be processed by our staff or by the staff of third parties we work with to deliver our business. Processing can mean any activity that involves the use of information about someone that can identify them. All uses, for example, obtaining, recording, storing, disclosing, organising, retrieving, deleting and destroying are types of data processing. We take measures to ensure that third parties processing your information on our behalf are acting lawfully in accordance with our instructions and are subject to appropriate confidentiality requirements. We also have adequate technical and organisational safeguards in place in our company and with third party processors to protect your information. Third party processors of your information include:
- – our website hosts and operators, IT services and support providers, database operators, site analytics providers and software developers;
- – our financial services, payroll and payment service providers;
- – our warehousing and delivery service providers;
- – our pension providers where the information is not provided by you to them direct under the Hachette UK Group Pension Plan;
- – our life insurance providers;
- – our couriers and delivery services;
- – our auditors, technical consultants and legal advisors;
- – our fraud detection services;
- – catering service providers, vehicle leasing company.
Unless specified otherwise (for example in employee network surveys), only Human Resources (HR) staff employed by us or employees expressly authorised by HR will have access to your Sensitive information (see above for what this encompasses). Other Personal Information may be accessed by other agents or employees who have a legitimate business reason to access it.
WHEN WE SHARE YOUR INFORMATION
We may share your information within the companies that make up the Hachette UK group of companies as well as with our parent company, Hachette Livre S A and their parent company, Lagardère SCA.
We may share your Personal Information with third parties who carry out the following activities:
- – pension administration, insurance services and benefits provision;
- – training and professional development providers;
- – any prospective seller or buyer of businesses or assets, only in the event that we decide to acquire, transfer or sell any business or assets;
- – any other third parties (including legal or other advisors, regulatory authorities, HMRC, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law or where we have a legal obligation to do so.
If we share your information, we require third parties to comply with all relevant data protection laws. In such circumstances the third party is also a data controller for your Personal Information.
HOW WE LOOK AFTER YOUR INFORMATION
We look for opportunities to minimise the amount of Personal Information we hold about you. Where appropriate we anonymise and pseudonymise your information. It is held in electronic and paper form. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- – ensuring the physical security of our offices, HR departments, or other sites;
- – ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
- – maintaining a data protection policy for, and delivering data protection training to, our employees;
- – limiting access to your Personal Information to those in our company who need to use it in the course of their work.
Where members of our IT staff have to access your Personal Information for the purposes of IT maintenance, problem solving or legal reasons, they are only allowed to do so where expressly authorised in advance by HR, the managing director or head of your division or by you.
HOW LONG WE KEEP YOUR INFORMATION
We will retain your information during the term of your contract with us or for as long as we reasonably need or are required to retain the information for our legitimate interests, such as for the purposes of exercising our legal rights and carrying out our legal obligations.
We retain information on former employees for seven (7) years after the date of termination of the employee’s contract date. It is then destroyed unless we have a legal requirement to retain it. This is to enable us to provide references and to ensure that relevant information is available for any post-employment or post contract query relating to HMRC or Employment litigation.
In the case of a collective redundancy situation where notification is provided to the Secretary of State, the redundancy notification form is retained for 6 years from the date of redundancy.
Trade union agreements which are no longer effective are retained for a period of 10 years after their final effective date.
We operate a data retention policy.
INTERNATIONAL TRANSFERS OF YOUR INFORMATION
We are located in the UK. If we transfer your personal information out of the UK or the European Economic Area (EEA) we will take all steps reasonably necessary to ensure that it is adequately protected and processed and that your personal data has the same protection it has in the UK and EEA. If you are located in the UK or the EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.
AUTOMATED DECISION MAKING
You will not be subject to automated decisions which have a significant impact on you based solely on automated means unless we have a lawful basis for doing so and have notified you.
We do not envisage making any decisions about you by automated means but we will notify you in writing if this position changes.
KEEPING THE INFORMATION UP TO DATE AND ACCURATE
If your Personal Information changes during the term of your contract you should update the information held on systems to which you have access or inform us if you do not have the relevant access. This is important so we can ensure that the information we hold about you is correct and up to date.
YOUR RIGHTS AND CHOICES
You have choices and rights in respect of the information that we hold about you, including:
Your right to request access to the information that we hold about you (“data subject access request” or DSAR);
This is the right to receive a copy of any information we hold about you in a structured, commonly-used, machine readable format or in another format of your choice.
You will not have to pay a fee to obtain access to your information unless your request is clearly unfounded or excessive. In such case a reasonable fee may be charged. We may require you to provide us with information to help confirm your identity and ensure your right to access the information. This is to make sure that the Personal Information is disclosed to a person lawfully.
Your right to ask us, in certain circumstances, to delete information we hold about you;
Your right to ask us correct information we hold about you if it is inaccurate or incomplete;
Your right to ask us, in certain circumstances to restrict processing of your information.
Your right to object to our using your information on the basis of our legitimate interests (refer to section ‘How we use your information’ above to see when we are relying on our legitimate interests);
Your right to withdraw Consent for our use of your information in reliance of your consent (refer to section ‘How we use your information’ to see when we are relying on your consent).
All the above rights may be exercised by contacting the Data Protection Officer at firstname.lastname@example.org or by sending us a written request by post to Carmelite House 50 Victoria Embankment, London EC4Y 0DZ, UK for the attention of The Legal Department.
Your right to Complain
Please contact us if you have any questions or are unhappy about the way your information is used. We hope we will be able to resolve any problems or issues you may have.
You also have the right to lodge a complaint about us and our use of your information to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.
CHANGES TO THIS PRIVACY NOTICE
We may make changes to this Privacy Notice from time to time. We will post any changes on Novel, the company intranet site and other Hachette company websites or inform you via other relevant communication methods. You can request a copy from your HR contact if you do not have access to the company intranet or websites.
This Privacy Notice was updated on 4th March 2022.