For participants
For businesses
For partners
How we can help
Events
Your stories
Our locations
About us
Home > Policies > Employee Privacy Notice (including Volunteers)

Employee Privacy Notice (including Volunteers)

Published: April 2025

Seetec logo

1.0 Introduction & Scope

The Seetec Group is committed to data security and the lawful, fair, and transparent processing of personal data.  This Privacy Notice describes how we process personal information about you in accordance with data protection law, including the UK/EU General Data Protection Regulation (EU) 2016/679, during and after your working relationship with us.

This notice applies to all current and former employees and volunteers, and candidates for new positions.  Volunteers should also refer to the Volunteer Management Providers Privacy Notice, available on their website.

Seetec adheres to the Data Protection Principles and will ensure that your personal data is:

  • Processed lawfully, fairly and in a transparent way.
  • Collected for valid purposes, which are explained in this Privacy Notice, and not used in a way that is not compatible with these purposes.
  • Adequate and relevant for these purposes
  • Accurate and kept up to date.
  • Kept only as long as necessary for these purposes and to meet any legal, statutory, or contractual obligation.
  • Kept securely.

Seetec is a ‘controller’ of your personal data.  This means that we are responsible for deciding the purpose and means of processing your personal information.

2.0 The Personal information we process

We will collect, store, and use some or all the following personal information.  This may be collected directly from you or from various third parties, such as previous employers or recruitment agencies and public sources, including social media channels (if you interact with us through those channels).

  • Personal Contact details including – Name, title, address, telephone numbers, email address.
  • Details (and copies) of your communications and interactions with us including by email, telephone, post and the Ivanti portal.    In respect of volunteers this will be through our external volunteer recruitment service.
  • Copies or reference numbers of documents you provide as proof of identity. when you are initially employed or appointed by us, or where there is a legal reason to request these documents from you during the term of your employment/service.
  • Information about your use of Seetec information, systems, applications, and websites, including geolocation data.
  • Dates of birth, marriage, and divorce
  • Marital status and dependents
  • Next of kin, emergency contact details, death benefit nominee(s)
  • National Insurance Number/PPS number.
  • Bank account details.
  • Payroll and tax information
  • Salary, annual leave, pension, and benefits information (including insurance)
  • Dates of employment/engagement
  • We obtain and retain certificate numbers in relation to any criminal history or convictions as part of our background checks conducted at commencement, and when necessary, during your employment or service with us.
  • Recruitment information (including copies of right to work documentation), personal and employer references and personal information provided in your CV.  Interview notes and assessments (if applicable).
  • Full employment/engagement records which will include all or some of the following: contract, terms and conditions, job titles, work history, appraisals and performance information, absences (medical certificates/ information), training, and professional memberships. 
  • Health Information
  • Grievance and Disciplinary information
  • Details of any business or personal conflict of interest, at commencement and at regular intervals during your employment or service with us. 
  • Photographs (ID badge, intranet, publications)
  • Accident-first aid records
  • CCTV recordings (images may be captured at some locations)
  • Telematics/GPS data
  • When required we will receive personal data from third party organisations involved in Occupational Health assessments, or from your GP (with your explicit consent).
  • Special category data (such as ethnicity, religious or philosophical beliefs) (which you may decide to share – optional)

Keeping your information up to date – Where your personal information is held in SuccessFactors/Payroll Self Service or Volunteer Management Provider (Volunteers only) systems– it is your responsibility to ensure that the information (such as your address, contact details, bank account and next of kin) is kept up to date. If you’re not sure how to do this, speak to your line manager/volunteer co-ordinator or HR for advice.

3.0 How and why we use your Personal Data

We will only use your personal information in accordance with the law.  In most cases the processing of your Personal data (as listed in 2.0 Personal Information we process) is necessary to fulfil our obligations under your contract of employment or volunteer agreement, or to comply with legal, statutory, or contractual requirements.

This includes:

  • To enable us to make a recruitment or appointment decision and to register you on to our Talent Pool (on request)
  • Checking your eligibility to work for us.
  • Administration of your employment contract/volunteering agreement
  • To enable us to make payments to you and to deduct National Insurance and tax contributions.
  • To administer pension funds, work benefits and insurance
  • Appraisals and salary reviews
  • Gathering evidence in relation to a possible grievance or disciplinary matter, including any legal disputes involving you, or others.
  • Managing sickness absence, including fitness to work
  • Complying with Health and Safety obligations (including workplace adjustments)
  • Education and training
  • For equal employment opportunities (anonymized) – monitoring and reporting.
  • For network and information security purposes.  (We may monitor your use of our systems to ensure compliance with our Information Security policies).

4.0 Sharing your Personal Information

We may share your personal data with all or some of the following trusted third parties:

  • HMRC for tax purposes, as an employer it is our legal obligation to provide this information.
  • Pension and Insurance providers as part of your contract of employment and our legal obligations
  • Stakeholders and commissioners where your role is in conjunction with a contract being delivered by one or more parts of the organisation.
  • Cloud providers of software systems and solutions.
  • External IT and Business Support Services used by the group in connection with the fulfilment of your contract of employment or your volunteer agreement,
  • Professional advisers including lawyers, medical professionals, bankers, auditors, and insurers – for the purposes of providing consultancy, legal, insurance and accounting services.
  • Police, Garda, or other such regulatory authorities – as part of an investigation or for legal or regulatory purposes.
  • Auditors – to audit our systems and processes for the purposes of ensuring efficiency, or regulatory or contractual compliance.
  • UK and Irish law enforcement agencies and third-party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.
  • Registered services, such as employee benefits providers or to obtain DBS checks (pre-and during employment/engagement)
  • Approved External Training providers, to enable the registration process (name and business email address only).
  • We will disclose your personal information to third parties if we are under a duty to disclose or share your personal data to comply with any other legal or regulatory obligation or request.
  • With medical professionals, prospective employers and other third parties at your request and/or with your consent.

5.0 Data Retention

  • We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.  Details of retention periods for different aspects of your personal information are provided in our Data Retention Schedule which is available on the intranet

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • Once you are no longer an employee or volunteer, we will retain and securely destroy your personal information in accordance with our data retention schedule orapplicable laws and regulations.  We may anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.
  • In some circumstances you may be entitled to ask us to delete your data: see Data Subject Rights below for further information.
  • If you become a Volunteer your personal data will also be processed by our Volunteer Management Services Provider.  Please refer to their Privacy Notice, available on their website.

6.0 Protecting your Personal Data

  • We have appropriate technical and organisational measures in place to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. 
  • We apply role-based access controls, limiting access to your personal information to those employees and other third parties who have a business need to know.
  • We are independently certified to a number of industry recognised standards, including ISO27001:2022, Cyber Essentials and Cyber Essentials Plus, which help us maintain the highest levels of security across our entire business.
  • Our security controls are designed to maintain the Confidentiality, Integrity & Availability of your personal information.
  • We have procedures in place to deal with any data breach, or suspected breach, and will notify you and any appliable regulator where we are legally required to do so.
  • Our group-wide staff training and awareness portfolio covers key risk areas and specific controls associated with your role.
  • Wherever possible, we ensure the online cloud services are accessed using ‘HTTPS’ rather than ‘HTTP’, meaning that all information that is sent and received over the internet is encrypted for additional security. You can see this in the address bar of your browser.
  • We have selected and deployed technical measures such as password complexity requirements, anti-virus and anti-malware software, firewalls, encryption, email and internet filtering and VPNs for secure remote access.
  • We have implemented soft controls such as our Information Security Policy, Data Protection Policy and Framework, Clear Desk and Clear Screen policies, the Individual User Agreement and Mobile Device policy.
  • Where we disclose your personal data to third parties we require the third party to have appropriate technical and organisational measures in place to protect your personal data, via robust contracts and agreements. In some instances, we may be compelled by law to disclose your personal data to a third party and have limited control over how it is protected by that party.
  • Our systems and technical security controls are regularly audited by independent auditors to ensure we maintain our security accreditations.
  • All employee personal data is not processed or transferred outside of the European Economic Area (EEA).
  • Volunteers’ data is processed in accordance with our Volunteer Management Provider’s Privacy Notice

7.0 Data Subject Rights

You have the right:

  • to ask us not to use your personal data for direct marketing.
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing.
  • to request from us access to personal information held about you (see below).
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
  • to ask that we stop any consent-based processing of your personal data after you withdraw that consent.
  • to ask, in certain circumstances, to delete the personal data we hold about you.
  • to ask, in certain circumstances, for the processing of that information to be restricted.
  • to ask, in certain circumstances, for data portability.

If you wish to exercise your data subject rights, please refer to our Data Subject Rights Procedure (including DSARS) which is available on the intranet, or available on request. Requests should be made to the Data Protection Team- dataprotection@seetec.co.uk

If you have any questions or concerns about this Privacy Notice, or require assistance with any data protection matter, please contact the Data Protection Officer:

By post to:

Data Protection Officer Seetec Group,

75-77 Main Road, Hockley,

Essex, SS5 4RG

By email to: dataprotection@seetec.co.uk

You can contact the Supervisory Authority for data protection advice and have the right to complain to the Information Commissioners Office (ICO) in the UK or the Data Protection Commissioner (DPC) In Ireland if you remain dissatisfied about how Seetec processes your personal data.

The Information Commission (formerly the  ICO) contact details are available here: https://ico.org.uk/concerns/

The DPC contact details are available here: https://www.dataprotection.ie/en/individuals/exercising-your-rights/complaints-handling-investigations-

Andy White, Freelance WordPress Developer London
For participants
For businesses
For partners