Processing of (personal) data by the entity in charge of the online application process
Monument Re Limited
(“Monument Re”)
Privacy Notice for Employees
Dated: February 2021
Document Control Sheet | |
| Document | Privacy Notice for Employees |
| Version | V 1.0 |
| Document Owner | Group General Counsel |
| Preparer Details | Bernie Brennan, Head of Compliance |
| Review Responsibility | Group General Counsel |
| Review History and Dates | Initial Draft February 2021 |
| Authorised Date | February 2021 |
| Authorizer | Monument Re Limited Executive Committee |
| Effective Date | 22 February 2021 |
Contents
Monument Re Limited Group Privacy Notice for our employees and contingent workers. 4
Your Legal Rights. 6
How Your Personal Data is Processed. 8
All Colleagues. 17
Applying for a Role. 18
As an Employee or Contingent Worker. 22
After our Relationship Ends. 29
Contact Us. 31
Glossary of Terms. 32
Monument Re Limited Group Privacy Notice for our employees and contingent workers
This Privacy Notice does not form part of any employees' contract of employment and we may update it at any time.This Privacy Notice explains how we collect and use Personal Data for:
Applicants and candidates;
- All current colleagues, including all current employees, workers, individual contractors, contingent workers, interns, secondees, agency workers, consultants, directors and third parties whose information is provided to us in connection with one of these relationships (e.g. next-of-kin, emergency contact information and dependents); and
- All former colleagues.
It is important to read this Privacy Notice together with any separate privacy or fair processing notices that we may provide when collecting Personal Data from you. Any such notices are important. They will explain the Monument Group company (or third party) which is legally responsible for managing your Personal Data and give more information about how we, and any third party, will use the particular Personal Data collected, your rights and, in some cases, details of any other provisions that may apply to the processing of that Personal Data.
We may seek your consent to certain processing. If consent is required for the processing in question, it will be sought from you separately (whether within a fair processing notice or otherwise) directly by us or a third party appointed to do so on our behalf. This helps us to ensure that it is freely given, informed and explicit. You should be aware that it is not a condition or requirement of your relationship with us that you agree to any request for consent from us. You will be informed of the right to withdraw consent at any time.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If the way that Personal Data will be managed differs from this Privacy Notice or is incompatible with the original purpose for which the data was collected, additional information regarding this processing will be provided to you and, if necessary, we will seek your consent and explain the consequences if you choose not to consent.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with this Privacy Notice, where this is required or permitted by applicable law.
- If you have any questions about how your Personal Data is managed, please refer to the further details provided in this Privacy Notice. If you continue to have questions, you can use the contact details provided to ask us directly.
Your Legal Rights
You have legal rights under data protection laws in relation to your Personal Data.1. To Access Personal Data
You can ask us to confirm whether or not we have and are using your Personal Data. You can ask to get a copy of your Personal Data.
2. To Rectify / Erase Personal Data
You can ask that we rectify any Personal Data about you which is incorrect. We will be happy to rectify such Personal Data but would need to verify the accuracy/inaccuracy of the information first.
You can ask that we erase your Personal Data where there is no good reason for us to continue to process it.
If we required your consent in order to use your data, you can withdraw your consent and ask that we erase your Personal Data.
You can also ask that we erase your Personal Data after you have successfully objected to our use of your Personal Data or where we have used it unlawfully or where we are subject to a legal obligation to erase your Personal Data.
We may not always be able to comply with your request, for example where we need to keep using your Personal Data in order to comply with our legal obligations or where we need to use your Personal Data to establish, exercise or defend legal claims.
3. To Restrict Our Use of Personal Data
You can ask that we restrict our use of your Personal Data in certain circumstances, for example where you think the Personal Data is inaccurate and we need to verify it; where our use of your Personal Data is not lawful but you do not want us to erase it; where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or, if you have objected to our use of your Personal Data but we still need to verify if we have overriding grounds to use it. We can continue to use your Personal Data following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
4. To Object to Use of Personal Data
You can challenge and object to any use of your Personal Data which we have justified on the basis of our legitimate interest if you believe your fundamental rights and freedoms outweigh our legitimate interest. Once you have objected, we will have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms and justify our continued use of your Personal Data.
5. To Request a Transfer of Personal Data
You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another Data Controller (e.g. another company). Please note however that you only have this right where you initially gave us your consent to use your Personal Data, or we used your Personal Data in order to perform a contract with you, and we have processed your Personal Data by automated means.
6. Exercising Your Rights
We may ask you for proof of identity when making a request to exercise any of these rights if we have reasonable doubts as to your identity. We do this to ensure we only disclose information or change account details where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is manifestly unfounded or excessive in nature. Where a fee is necessary, we will inform you before proceeding with your request. We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month and will, in any event, respond within 3 months of the request. To speed up our response, we may ask you to provide more detail about what you want to receive and where it might be located. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way. You can ask for a copy of, or reference to, the safeguards we have put in place when your Personal Data is transferred outside of the EEA.
How Your Personal Data is Processed
We have set out some information regarding how we manage your Personal Data below, in the form of Frequently Asked Questions.If you have a question which is not answered in the text below, please use the contact us information provided to ask us directly.
| Question | Answer |
| What is the basis on which you justify processing my Personal Data? | In order to carry out any processing of your Personal Data, we need to ensure that we have a particular reason to do so. We have set out the reasons we have for processing your Personal Data in this Privacy Notice. These reasons can be grouped into one or more general grounds for processing, which directly relate to the grounds for processing set out in the GDPR. We have also identified these general grounds within this Privacy Notice. Please contact us to receive more information regarding the lawful bases for processing or our legitimate interests, if you have any questions at all or would like more detail than is set out in this Privacy Notice. The general grounds and what they mean are described further below: |
| Grounds | Description |
| The processing is needed for a contract with you. | We can process your Personal Data where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract. This means that we can carry out the actions needed to conclude or execute our contract with you. For example, we need some information from you to be able to pay you and provide you with benefits. |
| The processing is needed so that we can comply with our legal obligations. | We can process your Personal Data where this processing is necessary for compliance with a legal obligation to which we are subject. Therefore, we can carry out any actions we need to take in order to comply with laws. This could include complying with employment law, tax requirements or immigration rules. |
| The processing is needed for our or a third party’s legitimate interests. | We can process your Personal Data where the processing is necessary for our or a third party’s legitimate interests, provided that those interests are not overridden by your interests or your rights in your own Personal Data. Where we are relying on this ground as the basis for our processing, we will tell you what the legitimate interests are (whether in this Privacy Notice or in another fair processing notice). We can carry out any actions we consider are needed for these interests, as long as we consider that the processing in question does not negatively infringe on your privacy rights and interests. |
| You have freely and expressly consented to us processing your personal information for a specified purpose. | We can process your Personal Data where you have freely and expressly consented to this processing. |
| What are Special Categories of Personal Data? | Special Categories of Personal Data means any Personal Data relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. |
| In order to carry out any processing of your Special Categories of Personal Data, we need to ensure that we have a particular reason to do so - in addition to the grounds for processing your Personal Data set out in this Privacy Notice. We have set out the reasons we have for processing your Special Categories of Personal Data in this Privacy Notice. These reasons can be grouped into one or more grounds for processing, which directly relate to the grounds for processing Special Categories of Personal Data set out in the GDPR. We have also identified these grounds within this Privacy Notice where Special Categories of Personal Data are processed. The same grounds can also be relied upon for processing Criminal Check Information. These grounds and what they mean are described further below: | |
| Grounds | Description |
| The processing is needed for carrying out our employment law obligations. | We can process Special Categories of Personal Data where the processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law (such as health and safety law). This means that we can carry out any actions we need to undertake in order to comply with our obligations under employment, tax and health and safety law. This could include managing you in accordance with employment law or complying with reporting requirements. |
| The processing is needed for occupational medicine. | Our external and internal occupational health advisers can process Special Categories of Personal Data where the processing is necessary for the purposes of preventative or occupational medicine, for the assessment of your working capacity or to provide a medical diagnosis. This means that our occupational health team can manage your Medical Information in order to provide you and us with medical or occupational health services. |
| You have freely and explicitly consented to us making use of your Special Categories of Personal Data for a specified purpose. | As above, we can process your Special Categories of Personal Data where you have freely and explicitly consented to this processing for a specified purpose. |
| The processing relates to personal data which has been made public by you. | We can process Special Categories of Personal Data where the information has already been made public by you. |
| The processing is necessary for substantial public interests. | We can process Special Categories of Personal Data where the processing is necessary for reasons of substantial public interest, as set out in the DPA. |
| The processing is needed to protect your life or the life of another. | We can process Special Categories of Personal Data where the processing is necessary to protect your vital interests or that of another person where you are physically or legally incapable of giving consent. This means that we can process your Personal Data in exceptional emergency situations, such as a medical emergency, for example. |
| The processing is necessary for insurance purposes. | We can process Personal Data relating to your health where the processing is necessary for the purposes of providing you and your family with insurance products. |
| The processing is necessary for occupational pensions / other pension arrangements. | We can process Personal Data relating to your health where the processing is necessary in connection with an occupational pension scheme or other pension arrangement. |
| The processing is needed for legal claims and/or legal advice. | We can process your Special Categories of Personal Data if the processing is necessary for the establishment, exercise or defence of legal claims and/or for providing or obtaining legal advice in connection with legal claims or prospective claims. |
| What if I do not provide you with my Personal Data? | In some cases, you will be free to withhold Personal Data from us. However, if you do withhold specific information, we may not be able to continue your relationship with us particularly if we believe we require the relevant information to support the effective and efficient administration and management of our relationship. For example, we require your Identity Information, Contact Information and Payroll Information in order to pay you. If this is not provided, we may be unable to perform our contractual obligations and have to terminate our contractual relationship with you. |
| How do we keep your information secure? | We are committed to protecting the confidentiality and security of the information provided to us and have invested in robust technical, physical and organisational security controls to protect information against unauthorised access, damage, disclosure or loss. If you would like more information about the safeguards we have put in place, please contact us. |
| Where do we get your Personal Data from? | In most cases, we receive the Personal Data direct from you. You either provide this to us (or our third party) at recruitment or do so at another time during your employment with us. This will include Personal Data that you input into a form as well as information that you give to the HR team and to your manager. For example, you provide information directly to us in an application form, CV or similar document. You will provide this through our HR team, local manager or through our online portals or third parties. We may create Personal Data about you during your employment. As stated, in some cases, we get Personal Data about you from third party sources. |
| Internal Sources In addition to the Personal Data that you provide to us, we may generate some further Personal Data internally. This will usually be generated by your line managers and the HR. For example, we will create interview notes during recruitment and we will also give you regular feedback as part of your development and any performance management processes. In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings and email and Internet access logs), if and to the extent permitted by applicable laws. In these circumstances, the data may be collected by us or a third party provider of the relevant service. | |
| External Sources Due to the size and complexity of our operations it is not possible to name each of our sources of Personal Data in this notice. However, we may also obtain some information from third parties, for example, references from a previous employer, medical reports from external professionals, information from tax authorities and benefit providers or where we employ a third party to carry out a background check (where permitted by applicable law). | |
| When do we share your information with others? | Within Monument, your Personal Data can be accessed by or may be disclosed internally on a need- to-know basis. Your Personal Data may also be accessed by third parties, including suppliers, advisers, national authorities and government bodies. Where these third parties act as a data processor (for example, a supplier who carries out pre- employment screening on our behalf), they carry out their tasks on our behalf and upon our instructions for the purposes set out in this Privacy Notice. In this case your Personal Data will only be disclosed to these parties to the extent necessary to provide the required services. In some cases, the external recipient may also be a data controller of your Personal Data. In such a case, a further notice may be provided to you regarding the processing of your Personal Data by that third party. |
| Internal Recipients Internal recipients of your Personal Data include: Local, and global HR departments, including managers and team members; Local, and executive management responsible for managing or making decisions in connection with your relationship with Monument or when involved in a HR process concerning your relationship with Monument (including, without limitation, staff from Company Secretarial, Compliance, Legal, Group Investigation and Forensic Audit and Information Security); Staff in the finance function and other areas relating to the provision of staff benefits; System administrators; and Where necessary for the performance of specific tasks or system maintenance by staff in teams such as the Group Tax, Treasury, Finance, IT, Group Exco. Personal Information may also be shared with certain interconnecting systems such as recruitment systems and local payroll, benefits and IT systems. In addition, certain basic Personal Data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other employees for the purposes set out in this Privacy Notice. | |
| External Recipients Due to the size and complexity of our operations it is not possible to name each of our data recipients in this notice. Examples of third parties with whom your Personal Data may be shared include: Our clients or customers; Service providers (e.g background check service providers); Tax authorities, Regulatory authorities, Our re-insurers, Bankers, IT administrators, Lawyers, Auditors, Investors, Consultants and other professional advisors, payroll providers, and Administrators of our benefits programs (where those are outside of Monument). Personal Data contained in our HR and other interconnecting systems, Personio for example, may be accessible by providers of those systems, their associated companies and sub-contractors (such as those involved with hosting, supporting and maintaining the framework of our HR information systems). We expect these third parties to process any data disclosed to them in accordance with the contractual relationship between them and us and applicable law, including with respect to data confidentiality and security. In addition, we may share Personal Data with national authorities in order to comply with a legal obligation to which we are subject. For example in complying with an inspection conducted by the Workplace Relations Commission. | |
| Is any of my Personal Data transferred overseas? | We share your Personal Data within the Monument Group as set out in this Privacy Notice. Some of the people who access your Personal Data may not be in the same country as you and may be outside of the EEA. In addition, some of the external organisations we share your Personal Data with may be located outside of the EEA. Where possible, we will try and anonymise your personal data before it is transferred outside of the EEA. We will always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights: We will only transfer Personal Data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; Transfers to service providers and other third parties will be protected by contractual commitments (such as the European Commission-approved Standard Contractual Clauses), certification schemes (for example, the EU - U.S. Privacy Shield for the protection of Personal Data transferred from within the EU to the United States of America) or other legally acceptable mechanisms that ensure an adequate level of protection; and Any requests for information we receive from law enforcement or regulators will be carefully assessed before Personal Data is disclosed in response to them. |
| How long do we retain Personal Data? | We will retain your Personal Data for as long as is reasonably necessary for the purposes explained in this Privacy Notice. In some circumstances we may retain your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In some cases, we may also retain your Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your relationship with us. We maintain Record Retention Schedules which we apply to records in our care. Where your Personal Data is no longer required we will ensure it is either securely deleted or stored in a way that no longer identifies you. We will generally retain your Personal Data for only so long as it is required for the purposes for which it was collected. This will usually be the period of your employment or other contract with us plus the length of any applicable statutory limitation period following your departure. However some data, such as pension information, may need to be kept for longer. We may keep some specific types of data, for example, tax records, for different periods of time, as required by applicable law and as set out in the Record Retention Schedules. |
| How do we manage the collection of Personal Data about other individuals? | Apart from Personal Data relating to yourself, you may also provide us with Personal Data of third parties. For example, you may provide us with Next of Kin Information as set out in this Privacy Notice. Before you provide information about others to us, you must first inform these individuals that you intend to provide their details to us and of the processing to be carried out by us, as detailed in this Privacy Notice. |
| How do we manage changes to this Privacy Notice? | We may amend this Privacy Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. This Privacy Notice was last updated on 19th January, 2021. |
All Colleagues
We carry out certain processing activities for all employees and contingent workers, regardless of type and stage of the relationship. To the extent that this Personal Data is not collected from you, it is usually generated internally through our management, HR and for payroll processes.Applying for a Role
When you apply for a role with us, we will process Personal Data in order to manage and administer your application.| Activity | Detail |
| Accept Your Application | We need to know who you are and identify you in order to be able to begin to engage with you regarding your application to us. We use your Contact Information, your Identity Information and your Nationality Information in order to assess your identity and accept your application. We may also use Regulatory Information if the role that you have applied for is regulated. We do this to prepare to enter into a contract with you and on the basis of our legitimate interests in complying with our regulatory obligations. We may add to the information that you provide to us when we undertake our checks of your identity and when we consider your application. Any new Personal Data will be generated internally, through HR or the management team. If your application is managed by a recruitment agency or other third party who acts on our behalf, this information will be received from that agency or third party. |
| Communicate With You | During the application process, we will make and receive communications with you regarding your application. We will process your Contact Information and your Identity Information in order to do this. We do this to prepare to enter into a contract with you and for our legitimate interests in managing an effective recruitment process. The content of any communication to you from us (whether about your application or otherwise) will have been generated by our recruiters, HR and management teams. |
| Assessment and Selection | To assess your suitability for a role, we will collect and process your Personal Data. This assessment includes considering your qualifications, educational history, work experience and skills against those of other candidates and our role specification and requirements. We will process Identity Information, Recruitment Information and Skills Information for the purposes set out above. We may also use Regulatory Information, if the role that you have applied for is regulated. We do this to prepare to enter into a contract with you and for our legitimate interests to ensure that we recruit the best candidate for our organisation. For regulated roles, we also process this information on the basis of our legitimate interests in complying with our regulatory obligations. We may add further information to your application as you proceed through the selection process. The activities we undertake could include a review of your application, internal discussions, interview with you and internal feedback and it is likely that further Personal Data will be generated by you, our managers, HR and recruiters. |
| Background Checks | We need to carry out pre-employment vetting and background checks to confirm relevant issues such as your credit status, identity, employment history and professional qualifications. We carry out checks permitted by law in order to protect our business, customers and our staff. The Personal Data that we will review for this purpose may include Contact Information, Identity Information, Job Information, Nationality Information, Recruitment Information, and Vetting Information. We carry out this processing on the basis of our legitimate interests in protecting our business, customers and our employees. Our third party supplier will assist us to carry out these background checks. They may provide us with additional Personal Data relating to you in the form of the results of the checks and any report. We may also generate further Personal Data when the results are considered internally by managers, HR and recruiters. In addition, we will also receive references about you from former employers and other referees that you may provide. |
| Additional Background Checks - Regulated Roles Only | Where you are a CBI approved person or your role is subject to regulatory requirements set out by the CBI, we will need to undertake additional background checks as these are required by the relevant regulatory regime. In addition to the checks set out above, we also need to carry out additional pre-employment vetting and background checks to confirm your regulatory status and your fitness and propriety to hold the relevant role. We carry out these checks in order to protect our business, customers and our staff and comply with our regulatory requirements. The Personal Data that we will review for this purpose may include Contact Information, Identity Information, Job Information, Nationality Information, Recruitment Information, Regulatory Information and Vetting Information. We carry out this processing on the basis of our legitimate interests in protecting our business, customers and our employees and complying with our regulatory obligations. Our third party supplier will assist us to carry out these background checks. They may provide us with additional Personal Data relating to you in the form of the results of the checks and any report. We may also generate further Personal Data when the results are considered internally by managers, HR and recruiters. In addition, we will also receive references about you from former employers and other referees that you may provide. |
| Criminal Record Screening | In addition to the background checks referred to above, we may also undertake criminal background checks where this is necessary to comply with a legal obligation (e.g. if an employee is to work with children/vulnerable adults in the course of employment), perform a contract to which you are a subject or where you have given your consent to such checks being undertaken. The Personal Data that we will review, if such checks are to be undertaken, may include Contact Information, Identity Information, Job Information, Recruitment Information, Regulatory Information (where applicable and depending on the circumstances) and Criminal Check Information. To the extent that we process Criminal Check Information, we process this Personal Data on the basis of consent, necessity to perform a contract or legal obligation. Our third party supplier will assist us to carry out these criminal background checks. They may provide us with additional Personal Data relating to you in the form of the results of the checks and any report. |
| Right to Work | We need to ensure that all successful candidates have the right to work in the relevant country before they commence working for us. The Personal Data that we process for this purpose is Identity Information, Contact Information and Nationality Information. If we need to assist you with a visa or other immigration application, we may also require additional information for this purpose such as Next of Kin Information, Recruitment Information and Skills Information. We process this Personal Data in order to comply with our legal obligations and as is necessary for the performance of any contract with you. We may process Personal Data which we will receive regarding immigration and any associated applications from government agencies, our immigration specialists, HR, management and recruiters. |
| Making an Offer / Onboarding | If we wish to offer you a role with us we will need to use your Personal Data in order to make an offer to you and generate the appropriate documentation. The Personal Data that we may process for this purpose may include your Contact Information, Identity Information, Job Information, Entitlement Information, Recruitment Information, Remuneration Information, Skills Information, Regulatory Information (as appropriate) and certain Vetting Information. If you choose to accept the job offer, we will need to process some of the Personal Data above and Next of Kin Information and Payroll Information. We do this to prepare to enter into a contract with you and for our legitimate interests in onboarding you into our organisation and complying with our regulatory obligations. |
As an Employee or Contingent Worker
We will collect, use and share Personal Data about you if you currently work for the Monument Group. To the extent that this Personal Data is not collected from you, it is generated internally through our management, HR and payroll processes.| Activity | Detail |
| Managing our relationship | We will process your Personal Data to ensure that the terms of your contract with us are administered effectively. To do this, we will need to process Contact Information, Career Information, Identity Information, Job Information, Entitlement Information, Leave Information, Medical Information, Nationality Information, Next of Kin Information, Payroll Information, Performance Information, Recruitment Information, Regulatory Information (if applicable), Remuneration Information, Skills Information, Talent Management Information, Termination Information and Vetting Information. We process this Personal Data because it is necessary for performance of our contract with you and for compliance with our legal obligations. Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done on the basis of carrying out our employment law obligations to you and for the purposes of occupational medicine. Personal Data may be generated by the occupational health team or by third party suppliers, including those who assist with background checks. |
| Reward | We will process your Personal Data to ensure that you receive the benefits and rewards applicable to your relationship with us. To do this, we will process Contact Information, Identity Information, Job Information, Entitlement Information, Leave Information, Nationality Information, Next of Kin Information, Payroll Information, Remuneration Information, Talent Management Information, Training Information and Termination Information. We process this Personal Data because it is necessary for performance of our employment contract with you and for our legitimate interests to ensure that we reward our people appropriately. Your Personal Data will be shared with our external benefits providers (where appropriate) and with Monument Group companies who provide benefits as set out in this Privacy Notice. |
| Payroll | We will process your Personal Data to ensure that the terms of your contract are administered effectively, including any terms in relation to your pay. To do this, we will process your Contact Information, Identity Information, Job Information, Payroll Information, Entitlement Information, Leave Information, Remuneration Information and Termination Information. We process this Personal Data because it is necessary for performance of our employment contract with you. We may receive and share information from third parties in order to manage this processing activity, such as with tax authorities. |
| Recognition Awards | We will process your Personal Data to allow you to participate in and receive awards under any recognition award scheme in operation. To do this, we will process your Contact Information, Identity Information, Job Information, Performance Information and Payroll Information. We process this Personal Data for our legitimate interests in rewarding, incentivising and recognising our staff. |
| Managing all types of leave including annual leave, family friendly leave, sickness absence and all other types of statutory leave | We will process your Personal Data so that we can manage all types of leave including your annual leave, family friendly leave, sickness absence and all other types of statutory leave. To do this, we will process Contact Information, Identity Information, Job Information, Entitlement Information, Leave Information, Performance Information, Next of Kin Information, Medical Information and Remuneration Information. We process this Personal Data because it is necessary for performance of our employment contract with you and for compliance with our legal obligations. Your Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done on the basis of carrying out our employment law obligations to you, which include our obligations under health and safety law. A Third Party Medical Professional also carries out this processing for occupational medicine purposes, in particular, the assessment of your working capacity. If it is necessary for you to undergo a medical assessment, you may provide Medical Information directly to the third party Medical Professional during the assessment process. Information relating to this medical report will be provided to us from the third party Medical Professional. |
| Business Reorganisation | We will process Personal Data from time to time about you in order to help us run the business effectively and manage change and transformation programmes. In order to do so, we will process your Identity Information, Job Information and Performance Information. We may also process Remuneration Information, Skills Information, Talent Management Information and Termination Information. We will process this Personal Data for our legitimate interest in ensuring the business is run effectively and to comply with our legal obligations. Depending on the type of programme, we may need to share your Personal Data with third parties (e.g. government departments) as a result of such activities. |
| Legal and regulatory compliance | We will process Personal Data in order to comply with our legal and regulatory obligations, including in relation to tax, revenue, right to work, our health and safety obligations, working time and any other legal or regulatory obligations imposed on us by the our regulators as an insurance company or otherwise. To do this, we will process Identity Information, Job Information, Entitlement Information, Leave Information, Medical Information, Nationality Information, Payroll Information, Regulatory Information (where applicable), Remuneration Information, Termination Information, Training Information, Vetting Information. We process this Personal Data because it is necessary for compliance with our legal obligations and on the basis of our legitimate interests in complying with our regulatory obligations. Your Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done on the basis of carrying out our employment law obligations to you, which include our obligations under health and safety law. We may need to share your Personal Data with regulatory authorities, public authorities, enforcement bodies, legal advisers and other third parties for these purposes. From time to time we may be asked to provide information about our workforce to our regulators, to law enforcement and other public authorities, or to meet legal disclosure requests as part of a legal process or court order. These requests may cover a range of matters including financial conduct, data protection, tax, employment within the EEA, the UK or Bermuda. |
| Business Protection | We undertake processing activities during your employment which are designed to ensure that our business operations are protected. These activities include monitoring both the behaviour and activity of our employees and the use of our systems. To do this, we may process any of the Personal Data held on our systems. We may also incidentally process Special Categories of Personal Data or Criminal Checks Information. We process this Personal Data because it is necessary for compliance with our legal obligations and on the basis of our legitimate interests in complying with our regulatory obligations, protecting our business, monitoring use of our systems and assets and to manage the activities and behaviour of our employees. To the extent that we process Special Categories of Personal Data or Criminal Check Information, we process this Personal Data on the basis set out on pages 6-7 and 16-19 of this Privacy Notice. In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings and email and Internet access logs), if and to the extent permitted by applicable laws. In these circumstances, the data may be collected by us or a third party provider of the relevant service. |
| Investigations, complaints, disciplinary, grievances and performance management | As a responsible business, we may need to process your Personal Data for HR processes, such as disciplinary and grievance processes, or for the purposes of performance management. Our policies on these matters are contained in the Employee Handbook. We may also process your Personal Data in connection with your usage of our IT and communications systems for disciplinary and grievance processes, or for the purposes of performance management. Please see our Acceptable Usage Policy for more details. The Personal Data that we will process for these purposes is HR Process Information and Performance Information. Depending on the circumstances, we may also process other categories of Personal Data, including Contact Information, Identity Information, Job Information, Leave Information, Medical Information, Recruitment Information, Regulatory Information (if applicable), Skills Information, Training Information, IT and Communications Systems Usage Information and Vetting Information. We process this Personal Data for our legitimate interests in protecting our business, customers and our employees. We also process this Personal Data to ensure compliance with our legal obligations. Your Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done on the basis of carrying out our employment law obligations to you, which include our obligations under health and safety law. Our internal and external occupational health teams carry out this processing for the purposes of occupational medicine, in particular, the assessment of your working capacity. We may also process Criminal Check Information for this purpose. To the extent that we do, we process this Personal Data on the basis of consent, necessity to perform a contract or legal obligation. We may obtain some of the Personal Data above from other colleagues, including employees, workers and contractors. Where applicable, Personal Data may also be generated by a third party Medical professional. |
| Talent Management | We will process your Personal Data to ensure that we manage talent effectively within our business. To do this, we will process your Career Information, Job Information, Recruitment Information, Skills Information, Performance Information and Talent Management Information. We will process this Personal Data for our legitimate interest in ensuring that we manage talent effectively. |
| Learning and Development | We will process your Personal Data to ensure that you receive the training necessary to perform your role and develop generally. To do this, we will process Contact Information, Identity Information, Job Information and Training Information. We process this Personal Data for our legitimate interests in ensuring that our employees receive the necessary training and development. We may share your Personal Data with third party training providers for this purpose, and we may receive some Personal Data regarding you in return. |
| Communications | We will process your Personal Data so that we can communicate with you, including in relation to business updates, changes to ways of working, new products and services and product trials. To do this, we will process Contact Information, Identity Information and Job Information. We process this Personal Data because it is necessary for performance of our employment contract with you and for our legitimate interests to ensure that we communicate effectively with our people and fulfil our overall business aims. |
| Employee Engagement Surveys and other engagement communications | We will process your Personal Data so that we can undertake our employee engagement survey, other surveys and any other engagement communications. To do this, we will process Contact Information, Identity Information, Job Information and Performance Information. We will also gather information from you during these surveys. The specific Personal Data processed will be collected from you during the survey, and you have the option of deciding whether to provide this data. Both the Personal Data used to undertake the surveys and the Personal Data gathered during the surveys are processed because it is necessary for our legitimate interests to improve communications, review staff relationships and make improvements to our ways of working. If we use a third party to assist us to provide and collate the survey, your Personal Data will be provided to that third party for these purposes. |
| Mobility | We will process your Personal Data as part of our ongoing legal obligation to ensure that you have the right to work in the country in which you are working and to ensure that, if your employment is ever relocated, you have the right to work in that country. To do this, we will process Identity Information, Job Information, Entitlement Information, Leave Information, Nationality Information, Next of Kin Information, Payroll Information, Remuneration Information and Termination Information. We process this Personal Data to ensure compliance with our legal obligations. We may share your Personal Data with government organisations and with advisers in connection with this purpose. |
| Managing departure / offboarding | On termination of your employment, we process your Personal Data in order to manage your departure from our employment/engagement. To do this, we will process Contact Information, Identity Information, Job Information and Termination Information. We process this Personal Data because it is necessary for performance of our contract with you and for our legitimate interests in ensuring that the termination of our relationship is managed effectively. |
| Exit Interviews | On termination of your employment, we may process your Personal Data as part of our exit interview process, in order to understand your reasons for leaving and whether we can improve our operations. To do this, we will process Contact Information, Identity Information, Job Information, Performance Information and Termination Information. We process this Personal Data for our legitimate interests in ensuring an effective business operation. |
| Pensions | We outsource our staff occupational pension scheme to Irish Life. We will process your Personal Data to provide and administer your pension as part of this scheme. To do this, we will need to process Contact Information, Identity Information, Relationship Status, benefits from previous employment plans, Job Information, Entitlement Information, Leave Information, Medical Information, Nationality Information, Next of Kin Information, Payroll Information, Remuneration Information and Termination Information. We process this Personal Data because it is necessary for performance of our contract with you. Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done as necessary on the basis of carrying out our employment law obligations to you and for the purpose of occupational pensions or other pension arrangements. As part of this activity, Personal Data may also be generated by third parties who administer our pension schemes. |
| Medical and Other Insurances | We administer and manage our employee benefit schemes ourselves, subject always to the terms of the applicable schemes and plans. If you are eligible to participate in the private health benefit, Group Income Protection, life assurance and Accident at Work insurance, we will process your Personal Data for the purposes of managing your enrolment and entitlement under these schemes. To do this, we will need to process Contact Information, Identity Information, Job Information, Entitlement Information, Leave Information, Medical Information, Nationality Information, Next of Kin Information, Payroll Information, Remuneration Information and Termination Information. We will also process your Medical Information in connection with this, as well as information relating to your family’s health, as appropriate. We process this Personal Data because it is necessary for performance of our contract with you. Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done on the basis of carrying out our insurance obligations to you. |
After our Relationship Ends
We continue to need to process some Personal Data about you after our relationship with you as a member of our workforce comes to an end.| Activity | Detail |
| Maintaining Records | We will process your Personal Data in order to maintain certain records following the termination of your relationship with us. Please see the Record Retention Schedules for further details. To do this, we will process Contact Information, Identity Information and Nationality Information. We process this Personal Data to ensure compliance with our legal obligations and for our legitimate interests in maintaining records for our business and commercial aims and defending legal claims. |
| Tax and Payments | We will process your Personal Data in order to comply with our legal obligations under tax laws and to ensure that we satisfy our contractual obligations to you. To do this, we will process Payroll Information and Termination Information. We process this Personal Data because it is necessary for performance of our contract with you and for compliance with our legal obligations. |
| References | We will process your Personal Data following the termination of your relationship with us so that we can respond to any reference requests and in order to respond to any legal assertions or claims made against or by you. To do this, we will process Contact Information, HR Process Information, Identity Information, Job Information, Leave Information, Payroll Information, Personal Information, Performance Information, Recruitment Information, Regulatory Information (if applicable), Remuneration Information, Skills Information, Termination Information and Vetting Information. We process this Personal Data for our legitimate interests in protecting and defending our business against any legal assertions or claims made by you and, if applicable, for compliance with our regulatory obligations to provide a reference. This Personal Data, along with your Job Information and Termination Information will be processed for the periods specified in the Retention Schedules. Personal Data may be generated by third party suppliers who assist with background checks. |
| Pensions | We outsource our staff occupational pension scheme to Irish Life. We will process your Personal Data to provide and administer your pension as part of this scheme. To do this, we will need to process Contact Information, Identity Information, Job Information, Entitlement Information, Leave Information, Medical Information, Nationality Information, Next of Kin Information, Payroll Information, Remuneration Information and Termination Information. We process this Personal Data because it is necessary for performance of our contract with you. Medical Information is a Special Category of Personal Data. To the extent that your Medical Information is processed, this is done as necessary on the basis of carrying out our employment law obligations to you and for the purpose of occupational pensions or other pension arrangements. Personal Data may also be generated by the Pensions function or by third parties who assist us with the administration of our pension schemes. |
Contact Us
Please contact usThe primary point of contact for all issues arising from this Privacy Notice, including requests to exercise data subject rights, is:
Email address: Irelandcompliance@monumentinsurance.com
Postal address: Head of Compliance Monument Insurance, 2 Park Place, Hatch Street, Dublin 2
Our supervisory authorities
If you are not happy with the way we are handling your Personal Data, you have a right to lodge a complaint with your local data protection supervisory authority at any time.
In Ireland this is the Data Protection Commission (www.dataprotection.ie).
In the UK this is the Information Commissioners Office (https://ico.org.uk/).
In the Netherlands this is Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/nl).
In Luxembourg this is Commission Nationale pour la Protection des Données (http://www.cnpd.lu/).
In Belgium this is Commission de la protection de la vie privée (http://www.privacycommission.be/).
In Guernsey this is The Office of the Data Protection Authority (https://www.odpa.gg/).
In the Ise of Man this is Isle of Man Information Commissioner (https://www.inforights.im/).
In Bermuda this is The Office of the Privacy Commissioner for Bermuda (https://www.privacy.bm/).
We ask that you please attempt to resolve any issues with us before contacting the relevant data protection supervisory authority but you are not obliged to do so.
Glossary of Terms
Career Information includes career preference, career interests, willingness to travel and relocation information.Criminal Check Information includes unspent criminal convictions, spent criminal convictions (to the extent permitted by law) and criminal charges pending.
Contact Information includes postal address and copies of documents showing proof of postal address, phone number (personal and work), mobile phone number (personal and work), email address (personal and work), and any address changes.
Data Controller means a natural or legal person (such as a company) which determines the means and purposes of processing of Personal Data. For example, the Monument entity which contracts with you will be your Data Controller as it determines how it will collect Personal Data from you, the scope of data which will be collected, and the purposes for which it will be used.
Diversity Information includes information about religious beliefs, health information (including disability), sexual orientation, race and ethnicity.
EEA means the European Economic Area, which includes all EU countries and also Iceland, Liechtenstein and Norway.
EU countries are Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
Entitlement Information means entitlement and eligibility to leave, notice entitlement and other entitlements to benefits and contract terms.
Identity Information includes your name (including first name, middle name(s) and surname), any other names (including maiden names), preferred name, title, date of birth, age, gender, details of marriage certificate and divorce certificate.
GDPR means the General Data Protection Regulation (GDPR), which is the law governing data privacy in the European Union.
Job Information includes start date, job title / role, job description, job location, employment status, employment type, promotion and transfer history, hours of work, contract terms, Cost Centre information, overtime eligibility, manager changes, staff ID / number, organisational chart, grade, nominee, working pattern and reporting line / manager information.
Leave Information includes annual leave dates taken, unpaid leave dates taken, maternity leave information, paternity leave information, parental leave information, adoption leave information, shared parental leave information, unauthorised leave information, special leave information and dates of all leave.
Medical Information includes dates of absence, reason for absence, medical information / reports, fit note information, diagnosis information, prognosis information, pre-employment medical assessment and details of accommodations and adjustments.
Monument Group means Monument Re Limited and any subsidiary of Monument Re Limited.
Nationality Information includes nationality, place of birth (town / country), language spoken, passport information, VISA details (including expiry date), immigration status, right to work in the relevant country and copies of ID documents.
Next of Kin Information includes name of next of kin, relationship, Contact Information of that individual, dependent names and dates of birth.
Payroll Information includes tax code, P45, tax / Social Insurance contributions, tax paid, pay history, tax identification or social security number, bank details, pension contributions, overtime payments, tax file, Social Insurance paid, payroll number, deductions amount, holiday pay to be paid, termination payments to be made, details of expenses and Cost Centre information.
Personal Data is information that relates to a living individual. It includes information that may identify a person by name and contact details, or refer to associated information such as account activity, or personal preferences that can directly or indirectly identify an individual.
Performance Information includes assessment of performance, performance ratings, appraisals, manager opinions, competence rating and any employee feedback.
HR Process Information includes details relating to HR processes such as disciplinary, dignity at work and grievance processes, including the details and dates of the complaints, the content of investigations and any other information gathered during the same which relates to you.
Processing means any and all actions we take with respect to your Personal Data, including (without limitation) collecting, managing, viewing, holding, storing, deleting, changing, altering, sharing, transferring, transmitting, using and saving your Personal Data.
Recruitment Information includes the source of your application, work experience, CV details, employment history, education history, salary expectations, LinkedIn information, preferred employment type, referee information and contact details, former contract information (such as post-termination restrictions, notice period, salary and benefits), and any information created during the recruitment exercise (such as management opinion and assessment).
Regulatory Information includes regulation status, regulatory complaints, regulatory history, regulatory record and regulatory references as applicable.
Remuneration Information includes salary, benefits information, bonus details, group income protection details, salary allowances, share entitlements, benefit value, policy numbers, level of cover, notice dates and salary increases.
Skills Information includes qualifications, skills information and languages spoken.
Special Category Personal Data means any Personal Data relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership.
Supervisory Authority means the supervisory authority for data protection in the country in question.
Talent Management Information includes assessment information succession plan information, risk of loss information, loss impact assessment information, notes from meetings and any employee feedback.
Termination Information includes resignation / dismissal letters, notice dates, termination date, leave date, reason for leaving, meeting notes, termination payments and entitlements, exit interview notes, redundancy selection information, redundancy consultation information and any employee feedback and management opinion.
Training Information includes courses undertaken, pass mark, competence rating, course completion status, course completion date, personal development plans, coaching reports and training preferences.
Vetting Information means data gathered during the application process and pre-employment vetting and background checks, including information relating to credit status (including bankruptcy searches), agreement to pre-employment checks, last six years’ addresses, reason(s) for leaving, previous disciplinary action and/or dismissal(s), existence of conflicts of interest, former employment with Monument and/or redundancy by Monument and any employee feedback gathered.