Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on Provident Financial plc Group of Companies (PFG) including Provident Financial PLC (PF), Provident Personal Credit Limited (PPC), Provident Financial Management Services Limited (PFMSL) and Cheque Exchange Limited (CEL) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our colleagues to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.
The identity of the controller and their contact details
If you are a Colleague employed by PF your data is held by PFMSL on behalf of PF. If you are a colleague based in the Republic of Ireland (ROI) your data is held by PFMSL on behalf of PPC which has a branch in the ROI. If you are a colleague employed by PFMSL or CEL, PFMSL and CEL are part of the Provident Financial plc group of companies, which includes other lending companies such as Provident Personal Credit Limited (UK and ROI), Vanquis Bank Limited and Moneybarn Limited. More information on the Provident Financial plc group of companies can be found at www.providentfinancial.com
The identity of the Data Protection Officer
Your employer has a Data Protection Officer (GDPO) to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the GDPO please email firstname.lastname@example.org or write to the Data Privacy Office, 1 Godwin Street, Bradford West Yorkshire BD1 2SU
Categories of personal data processed
We only collect the data we need to administer your employment relationship with us. In most cases this will mean that we are processing personal data such as;
1. Information received on your application form such as name address, previous employers, qualifications, equal opportunity monitoring information etc.
2. Information provided to us by the Credit Reference Agencies and Disclosure and Barring Service (DBS) checks.
3. Any additional information you provide whilst we are administering your employment contract such as health information, personal circumstances, payroll information, evidence to support any grievance or disciplinary activity.
Where we obtain your personal data from
To manage your employment relationship with your employer we use your personal information collected at the time you joined the company and information obtained throughout your employment with us. This information is obtained from a variety of sources;
a) Updates from you regarding changes to your personal information such as change of address, contact details, marital status, change in dependents.
b) Updates provided via OpenHR or Attendanceline relating to next of kin, absence information, bank account information, holiday dates.
c) Information provided via the Performance Development Application on how well you are performing in your role.
d) Information provided from training sessions attended including exam results, mandatory internal training scores, work station assessments, expenses claims.
e) Information relating to salary, bonus payments, pensions and shares.
f) Information received from external third parties such as sick notes from your doctor, reports from any occupational therapist, or updates on tax codes from HMRC or other similar tax authorities such as Revenue Commissioners (ROI).
g) Information from your line manager relating to grievance, disciplinary matters, Harassment, Performance Management, Capability issues.
h) Information from health advisors relating to Display Screen Equipment Assessments.
i) For company car drivers, a copy of your driving license.
j) We also obtain judgements and criminal record check details and keep these on OpenHR.
k) Information provided by Courts which require an action on the part of the company, such as Attachment of Earnings Orders.
Why we process your data
As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.
As mentioned above, your employer is part of a wider group of companies. In most cases any data we and the other companies obtain are shared amongst each other to ensure that we are managing your relationship with us in the most informed way.
Processing your data as a Legitimate Interest
The Provident Financial plc group of companies as outlined above may process and sometimes share your information amongst each other for the following administrative activities where we have a legitimate business need;
1. Managing the mandatory internal training.
2. Using your information for administering the company’s business continuity procedures.
3. In addition, information will be shared with your line manager, HOF and Director for employment related purposes for example managing your development plan and attendance.
4. Your information may also be shared with Legal, Risk, the MLRO and the DPO where required to enable proper investigations to take place.
5. Processing your data to manage your pension.
6. Processing employee data allows Provident to: Maintain accurate and up to date employment records and contact details, operate and keep a record of employee performance to plan for career development and succession planning and workforce management purposes, respond to and defend against legal claims, maintain and promote equality in the workplace.
7. Processing and sharing information for the purpose of administering share save schemes or any other schemes providing benefits to employees, with third party share schemes or other benefit providers.
8. Where you are a customer of any of the Provident Financial Group of Companies we may process your customer data to help us manage your account and to help us avoid any potential conflicts of interest which arise out of your employment with the Company and which could result in customer detriment.
Sharing your information to assist with asset buying or selling
We will undertake this processing under a legitimate business interest. Your employer may in the future wish to sell, transfer or merge part or all of its business assets or to acquire a business. If so, they may disclose your personal information to a potential buyer, merger partner or seller so long as they agree to keep it confidential and to use it only to consider the potential transaction. If your information is transferred as a result of selling part of the company, this will be conducted in line with employment legislation.
Recording phone calls
We will undertake this processing under a legitimate business interest. Within the contact centres calls are recorded to resolve queries or issues, for legal and regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes. If you call into the contact centre you need to be aware that your conversation will be recorded.
Home Visit recordings (HC UK only)
We will undertake this processing under a legitimate business interest. For PPC colleagues in the field, your conversations with customers will be recorded when you visit them. This is in case we need to check we have carried out the customers’ instructions properly, to resolve queries or issues, for regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. These recordings will also be used for staff training purposes and they can be used in connection with any investigations into allegations of colleague misconduct.
We will undertake this processing under a legitimate business interest. As a responsible company we need to ensure that you are using company equipment, software data and customer data in compliance with our various policies. This means that we may monitor the content of your emails and your access and use of different systems to ensure that you are not breaching policy requirements.
In addition there maybe circumstances where we will use company data, customer data and CRA data to help with any investigations into allegations of colleague misconduct. This may include but is not limited to; information on company mobile devices, information collected from security cards, network log ins and CCTV.
Using information on social networking sites
We will undertake this processing under a legitimate business interest. If appropriate, we reserve the right to review social media sites as part of any investigation we are conducting. This may include ensuring that colleagues are not bringing the company into disrepute.
How we use Credit Reference Agency data (UK only)
We will undertake this processing under a legitimate business interest. Whilst you are working for us we may continue to conduct credit agency searches to ensure you remain fit for the role or that you are suitable for a new role or promotion.
How we use Fraud prevention agencies (UK only)
We will undertake this processing under a legitimate business interest. Fraud prevention databases have been established for the purpose of allowing employers to share data on their employment fraud cases.
Should our investigations identify fraud or the commission of any other criminal offence by you or on your part when applying for, or during the course of your employment with us, we will record the details of this on the relevant fraud prevention databases. This information may be accessed from the UK and other countries and used by law enforcement agencies and by us and other organisations to prevent fraud.
Please contact the Fraud and Assurance Department, 1 Godwin Street, Bradford, BD1 2SU if you want to receive details of the relevant fraud prevention databases through which we share information.
Processing your data for legal reasons
Your employer may need to process data to ensure that it is complying with its legal obligations. For example to check an employee’s entitlement to work in the UK or ROI, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
We will treat your information as private and confidential, but may share it with each other and disclose it outside the Group if we are legally obliged to do so. Examples of this are:
1. Passing information to HMRC (in the UK) and the Revenue Commissioners’ (in the ROI) where a court order is in place.
2. Required by the Police/Garda Síochána and other law enforcement agencies to investigate or prevent crime.
3. Required by the authorities when we report on any suspicious activity that could indicate money laundering.
4. In the UK, the Financial conduct Authority (FCA) requires us to carry out specific fitness checks.
5. In the ROI, the Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.
Processing your data for contractual reasons
There are a number of activities that we will perform to use your data to administer your employment relationship with us in line with any contractual requirements. Some examples of the contractual processing we undertake are;
1. Undertaking background searches to continue to assess your suitability working for the company.
2. Sending you any updates relating to your employment contract.
3. Ensuring your salary is paid into your bank account on time and to administer benefits such as pensions and insurance entitlements.
Processing your data with your consent
There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as special categories of Personal data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data.
In addition there may be other processing activities where you ask us to send your information to other third parties for benefits you have taken advantage of, such as child care vouchers and managing the NCP cards and MetroCard’s in Bradford.
How we manage your special categories of Personal Data
Where we need to process special categories of Personal Data (which includes information relating to race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or sexual orientation biometric and genetic data) this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under employment or financial crime legislation.
We may process special categories of personal information in the following circumstances:
1. Where we need to carry out our legal obligations or exercise rights in connection with employment or where we need to provide you with support or make adjustments in how we provide information to you.
2. where we need to provide you with support or make adjustments in how we provide information to you.
You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Data Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email email@example.com, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.
Your right to object
You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email firstname.lastname@example.org, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.
Your right to data portability
Data Protection Legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email email@example.com, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.
Obtaining a copy of your data
You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email firstname.lastname@example.org, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.
Your right to lodge a complaint with the regulatory authority
We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact your line manager if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact the Information Commissioner on 0303 123 1113 (UK) or The Data Protection Commissioner at email@example.com (ROI)
Your Personal Data on company IT property
If you have been given company equipment to use to enable you to do your job, you may also be allowed to use this for limited personal activity. You should be aware that any personal data captured on company equipment could be subject to the company’s policy of monitoring the use of IT equipment: http://pfportal.rs.pfgroup.provfin.com/C9/Policies/Document%20Library/Acceptable%20Use_v4.0%20FINAL.pdf
Who we share your data with
Sometimes we use third party companies to help us administer your relationship with the company. For example we use;
1. Safecall to deliver our impartial whistleblowing service.
2. Attendance Line to help manage absences in the business.
3. A transcriber Sarah Standeven, Willis Towers Watson and Unum for medical reports etc.
4. UST Global who provide IT support to our IT systems.
All of these third parties are subject to the same Data Protection laws and stringent requirements that we place in their contractual obligations with us, regardless of which country they are processing in.
Your employer will ensure that it and any third parties whom it engages to process Personal Data on its behalf will process the Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Your employer will ensure that a written contract (a “Data Processor Agreement”) is put in place with third party processors and the terms of that Data Processor Agreement will comply with requirements of the Data Protection Legislation.
Processing your data outside the EEA
We may sometimes use third parties based outside the European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.
If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
1. Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
3. Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.
How long do we keep your data for
Most HR colleague data is subject to employment law requirements in relation to the storage of personnel records. For the majority of your personal data this will be held for up to 6 years after your relationship with the company has ended. This allows us to continue processing your data after your employment has ended to enable us to continue to provide employee benefits or to perform our contractual and legal obligations under your contract of employment.
If you need further specific information please read the Retention schedule in the Information Management document library: http://pfsites.rs.pfgroup.provfin.com/sites/IT_Home_New/IT_Governance/Lists/IT%20Governanace%20PPP%20Framework/Attachments/1328/Retention%20Schedule%20v1%200.pdf
We keep your data for as long as is required to administer any benefits or share plan awards that continue even after your employment has ended or to comply with legal and/or regulatory obligations.
Changes to this notice
We keep our colleague privacy notice under regular review. This notice was last updated on 26th November 2018.
This privacy statement sets out how Provident Financial Management Services Limited (a company registered in England and Wales under company number 328933) (“Provident”, “we”, “our” or “us”), the operator of the website [insert website details] (the “site”), complies with UK data protection law.
This privacy statement applies to your use of the site to search for and apply for a role as a self-employed agent with Provident Personal Credit Limited (“PPC”). Provident may update this privacy statement and so you should check it from time to time and always before you submit an application to us to make sure that you are happy with any changes that may have been made (as detailed below).
Our aim is to be as clear and open as possible about what we do with your personal data and how we use it. If you apply for a role as a self employed agent using the site, Provident will use the information you provide (including personal data) for the purposes outlined in this privacy statement. After the application process is completed we will retain the information you provide (including personal data) for the purpose of maintaining a database of potential self employed agents and may contact you about any suitable opportunities in the future.
What Information do we collect and what do we use it for?
You can look through the site without giving us any personal data.
If you decide to apply for a role via the site we will need to collect and process your personal data, including:
• Name, address and postcode – without this we would not know where to send recruitment information.
• E-mail address – we send a confirmation of your application via email. We may use e-mail to correspond with you about your application and subsequently to correspond with you regarding your agency if your application is successful.
• Contact telephone numbers – if there are any problems with your application or we need to clarify anything with you, we need to be able to contact you quickly.
• User name and password – this is to keep your personal data secure and so that you can return to a partially completed application at a later date.
• Your application – this is required so that we may assess you. Such personal data will include details of your skills (including education, professional qualifications and training) and employment history. You should only provide the personal data required by our application template.
• Disability data – any personal data you provide about a disability is sensitive personal data. By providing such sensitive personal data, you agree to allow us to use it for the purposes of making any necessary adjustments if you are invited for interview, during Agent ‘Have a Go’ sessions and for monitoring purposes.
• Credit reference checks with a licensed credit reference agency – we are required by law to engage ‘fit and proper persons’ to act on our behalf. Your credit file provides us with the information to assist us in assessing your fitness to work for an authorised consumer credit business.
• Criminal Records Checks – The self employed agent role requires us to enquire about previous criminal convictions or carry out criminal records checks.
• Checks against our customer and risk databases and those of any company within our corporate group– to confirm any customer account activity and to check any links to fraudulent activity against the Company.
• Other personal data specified during the online application process that is relevant to recruitment.
If your application is successful and you are engaged as a self employed agent with PPC we will require documentation from you to perform the post engagement checks referred to above (proof of identity and proof of address) and also details of your referees.
Use and disclosure of information
The personal data you provide will be used to:
• Process your application;
• Approach your nominated referees for the purposes of obtaining references;
• Consider you for the role for which you have applied, and subsequent suitable self employed opportunities;
• Make up part of your agent record if your application is successful (but only to the extent that such information is relevant to your on-going engagement as an agent);
• Fulfil Provident’s legal obligations
• Internal record keeping;
• Provide general aggregate information (which does not identify individuals) and statistics to help Provident develop its websites and services
• Carry out equal opportunities monitoring (see below)
Please note that we may use service providers to process your information on our behalf but only for the purposes outlined above.
We may, if relevant for the purpose of processing your application, disclose your personal data to any member of our corporate group to be processed solely for the purpose provided.
Where you provide personal data about somebody else, for example, your referees, you should ensure that they have given their consent.
When you visit the site, we may receive your IP address, a unique identifier for your computer or other access device. We do not use your IP address to identify you.
Personal data (including sensitive personal data), for example, relating to your gender, race or ethnic origin, religion or belief, age bracket, details of any disability and sexual orientation is requested purely for monitoring purposes.
Storage of Data
We will not store your personal data for any longer than is necessary for the purposes for which it was collected or as required by law. However, we may be obliged by law to store your communications and personal data including activity logs and we may need to show details of these to government or authorised officials upon request.
Your rights and removal of your Information
It is your responsibility to ensure that all of the personal data you provide is true and is not misleading, deceptive or inaccurate in any way. If you believe any of the personal data Provident holds about you is incorrect, please log back into your account and amend your record. If at any time after the submission of your application you change your mind, please log back into your account to withdraw your application. In the event that you are unable to access your account to amend your details or withdraw your application or you do not have an account please contact [details].
You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please contact us at firstname.lastname@example.org.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the site. Any transmission is at your own risk. Once we receive your personal data, we will use appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and accidental loss, destruction or damage.
Your personal data can only be viewed on-line if you successfully log-in to the site. Our log-in procedure minimises the risk of someone who is not the applicant doing this. You are responsible for keeping your password confidential. We ask you not to share this password with anyone.
The questionnaire you are about to take is based on proprietary software produced by IBM United Kingdom Limited (“IBM”) and/or its partners or subcontractors. Under no condition may the content in this questionnaire be copied, reproduced, or reconstructed in whole, or in part, in any form whatsoever without the express written consent of IBM.
No liability for consequential damages
In no event shall IBM or its suppliers be liable for any damages whatsoever including, without limitation, damages for loss of vocational opportunity arising out of the use of or inability to use this IBM product, even if IBM has been advised about the possibility of such damages.
Contact Questions, comments and any requests regarding this privacy statement are welcomed and should be addressed to Resourcing Team, 1 Godwin Street, Bradford, BD1 2SU
This privacy statement was last updated on 24 April 2014.