WSET Group Employee Privacy Notice
Introduction
This privacy notice sets out what personal data we hold about you and how we collect, use and share it. It also contains important information about your rights in relation to your personal data, and how to contact us or supervisory authorities in the event you have a complaint.
The Wine and Spirit Education Trust (WSET) is a data controller as it determines and purposes and means of the processing of your personal data. WSET is a UK company registered with the Information Commissioner’s Office (ICO) under reference Z8972470.
If you have any questions about this Privacy Notice please contact our Data Protection Officer/Lead by emailing us at dpc@wsetglobal.com.
The purposes for processing personal data, the types of personal data collected and the lawful basis for processing this data are set out below, grouped into the categories of processes taking place.
Human Resources processes
Purpose
Categories of personal data
Lawful basis
Employee payroll
Employment details
Salary information
Bank details
National insurance and tax information
Contract
Onboarding new employees
Contact details
Date of Birth
National Insurance number
Marital status
Bank details
Emergency contact details
Dependent details
Passport information
Visa information
Health information
Gender
Ethnicity
Sexuality
Religion
Legitimate interest
Induction process for new employees
Employment details
Training records
Training test results
Photograph
Legitimate interest
Probation process
Employment details
Work performance
Sickness details
Disciplinary details
Grievance details
Legitimate interest
Annual leave administration
Employment details
Contract
Parental leave administration
Employment details
Physical health information
Family life information
Salary information
Contract
Sickness administration and management
Employment details
Physical health information
Mental health information
Contract
Grievance process
Employment details
Grievance information
Legitimate interest
Disciplinary process
Employment details
Work performance
Legitimate interest
Performance management
Employment details
Work performance
Legitimate interest
Occupational Health administration
Employment details
Physical health information
Mental health information
Legitimate interest
Training
Employment details
Training records
Training test results
Legitimate interest
Administering employee benefits
Contact details
Employment details
Staff satisfaction data
Legitimate interest
Joiner and leaver processes
Employment details
Legitimate interest
Staff engagement survey
Contact details
Employment details
Staff satisfaction data
Legitimate interest
Reasonable adjustments under the Equality Act 2010
Employment details
Physical health information
Mental health information
Legal obligation
Record keeping
Application details
Employment details
Legitimate interest
Facilities processes
Purpose
Categories of personal data
Lawful basis
Building access management
Contact details
Access logs
Legitimate interest
CCTV management
Images
Legitimate interest
DSE assessments
Employment details
Physical health information
Legal obligation
Accident reporting
Employment details
Accident details
Legitimate interest
Incident reporting
Employment details
Incident details
Legitimate interest
Reporting of injuries, diseases or dangerous occurrences
Employment details
Physical health information
Legal obligation
Register of asbestos exposure
Employment details
Physical health information
Legal obligation
COSHH medical records
Employment details
Physical health information
Legal obligation
COSHH tests, control systems and protective equipment
Employment details
Physical health information
Legal obligation
Tests under the Control of Lead at Work regulations
Employment details
Physical health information
Legal obligation
Records of exposure to hazardous substances
Employment details
Physical health information
Legal obligation
IT processes
Purpose
Categories of personal data
Lawful basis
Management of IT assets and systems
All personal data held in electronic systems
Legitimate interest
Monitoring employee IT usage
Employment details
Device usage
Work performance
Legitimate interest
Finance processes
Purpose
Categories of personal data
Lawful basis
Employee expenses
Employment details
Bank details
Contract
Our legitimate interests
We process personal data for the following legitimate interests:
- Protecting our staff, premises, physical property and information assets.
- Establishing, exercising and defending against legal claims.
- Effective internal administration.
- Promoting our products, services and business.
Special category data
For some of the processes set out above, we use Special Category data. Special Category data includes the following:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Sex Life
- Sexual orientation
We rely on the following lawful bases to process Special Category data:
- Explicit consent
- Employment, social security and social protection
- Equality of opportunity of treatment
How we collect your personal data
We collect your personal data in a variety of ways. This includes:
- Information provided by you during the application process
- Information provided by you during the onboarding process
- Information provided by you during your employment
- Information generated during your working activities, such as using the IT systems and access logs when working from physical offices.
- Information we receive from third-party organisations, such as references from former employers.
If you do not provide personal data when requested, we may not be able to uphold the employment contract we have with you, comply with our legal obligations, and you may be unable to exercise your statutory or contractual rights.
Recipients of personal data
Your personal data is accessed internally by the individuals and teams that need it to carry out the purposes set out above.
We use systems and products provided by third party companies to assist us in conducting our business. This includes using data processors such as Microsoft and payroll providers.
We may also share your data with the following categories of data controllers:
- Public service providers such as the police or social services
- IT service providers
- Professional advisers, such as solicitors.
We will only share your personal data when we are allowed to do so under data protection law.
Retention of personal data
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for.
Categories of data
Retention period
Data collected during the recruitment process
6 years after the employment ends
Payroll records
6 years after the employment ends
Pension information
12 years after the employment ends
International transfers of personal data
If any personal data is transferred internationally, we ensure appropriate transfer mechanisms are in place depending on the jurisdiction. The types of mechanisms we may employ include ensuring:
- The country has been deemed to provide an adequate level of protection for personal data
- Specific contracts approved by the relevant authorities are used which ensure data subjects can exercise their data protection rights in third-countries.
We may transfer personal data to other WSET Group companies to enable us to carry out our human resources function or for effective internal administration.
Your rights
You have the following rights under data protection law in relation to your personal data.
- The right to be informed - this Privacy Notice is our way of informing you how your data is used.
- The right of access - you can request a copy of all the information we hold about you to check that we are lawfully processing it.
- The right to rectification - you can request that we rectify information about you that is incorrect.
- The right to erasure - also known as the right to be forgotten. You can request that information about you is deleted.
- The right to restrict processing - you can request that we pause processing your data so we can verify the lawfulness of processing.
- The right to object - you can request that we stop processing your information if you feel that the processing is not lawful.
- The right to data portability - you can request that data is transferred to another party so it can be reused across services.
Where you have given consent for us to use your personal data for specific purposes, you have the right to withdraw this consent at any time. If you would like to exercise any of the above rights, please contact our Data Protection Officer on the contact details above.
If you would like to exercise any of those rights, please contact our Data Protection Officer by emailing dpc@wsetglobal.com .
We will respond to any request within the statutory deadline of one calendar month. This deadline may be extended where applicable under data protection law. We will inform you if your request meets the extension criteria.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. If you have any questions or queries about how we are processing your data, please contact our Data Protection Officer by emailing dpc@wsetglobal.com.
The Information Commissioner’s Office (ICO) is the UK’s regulator for data protection. Under data protection law you have the right to make a complaint to the ICO if you feel we have not complied with our data protection obligations. You can contact the ICO by:
- Visiting the ICO’s website
- Calling them on 0303 123 1113.