Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
The data controller is Quarto Publishing plc. of The Old Brewery, 6 Blundell Street, London, N7 9BH. This means it decides how your personal data is processed and for what purposes.
Personal data is information that relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. We collect, store and process personal data about employees, workers, job candidates and former employees. When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.
We collect data you provide to us. This includes information you give when you apply for employment or enter into a contract with us. For example, we may hold:
Your employment and involvement with Quarto will result in personal data being generated. This could include:
We do not normally collect or store special categories of personal data. Sensitive personal data is defined as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sex life or sexual orientation, and criminal allegations, proceedings or convictions. Processing of sensitive personal data is more tightly restricted under GDPR.
However, there are certain, limited situations where we may need to process sensitive personal data where it is necessary for the purpose of carrying out obligations and exercising specific rights of the data controller or you in the field of employment, social security and social protection law. For example:
We process your personal data on the following basis:
We process your personal data for the following purposes:
We may share your personal data with suppliers who provide us with services, known as data processors. Examples of data processors include our payroll, benefits and pension providers. Information is transferred to data processors securely and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We employ a variety of physical and technical measures to protect information we hold. We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).
Quarto Publishing plc. is based in the UK and we store data within the European Economic Area. Our data processors are based within the European Economic Area.
In terms of retention periods, we will not keep your data for longer than is necessary. When deciding how long to hold your data we consider the purposes for which this is processed, legal and regulatory requirements (including any contractually agreed periods) and statutory limitation periods (under which it is prudent for us to retain records for longer periods).
We continually review what information we hold and will delete personal data which is no longer required.
Unless subject to an exemption under the GDPR, you have a number of rights in relation to the personal data that we process about you. You:
ADM occurs when decisions are made about you by a computer or some other information analyzing machine. Examples of this include the machine scanning of CVs, computer processed aptitude or personality tests and website profiling. We do not use ADM.
Should you have a complaint about how we have processed your personal data, you can complain to us directly by contacting our Data Protection manager in the first instance. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection in the UK. Details of how to do this can be found at www.ico.org.uk.