Privacy Notice
1. Our privacy commitments
Baxi Heating UK Limited (referred to in this document as “Baxi Heating”, “we”, “our”, “us”), take your privacy and the security of your personal data very seriously and want to be as clear and transparent as possible about what we do with it.
This is in line with our core company values which state that we will be reliable and responsive in the way in which we deal with people and also that we will treat everyone with trust and respect.
This privacy notice explains how we process your personal data. (“Processing” means everything we do with your data including when we collect, record, organise, structure, store, use, disclose, disseminate, restrict, erase or destroy data about you).
It also explains when we might disclose your data to others, how we keep it secure and also your rights regarding your data.
This Privacy Notice applies to current and former employees and workers. This Privacy Notice does not form part of any contract of employment or other contract to provide services. We may update this Privacy Notice at any time, but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practicable.
To fulfil our responsibilities and demonstrate compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), we are committed to the six principles of the regulation by:
-
Processing your personal data lawfully, fairly and in a transparent manner.
-
Collecting your personal data for specified, explicit and legitimate purposes.
-
Ensuring that your personal data is adequate, relevant and limited to what is necessary.
-
Ensuring that your personal data is accurate and, where necessary, kept up to date.
-
Retaining your personal data only for as long as necessary.
-
Processing your personal data in an appropriate manner to maintain security.
2. Information about us
The data controller is Baxi Heating UK Limited, Brooks House, Coventry Road, Warwick, CV34 4LL. We are registered in England & Wales as Baxi Heating UK Limited, registered number 03879156. In the Republic of Ireland we are registered as Potterton Myson (Ireland) Limited, registered number 26092.
Baxi Heating makes some of the best known heating and hot water brands in the UK and Ireland. Our principal brands, their websites and the addresses from which we operate are shown below. This privacy notice is applicable for all of our brands.
2a. Information about us (cont.)
Brand:
|
Website:
|
Trading Address:
|
Baxi Heating
|
www.baxiheating.co.uk
|
Brooks House, Coventry Road, Warwick
CV34 4LL
|
Baxi
|
www.baxi.co.uk
|
Brooks House, Coventry Road, Warwick
CV34 4LL
|
Main Heating
|
www.mainheating.co.uk
|
Brooks House, Coventry Road, Warwick
CV34 4LL
|
Potterton
|
www.potterton.co.uk
|
Brooks House, Coventry Road, Warwick
CV34 4LL
|
Heatrae Sadia
|
www.heatraesadia.com
|
Hurricane Way, Norwich, Norfolk NR6 6EA
|
Megaflo
|
www.heatraesadia.com
|
Hurricane Way, Norwich, Norfolk
NR6 6EA
|
Santon
|
www.santon.co.uk
|
Hurricane Way, Norwich, Norfolk NR6 6EA
|
Elson Hot Water
|
www.elsonhotwater.co.uk
|
Hurricane Way, Norwich, Norfolk NR6 6EA
|
Andrews Water Heaters
|
www.andrewswaterheaters.co.uk
|
Innovation House,
Oaklands Business Centre, Oaklands Park,
Wokingham
RG41 2FD
|
Potterton Commercial
|
www.pottertoncommercial.co.uk
|
Innovation House,
Oaklands Business Centre, Oaklands Park,
Wokingham
RG41 2FD
|
Remeha
|
www.remeha.co.uk
|
Innovation House,
Oaklands Business Centre, Oaklands Park,
Wokingham
RG41 2FD
|
Packaged Plant Solutions
|
www.packagedplantmk.co.uk
|
Unit 8,
Thornton Chase,
Foxhunter drive,
Linford Wood,
Milton Keynes
MK14 6FD
|
Baxi Potterton Myson
|
www.baxipottertonmyson.ie
|
Calmount Park,
Unit F 5&6,
Calmount Road,
Dublin 12, Ireland
|
3. When do we collect your personal data?
-
When you apply for a position with us.
-
During your period of employment with us.
-
When you visit any of our websites to browse products and services.
-
When you engage with us on social media.
-
When you download or install one of our apps.
-
When you enter prize draws or competitions.
-
When you choose to complete any surveys we send you.
-
When you’ve given a third party permission to share with us the information they hold about you.
-
We collect data from publicly-available sources when you have given your consent to share information or where the information is made public as a matter of law.
-
When you visit any of our premises which have CCTV systems in operation for the security of both visitors and staff, these systems may record your image.
4. What information do we collect from you?
As part of our business we will process the data of employees with whom we have had a relationship in the past, have a relationship now or are about to commence a relationship with.
We will collect and process the following data about you:
Information you give us by filling in forms on our websites or by corresponding with us by phone, SMS (text message), email, post or otherwise. Information may also be provided by you in meetings and appraisals.
Additionally, information you enter onto our systems and devices will be stored and processed by us. This will include any emails or other electronic messages and any documents, photos or other files stored on or processed through our systems or devices. Please be aware that by entering information onto these systems you are sharing that information with us.
The categories of information we may hold about you are:
-
Identification information – name, date and place of birth, gender, photographs, biometrics, marital status, nationality, driving licence, passport or other right to work information, and government identification numbers.
-
Contact details –address, telephone/email address, emergency contact details.
-
Employment related information – job title, work contact information, CV and employment application, eligibility to work, employment history, references, qualifications and other educational history, employment contract information, pension plan, participation information, benefits information, performance record, appraisals, disciplinary record and absence record.
-
Financial information – bank account details, tax information, salary, benefits, expenses, company allowances.
-
Spouse and dependent information – next of kin and family contact details.
-
IT related information – information collected by your use of our information systems and other computer equipment (such as email, CCTV).
-
Equality and diversity / sensitive data – you may choose to share information about your ethnicity, sexuality or beliefs with us for equality and diversity purposes. We may also hold data about any trade union membership and also about disability or medical conditions which apply to you. This information will be treated as highly confidential.
-
Other data which we may notify you of from time to time.
Information we collect throughout our relationship. We will collect information throughout your time with us. This may include information about location, access to systems, outputs, working hours, annual leave and other absences, leaving date and reason for leaving, and information relating to the performance of your role.
Information we collect from your use of our websites or social media sites. Every time you visit one of our websites or social media sites we will automatically collect technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, where you connected to our service, your internet service provider (ISP), and what type of device you are using to access our service.
Information we collect when you call us. If you telephone us we will automatically collect the phone number used to call us and we may also keep a recording of inbound and outbound calls.
Information we receive from other sources. For example:
Child Support Agency, Student Loan Company.
-
Medical practitioners
-
Legal advisors
-
Previous employers
-
Recruitment or vetting agencies
-
Other employees and workers
-
Business contacts
-
Publicly available resources including online sources
5. Why do we collect this information?
We process your personal information for the following reasons:
Where it is necessary to enter into or perform a contract with you: for example to:
-
Process information at your request to enter into a contract of employment
-
Process information provided by you during employment to enable us to properly record and manage the contract of employment for example:
-
Conduct payroll, expenses, compensation, bonus and tax administration (as applicable).
-
Conduct personnel administration, including administration of any employee benefits.
-
Process payments made by you (for example when you use the ‘Friends & Family’ facility).
Where it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party: for example for the purposes of:
-
Monitor performance, appraisals, absences, disciplinaries, grievances and other investigations. Making decisions about your continued employment and making arrangements for the ending of the working relationship including resignation, dismissal, redundancy, death in service etc.
-
Review ongoing health issues and records including occupational health reports and self-certification forms.
-
Compliance with employment laws; ensuring your health & safety in the workplace; administration of benefits; ill health pension determination.
-
Informing you about work-related events and opportunities, both during your employment and afterwards.
-
Hiring and recruitment and the processing of job applications including any employment background checks, reference checks and qualifications and training checks. Where appropriate we will collect information about criminal convictions as part of the recruitment process or we may be notified by you of such information directly by you in the course of you working for us.
-
Monitoring and enforcing compliance with our policies and procedures and applicable law to ensure a compliant workplace.
-
Allowing access to and monitor our IT and security infrastructure including the use of CCTV footage in our offices and on our sites.
-
Carrying out and reviewing employee surveys and communicating with you generally in our legitimate interest for improving Baxi as a business and workplace.
-
For our legitimate interest in respect of litigation, including bringing or defending legal claims.
-
Accounting and financial planning purposes.
-
You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.
Where it is necessary to comply with our legal requirements: for example relating to:
-
Taxation, national insurance and pension provision.
-
Data protection
-
Health and safety
-
Anti-bribery and corruption
-
Anti-money laundering
- < >
Fraud investigations
-
Assisting law enforcement
-
Mandatory reporting obligations
-
Ensuring the right to work in the UK
-
Any other legal obligations placed on us from time to time
Photographs. You may be included in images taken in the course of business. Uses may include use in promotional materials, social media or newsletters, use on an online profile, for identification purposes on passes and online systems, on wall displays to identify you as a fire warden, first aider or a similar role, or for similar business purposes.
We may inform you of additional purposes for processing your information when that information is collected from you.
6. Websites and Cookies
Our websites may use cookies. Cookies are small pieces of information sent by us to your computer and stored on your hard drive so that the website recognises you when you visit. We use cookies and similar technology to distinguish you from other users of our site. This helps us to provide you with a good experience when you use our site and also allows us to improve our site.
Please refer to the Cookie Policies for the websites you are visiting for full details about the types of cookies we use.
7. How long do we keep your information?
As a general principle we will hold your personal data only for as long as necessary in order to fulfil the purposes for which it was collected. Once these purposes have been achieved we will erase the data or anonymize it in such a way as to make it impossible to identify you, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
-
We will keep information about you relating to your contract of employment with us for the period of your employment and then for a period of 6 years thereafter. Other information including information relating to disciplinary interventions will be kept for a period of 9 months. Other information e.g. emergency contact details will be deleted once you have left our employment.
-
If your data relates to a financial transaction we will keep information about you for a maximum of 6 years after the transaction took place (unless obligations to our regulators require otherwise or we are required to remove such data from our records). This is to enable us to comply with our legal obligations regarding record-keeping for tax and accounting purposes
-
After you leave our employment we will retain occupational health records about you for at least 40 years in order to comply with our legal obligations relating to health and safety and to defend against claims of injury or disability.
-
You may be the subject of and or referenced to in emails which are routinely backed up for a period of 12 months. Archived emails may be stored locally for up to 10 years.
For more details on record retention please contact the Privacy Compliance Manager (see below for contact details).
8. Who might we share your information with?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal information with:
Compliance – Legal and Contractual
|
Driver Safety
|
Child Support Agency
|
Drive Tech
|
Department of Work & Pensions
|
Employee Engagement & Development
|
Gas Safe
|
Abintegro
|
Health & Safety Executive (UK)
|
ETS PLC
|
Health & Safety Authority (Ireland)
|
Survey Monkey
|
HM Revenue & Customs
|
Benefits & Contractual Obligations
|
Business Administration
|
All Star
|
Alphaquad
|
Aviva
|
AIG
|
Birmingham Hospital Saturday Fund
|
Bank of Ireland
|
Brownsword Group
|
BT
|
BUPA
|
Chambers Travel
|
Computershare
|
Cognito
|
Conduent HR Services
|
Domestic & General Services Ltd
|
Hymans Robertson
|
Freightroute
|
Jelf Employee Benefits
|
Friends First
|
Perkz
|
Hype Innovation Management
|
Standard Life
|
InnerWorkings
|
Tastecard
|
Mercers-Brookers
|
Unum
|
NGA
|
Willis Towers Watson
|
New Ireland Assurance
|
Zenith
|
Office Depot
|
Recruitment
|
Pannone Corporate
|
Clayton Recruitment
|
Premier Inn
|
Cordant Recruitment
|
PriceWaterhouse Coopers
|
Link It Recruitment
|
Revenue Ireland
|
Manpower
|
Rico Group
|
Multitrade Recruitment
|
Royal Bank of Scotland
|
NWES Recruitment
|
Royal Mail
|
TXM Recruit
|
The Barcode Warehouse
|
|
UK Mail
|
|
Unite
|
|
In addition to the above we may share your information with third parties at your request, for example in providing salary information relating to mortgage applications or in responding to reference requests from prospective new employers.
Any member of our group, which means our parent company and any subsidiaries of our parent company.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering.
When disclosing your data to third parties we have an obligation to ensure that we have appropriate measures in place to ensure your data is protected. We will therefore do the following:
-
Take steps to ensure the reliability of third parties with whom we share your personal data.
-
Take measures to ensure that third parties who we authorise to process your data observe confidentiality, process data only based on documented instructions from us, take appropriate security measures and delete or return all personal data at the end of the service.
-
Take steps to ensure only the data which is absolutely necessary for them to perform their processing is disclosed to third parties.
-
Take steps to ensure that your data is not made accessible to an indefinite number of persons.
-
Minimise the amount of personal data we disclose.
-
Ensure Pseudonymisation of your personal data, where possible (“Pseudonymisation” means disguising or masking your data so that it cannot be read without additional information which we keep separately in a secure environment).
9. Confidentiality and security of your personal data
We are committed to protecting your personal and financial information.
We are committed to regularly testing, assessing and evaluating the effectiveness of our technical and organisational measures to manage the security of your personal data. Our Governance Framework is the system by which our organisation is directed and controlled and provides the rules and the structures to manage this. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. More information is available by contacting us.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
We may transfer your data outside the European Economic Area (“EEA”). We will only do so if
adequate protection measures are in place in compliance with data protection legislation.
We use the following protection measures:
-
Transferring to Commission approved countries
-
Using Commission approved model contractual clauses
-
Requiring companies we transfer data to in the USA to be signed up to Privacy Shield
10. What are your rights?
You can exercise your rights at any time by contacting us. Our contact details are given below.
You have the right:
-
To ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
-
To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing.
-
To ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
-
To request from us access to personal information held about you.
-
To ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
-
To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services.
-
To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing).
-
To ask for the transfer of personal data which you provided to us to a third party if the processing is carried out by automated means and the legal basis for processing is consent or contract.
-
In the limited circumstances where you may have provided your consent to the collection, processing or transfer of your personal information for a specific purpose, to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us using the details below.
In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time.
The ICO’s contact details are available here: https://ico.org.uk/concerns/
You can also call them on 0303 123 1113.
11. What we ask of you
Keeping your information accurate and up to date. If your information changes for any reason, for example if you change your name, address or bank, then you should inform us of the change as soon as possible so that we can ensure your information is kept accurate and up to date. If you are unsure who to notify then ask your line manager.
Personal data that you provide about another person. If you provide us with information about another person, for example, about your dependents, next of kin or emergency contacts, you confirm that you have informed them of our identity, the purposes for which their personal data will be processed (e.g. for emergency contacts or benefits purposes) and that you have obtained their permission to such processing.
Business cards. If you are issued with business cards as part of your role, your data will be processed by those who you sharethe business cards with. It is reasonably expected that the data will only be processed by those you share it with for business purposes, principally, to contact you in relation to your role and to the role or business of those you share the cards with.
12. Contact details of our Privacy Compliance Manager
Our Privacy Compliance Manager is here to help. If you have any questions or concerns relating to the handling of your personal data, queries related to subject access requests, third parties with whom we share your data, your rights or you want to make a complaint about how we are processing your data, please get in touch.
Privacy Compliance Manager
Baxi Heating UK Ltd
Brooks House
Coventry Road
Warwick
CV34 4LL
Email: privacycompliancemanager@baxi.co.uk
Tel: +44 (0)1926 405405
13. Changes to this Privacy policy
We may amend this privacy policy from time to time to keep it up to date and to ensure we comply with regulatory requirements. You should check this privacy policy regularly for updates.
This notice was last updated on 21st May 2018.