About this document

Syntor Fine Chemicals Limited (“Syntor“) recognises its obligations under data protection legislation and is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (“GDPR“).  It applies to all employees, workers and contractors of Syntor.

Syntor is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This Privacy Notice explains what happens with any personal data we gather from you in relation to:

  • your use of our intranet;
  • your application for a job with us;
  • your application to provide services to us;
  • your contract with us, e.g. your employment contract or services contract with us;
  • any enquiries or information you submit to us.

This notice applies to prospective, current and former employees, workers and contractors.

Our aim is to only use and hold your personal data in ways that you would reasonably expect us to.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.

This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.

We reserve the right to amend this Privacy Notice from time to time. If we amend this Privacy Notice we will make you aware of this via updates posted on our intranet.

Who we are

We are Syntor Fine Chemicals Limited, based at 262 Manchester Road, Warrington, WA1 3RB, company registered number 05177187.

If you have any questions regarding this Privacy Notice or how we process your personal data please contact us using the details below:

Andy Kellett, Director

Syntor Fine Chemicals Limited, 262 Manchester Road, Warrington, WA1 3RB

Telephone +44(0) 1928 579865

Email: info@syntor.co.uk

What personal data do we gather about you?

“Personal data” is any information about an individual from which that individual can be identified. It does not include data from which an individual cannot be identified, for example anonymised data.

How we use Particularly Sensitive Personal Information

“Special Category Data” is sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation or trade union membership, which requires higher levels of protection.  We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations or exercise rights in connection with employment.
  • Where it is needed in the public interest, such as for equal opportunities monitoring, or in relation to our occupational pension scheme.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about Criminal Convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

We envisage that we will hold information about criminal convictions. We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

The types of personal data we may collect, use, store and transfer in relation to you may consist of the following:

Data Subject Types of Personal Data Types of Special Category Data
Prospective Employee Name, address, telephone number, national insurance number, personal email address, previous work history, education Information relating to: health, race, ethnic origin, criminal records, DBS checks, sexual orientation, marital status
Prospective Contractor / Individual Employed by a Third Party / Agency Worker Name, address, telephone number Information relating to: health, race, ethnic origin, criminal records, DBS checks
Employee Name, address, telephone number, date of birth, national insurance number, next of kin, bank/payroll details, passport / right to work details, employment history, disciplinary, grievance, performance information, photos, CCTV images, IP address, computer use details, internet browsing history Health records, racial/ethnic details, religious beliefs, DBS checks, trade union membership, sexual orientation, marital status
Contractor / Individual Employed by a Third Party / Agency Worker Name, address, telephone number, date of birth, next of kin, bank/payroll details, nationality, CCTV images, IP address, computer use details Health records, racial/ethnic details, religious beliefs, sexual orientation, DBS checks
Former Employee Name, address, telephone number, date of birth, national insurance number, next of kin, bank/payroll details, employment history, passport / right to work details, disciplinary, grievance, performance information, photos, CCTV images, IP address, computer use details, internet browsing history Health records, racial/ethnic details, religious beliefs, trade union membership, sexual orientation, marital status
Former Contractor / Individual Employed by a Third Party / Agency Worker Name, address, telephone number, date of birth, national insurance number, next of kin, bank/payroll details, CCTV images, IP address, computer use details Health records, racial/ethnic details, religious beliefs

How do we collect your personal data?

We may collect personal data about you from the following sources:

  • via paper forms and contact with our staff;
  • information you provide to us via our intranet;
  • information provided to us by third parties, e.g. your former employer, your service company or a recruiter/employment agency;
  • auditing and logging usage arising from your use of our IT systems.

How do we store your personal data and keep it secure?

We use reasonable and up-to-date security methods to:

  • keep your data secure;
  • prevent unauthorised or unlawful access to your personal data;
  • prevent the accidental loss of or damage to your personal data.

All personal data is stored on our secure servers and in secure filing systems.

We have in place policies, procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction including procedures to deal with a security breach.

We will ensure your personal data is only accessible by those who need to see it for their specific role.

We will only transfer your personal data to a third party if that third party agrees to comply with our procedures and policies or if they have put in place equivalent policies and procedures of their own.

How and why we will use your personal data?

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official purposes.

The table below provides examples of the various ways in which we may use your personal data and which of the legal reasons we rely on when processing your personal data.

Data Subject Purpose of Processing Legal Reason for Processing Legal Reason for Processing Special Category Data
Prospective Employee To determine whether to offer you employment Contract

Legitimate Interests

Carrying out obligations under employment law

 

Prospective Contractor / Individual Employed by a Third Party / Agency Worker To determine whether to offer you engagement as a worker

Determining the terms on which you work for us.

Contract

Legitimate Interests

Carrying out obligations under employment law

 

Employee To perform the employment contract with you, e.g. to make payments to you and provide benefits, comply with our legal obligations, conduct HR processes Contract

Legitimate Interests

Legal Obligation

 

Carrying out obligations under employment law

Exercise or defence of legal claims

Protecting the public / residents

Contractor / Individual Employed by a Third Party / Agency Worker To perform the contract with you / your employer, e.g. to make payments to you, to comply with our legal obligations, to conduct HR processes Contract

Legitimate Interests

Legal Obligation

 

Carrying out obligations under employment law

Exercise or defence of legal claims

Protecting the public

Former Employee To perform any post- employment activities, e.g. provide references, implementing post- termination terms, compliance with tax requirements Contract

Legitimate Interests

Legal obligation

 

Carrying out obligations under employment law

Exercise or defence of legal claims

Former Contractor / Individual Employed by a Third Party / Agency Worker To perform any post- contract activities, e.g. provide references, compliance with tax requirements Contract

Legitimate Interests

Legal Obligation

 

Carrying out obligations under employment law

Exercise or defence of legal claims

 

Where the legal reason for processing is the performance of a contract with you, if you do not provide relevant personal data we will not be able to fulfil our contractual obligation(s) to you and this may have a detrimental impact on you.

We do not sell or rent personal data which you provide to us.

If you have any questions about the contents of the above table (for example, if you would like to understand what our ‘legitimate interests’ are for any specific processing activity) please contact Andy Kellett.

How we keep your personal data accurate?

We will keep the personal data we store about you accurate and up-to-date.

We will take every reasonable step to erase or rectify inaccurate data without delay.

Please tell us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

We will contact you if we become aware of any event which is likely to result in a change to your personal data.

How long will we keep your personal data?

We will not keep your personal data for longer than is necessary for the purpose(s) for which we process it.

This means that data will be destroyed or erased from our systems when it is no longer required.

For guidance on how long certain data is likely to be kept before being destroyed, please contact Andy Kellett.

What rights do you have in respect of your personal data?

You have the right to:

  • request access to any personal data we hold about you;
  • request for any inaccurate personal data which we hold about you to be rectified;
  • request to have your personal data erased;
  • request to have the processing of your personal data restricted (for example, if you think the personal data we hold about you is inaccurate you can ask us to stop processing it until we will either correct it or confirm it is accurate);
  • request the transfer of your personal data to another data controller;
  • object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct-marketing purposes; and
  • withdraw consent to the processing of your personal data (where the legal reason for the processing of your personal data was your consent).

If you wish to exercise any of the rights set out above, you must contact our Andy Kellett.

Automated decision-making

We do not conduct automated decision making in connection with your personal data.

Who will have access to the data we hold?

Our personnel who need to access your personal data will view it in order that we can provide our services to you.

All of our personnel have received data protection training and understand the need to keep your personal data confidential and to use it only for legitimate purposes.

In addition to our own personnel, other personnel from our service providers and group companies may process your personal data on our behalf (for example, third party HR systems providers).

We may disclose your personal information to third parties:

  • if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets; and
  • if we are under a duty to disclose or share your personal data in order to comply with legal obligations or to protect the rights, property or safety of others. This includes: (i) exchanging personal data with other companies and organisations for the purposes of fraud protection and credit risk reduction; and (ii) sharing personal data with the emergency services or healthcare providers.

If your personal data is provided to any third parties you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.

We carry out due diligence on our service providers / group companies / other third parties and make sure we have a contract with them which satisfies the requirements of data protection legislation.

Apart from the situations referred to above, we will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to access your personal data.

Transferring your data outside the European Economic Area (EEA)

We will not transfer your personal data outside the EEA unless such transfer is compliant with data protection legislation.

This means that we cannot transfer any of your personal data outside the EEA unless:

  • the EU Commission has decided that another country or international organisation ensures an adequate level of protection for your personal data;
  • the transfer of your personal data is subject to appropriate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or
  • an exception applies (including if you explicitly consent to the proposed transfer).

Data retention – how long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from Andy Kellett. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Andy Kellett in writing.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Andy Kellett. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Cookies

Our intranet uses cookies to distinguish you from other users of our intranet. These cookies sometimes process personal data. This helps us to provide you with a good experience when you browse our intranet and also allows us to improve our intranet.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Right to make a complaint

If you have any issues with our processing of your personal data and would like to make a complaint, you may contact us via Andy Kellett, or the Information Commissioner’s Office on 0303 123 1113.