employee and contractor privacy notice
As with most businesses, we hold and process a wide range of information, some of which relates to individuals who we engage to work with us. We take these obligations very seriously, and we are committed to protecting the privacy of our current and former employees and contractors.
This Privacy Notice explains the type of information we process, why we are processing it and how and what rights you have.
This notice does not form part of your contract and does not create contractual rights or obligations. It may be amended by us at any time.
Curve Media Limited (“Curve”) whose principal office address is at 19-21 Nile Street, London N1 7LL or the subsidiary company of Curve named in your contract of engagement acting in its capacity of “data controller” (“Company” or “we”), provides this Privacy Notice regarding the processing of your data for the purposes related to the performance of the working relationship (as further described below) with you. You can contact us at the following email address: email@example.com
This Privacy Notice applies to:
i) any employee, whether engaged under any type of employment agreement, including any internship or apprenticeship agreement/contract, training programme and when necessary (for example in emergency situations and for benefits administration), to such employee’s spouse, domestic/civil partner or dependents (together dependents); or
ii) self-employed freelancers, workers and independent contractors; and
iii) any individual performing a work activity or professional performance for the benefit of the Company.
(together the above listed individuals are collectively defined as “you” and the relevant agreement with the Company, whatever form it takes as described under a), b) and c) above, is also defined as the “working relationship”).
What personal data do we collect from you?
Before entering into a working relationship or in the course of the working relationship with the Curve, Curve will collect data or may have data collected about you. We refer to such information as personal data which includes, for example, the following:
Personal Information: this includes but is not limited to, name, work and home contact details (email, phone numbers, physical address), language(s) spoken, right to work, employee identification number, gender, date and place of birth, national insurance number, driving license information, marital/civil partnership status, domestic partners, dependents, emergency contact information and photographs, employment status (e.g. active, inactive, maternity replacement).
Documentation required under immigration laws: Status of citizenship, passport data, details of residency or any work permit.
Salary, remuneration and payroll: includes but is not limited to salary, bonus, benefits, compensation type, stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, bank details, working time records (including vacation and other absence records, leave status, hours worked), pay data and life insurance beneficiaries.
Role/Position: Description of positions, job title, management category, job code, salary plan, pay grade or level, job function(s) and sub function(s), details of any directorships, company name and code (legal employer entity), branch/unit/department, location, employment status and type, full-time/part-time, terms of employment, employment contract, work history, hire/re-hire and termination date(s) and reason, length of service, business travel details, retirement eligibility, promotions and disciplinary records, date of transfers, and line manager(s) information.
Training/Qualification Information: Details contained in letters of application and CV (e.g., previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates), development programmes whether planned and attended, e-learning programmes, performance and development reviews, willingness to relocate and information used to populate employee biographies.
Management Records: Details of any shares or options.
System and Application Access Data: Information required to access company systems and applications such as active directory, email address, employee ID, other system and application user IDs and passwords, electronic content produced using company systems, building access information from any access control card system, office premises CCTV footage, access to documents and other materials, as well as incident response data (to the extent permitted by local legislation and Company policy).
Special Category Data: We may also process special categories of data. Such data may include criminal background checks (if permitted under local laws), health/medical information or disability status, trade union membership information, religion, race or ethnicity when necessary. Curve collects this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; and diversity-related personal data (such as gender, race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.
How we use your personal data?
We will process your personal data in compliance with applicable laws for the following purposes:
i) Managing workforce: HR administration and managing work activities and personnel generally, including recruitment, absence, performance management, promotions and succession planning, rehiring, salary and payment administration, pension and benefits administration, managing business expenses and reimbursements, planning and monitoring of training requirements and career development activities and skills
ii) Communications and Emergencies: facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others
iii) Business operations and security: operating and managing IT and communications systems, managing product and service development and improvement, managing and allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, re-organisations or disposals and integrations, building security and crime prevention
iv) Compliance: Complying with legal and other requirements, including audits, inspections and other requests from government or other public authorities.
v) Dispute resolution, responding to legal process such as summons, subpoenas, pursuing legal rights and remedies
vi) Health and safety: Complying with legal obligations on occupational safety and health.
(together all defined the “Contractual Purposes”).
vii) Intranet: Publishing details of you including your photograph on the Company’s intranet
viii) Corporate and commercial matters: if the Company is involved in a merger or transfer of all or a material part of its business, the Company may transfer your information to the party or parties involved in the transaction (“Other Purposes”);
The legal basis for processing your personal data
We process your personal data to perform the obligations under the contract with you, to comply with legal obligations arising in the context of your contract, for health and safety purposes, as well as to pursue the legitimate interests of the Company.
The processing of your personal data for Contractual Purposes is mandatory because if you refuse to provide the personal data, it would make it impossible to perform the contract between you and the Company.
The processing of your personal data for I Purposes and Other Purposes, are carried out in compliance with the legitimate interest of the Company which adequately balances the interests of the Company and you. That processing is not mandatory and, for this reason, you may oppose the processing as described in “your rights” sections of this Privacy Notice. If you object to this data processing, data will not be processed for the legitimate interest purposes, but we will continue to process any relevant data on another legal basis as appropriate.
How is your personal data processed?
We process your personal data through both electronic and manual means and it is protected by reasonable security measures. We will take appropriate administrative, technical, personnel and physical measures designed to protect personal data that are consistent with applicable privacy and data security laws and regulations that in particular include protecting personal data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access. This may include requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.
Who has access to your personal data?
All personnel within Curve will generally have access to your business contact information such as name, position, telephone number, business postal address and email address.
We may share your personal data for the purposes specified in this Privacy Notice with the following categories of entities that can be located within and outside the EEA as follows:
i) Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, health and safety representatives and other professional advisors.
ii) Service Providers and Clients: Companies that provide products and services to the Curve such as payroll, pension scheme, benefits, human resources, performance management, training, expense management, IT systems supply and support, credit cards, medical or health services, trade bodies and associations services, travel services and others. Companies which the Company provide products or services to such as commissioning broadcasters and other end users.
iii) Public, Judicial, Governmental Authorities and Litigants: Entities that regulate or have jurisdiction over the Company such as regulatory authorities, law enforcement, public bodies and judicial bodies or other third parties in connection with judicial or regulatory proceedings.
iv) Other Purposes: A third party in connection with any proposed or actual re-organisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Curve’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Access to personal data within the Company will be limited to those who have the “need to know” and may include your managers, personnel in HR, IT, Compliance, Legal, Finance and Accounting and Internal Audit.
Will your personal data be transferred abroad?
We may transfer your data to countries outside of the EEA e.g. Israel (if an application process is via eTribez) and the United States. We will ensure that any transfer is lawful and that there are appropriate security arrangements
We try to be as open as we reasonably can about personal data that we process. You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including giving you a description and copy of the personal data; and telling you why we are processing it. If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
You have the right to:
i) Obtain confirmation as to whether or not your personal data exists and to be informed of its content and source, verify its accuracy and request its rectification or amendment.
ii) Request the deletion, anonymisation or restriction of the processing of your personal data processed in breach of the applicable law.
iii) Object to or request the limiting of the processing, in all cases, of your personal data for legitimate reasons.
iv) Receive an electronic copy of your personal data, if you would like to port the personal data, which you have provided to us, to yourself or to a different provider (data portability), when the personal data is processed by automatic means and the processing is either (a) based upon your consent or (b) necessary for the provision of the company service; and
v) Lodge a complaint with the relevant data protection regulatory authority.
Please note, however, that certain personal data may be exempt from such access, correction and deletion requests pursuant to applicable data protection laws or other laws and regulations.
The personal data collected pursuant to this Privacy Notice is retained for the duration of the working relationship and, after the termination of the working relationship for up to 6 (six) years, except for longer periods where the retention of the personal data is necessary due to litigation, requests filed by competent authorities or in compliance with applicable laws.
In any case, we will take steps to ensure that the personal data processed is relevant and not excessive for its intended use and is accurate and complete for carrying out the purposes described in this Privacy Notice. Accordingly, we will retain personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After the applicable retention period has ended, the Company shall securely destroy or delete the personal data or anonymise it.
Please keep personal data up to date and inform us of any significant changes to personal data. You agree to inform your dependents, whose personal data you provide to the Company, about the content of this Privacy Notice, and to obtain their consent (provided they are legally competent to give consent) for the processing of that personal data by the Company as set out in this Privacy Notice.
You further agree to follow applicable law and the Company’s, standards and procedures that are brought to your attention when handling any personal data to which you have access in the course of your working relationship with the Company, in particular Curve’s Data Protection Policy. You will not access or use any personal data for any purpose other than in connection with and to the extent necessary for your working relationship with the Company. You understand that these obligations continue to exist after termination of your working relationship with the Company.
Changes to the Privacy Notice
We may change or update this Privacy Notice at any time.