Welcome to Penna, part of the Adecco Group. We look forward to working with you to help you to further develop your career. As you’d expect, to properly perform our services, we collect and use information about you.
Penna is committed to protecting and respecting your privacy. This Privacy Information Statement describes your privacy rights in relation to the information about you that we process, as well as the steps we take to protect your privacy. We know its long, but please read this Statement carefully. There is an index below so you can go straight to the bits you want if you prefer.
Some terms to be clear about
First we need to be clear about how we use some words in this statement.
It may seem obvious, but in this Statement you will be referred to as ‘You’.
When we talk about ‘us’ or the ‘Company’ we mean Penna Plc. We have our registered offices at Millennium Bridge House, 2 Lambeth Hill, London EC4V 4BG for Penna. The Company is part of the Adecco Group, the largest HR services provider in the world. Through its various companies and business lines the Adecco Group provides several HR (Human Resources) activities like staffing, secondment, payroll services, recruitment & selection, testing solutions, career transition, talent development, training & education, outplacement and international mobility (‘our Activities’).
To carry out our Activities the Company uses several IT systems. In some cases the Company provides a Self Service Portal (‘Portal’) for its candidates/personnel. The Portal allows you to update your own records such as your contact details and bank details, and where you work for one of our clients, the hours that you have worked.
Finally, this is a statement about information about people – like you and your family. It includes facts about you, but also opinions about you and that you hold (“I’m a football fan” for example). It’s not about information about the Company (although sometimes the two overlap). This type of information is sometimes called ‘Personal information’, ‘Personally Identifiable Information’ or ‘PII’. We use the term ‘Personal Information’ in this statement.
What personal information does the company collect and use?
Personal information that the company usually collects includes, but is not limited to
- your name, date and place of birth, contact details and qualifications (education, training courses and internships), and any other information you mentioned on your resume or CV;
- if you log on to the Portal using your LinkedIn or any other social media account: your profile data;
- if you contact us, in some cases we will keep a record of that correspondence;
- feedback about you from our staff and third parties who you work with or for, and other appraisal information; where you give feedback on others, we usually keep that too and that is also personal information about you (it’s your opinion after all);
- we may also collect information on your use of our systems including (but not limited to) your IP address, browser, timestamp, location, country traffic data, location data, weblogs and other communication data and the resources that you access. This information will make our systems easier to use in the future;
- details of any disabilities and any accommodations we may need to make for you in the workplace;
- when you start working for the company we shall also collect:
- your gender, nationality, copy ID documents, proof of address and copies of documents evidencing your right to work in the locations you will work in (visas, work permits, etc.);
- payroll information such as your bank account information, national insurance or social security number, tax codes and reference numbers, your fees, salary and benefits information and any voluntary deductions you ask us to make from your salary and fees (like trade union membership or church dues);
- records of your attendance, time spent on projects, training, promotions, investigations and disciplinary matters;
- information about your use of our IT systems and premises (including CCTV and door entry systems);
- details about your dependents and next of kin;
- travel information (travel data, credit card information, passport number, expenses incurred) for the purposes of the negotiation, arrangement and purchasing of all travel related activities (e.g. Airfare, Train, Hotel & Car Rental reservations) and the reimbursement of travel expenses;
- photos and videos of your attendance at training or similar sessions (you will be given a chance at the session to ask not to be videoed or photographed); and
- in some cases we will also collect sensitive personal information (e.g. data relating to your health).
Why do we use personal information about you?
The company collects and processes personal information:
- To provide you with the assistance you expect, like finding you suitable assignments to work on, helping you with training, or facilitating the process of applying for new assignments. This includes keeping you informed of future work opportunities by email, telephone, mail and/or other communication methods;
- to further develop and improve our systems/processes; this mainly takes place in the context of new IT systems and processes, so that information about you may be used in the testing of those new IT systems and processes where dummy data cannot fully replicate the operation of that new IT system;
- to perform studies and statistical and analytical research, for example to compare the effectiveness of our placement of associates with clients between different business sectors and geographies and seek to identify factors that might influence any differences we identify;
- to transfer data to third parties (see below);
- where necessary, to comply with any legal obligation;
- when you start working for the Company, to perform our duties to you as your employer or customer (in the case of individual contractors); and
- when you start working for the company:
- to comply with your contract of employment or contract for services, and all other contracts and rules that govern our employment or other contractual relationship with you;
- maintain and improve administration of talent generally (including for the purposes of workforce analysis);
- carry out other human resources activities (including work management, absence management, training/people management, expense management, and disciplinary procedures);
- manage shares and other assets to which you may be entitled;
- promote the security and protection of people, premises, systems and assets;
- monitor compliance with internal policies and procedures;
- administer communications and other systems used by the Adecco Group (including internal contact databases);
- investigate or respond to incidents and complaints;
- comply with obligations and rights and cooperate with investigations carried out by the police, government or regulators;
- in the case of photos or videos of training sessions, to report internally that the training sessions have taken place and their content (for example in internal updates) and also to market similar sessions internally and to third parties; or
- participate in any potential or actual purchase or sale, or joint venture, of all or part of a business or company, that any member of the Adecco Group wishes to participate in.
What does the law say about this?
We are required by law to have a ground set out in the law to process the information we hold about you
When you are working with or through Penna our processing of personal information for all these purposes is based on processing grounds like the performance of a contract to which the data subject is a party (purposes 1 and 5-7), processing necessary to comply with legal or regulatory obligations (purpose 5-7) and/ or processing necessary in the legitimate interests of Penna in exercising its and its staff fundamental rights to run a business in a way which does not unduly affect your interests or fundamental rights and freedoms (purposes 1-4 and 7). When processing is necessary for the legitimate interests of Penna, we ensure that processing is conducted in such a manner that our legitimate interests outweigh any individual’s interest. We shall only process your personal information other than on these grounds with your consent (a further processing ground).
Do you have to give us the personal information we ask for?
The provision of your personal information is a requirement necessary to enter and/or maintain our contract with you. This means that you are obliged to provide your personal information to Us.
If you do not provide your personal information to us, we may either not be able to conduct the employment or supplier relationship with you or, at least, you may not be able to participate in certain processes such as feedback or career development (which may also not be in line with your contract with us).
Do we process information about you without any human intervention at all?
Yes, we do. The Company uses automated systems/processes and automated decision-making (like profiling) to provide you, and our clients, with the services you request from us. For example, when our clients are looking for candidates for jobs, we may conduct a search of our lists of candidates using automated criteria to compile a shortlist.
How long do you keep my personal information for?
The Company may (and in some circumstances must, depending on the type of data) keep your data for several years after your employment with us has ended. Generally, we retain data concerning taxes and your contract of employment, financial information (including payroll data and data relating to pay, etc.) for 7 years, and other personal information for as long as you wish to receive our services, and for up to 2 years thereafter. We retain sensitive personal data for no longer than is reasonably necessary.
Do we transfer your personal data to third parties?
As mentioned above, we usually disclose your data to third parties. This is done to complete the purposes set out above. We do this in the following circumstances:
- To our suppliers. We may, for example, engage a supplier to carry out administrative and operational work in support of our relationship with you. The supplier(s) will be subject to contractual and other legal obligations to preserve the confidentiality of your data and to respect your privacy, and will only have access to the data they need to perform their functions; these suppliers are typically IT suppliers (who host or support our IT systems, including information about you), premises management companies (who look after physical security at our buildings, and therefore need to know about you to allow access to our buildings), HR related providers (who operate payroll or benefits provision on our behalf, such as on site catering for associates and colleagues), travel providers (who manage or organise travel for our associates and colleagues) or back office finance and accounting management providers (who might need to handle details of colleagues and associates in order to process accounts payable and receivable).
- To members of the Adecco group of companies in other countries. These may be located in- or outside the European Union; different members of the group fulfil different functions and as result your information may be shared with them for different reasons:
- information is shared with members of the Adecco group that provide IT functions for the Adecco companies world-wide; those IT functions are located in France.
- information is shared with the head office of the Adecco group in Switzerland for work force planning, budgeting and feedback purposes; this information may also be used at head office in Switzerland to propose new opportunities to you within the Adecco group or with clients.
- information is also shared with Adecco affiliates world-wide where you have expressed an interest in opportunities in that market, or members of the Adecco Group identify that you may have particular skills required or helpful in that market. A list of the countries in which we operate is available in the ‘choose your country’ function of our website at www.adecco.com
- To our clients/prospective employers: we will share your data with clients of ours who are offering jobs/ assignments you may be interested in, or who are interested in your profile, for colleagues this may be where you are working on-site with our clients. They owe contractual and other confidentiality obligations in relation to your data to us, and to you;
- We will share your data with government, police, regulators or law enforcement agencies if, at our sole discretion, we consider that we are legally obliged or authorised to do so or it would be prudent to do so; and
- As part of due diligence relating to (or implementation of) a merger, acquisition, change in service provider or other business transaction we may need to disclose your data to the prospective seller or buyer, new service provider and their advisers
Do we transfer your data outside the European Union?
Your data can be transferred and processed in one or more other countries, in- or outside the European Union. A full list of the countries in which we operate is available in the ‘choose your country’ function of our website at www.adecco.com.
We shall only transfer your data outside the EU to countries which the European Commission believes offers an adequate level of protection to you (a list of those countries is available here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), or where the Adecco Group has put in place appropriate safeguards to seek to preserve the privacy of your information (for which we usually use one of the forms of data transfer contracts approved by the European Commission, copies of which are available here: http://ec.europa.eu/justice/data-protection/international-transfers/ transfer/index_en.htm).
What are your rights?
- Right to access and obtain a copy of your personal information: You are entitled to request confirmation whether we process any of your personal information. Where this is the case, you may have access to your personal information and to certain information about how it is processed. In some cases you can ask us to provide you with an electronic copy of your information. If there is a self-service system, we really encourage you to access it and update it yourself.
- Right to correct your personal information: If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected. If there is a self-service system, we really encourage you to access to it and update it yourself.
- Right to be forgotten/have data deleted: If we do not need to retain or process the data for any other reason, you may request that we stop or restrict the processing or delete (some or all of) your personal information.
- Right to object: As far as the company’s processing of your data is based on the company’s legitimate interest (and no other processing ground) or relates to direct marketing, you are entitled to object to the Company processing your data by reference to your particular situation.
If you want to exercise any of your rights, please email us at firstname.lastname@example.org or your local privacy lead at email@example.com. When you email us to exercise your rights, the Company may ask you to identify yourself before actioning your request. Finally, you have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.
Do we carry out any monitoring?
To the extent permitted by law, Penna reserves the right to audit, monitor and record the access, use and content of any data held or processed by its IT systems. We do this for the purposes (d)-(h) set out above but call this point out specifically in this notice so that you are aware in particular that your use of work related IT systems may be monitored by others.
What about data security when using Adecco systems?
You are responsible for keeping your login details to Penna’s systems safe, in particular the password that we have given you or that you have chosen. These login credentials are for your own use. You are not permitted to share your credentials or other account details with any other person(s).
If you have any questions or concerns regarding this privacy information statement would like further information about how we protect your information (for example when we transfer it outside Europe) and/or when you want to contact the company’s Data Protection Officer (DPO), please email us at firstname.lastname@example.org.
please email us at email@example.com. You may also contact the local privacy lead at firstname.lastname@example.org
How do we handle changes to the privacy information statement?
The terms of this Statement may change from time to time. We shall publish any material changes to this Statement through appropriate notices either on this website or contacting you using other communication channels.
The Penna team