Privacy Notice — Employees, Workers and Contractors

Five Mile Films Limited

Privacy Notice — Employees, Workers and Contractors

WHAT IS THE PURPOSE OF THIS DOCUMENT?

Five Mile Films is committed to protecting the privacy and security of your personal information.

This notice sets out how Five Mile Films Limited (Five Mile) and its subsidiary companies (“we”, “our”, “us”) collect and use personal information about you during and after your working relationship with us, in accordance with applicable data protection legislation in the UK.

It applies to all employees, workers and contractors (including volunteers or interns). Please read it carefully, and let the Head of Production know if you have any queries or comments. Please send any queries to privacy@fivemilefilms.co.uk.

Five Mile is a data “controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.

DATA PROTECTION PRINCIPLES

We will comply with the data protection principles when gathering and using personal data, as set out in our Data Protection Policy.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation.

We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth, gender, marital status, dependants, next of kin and emergency contact information.
  • National Insurance number, bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
  • Start date and, if different, the date of your continuous employment and your leaving date and your reason for leaving.
  • Location of employment or workplace.
  • Copy of driving licence and/or passport, and (where applicable) visa applications or granted visas.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).
  • Compensation history, performance information, disciplinary and grievance information.
  • Photographs.

We may also collect, store and use the following special categories of more sensitive personal information and criminal convictions data:

  • Information about your race, ethnicity and sexual orientation for employment/workplace equality monitoring purposes.
  • Information about your health, including any medical condition, health and sickness records, including:
  • details of any absences (other than holidays) from work including time on statutory parental leave and sick leave;
  • where necessary for insurance cover and/or when travelling on our behalf;
  • when you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.
  • Information about criminal convictions and offences (particularly when working on productions which involve contact with vulnerable individuals, including children, when DBS checks may be required).

HOW IS YOUR PERSONAL INFORMATION COLLECTED?

We collect personal information from the following sources:

  • You, the employee or worker or contractor
  • Pension administrators
  • Your doctors
  • Medical and occupational health professionals we engage
  • Our insurance benefit administrators
  • Disclosure and Barring Service in respect of criminal convictions
  • Other employees
  • Consultants and other professionals we may engage, e.g. to advise us generally and/or in relation to any grievance, conduct appraisal or performance review procedure
  • Third parties including your former employers or other background check agencies
  • Email and instant messaging systems, intranet and internet facilities, telephones, voicemail and mobile phone records

OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

There are several different reasons under data protection law for which we may collect and process your personal data. These include:

Performing contractual obligations

In most circumstances, we need your personal data to perform our obligations under your employment contract, or to take steps to enter into a contract with you.

Complying with a legal obligation

If the law requires us to, we may need to collect and process your personal data. For example, to meet our obligations to you as your employer under employment protection and health and safety legislation.

Legitimate interests

We may process your personal data where it is necessary for our legitimate interests or those of a third party (such as a benefits provider), but only if these are not overridden by your data protection interests and fundamental rights.

We may also use your personal information in the following situations, which are likely to be rare:

  1. Where we need to protect your interests (or someone else’s interests).
  2. Where it is needed in the public interest or for official purposes.

HOW AND WHY WE USE YOUR PERSONAL DATA

This section tells you how and why we will use your personal data and explains the lawful basis we rely on in each case.

We process your personal data for the following purposes on the basis of our contractual obligations to you:

  • Determining the terms on which you work for us.
  • Administering the contract we have entered into with you.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance Contributions (NICs).
  • Providing pension and other company benefits to you, including, if applicable, enrolling you in a company pension or pension arrangement in accordance with our statutory automatic enrolment duties.
  • Liaising with the trustees or managers of a pension arrangement operated by a Group Company, your pension provider and any other provider of employee benefits.
  • Managing sickness absence.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making arrangements for the termination of our working relationship.

We process your personal data for the following purposes to comply with our legal obligations:

  • Checking you are legally entitled to work in the UK, and where applicable, in other territories.
  • Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • Equal opportunities monitoring.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Ascertaining your fitness to work.

We process your personal data for the following purposes on the basis of our legitimate interests:

  • Making a decision about your recruitment or appointment and determining the terms on which you work for us or making decisions about your continued employment or engagement.
  • Business management and planning, including accounting and auditing.
  • Making decisions about salary reviews and compensation.
  • For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to personal data we collect or to the purposes for which we collect and process it.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

In general, we will not process “Special categories” of personal information unless a) it is necessary for the performance or exercise of our obligations or rights in connection with employment or your engagement, b) where it is needed in the public interest (such as for equal opportunities monitoring), c) in limited circumstances, with your explicit consent. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

We will use your special category personal data in the following circumstances:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and (if applicable) on location and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and, if applicable, health insurance. We need to process this information to exercise rights and perform obligations in connection with your employment and to comply with employment and other laws.
  • We may use information about your race, national or ethnic origin, and sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
  • We may process information about your race, national or ethnic origin to exercise rights and perform obligations in connection with your employment and to comply with employment and other laws, for example to check your right to work in the UK.
  • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

INFORMATION ABOUT CRIMINAL CONVICTIONS

We may only use information relating to criminal convictions if it is appropriate given the nature of the role and where the law allows us to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

We are allowed to use your personal data in this way to comply with our legal obligations and for our legitimate interests where we have identified one of the specific conditions for processing set out in data protection law. Further details on how we handle criminal convictions and offences data are set out in our Appropriate Policy Document, which can be found in the shared Policies folder.

AUTOMATED DECISION-MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

DATA SHARING

We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third party recipients to respect the security of your data and to treat it in accordance with the law.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers (including contractors and agents) and other entities within our group. The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration, and IT services.

What about other third parties?

We may share your personal information with other third parties, for example in the context of providing information to a commissioner or distributor in relation to a production (including for approval or publicity purposes). We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making returns to HMRC and disclosures to shareholders such as directors’ remuneration reporting requirements. If we have to share information in the context of a possible sale or restructuring of the business we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

We will share your personal information with other entities in our group as part of our day to day production activities and in the provision of production services and ancillary services (such as payroll) between group companies, regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, or for system maintenance support and hosting of data.

Transferring information outside the UK

Where we share your personal data with other companies with whom we contract (as described above), these companies may be located outside of the United Kingdom (“UK”) in countries with different laws for processing personal data than the laws in your country of residence.

If we transfer your personal data outside of the UK, we will take steps to ensure that your data will receive the same level of protection as if it were being processed within the UK. For example, we may include an International Data Transfer Agreement approved by the UK government in our contracts with third parties to ensure there are safeguards in place to protect your personal data. Please contact us for more information about the specific measures taken.

DATA SECURITY

We have put in place measures to protect the security of your information. Details of these measures are available upon request. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our Data Retention Policy.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Head of Production at privacy@fivemilefilms.co.uk. Do note that in certain circumstances we may not be required to comply with your request but will discuss this with you if applicable.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Head of Production at privacy@fivemilefilms.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

DATA PROTECTION CONTACT

Our Head of Production will oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Head of Production at privacy@fivemilefilms.co.uk. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact the Head of Production at privacy@fivemilefilms.co.uk.