Fair Processing Notice - how we use personal information
1. Who we are
When we refer to “we”, “us” and “our” in this notice it encompasses one or more of the trading companies of Allianz Holdings plc that operate in the United Kingdom (UK). Employees are contracted by Allianz Management Services Limited. For more information please visit www.allianz.co.uk.
When we say, “you” and “your” in this notice, we mean anyone whose personal information we may collect, including:
- candidates who participate in the recruitment process
- prospective employees as part of the job offer process
- permanent and temporary employees, directors and non-executive directors
- consultants and interns
- anyone who may benefit from flexible benefits including spouse, partner and dependents
- ex-employees in order to meet our legal, regulatory or contractual obligations
2. The personal information we collect
We may collect the following types of personal information about you to allow us to complete the activities in section 4, “How we use your personal information”. We may process your data for different reasons. These are; a Statutory Obligation (SO), a Contractual Obligation (CO) or Legitimate interest (LI) set out in brackets are the reasons we will process each type of data. We may use your data for more than one reason as set out below in brackets:
- basic personal details, such as your full name, age/date of birth, address, telephone numbers and personal email addresses, ethnicity and gender (SO/CO/LI)
- family, lifestyle and social circumstances, such as your marital status, dependants, partner, spouse and emergency contact details (SO/CO/LI)
- financial details, including bank account information, tax code, student loans(SO/CO/LI)
- employment information, such as national insurance number, P45 and earnings with previous employers (SO/CO/LI)
- career history, employment references, education, qualifications and professional memberships, including future aspirations (CO/LI)
- evidence of your right to work in the UK, such as passport, Visa, EU card, birth certificate (SO/CO/LI)
- photographs and video, such as security passes and onsite CCTV (CO/LI)
- tracking and location information from appropriately enabled work devices if relevant to your role (to the extent that is covered by collectively bargained agreements where applicable) (LI)
- identification checks and background vetting, such as signatures, credit checks, criminal checks, driving licence details for relevant job roles (SO/CO/LI)
- information required for specific business standards for example regulated roles; to meet regulatory and statutory requirements (SO/CO/LI)
- health and safety related personal information including disability and access requirements, work place adjustments, health and medical checks, and occupational health referrals (SO/CO/LI)
- fraud and counter-terrorism checks (SO/CO/LI)
- third party deductions from pay roll such as Pension Schemes, union membership, Give as you Earn, Court Orders, Share Incentive Plan; where your deduction made is passed to the relevant body (SO/CO/LI)
- outcomes from the ongoing assessments of your performance and development (LI)
- the information about how you use company devices such as computers and mobile phones (LI)
- other records (which may, where necessary, include sensitive or special categories of personal data relating to your health, in relation to any criminal convictions and data held for diversity monitoring purposes) (SO,CO,LI).
3. Where we collect personal information
From you, your representatives, the electronic systems you use to communicate with us and information you have made public for example; information you have made public on social media or shared openly with colleagues or potential colleagues at Allianz. From other persons, organisations and systems, for example:
- screening agencies, credit reference and fraud prevention agencies, criminal records agencies, counter-terrorism agencies and sanctions lists, education or professional bodies and previous employers
- Her Majesty’s Revenue and Customs (HMRC), the Child Support Agency (CSA), the Department for Work and Pensions (DWP), Her Majesty’s Courts and Tribunals Service (the courts), Tax and international assignment advisors and HM Treasury.
- occupational health providers and other medical professionals
- pension providers and trustees and employee benefits provider
- professional and accredited bodies such as the Chartered Insurance Institute (CII), Society of Operations Engineers (SOE) and Bureau of Engineer Surveyors (BES)
4. How we use personal information
We use your personal information in the following ways;
- to identify you, offer you a contract of employment and manage your ongoing employment to fulfil our contract for example to manage your ongoing training & development.
- to determine your right to work in the UK, for health and safety purposes and prevent financial crime to validate information if it is required for specific roles eg the Insurance Distribution Directive, Approved Persons, to meet our legal obligations using various third party sources.
- to validate the information you give us at recruitment stage or during employment using various third party sources in order to comply with our regulatory obligations and with a view to the prevention and detection of crime (including but not limited to the Consolidated List of Financial Sanctions Targets).
- to use your emergency contact details in the case of an emergency related to you.
In line with our policies, we will make every effort to ensure that the information held about you is accurate, and where necessary, kept up to date. It is your responsibility to ensure that your information contained in the HR database is accurate and kept up to date. In the absence of evidence to the contrary we will assume that the information provided by you is accurate. If there is any reasonable doubt as to the accuracy of the data, we will contact you to confirm the information. Should you inform us, or we otherwise become aware, of any inaccuracies in the information, the inaccuracies shall be rectified promptly.
You have the right to object to us using your personal information.
You can do this at any time by telling us and we will consider your request and either stop using your information or explain why we are not able to.
Further details can be found below.
5. Automated decision making
We use automated decision making in order to filter candidates for the Allianz Graduate Scheme. There is a minimum educational qualification requirement, candidates tell us what qualifications they have and we validate this by checking applications against our minimum qualification requirements.
If you disagree with the outcome of an automated decision please contact our HR Resourcing Manager at firstname.lastname@example.org and we will review the decision.
6. Sharing personal information
We may share your information with the following:
- other companies within the global Allianz Group www.allianz.co.uk. Please see Section 7.
- agencies that carry out certain activities on our behalf such as verification companies for assessing suitability for employment, Pension Scheme providers, trustees and employee benefits providers, occupational health and bi-annual safety critical health assessments providers, People Safe to support lone working employees
- legal bodies that are entitled to ask us for personal information, such as regulators, law enforcement agencies and the Financial Ombudsmen Service (FOS). This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction
- Credit Industry Fraud Avoidance Service (Cifas)
- The United Kingdom Accreditation Service (UKAS), Lloyd’s Register Quality Assurance (LRQA) and Safety Assessment Federation (SAFed)
- Prospective buyers in the event we wish to sell all or part of our business.
- Any organisation you explicitly ask us to share your information with for example mortgage providers
- Some organisations may share your data with us as a controller or joint controller of your data such as the pension provider, trustees and employee benefits providers, occupational health providers and other medical professionals.
7. Transferring personal information outside the UK
We use servers located in the European Union (EU) to store your information, where it is protected by laws equivalent to those in the UK. We may transfer your information to other members of the global Allianz Group to manage your employment; this could be inside or outside the EU. We have established a set of Binding Corporate Rules (BCR’s) which are our commitment to the same high level of protection for your personal information regardless of where it is processed. These rules align with those required by the European Information Protection authorities. If you would like more information about the BCR’s please contact our Data Protection Officer.
Some of our suppliers have servers outside the EU. Our contracts with these suppliers require them to provide equivalent levels of protection for your personal information.
We may monitor your electronic communications and use of websites for the purpose of establishing compliance with regulatory procedures, to prevent or detect crime, to investigate or detect unauthorised use of our systems, to monitor standards of service and staff performance or to enforce compliance with our practices or procedures. Full details of monitoring activities are set out in the Section 2.14 of the Information Security Acceptable Use Standard.
9. How long we keep your personal information
We keep your information only for as long as we need it to administer your employment, manage our business or as required by regulators, law or contract.
We have a Retention and Destruction policy which details the retention of key employee data. For example:
- Unsuccessful candidates – CV's, application forms and interview notes will be destroyed after 12 months from the end of the recruitment process or from the last time there was activity on the candidate's recruitment account
- Employees (Permanent and Fixed Term Contracts) – personal files which hold new starter information, contract changes and other employment information are destroyed 7 years after leaving
- In line with regulatory accountability requirements for specific roles who are either a Senior Manager or a Certified post holder under the FCA/PRA Senior Manager and Certification Regime – destroyed 10 years after leaving.
- Industrial Disease – occupational health records will be destroyed 40 years after leaving.
10. Know your rights
You have the right to:
- object to us processing your personal information. We will either agree to stop processing or explain why we are unable to (the right to object)
- ask for a copy of the personal information we hold about you, subject to certain exemptions (a data subject access request)
- ask us to update or correct your personal information to keep it accurate (the right of rectification)
- ask us to delete your personal information from our records if it is no longer needed for the original purpose (the right to be forgotten). It is unlikely we will be able to erase certain information whilst you remain an employee, as it will be necessary for the purposes of your continuing employment and to meet our obligations. Requests will be addressed on a case by case basis.
- ask us to restrict the processing of your personal information in certain circumstances (the right of restriction)
- in certain circumstances ask for a copy of the personal information you provided to us, so you can use it for your own purposes (the right to data portability)
- make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but you are entitled to complain directly to the Information Commissioner’s Office (ICO) at www.ico.org.uk (the right to complain)
- where we are processing your personal information based on your consent, such as for marketing purposes, you can withdraw your consent at any time (the right to withdraw consent)
If you wish to exercise any of these rights please contact our HR Services Team Leader:
Address: HR Services, Allianz Insurance Plc, 57 Ladymead, Guildford, Surrey, GU1 1DB
Phone: 01483 552269
11. Contact our Data Protection Officer
If you have any queries about how we use your personal information, please contact our Data Protection Officer:
Address: Data Protection Officer, Allianz Insurance plc, 57 Ladymead, Guildford, Surrey GU1 1DB
Phone: 03301 021837
12. Changes to our Privacy Notice
Occasionally it may be necessary to make changes to this notice. When that happens we will provide you with an updated version at the earliest opportunity. The most recent version will always be available on our website. www.allianz.co.uk.