About this Notice
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities if you have a query or complaint.
Guarding Professionals Limited (“GPL”) is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how GPL collects and uses personal data during and after your employment/training experience with us, in accordance with the General Data Protection Regulation 2016 (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
GPL collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the GDPR and DPA 2018 which applies across the European Union and we are responsible as ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how GPL will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
GPL is the data controller under GDPR and DPA 2018 and we will process your personal data in accordance with GDPR and DPA 2018 at all times. You, as a ‘data subject’, therefore have specific rights to the data that we hold, collect and process.
Throughout this notice, “GPL”, “we”, “our”, and “us” refer to the Guarding Professionals Limited; “you” and “your” refers to those expressing an interest in becoming employees/trainees or becoming part of GPL (both prior to and during the application process), and those who later become employees of GPL.
The following are examples of personal data which may be collected, stored and used:
Date of Birth
Date of studying
Next of kin
Health records Disabilities
Special Category Data:
Special Category personal data is any identifying information including but not limited to the following racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person’s sex life or sexual orientation.
How GPL obtains your personal data
We may collect your personal data in several ways, for example:
From information provided to us by yourself when joining. This would include any applications you complete when joining us;
Through communication to or from you by telephone, email, or via the website. For example, when you call to make enquiries about employment opportunities or when you are raising concerns.
We may also gain your personal data from third parties, for example, from references, information from your sponsor and information from your previous employer’s establishments.
Your personal data will be processed by GPL for the purposes detailed below.
Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:
Where you have given us your consent
In order to fulfil GPL’s obligations to you as part of your contract of employment.
Where GP needs to comply with a legal obligation (for example, the detection or prevention of crime and financial regulations)
Where it is necessary for GPs legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency)
To perform a task carried out in the public interest
Details of how GP applies these can be found below.
We may only process special category personal data in the following circumstances where, in addition to a lawful basis for processing, there exists one of the following grounds:
Explicit consent – where you have given us explicit consent.
Legal obligation related to employment – The processing is necessary for a legal obligation in the field of employment and social security law or for a collective agreement.
Vital interests – The processing is necessary in order to protect the vital interests of the individual or of another natural person where the data subject is physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
Not for profit bodies – The processing is carried out during the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
Public information – The processing relates to personal data which is manifestly made public by the data subject.
Legal claims – The processing is necessary for the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity.
Substantial public interest – The processing is necessary for reasons of substantial public interest, based on Union or Member State law.
Healthcare – The processing is necessary for healthcare purposes and is subject to suitable safeguards.
Public health – The processing is necessary for public health purposes and is based on Union or Member State law.
Archive – The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on Union or Member State law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
GP will only use personal data for the purposes for which it was collected unless it is considered reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If the company needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. The company may process your personal data without your knowledge or consent, in compliance with this policy and procedure, where this is permitted by law.
The GDPR and DPA 2018 require that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The Company’s Record Retention Schedule (RRS) is a tool that enables the company to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by GP.
We will need to share your data if you have elected to take part in an employee transfer scheme. In doing this we will seek your consent to pass the necessary information on to the relevant organisation which maybe based outside the EEA.
However, for each specific non-EEA country there may be risks to your data when being processed. This is because some countries do not have the same level of protections as required by the GDPR.
If applicable, at the appropriate time we will provide you with details of the Data Protection Framework in the relevant jurisdiction.
Under the GDPR and DPA 2018 you have several important rights free of charge.
You have the right to:
Fair processing of data and transparency over how we use your use personal data
Access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
Require us to correct any mistakes in the data we hold on you
Require the erasure of personal data concerning you in certain situations
Receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
Object at any time to processing of personal data concerning you for direct marketing
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
Object in certain other situations to our continued processing of your personal data
Otherwise restrict our processing of your personal data in certain circumstances
Claim compensation for damages caused by our breach of any data protection laws
You can request to be removed from future publications and digital content at any time, but you cannot be removed from materials which have already been published.
To exercise any of these rights an individual need to send an email to email@example.com . If a subject access request is made and the request for access is clearly unfounded or excessive, the GP reserves the right to refuse to comply with the request in these circumstances.
GP keeps your personal data secure always using both physical and technical measures. Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where GP engages a third party to process personal data it will do so based on a written contract which conforms to the security requirement of GDPR and DPA 2018.
GP takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
GP also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
Samuel Russel (DPO) can be contacted via e-mail at firstname.lastname@example.org
GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
This privacy notice was published on 25 May 2018 and last updated on 25 May 2018.
How we process your personal data
The table below will provide a detailed overview of the information that we collect on you, the purpose for collecting that information and the lawful basis we rely for processing that data.
As part of the enrolment process we specifically seek your consent for the following:
Alumni and Fundraising
If you opt-in to receiving marketing emails, this will allow for a range of companies affiliated with GP to contact regarding benefits including offers from food to courses and general discounts.
By providing your consent, you are agreeing to have the following personal data processed, including:
Your full name
Your email addresses
Your course (where relevant)
Disclosed to the below third parties:
You have the right to withdraw consent at any time: