This notice is to make you aware of your rights and our obligations under The Data Protection Act and the EU General Data Protection Regulation (“GDPR”). It is to provide details about what personal data we collect about you and how it is used within and by INEOS for the management of operations and personnel. “INEOS” refers to all businesses and legal entities within the INEOS group worldwide. Under the GDPR, INEOS is the “data controller” and in certain circumstances we use “third parties” as “data processors”. INEOS and “third parties” have accountabilities for processing your personal data pursuant to the GDPR.
Why is your personal data being used?
INEOS will only process personal data for legitimate organisational purposes such as the management of operations and personnel. We will not use personal data for a different purpose outside the reasons we have given without informing the individual(s) directly. We will ensure that the purpose for processing the data is recorded and is assessed.
INEOS uses your personal data to:
- offer you various benefit packages as part your employment contract.
- as part of our recruitment process.
- to fulfil a contract to provide you with employment related benefits.
If we use a “third party” as a data processor, it will be for a legitimate purpose related to achieving the management of operations and personnel. An example of this might be to offer you and your family life, health and medical insurance or to manage your pensions scheme, as part of our benefits package.
What personal data do we process?
- personal information such as name, gender, date of birth, marital status, dependants, next of kin, etc.
- contact details such as addresses, telephone numbers, email addresses and emergency contact details.
- identification information such as photographs, passport and/or driving licence details, etc.
- pay and financial information such as salary, benefits (including pensions), bank account details, timesheets, National Insurance numbers, etc.
- recruitment and professional information such as application forms, CVs, academic and training-related information, records/results of any pre-employment checks, references, etc.
- employment and management records such as working hours, disciplinary and grievance records, flexible working requests, performance records, appraisals and training records, holiday and attendance records, terms and conditions of employment, etc.
- right to work documentation such as proof of eligibility to work in the UK and any necessary professional consents or licences.
- information relating to access to our premises and/or use of our management and IT systems such as system ID, passwords, use of websites, emails sent or received, telephone calls, entry/exit records etc.
- surveillance information such as CCTV footage.
We also handle the following “special categories” of personal data about our employees:
- information about race or ethnicity, religious beliefs, sexual orientation (collected for equal opportunities monitoring).
- information about health, including any medical conditions, sickness absence records, occupational health records, medical reports, insurance claims, etc.
We collect personal information about our employees through the recruitment process (either from individuals directly or sometimes from an employment agency or background checks provider) and during the course of them working for us.
We may sometimes also collect additional information from third parties, including former employers, credit reference agencies, etc.
Who has access to your information?
INEOS only gives access to an individual’s personal data to those who need access to achieve our stated aim of managing operations and personnel. Depending on the type of data and the legal reason for processing, this will vary but typically.
- members of our Human Resources Team, IT Support Team and colleagues involved in the recruitment and interviewing process.
- we would share this information in the event of an emergency with colleagues, contractors, regulatory bodies and emergency services.
- all electronic records held are accessible to our IT Support Team.
- other group companies for the purposes of managing operations and personnel.
- third-party service providers e.g. our payroll, pension, benefit providers.
- our advisers, including accountants, auditors, lawyers and other external professional advisers.
- third parties in the context of a sale or restructuring exercise.
- government bodies and dispute resolution and law enforcement organisations, including HMRC, regulators, the courts, etc.
How long do we retain your information?
We only retain personal data for as long as is reasonably necessary in order to fulfil the purposes identified above, as is required by law, or in order to establish, exercise or defend potential legal claims.
You can find more information about how long we retain personal data for in our Data Retention Policy.
Data processing outside the EU
INEOS has companies all over the world and may in some circumstances share your data with colleague(s) and third parties outside the EU. If we do so we will ensure that adequate security measures are in place and that we comply with relevant data protection legislation, including the GDPR.
Your personal data will be kept confidential and will not be shared otherwise than in accordance with this notice. Should we require to share your personal data with anyone else we will contact you directly.
Under the GDPR, you have the right to:
- check if we hold personal data about you by making a “subject access request”
- have your personal data kept up to date and accurate.
- have your data deleted, removed or access restricted, unless we have a legal reason to continue processing.
If you wish to make a subject access request, this must be made in writing and we will require you to provide identification to prove who you are. Should you wish to exercise any of your rights or would like to discuss further, you can write to us at the address below.
You have the right to complain to the Information Commissioners’ Office about how your data is being used, details can be found at www.ico.org.