At Lumen Home we take privacy very seriously and are currently updating all our records and processes to ensure that we are fully meeting the data protection standards introduced by the General Data Protection Regulation (GDPR) on 25 May 2018. We are registered as data processors with the Information Commissioner’s Office (ICO).

The categories of information that we collect, hold and may share include:

• personal information (such as name, address, date of birth)

• characteristics (such as ethnicity, language, nationality, country of birth).

The lawful basis on which we use this information 

We collect and use information under the following lawful bases established by the GDPR.

• Legitimate interest: the process involves using your data in ways you would reasonably expect, and which have a minimal privacy impact.

• Legal obligation: processing is necessary for us to comply with the law (submitting data to Government Departments for example).

Who we share information with

We routinely share information with:

• local authorities 

• suppliers and contractors 

• government departments 

• other companies within the group 

Why we share information 

We do not share information with anyone without your consent unless the law and our policies allow us to do so. We are required to share certain data with official bodies (such as HMRC or the Department for Work and Pensions (DWP)) on a statutory basis.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are "special categories" of more sensitive personal data which require a higher level of protection, such as information about a person's health or sexual orientation.

We will collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.

• Date of birth.

• Gender.

• Marital status and dependents.

• Next of kin and emergency contact information.

• National Insurance number.

• Bank account details, payroll records and tax status information.

• Salary, annual leave, pension and benefits information.

• Start date and, if different, the date of your continuous employment.

• Leaving date and your reason for leaving.

• Location of employment or workplace.

• Copy of driving license.

• Recruitment information (including copies of the right to work documentation, references and other information included in a CV or cover letter or as part of the application process).

• Employment records (including job titles, work history, working hours, holidays, training records and professional memberships).

• Compensation history.

• Performance information.

• Disciplinary and grievance information.

• CCTV footage and other information obtained through electronic means such as swipe card records.

• Information about your use of our information and communications systems.

• Photographs.

• Results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied.

We may also collect, store and use the following "special categories" of more sensitive personal information:

• Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.

• Trade union membership.

• Information about your health, including any medical condition, health and sickness records, including:

• Where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision.

• Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and

• Where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.

• Genetic information and biometric data.

• Information about criminal convictions and offences.

How is your personal information collected?

We collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

We will collect additional personal information during job-related activities throughout the period you are working for us.

Situations in which we will use your personal information

We need all the categories of information in the list above primarily to allow us to fulfil our contract with you and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.

• Deciding about your recruitment or appointment.

• Determining the terms on which you work for us.

• Checking if you are legally entitled to work in the UK.

• Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs).

• Providing the following benefits to you.

• Inviting you to participate in any share plans operated by a group company.

• Granting awards under any share plans operated by a group company.

• Administering your participation in any share plans operated by a group company, including communicating with you about your participation and collecting any tax and NICs due on any share awards.

• Enrolling in a pension arrangement in accordance with our statutory automatic enrolment duties.

• Liaising with the trustees or managers of a pension arrangement operated by a group company, your pension provider and any other provider of employee benefits.

• Administering the contract we have entered with you.

• Business management and planning, including accounting and auditing.

• Conducting performance reviews, managing performance and determining performance requirements.

• Making decisions about salary reviews and compensation.

• Assessing qualifications for a particular job or task, including decisions about promotions.

• Gathering evidence for possible grievance or disciplinary hearings.

• Making decisions about your continued employment or engagement.

• Deciding about the termination of our working relationship.

• Education, training and development requirements.

• Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.

• Ascertaining your fitness to work.

• Managing sickness absence.

• Complying with health and safety obligations.

• To prevent fraud.

• To monitor your use of our information and communication systems to ensure compliance with our IT policies.

• To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.

• To conduct data analytics studies to review and better understand employee retention and attrition rates.

• Equal opportunities monitoring.

• Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Data collection requirements

To be granted access to any information we hold, organizations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

We do not keep data for any longer than necessary and do not allow its use for any purpose other than that for which it has been collected. Should new processes be introduced into the organization or innovative uses of the data we hold, you will be kept informed at each stage. 

Requesting access to your personal data

Under the GDPR, you have the right to request access to information about you that is held by this organization. To make a request for your personal information, contact Lauren Taylor who will deal with the request within 30 days.

You also have the right to:

• object to the processing of personal data that is likely to cause, or is causing, damage or distress

• prevent processing for the purpose of direct marketing

• object to decisions being taken by automated means and

• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with Lauren Taylor Registered Manager for the first instance. This does not affect your right to complain to the Information Commissioner’s Office (ICO) ().