Reward Gateway (UK) Ltd (“we”, “us” or “our”) is committed to protecting and respecting your privacy.
We will be the data controller of your personal data which you provide to us or which is collected by us as part of your employment. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Privacy Notice (“Notice”). It is important that you read this Notice so that you are aware of how and why we are using your personal information and how we will treat it.
You can also contact us using the details provided at the end of this Notice in the “Contacting Us” section.
The Type of Information We Collect From You and How We Use It
As your employer, we need to keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately. Further details of how we use your personal data are set out below.
In this section, we have indicated with asterisks whether we need to process your personal data:
* to comply with the employment contract
** to pursue legitimate interests of our own or of third parties, provided that your interests and fundamental rights do not override those interests;
*** to enable us to comply with our legal obligations; and/or
**** with your consent.
If you do not provide this information, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
During the recruitment process**
When you register with us for recruitment and vacancy updates or complete an application form we will need to maintain a copy of your information to track your progress through the job application process. This applies for both internal and external vacancies.
This information will be used to:
Communicate with you and manage your application throughout the application process.
Confirm your right to work in the relevant jurisdiction.
Conduct security screening in accordance with our Information Security Management System and, if necessary, ask you to complete a criminal records disclosure in accordance with our Background Check Policy (available on request.)
If you are successful, between you accepting our offer and your start date, communicate with you using a service provided by Enboard.Me Pty Ltd.
We may also ask you to conduct a psychometric test run by The Insights Group Limited.
Whilst you are working with us
To correspond with you*
Your name, address, email address, telephone number and other contact information are required for us to meet our organisational and statutory obligations to you as your employer. In order to process the payroll, handle expenses, and administer some benefits we will need your bank details too.
We will also use these details in our correspondence with or about you, for example, letters to you about a pay rise.
To process your benefit selection****
Whilst Reward Gateway administers a lot of benefits in-house, several optional benefits that we provide require us to give your information to third-parties to administer. We have taken steps to ensure these providers act in accordance with data protection law on your behalf. These are:
If you choose to receive life assurance, we will provide your details to Lockton LLP.
If you choose to receive an employer-paid healthcare cash-plan, we will provide your contact details to Westfield Health.
If you chose to receive a sports card (Sodexo Pass), we will provide your contact details to Sodexo.
During your employment, you will be able to opt-out of these benefits by contacting the People Team.
Course of business**
Records relating to your career history, such as training records, appraisals, other performance measures and, where necessary, disciplinary and grievance records will be kept. We will also keep copies of your employment contract and any amendments that have been made to it.
You will, of course, inevitably be referred to in many company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company.
To track annual leave, sick pay, and for emergencies***
Where necessary, we may keep information relating to your health, which could include reasons for absence and doctors’ reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.
Whilst it is voluntary, you may also choose to provide us with next of kin details, which will be used in the event of an emergency.
We will also keep records of holiday (annual leave/PTO) to comply with our statutory obligations.
To ensure our security**
At Reward Gateway we take the security of your data and our customer’s data very seriously. As part of this, and our Information Security Management System, it means that we have additional measures in place.
We use Okta for identity management and controlling access to third-party systems used across the business.
We monitor your computer and telephone use, as detailed in our Acceptable Use & IT Policy (available on boom!) to detect and prevent malicious software from affecting our networks. Your team may also choose to use this for coaching purposes, and to help with your performance.
We also monitor your use of email and Internet to ensure that Customer Personal Data is not sent or received through insecure channels.
Within our offices, we use CCTV. This recording is conducted to assist in the prevention and detection of crime, and assist with the identification of actions that might result in disciplinary proceeding.
After you have left us***
At the time when your employment ends and after you have left us, we will still need to keep your information on file. This is so that we can complete our statutory obligations for financial and tax purposes.
Your new employer may also want to request a reference from us. We will only complete this if we are satisfied that you are aware the reference has been requested, otherwise, we will not disclose any information about your time at Reward Gateway. This reference will only contain confirmation of your name, job title, and dates of employment with us.
If you are a participant in the Employee Share Scheme too, we will need to keep your details to let you know about important trigger events. If this happens after our statutory obligations have expired, we will then no longer have reason to keep your details.
Sensitive Data we Collect
Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law, for example, information required for equal opportunities monitoring.
Information we receive from other sources
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your hiring manager, or in some cases, external sources, such as referees and recruitment agencies. We will combine information we receive from other sources (as set out in this Notice) with information you give to us. We will only use this information and the combined information for the purposes set out in this Notice.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and permitted under data protection laws. If we need to use your personal information for an unrelated purpose, in most cases we will notify you and we will explain the legal basis which allows us to do so.
Disclosures of Your Information
We may share your information with the third parties set out below.
Activ Payroll: Global and domestic payroll delivery processing.
Enboard.Me Pty: New starter administration and on-boarding.
BambooHR: Employee administration.
Greenhouse.io: Vacancy and candidate administration.
Squire-Patton Boggs LLP: Employees share programme administration.
Google Inc: Assorted business management.
Okta: Identity management and IT systems access.
Salesforce: Customer relationship management.
Jira: Internal ticketing system.
- 15Five: Continuous performance measurement software.
Bulstrad: Occupational health insurance.
In order to manage the business, we will use information which personally identifies you, however, we may also use consolidated information.
Members of our Group
This means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, and our Affiliates. Affiliate means any other entity that, directly or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with, us. We will only share personal information with these entities for the purposes connected with your employment or the management of the company’s business.
We will also disclose your personal information to third parties:
in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and/or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This will include sharing your information as part of a legal or official investigation, to prevent fraud and other criminal offences or because of a Court Order, for example, with HMRC or the police.
International Transfers of Your Personal Data
A number of the service providers listed above are based outside the European Economic Area and your personal information may therefore be transferred to or accessed from outside of the European Economic Area.
BambooHR, Greenhouse, and Google Inc are all based in the US. As the US is located outside of the European Economic Area, it is not governed by European data protection laws. The US has not been deemed by the European Commission to provide an adequate level of protection for personal data originating in the European Union. However, all of these providers are certified under the EU-U.S. Privacy Shield Framework which means they are required to protect your personal information in accordance with the Privacy Shield Framework.
You can view their certifications at www.privacyshield.gov.
Storage of your information
Before you join Reward Gateway, any personal data you submit will be stored for a period of three years unless you request their removal.
After you leave Reward Gateway, your personal data will be stored in accordance with data protection legislation and the guidance set out by the UK’s Chartered Institute of Personnel & Development.
We take the security and confidentiality of your personal information very seriously. We will use strict procedures and security features to aim at preventing unauthorised access, such as being ISO 27001 and ISMS certified, access controls, the use of encryption and hashing and robust physical security controls. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our systems; any transmission is at your own risk.
Data protection laws provide you with the following rights to:
request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
request the restriction of processing of your personal information, for example if you want to establish its accuracy or the reason for processing it; and
request the transfer of your personal information to another party.
You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your data will not be used for marketing purposes unless we have your consent.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Changes to our Privacy Notice
We may update this Privacy Notice from time to time and will publish an up to date copy of the Privacy Notice on boom! Please check back frequently to see any updates or changes to our Notice.
If you have any queries, comments or requests regarding this Notice or you would like to exercise any of your rights set out above, you can contact us in the following ways:
by email at email@example.com or;
by post at Reward Gateway (UK) Ltd, 265 Tottenham Court Road, London, W1T 7RQ.