Privacy Policy for Employees and Candidates.

The Privacy Policy outlined in this document is supplemental to our website privacy policy, which covers all users of our website.

Table of contents.


We fully comply with all current UK privacy laws, including UK GDPR. None of the information contained in this policy effect your rights under UK GDPR. Your rights and other guidance can be found by clicking here (opens an external website).

Who is covered by this policy?

This policy applies to you if you are a direct employee of GRACE MILLER AND CO LIMITED ('Grace Miller & Co.') who has entered an employee contract, have begun the process of entering an employee contract, or have applied for a position with Grace Miller & Co.

This policy does not apply to third party contractors or business associates not directly employed by Grace Miller & Co.

What personal information will we collect?

  • Personal contact details such as name, title, address, telephone numbers, and personal email addresses
  • Date of birth
  • Gender / gender identification
  • Nationality
  • Signature
  • Next of kin and emergency contact information
  • National Insurance number
  • Bank account details, payroll records and tax status information
  • Salary, annual leave, pension and benefits information
  • Copies of driving licence and / or passport
  • Qualification certificates
  • Reference details and their opinions about your performance in former roles
  • Recruitment information (including copies of right to work documentation, and other information included in a CV or cover letter or as part of the application process)
  • Employment records (including job titles, work history, working hours, training records and professional memberships)
  • Pay history
  • Performance information including probation forms, appraisals and promotions
  • Disciplinary and grievance information
  • P45 documents
  • Signed terms of employment or engagement

In certain circumstances, in order to facilitate your employment rights, we may be required to obtain sensitive personal information about you, such as:

  • Health information, including disabilities, for the purpose of making adjustments to your working environment and employment terms,
  • Information on medical conditions which may affect your role and health and sickness records.
  • Information about criminal convictions and offences.

How will we collect your personal information?

During your initial application for an employed role with Grace Miller & Co. We will collect some or all of the information detailed in this policy. In addition to this, we may be passed some or all or this information from a third party recruitment agency - you should always be asked for your consent from any agency you work with before we are given access to your personal info.

On your successfully application for employment, we will collect further information during the administration process.

As well as obtaining information directly from you or your recruitment agency, we may collect information from:

  • HMRC
  • Previous employers
  • Further education bodies
  • The Disclosure and Barring Service (DBS)
  • Notes and opinions about your performance, and matters relating to appraisal, disciplinary and grievance
  • Data provided to us by our payroll, pensions and other financial processors

While this list is not exhaustive, we will always obtain your consent should we need to gather personal info from a provider not mentioned in this policy.

What will we use your personal information for?

We require the information highlighted in this policy to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.

  • Making a decision about your recruitment or appointment
  • Determining the terms on which you work for us
  • Checking you are legally entitled to work in the UK
  • Administering your pay and tax deductions
  • Liaising with your pension provider
  • Administering the contract we have entered into with you
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining performance requirements
  • Making decisions about salary reviews and compensation
  • Assessing qualifications for a particular job or task, including decisions about promotions
  • Gathering evidence for possible grievance or disciplinary hearings
  • Education, training and development requirements
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work
  • Managing sickness absence
  • Complying with health and safety obligations
  • Using unique access codes to enable secure usage of our IT systems.
  • Equal opportunities monitoring
  • To administer Statutory Sick Pay / Sick Pay / Maternity Pay and other employment rights
  • To comply with our duty of care and to consider work related adjustments where required under the Equality Act 2010
  • To ensure we comply with safeguarding duties regarding vulnerable adults and / or children
  • Administering other aspects of your employment which may arise.
  • Maintaining adequate records as evidence in the event of an audit, complaint or legal claim. We may also draw upon any of the information we hold about you in the event of a legal claim. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. We keep a record of our processing activities and can provide more information about our purposes and legal bases on request. We will only use your personal information for the purposes we have specified to you. If we need to use your personal information for an unrelated purpose, we will notify you with a separate privacy notice.

Who do we share your personal information with?

We may share your personal information with some third-party organisations who process data on our strict instructions (Data Processors). Our processors provide the following kinds of services:

  • Payroll and pension administration
  • IT administration and support
  • Outsourced HR
  • Data protection consultancy
  • Legal advisors
  • Accountancy services

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

We will always limit the amount of personal information shared to the minimum required to perform the business's functions.

How long do we keep this information?

We retain Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

What rights do you have?

Data Subjects are entitled to request that we erase, restrict, rectify or provide you with a copy of the data we hold, and may object to processing activities. It is our policy to fulfil any such request within the statutory period of one month unless there is a compelling legal or contractual obligation which prevents us from doing so.

If you are a current employee of Grace Miller & Co., to make a request under any privacy law or policy, please contact your manager or Grace Miller's company director. If you are no longer an employee of Grace Miller & Co., please fill out the contact form on our contact us page.

You also have the right to lodge a complaint with the UK’s data regulator, the Information Commissioner’s Office.