• Facebook
  • Twitter
  • LinkedIn
  • Pinterest
  • YouTube

Privacy

Introduction

Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on Provident Financial plc Group of Companies (PFG) including Provident Financial PLC (PF), Provident Personal Credit Limited (PPC), Provident Financial Management Services Limited (PFMSL) and Cheque Exchange Limited (CEL) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our colleagues to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

If you are a Colleague employed by PF your data is held by PFMSL on behalf of PF. If you are a colleague based in the Republic of Ireland (ROI) your data is held by PFMSL on behalf of PPC which has a branch in the ROI. If you are a colleague employed by PFMSL or CEL, PFMSL and CEL are part of the Provident Financial plc group of companies, which includes other lending companies such as Provident Personal Credit Limited (UK and ROI), Vanquis Bank Limited and Moneybarn Limited. More information on the Provident Financial plc group of companies can be found at www.providentfinancial.com

The identity of the Data Protection Officer

Your employer has a Data Protection Officer (GDPO) to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the GDPO please email dataprivacy@provident.co.uk or write to the Data Privacy Office, 1 Godwin Street, Bradford West Yorkshire BD1 2SU

Categories of personal data processed

We only collect the data we need to administer your employment relationship with us. In most cases this will mean that we are processing personal data such as;
1. Information received on your application form such as name address, previous employers, qualifications, equal opportunity monitoring information etc.
2. Information provided to us by the Credit Reference Agencies and Disclosure and Barring Service (DBS) checks.
3. Any additional information you provide whilst we are administering your employment contract such as health information, personal circumstances, payroll information, evidence to support any grievance or disciplinary activity.

Where we obtain your personal data from

To manage your employment relationship with your employer we use your personal information collected at the time you joined the company and information obtained throughout your employment with us. This information is obtained from a variety of sources;
a) Updates from you regarding changes to your personal information such as change of address, contact details, marital status, change in dependents.
b) Updates provided via OpenHR or Attendanceline relating to next of kin, absence information, bank account information, holiday dates.
c) Information provided via the Performance Development Application on how well you are performing in your role.
d) Information provided from training sessions attended including exam results, mandatory internal training scores, work station assessments, expenses claims.
e) Information relating to salary, bonus payments, pensions and shares.
f) Information received from external third parties such as sick notes from your doctor, reports from any occupational therapist, or updates on tax codes from HMRC or other similar tax authorities such as Revenue Commissioners (ROI).
g) Information from your line manager relating to grievance, disciplinary matters, Harassment, Performance Management, Capability issues.
h) Information from health advisors relating to Display Screen Equipment Assessments.
i) For company car drivers, a copy of your driving license.
j) We also obtain judgements and criminal record check details and keep these on OpenHR.
k) Information provided by Courts which require an action on the part of the company, such as Attachment of Earnings Orders.

Why we process your data

As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.
As mentioned above, your employer is part of a wider group of companies. In most cases any data we and the other companies obtain are shared amongst each other to ensure that we are managing your relationship with us in the most informed way.

Processing your data as a Legitimate Interest

The Provident Financial plc group of companies as outlined above may process and sometimes share your information amongst each other for the following administrative activities where we have a legitimate business need;
1. Managing the mandatory internal training.
2. Using your information for administering the company’s business continuity procedures.
3. In addition, information will be shared with your line manager, HOF and Director for employment related purposes for example managing your development plan and attendance.
4. Your information may also be shared with Legal, Risk, the MLRO and the DPO where required to enable proper investigations to take place.
5. Processing your data to manage your pension.
6. Processing employee data allows Provident to: Maintain accurate and up to date employment records and contact details, operate and keep a record of employee performance to plan for career development and succession planning and workforce management purposes, respond to and defend against legal claims, maintain and promote equality in the workplace.
7. Processing and sharing information for the purpose of administering share save schemes or any other schemes providing benefits to employees, with third party share schemes or other benefit providers.
8. Where you are a customer of any of the Provident Financial Group of Companies we may process your customer data to help us manage your account and to help us avoid any potential conflicts of interest which arise out of your employment with the Company and which could result in customer detriment.

Sharing your information to assist with asset buying or selling

We will undertake this processing under a legitimate business interest. Your employer may in the future wish to sell, transfer or merge part or all of its business assets or to acquire a business. If so, they may disclose your personal information to a potential buyer, merger partner or seller so long as they agree to keep it confidential and to use it only to consider the potential transaction. If your information is transferred as a result of selling part of the company, this will be conducted in line with employment legislation.

Recording phone calls

We will undertake this processing under a legitimate business interest. Within the contact centres calls are recorded to resolve queries or issues, for legal and regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes. If you call into the contact centre you need to be aware that your conversation will be recorded.

Home Visit recordings (HC UK only)

We will undertake this processing under a legitimate business interest. For PPC colleagues in the field, your conversations with customers will be recorded when you visit them. This is in case we need to check we have carried out the customers’ instructions properly, to resolve queries or issues, for regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. These recordings will also be used for staff training purposes and they can be used in connection with any investigations into allegations of colleague misconduct.

Monitoring activity

We will undertake this processing under a legitimate business interest. As a responsible company we need to ensure that you are using company equipment, software data and customer data in compliance with our various policies. This means that we may monitor the content of your emails and your access and use of different systems to ensure that you are not breaching policy requirements.
In addition there maybe circumstances where we will use company data, customer data and CRA data to help with any investigations into allegations of colleague misconduct. This may include but is not limited to; information on company mobile devices, information collected from security cards, network log ins and CCTV.

Using information on social networking sites

We will undertake this processing under a legitimate business interest. If appropriate, we reserve the right to review social media sites as part of any investigation we are conducting. This may include ensuring that colleagues are not bringing the company into disrepute.

How we use Credit Reference Agency data (UK only)

We will undertake this processing under a legitimate business interest. Whilst you are working for us we may continue to conduct credit agency searches to ensure you remain fit for the role or that you are suitable for a new role or promotion.

How we use Fraud prevention agencies (UK only)

We will undertake this processing under a legitimate business interest. Fraud prevention databases have been established for the purpose of allowing employers to share data on their employment fraud cases.
Should our investigations identify fraud or the commission of any other criminal offence by you or on your part when applying for, or during the course of your employment with us, we will record the details of this on the relevant fraud prevention databases. This information may be accessed from the UK and other countries and used by law enforcement agencies and by us and other organisations to prevent fraud.
Please contact the Fraud and Assurance Department, 1 Godwin Street, Bradford, BD1 2SU if you want to receive details of the relevant fraud prevention databases through which we share information.

Processing your data for legal reasons

Your employer may need to process data to ensure that it is complying with its legal obligations. For example to check an employee’s entitlement to work in the UK or ROI, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
We will treat your information as private and confidential, but may share it with each other and disclose it outside the Group if we are legally obliged to do so. Examples of this are:
1. Passing information to HMRC (in the UK) and the Revenue Commissioners’ (in the ROI) where a court order is in place.
2. Required by the Police/Garda Síochána and other law enforcement agencies to investigate or prevent crime.
3. Required by the authorities when we report on any suspicious activity that could indicate money laundering.
4. In the UK, the Financial conduct Authority (FCA) requires us to carry out specific fitness checks.
5. In the ROI, the Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.

Processing your data for contractual reasons

There are a number of activities that we will perform to use your data to administer your employment relationship with us in line with any contractual requirements. Some examples of the contractual processing we undertake are;
1. Undertaking background searches to continue to assess your suitability working for the company.
2. Sending you any updates relating to your employment contract.
3. Ensuring your salary is paid into your bank account on time and to administer benefits such as pensions and insurance entitlements.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as special categories of Personal data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data.
In addition there may be other processing activities where you ask us to send your information to other third parties for benefits you have taken advantage of, such as child care vouchers and managing the NCP cards and MetroCard’s in Bradford.

How we manage your special categories of Personal Data

Where we need to process special categories of Personal Data (which includes information relating to race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or sexual orientation biometric and genetic data) this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under employment or financial crime legislation.
We may process special categories of personal information in the following circumstances:
1. Where we need to carry out our legal obligations or exercise rights in connection with employment or where we need to provide you with support or make adjustments in how we provide information to you.
2. where we need to provide you with support or make adjustments in how we provide information to you.

Your rights

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Data Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection Legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact your line manager if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact the Information Commissioner on 0303 123 1113 (UK) or The Data Protection Commissioner at info@dataprotection.ie (ROI)

Your Personal Data on company IT property

If you have been given company equipment to use to enable you to do your job, you may also be allowed to use this for limited personal activity. You should be aware that any personal data captured on company equipment could be subject to the company’s policy of monitoring the use of IT equipment: http://pfportal.rs.pfgroup.provfin.com/C9/Policies/Document%20Library/Acceptable%20Use_v4.0%20FINAL.pdf

Who we share your data with

Sometimes we use third party companies to help us administer your relationship with the company. For example we use;

1. Safecall to deliver our impartial whistleblowing service.
2. Attendance Line to help manage absences in the business.
3. A transcriber Sarah Standeven, Willis Towers Watson and Unum for medical reports etc.
4. UST Global who provide IT support to our IT systems.
All of these third parties are subject to the same Data Protection laws and stringent requirements that we place in their contractual obligations with us, regardless of which country they are processing in.
Your employer will ensure that it and any third parties whom it engages to process Personal Data on its behalf will process the Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Your employer will ensure that a written contract (a “Data Processor Agreement”) is put in place with third party processors and the terms of that Data Processor Agreement will comply with requirements of the Data Protection Legislation.

Processing your data outside the EEA

We may sometimes use third parties based outside the European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.
If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
1. Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
3. Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website – https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

Most HR colleague data is subject to employment law requirements in relation to the storage of personnel records. For the majority of your personal data this will be held for up to 6 years after your relationship with the company has ended. This allows us to continue processing your data after your employment has ended to enable us to continue to provide employee benefits or to perform our contractual and legal obligations under your contract of employment.
If you need further specific information please read the Retention schedule in the Information Management document library: http://pfsites.rs.pfgroup.provfin.com/sites/IT_Home_New/IT_Governance/Lists/IT%20Governanace%20PPP%20Framework/Attachments/1328/Retention%20Schedule%20v1%200.pdf

We keep your data for as long as is required to administer any benefits or share plan awards that continue even after your employment has ended or to comply with legal and/or regulatory obligations.

Changes to this notice

We keep our colleague privacy notice under regular review. This notice was last updated on 26th November 2018.

Introduction

Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on Provident Financial plc Group of Companies (PFG) including Provident Financial PLC (PF), Provident Personal Credit Limited (PPC), Provident Financial Management Services Limited (PFMSL) and Cheque Exchange Limited (CEL) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our colleagues to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

Your information will be held by PFMSL on behalf of PPC. More information on PFG can be found at www.providentfinancial.com.

The identity of the Data Protection Officer

PFMSL and PPC have a Data Protection Officer to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the DPO please email dataprivacy@provident.co.uk or write to the Data Privacy Office, 1 Godwin Street, Bradford West Yorkshire BD1 2SU.

Categories of personal data processed

We only collect the data we need to administer your application to become a self-employed agent. In most cases this will mean that we are processing personal data such as:

1. Information received on your application form such as name, address, email address, contact telephone number/s, previous employers, qualifications etc.

2. Information provided to us from our Fitness and Probity checks. Fitness and Probity check include:
(a) Credit reference checks with a licensed credit reference agency;
(b) Criminal record checks; and
(c) Fraud prevention checks.

Where we obtain your personal data from

To manage your engagement as a self-employed agent we use your personal information collected from a variety of sources;

1. Information provided in your application.
2. Information provided from training sessions attended including test scores.
3. Information provided in your Fitness and Probity Questionnaire.

Why we process your data

As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.

In most cases any data PPC and other companies within PFG obtain are shared amongst each other to ensure that we are managing your application to become a self-employed agent with us in the most informed way.

Processing your data as a Legitimate Interest

PFG companies may process and sometimes share your information amongst each other for the following administrative activities where we have a legitimate business need;

1. Managing the mandatory legal and regulatory training.
2. Your information may also be shared with Legal, Risk, the MLRO and the DPO where required to enable proper investigations to take place.
3. Processing agent data allows Provident to: Maintain accurate and up to date agent records and contact details respond to and defend against legal claims.

Recording phone calls

We will undertake this processing under a legitimate business interest. Within the contact centre calls are recorded to resolve queries or issues, for legal and regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes. If you call into the contact centre you need to be aware that your conversation will be recorded.

Using information on social networking sites

We will undertake this processing under a legitimate business interest. If appropriate, we reserve the right to review social media sites as part of any investigation we are conducting.

Processing your data for legal reasons

PFG may need to process data to ensure that it is complying with its legal obligations.

We will treat your information as private and confidential, but may share it with each other and disclose it outside the Group if we are legally obliged to do so. Examples of this are:

1. Passing information to Revenue Commissioners.
2. Required by the Síochána Garda and other law enforcement agencies to investigate or prevent crime.
3. Required by the authorities when we report on any suspicious activity that could indicate money laundering.
4. The Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as special categories of Personal data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data.

How we manage your special categories of Personal Data

Where we need to process special categories of Personal Data (which includes information relating to Race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or sexual orientation biometric and genetic data) this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under financial crime legislation.

Your rights

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to object

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection Legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact a manager if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact Data Protection Commissioner at info@dataprotection.ie

Who we share your data with

Sometimes we use third party companies to help us administer your application to become a self-employed agent. All third parties are subject to the same Data Protection laws and stringent requirements that we place in their contractual obligations with us, regardless of which country they are processing in.

Processing your data outside of EEA

We may sometimes use third parties based outside the European Economic Area. We will always ensure they will protect your information to EU standards.

If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

1. Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
3. Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website: http://ec.europa.eu/justice/data-protection/data-collection/data-transfer/index_en.htm

Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

For the majority of your personal data this will be held for 6 months if you are not engaged as a self-employed agent. If you are engaged as a self-employed agent, the Agent Data Privacy Notice for existing agents will explain how your personal information is used, and will be available for you to view on Agent Comms App.

Changes to this notice

We keep our new agent privacy notice under regular review. This notice was last updated 25 May 2018.