1.1 Phaidon International (UK) Ltd (“Phaidon”) may collect, hold and process certain personal data about our Employees, as listed in the below table, together with additional details about the source of the data, the data subject about which the data is processed, the data categories collected, the purpose for which the data is processed, the lawful basis for processing the data (including details of any legitimate interest to process such data), whether the processing is required by law/contract, as well as who the data may be shared with, if applicable.
Source of Data | Data Subject | Data Categories Collected | Processing Purpose | Lawful Basis for Processing | Details of “legitimate interest” for processing, if applicable | Required by law/contract? If yes, consequences of failure to provide? | Recipient of Data, if applicable |
Applications - Candidates | Applicants for employment with Phaidon | First name, last name, email address, address, telephone, work history (CV) | Conduct recruitment activities for jobs at Phaidon. Conduct marketing and promotional activities aimed at recruiting Phaidon employees | Legitimate Interest | Recruitment of candidates for internal roles. Conduct marketing and promotions aimed at recruiting Phaidon employees | No | Third party service providers processing candidate data on behalf of Phaidon: candidate management platform, cloud storage provider, email security provider |
Contact Us page on Phaidon Website | Spontaneous applicants (potential Phaidon employees) | Names, company telephone, email address, location, address, work history (CV) | Processing spontaneous applications Conduct marketing and promotional activities aimed at recruiting Phaidon employees | Legitimate Interest | Recruitment of potential Phaidon employees Conduct marketing and promotional activities aimed at recruiting Phaidon employees | No | Third party service providers processing candidate data on behalf of Phaidon: applicant and employee management platform, email provider, cloud storage provider, email security provider, internal recruitment platforms |
Contact Us page on Phaidon Website | Member of the public with general enquiries | Name, company telephone, email address, location, address | Reply to queries as received | Legitimate Interest | Conducting commercial activities of Phaidon International | No | Third party service providers processing candidate data on behalf of Phaidon: candidate management platform, cloud storage provider, email security provider |
Personal Details Form - Internal Hires | New Phaidon employees | Name, date of birth, address, email address, telephone, bank details | Required for fulfilment of contract with Phaidon | Performance of contract | N/A | Yes | Third party service providers processing candidate data on behalf of Phaidon: applicant and employee management platform, email provider, cloud storage provider, email security provider, internal recruitment platforms |
Medical Questionnaire - Internal Hires | New Phaidon employees | Name, pre-existing medical conditions, emergency contact /next of kin details (name, relationship, telephone, address) | Vital interests | Vital interests | N/A | No | Third party service providers processing candidate data on behalf of Phaidon: applicant and employee management platform, email provider, cloud storage provider, email security provider, internal recruitment platforms |
Equal Opportunities Monitoring Form - Internal Hires - Opt out available | New Phaidon employees | Gender. sexual orientation, language, religion, nationality, ethnic background, disability, caring responsibilities | Processing of sensitive data for purposes of providing equal opportunities. Right to work checks in order to comply with UK immigration regulations | Consent | N/A | No | Third party service providers processing candidate data on behalf of Phaidon: applicant and employee management platform, cloud storage provider, internal recruitment platforms |
Identity and contact details of controller and DPO
1.2 For further information on how we process your personal data, you can contact ourprivacy@phaidoninternational.com.The controller responsible for the processing of your data is Phaidon International(UK) Limited.
Details of transfers to third country and safeguards
1.3 Phaidon may share your personal data with third-party service providers and other third parties acting on behalf of Phaidon, which may be located in jurisdictions outside the European Economic Area (EEA). We ensure that such transfers are lawful, including by ensuring that they are to jurisdictions that are considered to have equivalent privacy protections, and/or ensuring that the third parties to whom we transfer your personal data are under contract to Phaidon and bound by appropriate data protection clauses or other approved safeguards, as applicable in each situation.
Right to withdraw
1.4Where you have provided us with consent to process your personal data, you have the right to withdraw this consent at any time.This will not affect the lawfulness of processing based on consent before its withdrawal, however.We provide multiple, simple methods for withdrawing your consent, including, where applicable, electronic unsubscribe mechanisms.In any event, you can always inform us that you wish to withdraw your consent in respect of a specific processing activity and related personal data by emailing us atprivacy@phaidoninternational.com
If you do so, please provide us with your full name, email address and sufficient details about the consent you provided, including the scope of the consent and the personal data the consent related to. We collect your name and email address in this context only for the purpose of identifying you in order to execute your consent withdrawal request.
How long do we retain your personal data
1.5We retain your personal data for as long as it is necessary for the relevant processing activity, to protect our legal rights after the Employee’s last day at Phaidon, or for any longer period of time that may otherwise be required by law. We will retain Employee records, including personal data, for six (6) years after the Employee’s last day at Phaidon to ensure that we can appropriately protect our legal rights in relation to the relationship. However, we will retain data of Employees who are no longer active employees, separately from active Employee data.
Data subject rights
1.6You have certain specific rights with respect to how we process your data. Phaidon is committed to ensuring that your rights are protected. The GDPR sets out the following rights applicable to data subjects:
a)The right to be informed– We have provided this Privacy Policy to provide you with concise, transparent, intelligible and easily accessible information about how we use your personal data, including specific information depending on whether or not we have obtained your personal data directly from you.
b)The right of access– You havetheright to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(i) Where personal data are transferred to a third country or to an international organisation, we will inform you of the appropriate safeguards in place in relation to the transfer.
c)The right to rectification– We will rectify without undue delay any inaccurate personal data we hold concerning you, including completing any incomplete personal data.
d)The right to erasure (also known as the ‘right to be forgotten’)– You have the right to have us erase all personal data we hold concerning you, without undue delay, in one of the following circumstances:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
(c) you object to the processing and there are no overriding legitimate grounds for the processing, or you objected to the processing in respect to direct marketing;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in EU or member country law to which our organisation is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
We cannot execute your request if the personal data you are asking us to erase is necessary:
(a) for exercising the right of freedom of expression and information;
(b) to comply with a legal obligation which requires processing under EU or a member state’s law to which we are subject, or to perform a task in the public interest or in the exercise of official authority vested in us;
(c) for certain reasons of public interest in the area of public health;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as erasing the personal data is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) to establish, exercise or defend legal claims.
e)The right to restrict processing– You have the right to request that we restrict specific processing of your personal data, and we will comply, where one of the following applies:
(a) you are contesting the accuracy of your personal data that we hold, while we verify the accuracy of your personal data;
(b) the way we are processing the personal data is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but you need the personal data to establish, exercise or defend legal claims;
(d) you have objected to processing in the public interest or in relation to our legitimate interest, pending the verification whether any legitimate grounds we may have override your right.
While you have restricted its processing, we will only store your personal data in question, and may process it only with your consent or to establish, exercise or defend legal claims or protect the rights of another natural or legal person or for reasons of important public interest.
We will notify you before lifting the processing restriction.
f)The right to data portability– You have the right to receive from us your personal data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, where:
(a) the processing is based on consent or on a contract; and
(b) the processing is carried out by automated means.
Where technically feasible, we will transmit your personal data directly to the other controller.
g)The right to object– You have the right to object to Phaidon processing your personal data in connection with our legitimate interests in the context of our activities (including profiling), direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes, where applicable.
h)Rights with respect to automated decision-making and profiling– You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can object to your personal data being used in this way. We are permitted to use automated decision-making and profiling if the decision:
(a) is necessary for entering into, or performance of, a contract between you and us;
(b) is authorised by EU or a member state law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(c) is based on your explicit consent.
Where we engage in automatic decision-making or profiling in connection with a contract between us or further to your explicit consent, we implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention from us in the course decision-making process, and the opportunity to express your point of view and to contest the decision.
i)Right to lodge a complaint with your data protection supervisory authority- In the event you believe that we are processing your personal data otherwise than in accordance with the provisions of the GDPR, you have the right to lodge a complaint with the data protection supervisory authority located in the EU jurisdiction where you reside.For the UK, the supervisory authority is the UK Information Commissioner’s Officewhose details can be obtained from Human Resources.
I,EMPLOYXXXEE NAME,understand and agree with the content of this document