LAST UPDATED: May 2023

Employee Privacy Notice

Tappa takes its responsibilities under applicable data protection law, including the General Data Protection Regulation and implementing legislation (“Data Protection Law”) very seriously.  The purpose of this notice is to inform you of the data relating to you that is collected and used and the uses (including disclosures to third parties) that are made of your data during your employment.

The company that will interview or employ you is the controller in respect of your employee data. References to “we”, “us”, and “our” in this notice are references to your employer.

If you have any questions about our use of your personal data, please contact your HR manager or send an email to dpo@tappa.com.

1. What information do we collect?

We may collect, have transferred to us, and process data relating to you during the course of our employment relationship with you (and afterwards as set out below). Such data may include:

  • your name, personal and contact details, including your home address, personal email address and personal telephone number, citizenship, gender, marital or civil partnership status, marriage certificate, and signature;

  • your date and place of birth;

  • a copy of official photographic identification, including identification cards or passport;

  • personal identification code/social security/insurance number or equivalent in the country in which you work;

  • next of kin details;

  • educational or employment background and details of current and former positions, CVs, and references;

  • your financial details including details about your bank account and tax affairs;

  • information concerning your physical or mental health, including any sick leave records;

  • records of grievances or disciplinary action;

  • your performance details and any related incentive or bonus-related information;

  • details of statutory entitlements in connection with your employment (e.g. maternity/paternity leave, parental leave, family income support, etc.

  • pension and insurance details and documentation;

  • employee reference number and proof of employment;

  • your training details, including copies of university degrees, and certifications;

  • the hours you have worked and any absences from work;

  • the unique code of the assigned terminal (computer);

  • pre-employment medical references periodically during the employment contract for occupational health; and

  • any other personal information you have provided directly to us.

2. Purpose of Processing & Legal Bases

Your personal data may be used by us and by third-party service providers acting on our behalf for the purposes set out in your contract of employment and in our internal policies and procedures and for other purposes connected with employment including, but not limited to:

(a) recruitment, training, career development, promotion, management, and monitoring attendance and performance;

(b) calculating and paying salaries, pensions, expenses, bonuses and other benefits, insurance, tax, and other employee-related costs and expenses, processing holiday applications;

(c) dealing with discipline and grievances issues, including undertaking investigations into your conduct, that of other employees, or other persons connected with the company;

(d) providing references to potential future employers;

(e) health and safety arrangements, including maintaining details of your next of kin to be contacted in the event of an emergency;

(f) performing all human resources activities related to aspects of our company, including granting access to our offices and our computer system;

(g) managing and terminating our employment relationship, including examining Internet access and your use of emails, investigating possible contraventions or security breaches and/or non-compliance with our Internet use policy or privacy policy and non-competition or any misunderstandings about your employment relationship;

(h) making travel arrangements; and

(i) to comply with our legal and regulatory obligations.

The legal bases on which we collect, process, and transfer your information in the manner described above are:

(a) where any such processing is necessary for the performance of your employment contract with us;

(b) that this is necessary for the purposes of our legitimate interests.  We will only process your personal data for the purposes of our legitimate interests where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms. The legitimate interests for which we process your personal data include our legitimate interests in:

(i) conducting our business in a responsible and commercially prudent manner;

(ii) ensuring compliance with our internal policies and procedures;

(iii) preventing, investigating, or detecting theft, fraud, or other unlawful activities; and

(iv) pursuing our corporate and social responsibility objectives.

(c) to comply with our legal and regulatory obligations.

The legal bases on which we collect, process, and transfer special categories of data (such as health data) relating to you in the manner described above are:

(a) where such processing is necessary to comply with our obligations or exercise our rights under employment and social security and social protection law;

(b) to enable you to exercise your rights under employment and social security and social protection law;

(c) where such processing is necessary to assess your working capacity; or

(d) in limited circumstances, where you have given your explicit consent to such processing (where we have sought it and you have provided it to us).

3. Sources of Data

As well as collecting information from you directly, we also receive or obtain information relating to you from your manager and colleagues, from your use of our technology systems, and from third parties, such as suppliers, customers, and previous employers. We may also obtain information from sources such as professional social networks such as LinkedIn.

During the recruitment process, we may request references from third parties (such as former employers) and carry out screening and vetting processes using third-party sources.

Other personal data about you may be generated in the course of your work, for example, from your managers, colleagues, clients, business partners and regulatory bodies, our IT systems, or others outside our organisation with whom you deal with.

4. Recipients of Data

We may disclose your personal data to third-party recipients in connection with the above purposes, including:

  • to third parties who we engage to provide services or benefits to us or to you, such as professional advisers, auditors, insurers and outsourced service providers (e.g. payroll services providers), health insurers, and pension trustees;

  • to other members of group or affiliates.  In particular, personal data may be transferred to our parent or group companies in the United States for the purposes of enabling oversight of and cooperation relating to our operations and the performance of our staff;

  • to third parties, their agents, and professional advisers, subject to confidentiality obligations, for the purpose of a due diligence exercise by third parties in connection with any proposed merger, acquisition, re-organisation, or transfer of our business and to any person proposing to participate in, or promote or underwrite or manage any such arrangement; and

  • to competent regulatory authorities and other bodies as requested or required by law.

5. Retention

We will retain your personal data for the duration of your employment contract with us and for such a period of time after your employment contract ends as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise in connection with your employment.

6. Necessity of Provision of Certain Information & Consequences

There are certain pieces of information that are required so that we can administer your employment in accordance with your employment contract and our obligations under applicable law, such as your personal identification code/social security/insurance number (or the equivalent in the country in which you work) and your bank account details for calculating and paying wages and applicable taxes, etc. If you do not provide us with this information, then we may not be in a position to continue dealing with you in compliance with our obligations and internal policies, or to perform tasks for your benefit.

7. International Data Transfers

In connection with the above, we may transfer your personal data outside the European Economic Area, including to a jurisdiction that is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union.  In particular, we may transfer personal data to our parent and group companies in the United States.

If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission.  

Further details of the measures that we have taken in this regard are available by contacting us using the contact details above.

8. Your Rights & How to Update Your Information

You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

Right to Access the Data
You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

Right to Rectification
You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information, you may request that we update the information such that it is complete.

Right to Erasure
You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.

Right to Restriction of Processing or to Object to Processing
You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

Right to Data Portability
You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.

Right to Withdraw Your Consent
Where our processing of your personal data is based on you having provided your consent, you have the right to withdraw such consent.

Please note that these rights are not absolute and are subject to certain restrictions and exemptions.  For example, the right to erasure of personal data will not apply where we have a legitimate reason to continue to hold such data.

In order to exercise any of the rights set out above, please use the contact details set out above.

We are required to keep all data accurate and up to date.  To enable us to do this more easily, please ensure that you keep us up to date with any changes to your personal data. 

COMPLAINTS

If you are not happy with the way we have used your information or addressed your rights, you have the right to make a complaint to your local supervisory authority.  Details of your local supervisory authority are available from the European Data Protection Board ➚.

9. Status of This Notice

This Notice may be amended by us from time to time and if so we well take reasonable steps to inform you of the changes.