Privacy policy for employees, workers, candidates and former employees

Quarto Publishing plc. (also referred to as "we", “us” or “our”) is fully committed to both protecting and respecting your privacy. This privacy policy for employee, workers, candidates and former employees explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

The data controller is Quarto Publishing plc. of The Old Brewery, 6 Blundell Street, London, N7 9BH. This means it decides how your personal data is processed and for what purposes.

What is personal data

Personal data is information that relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. We collect, store and process personal data about employees, workers, job candidates and former employees. When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.

Personal data we hold

Personal data you provide

We collect data you provide to us. This includes information you give when you apply for employment or enter into a contract with us. For example, we may hold:

  • Personal details (name, gender, date of birth, email, address, telephone, employee number, etc.)
  • Family and spouse/partner or next of kin details for emergency contact
  • Financial information (bank account details, tax information, National Insurance number, remuneration and benefit information, etc.)
  • Right to work in the UK documentation (passport copy, other right to work documentation)
  • Employment history and/or educational qualifications

Personal data generated by your involvement with Quarto

Your employment and involvement with Quarto will result in personal data being generated. This could include:

  • Annual leave details
  • Sick leave details
  • Performance details
  • Salary details
  • Benefits information
  • Disciplinary and grievance investigations and outcomes

Special category (“sensitive”) personal data

We do not normally collect or store special categories of personal data. Sensitive personal data is defined as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sex life or sexual orientation, and criminal allegations, proceedings or convictions. Processing of sensitive personal data is more tightly restricted under GDPR.

However, there are certain, limited situations where we may need to process sensitive personal data where it is necessary for the purpose of carrying out obligations and exercising specific rights of the data controller or you in the field of employment, social security and social protection law. For example:

  • We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to an Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
  • If you apply to work for us we may need to know about any access, medical or other requirements you may have to attend a job interview.

Why we process your personal data

We process your personal data on the following basis:

  • To enter into, perform or to take steps to enter into a contract with you;
  • To comply with a legal duty;
  • Or for our legitimate interests where the processing is necessary for a particular purpose (i.e. the provision of pension administration or for the performance of employee administration, examples of which are described below)

We process your personal data for the following purposes:

  • Employee management including pay, tax, pensions and benefits administration
  • Recruitment management to determine suitability of a candidate for us to potentially offer employment to
  • Management of suppliers of services (data processors)
  • Health and safety obligations
  • Statutory record keeping and reporting requirements
  • Internal processing, evaluation and analysis for the purposes of salary review, promotion, performance management, salary and benefits benchmarking, training & development, redundancy processes (including disciplinary warnings, performance appraisals, attendance, salary information for processing), unfair dismissal rules, anti-discrimination rules, TUPE regulations

Disclosing and sharing your personal data with data processors

We may share your personal data with suppliers who provide us with services, known as data processors. Examples of data processors include our payroll, benefits and pension providers. Information is transferred to data processors securely and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.

Data security and storage

We employ a variety of physical and technical measures to protect information we hold. We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).

Quarto Publishing plc. is based in the UK and we store data within the European Economic Area. Our data processors are based within the European Economic Area.

In terms of retention periods, we will not keep your data for longer than is necessary. When deciding how long to hold your data we consider the purposes for which this is processed, legal and regulatory requirements (including any contractually agreed periods) and statutory limitation periods (under which it is prudent for us to retain records for longer periods).

We continually review what information we hold and will delete personal data which is no longer required.

Your rights and control of your personal data

Unless subject to an exemption under the GDPR, you have a number of rights in relation to the personal data that we process about you. You:

  • Have the right to be informed about your data (as set out in this Privacy Policy);
  • Can request access to your personal data;
  • Can request that your personal data be rectified if it is inaccurate or incomplete;
  • Can request that the processing of your personal data be restricted or erased in certain circumstances, for example, where the data is no longer necessary to meet its purpose;
  • Can object to processing in certain circumstances, for example where this is based on legitimate interests or involves direct marketing;
  • Can request to receive personal data that you have provided in a structured, commonly used and machine-readable format and can have this transmitted without hindrance where the data is processed on the basis of consent or performance of a contract;
  • Can lodge a complaint with the Information Commissioner’s Office.

Automated decision making (“ADM”)

ADM occurs when decisions are made about you by a computer or some other information analyzing machine. Examples of this include the machine scanning of CVs, computer processed aptitude or personality tests and website profiling. We do not use ADM.

Complaints and enquiries

Should you have a complaint about how we have processed your personal data, you can complain to us directly by contacting our Data Protection manager in the first instance. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection in the UK. Details of how to do this can be found at www.ico.org.uk.

We may amend this privacy policy from time to time to ensure it remains up to date and continues to reflect how and why we use your personal data. The current version of our HR policy will be posted on our intranet.

Any questions you may have in relation to this privacy policy or how we use your personal data should be sent to our Data Protection manager by email at dataprotectionmanager@quarto.com or by post to Quarto Publishing plc., The Old Brewery, 6 Blundell Street, London, N7 9BH.