COLLEAGUE PRIVACY NOTICE
This notice relates specifically to individuals who apply for roles within Vanquis Bank Limited, employees of Vanquis Bank Limited and individuals who act in the capacity of a self-employed contractor, working on behalf of Vanquis Bank Limited. It explains how we use your personal data, and describes the categories of personal data we process and for what purposes. It applies when you use this website or any of our apps or when you apply for roles with Vanquis Bank Limited. We are committed to collecting and using personal data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.
We are committed to ensuring that your information is kept safe, secure and used responsibly, and we have put in place appropriate technical and other security measures to protect it.
Who we are
Vanquis Bank Limited (Company Number 02558509) whose registered office is at 1 Godwin, Street, Bradford, West Yorkshire BD1 2SU, a member of the Provident Financial Group (the Group). You can get in touch with our Customer Services Department at Vanquis Card, Customer Services, PO Box 399, Chatham, ME4 4WQ or by telephone on 0330 099 3000. Please click here for opening hours and call charge information.
Other firms within the Provident Financial Group with which we may share your personal data are:
Provident Financial plc. Registered number 0668987 England.
Provident Personal Credit Limited. Registered number 146091 England.
Provident Financial Management Services Limited. Registered number 0328933 England
The registered address for these companies is: No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU.
Moneybarn Limited. Registered number 02766324 England.
Moneybarn No. 1 Limited. Registered number 04496573 England.
The registered address for these companies is: The New Barn, Bedford Road, Petersfield, Hampshire, GU32 3LJ.
What kind of personal information we use
We use many different kinds of personal information depending on your role, your personal circumstances, our legal requirements, legitimate interests and our contractual obligations to you. We need to use the following personal data: full name, address, email address, telephone number, date of birth, contact details, bank account details, education details, previous employment (where applicable and including self-employment), National Insurance numbers and identifier numbers from passports, driving licences, birth certificate and residence permits (where applicable), information about your credit history, statutory benefits, your performance in your roles with Vanquis, photographic images, information about your family members in order to provide colleague benefits and services, information we receive from credit reference and fraud prevention agencies, and other financial information. Where you use our websites, we will collect your Internet Protocol (IP) address and information about your browsing behaviour.
We might also need health information and to help us provide you with support, for instance making necessary adjustments to your working environment.
How we collect your personal data
We collect personal data:
• directly from you, for example when you fill out an application form either on paper or on our website;
• from other companies in our group;
• by observing how you use our websites;
• from employment references received from your previous employers (where relevant);
• from education authorities in relation to verify details of your academic qualifications;
• from benefits agencies;
• from public sources, such as the ‘Open Register’, which is an extract of the electoral register, but is not used for elections and Companies House where we need information upon directorships and self-employment history. You can opt out of being included in the register. Doing so, will not affect your right to vote. For more information, please go to: https://www.gov.uk/electoral-register/view-electoral-register
How we use your personal data
Data protection law says that we can only use personal data if we have a proper reason to do so. For example, these reasons include fulfilling a contract we have with you, when we have a legal duty, when it is in our legitimate interest or when you consent to its use. When data protection law allows us to process your personal data for our own legitimate interests, it is only allowed provided those interests do not override your own interests and/or your fundamental rights and freedoms.
An example of us using your personal data when we have a legal duty, is where we must do so in order to comply with our obligations to you under employment law.
An example of where we would process your personal data for our legitimate interests would be to investigate potential fraud. Processing personal data in these circumstances would not only be in our legitimate interest but also yours.
Our purposes for processing your personal data
We will only ask you for your personal data where it is necessary to fulfil the following purposes. Where providing us with your personal data is optional, we will inform you of this. Our purposes are grouped under our legal bases for processing.
Entering into and fulfilling a contract between you and us
• To consider and process applications made by individuals seeking a role with Vanquis Bank Limited
• To deliver the employee services we provide, including:
o Making salary and expense payments to you;
o Fulfilling other contractual benefits to you;
o Administering share plans;
o Providing you with information, advice and guidance on the terms of your contract with Vanquis Bank Limited;
o To address enquiries or complaints we may receive from you or a representative appointed by you.
Fulfilling our legal obligations
• Checking your identity;
• Conducting mandatory background checks and assessments of your creditworthiness when you apply for a role with Vanquis Bank Limited;
• Conducting criminal record checks for holders of senior management functions;
• Detecting, investigating and reporting financial crime, and taking measures to prevent this;
• Maintaining records of our business, as required by law – for instance, keeping records of our accounts;
• Complying with laws which require us to provide information, directly or indirectly to any national authority, for the purpose of calculating and collection of tax;
• To meet our obligations under pensions legislation;
• To otherwise meet our obligations under all laws and regulations based on law which apply to our business activities;
• Responding to enquiries and requests for information by any of our Regulators;
• Creating and submitting reports required by any of our Regulators;
• Identifying and managing risks to our organisation; and
• Where we have a duty to protect your interests as an employee or a contractor of Vanquis Bank Limited.
Where we are required to undertake internal audit activities to examine and evaluate the effectiveness of our internal systems and controls.
Where we need to check a colleague’s entitlement to work in the UK we may use external databases to verify your identity, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
For our legitimate interests
• As a commercial organisation:
o Understanding how our employees use the services available to them, so we can improve these – this may include details of where and when you log into certain applications;
o Developing new services for our employees;
o Sharing information with organisations who introduce you to us under a commercial agreement – for instance, where we pay them commission;
o Sharing information for the purpose of ensuring your ongoing creditworthiness, throughout the life of your employment (please see the section headed ‘Credit Reference Agencies’ below);
o Improving our systems and processes, which may include using your personal data to test the accuracy of these, but only where it is essential to do so;
o To otherwise exercise our rights under your contracts with us;
o Sharing your personal data with other firms within the Provident Financial Group for business analysis purposes
o To invite you to participate in market research and colleague surveys;
o To invite you to participate in employee share plans;
To send you personalised communications by post in connection with your employment, such as greetings cards or recognition letters; Sharing your personal data with any person to whom we may, or consider transferring any of our rights or business;
o To share information with third parties for the purpose of preventing fraud and financial crime (see section headed, ‘Fraud Prevention Agencies’ below); and
o Maintaining employee lists for the purposes of access to our offices;
o Conducting criminal record checks;
o Disaster recovery and emergency management tools and applications;
o Internal directories, employee share-point sites, internal websites and other business co-operation and sharing tools;
o Business conduct and ethics reporting lines;
o Compliance with internal policies, accountability and governance requirements, and corporate investigations;
o Call recording and monitoring for employees’ training and development purposes
o Employee retention programmes;
o Workforce and headcount management, forecasts and planning;
o Professional learning and development administration;
o Travel, accommodation and corporate event administration; and
o Time recording and reporting.
Please see the section headed ‘Your Privacy Rights’ for information on your right to object to processing of your personal data based on our legitimate interests.
Where we require your consent / explicit consent
• To process about you, where necessary, ‘special categories of personal data’ – this includes data about your:
o Health;
o Race or ethnicity;
o Religion or other beliefs of a similar nature;
o Sexual life or orientation;
o Trade Union membership;
o Political opinions; and
Genetic or biometric data about you.
We may process certain personal data in the above categories to help create an inclusive environment for all colleagues by identifying and removing barriers in our practices and to help us meet our obligations under the Equality Act 2010.
•
The business may also collect and use your personal and sometimes special category personal data order to conduct Workstation DSE (Display Screen Equipment) Assessments internally or through an external 3rd Party company to ensure that under the Health & Safety at Work Act 1974 and The Management of Health and Safety at Work Regulations 1999 its obligations are being met such as :
1. a duty to protect the health and safety of employees as far as reasonably possible
2. the provision of a working environment that is so far as reasonably practicable, safe and without risk to health.
This information and any recommendations will be used by the business in order to:
ensure a suitable and sufficient risk assessment is carried out
reduce the risk to the lowest reasonably practicable level through preventive measures
Retaining your personal data
We will retain your personal data for as long as we are obliged, under relevant legislation and regulation, or where no such rules apply, for no longer than it is necessary for our lawful purposes even if this continues after your employment ends (e.g. if we need to administer a share award that you still hold after you have left). This will usually be no more than seven years from the point at which the obligation to retain a record containing your personal data begins. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims. If you are a member of any of the PFG share schemes, we will keep your data for 10 years from the date your membership commences for the purpose of exercising existing grants and reporting purposes. We may also retain data for longer periods for statistical purposes, and if so we will anonymise or pseudonymise this.
Using data processors and transferring your personal data overseas
We may use service providers, agents and subcontractors to provide services on our behalf. This may require these organisations to access and process your personal data. We have listed our third party partners and categories of suppliers we use in Appendices 1 and 2.
From time to time your personal data may be transferred to organisations that are based in countries outside the UK or European Economic Area. In these circumstances, we will ensure they process your personal data only in accordance with the applicable data protection legislation and under strict organisational and contractual controls, specifically standard contractual clauses approved by the EU. For more information about these controls, please visit https://ico.org.uk and search for ‘International transfers’.
Your Privacy Rights
You have the right to object to how we process your personal data. You also have the right to see what personal data we hold about you. You can ask us to correct inaccuracies, delete or restrict personal data or ask for some of your personal data to be provided to someone else. These rights are explained in more detail below.
Requests to exercise your rights to your personal data can be made by:
By post: to HR Services, Vanquis Bank, 50 Pembroke Court, Chatham Maritime, Kent, ME4 4EL
By telephone: on 01274 962551
By email: to hr.services@vanquisbank.co.uk
Our Data Protection Officer can be contacted using the above details.
Your data protection rights are subject to certain restrictions and conditions. We will assess your request and where we decide not to act upon this, we will notify you of our reasons for this. We will not make a charge for handling your rights request, unless we consider this to be manifestly unfounded or excessive (particularly if this is repetitive).
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office, whose address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. You can find out how to report a concern on their website at: https://ico.org.uk/reportaconcern
Your rights are:
To be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. We fulfil this right by giving you this notice.
Access to your personal data: You can request access to a copy of your personal data that we process as a data controller, together with details of why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
Right to withdraw consent: If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain support or act on employment rights. If this is the case, we will tell you.
Right to object: You may object to our processing of your personal data by us, where this processing is based on our legitimate interests or in the public interest. We will assess whether our interest in continuing to process your personal data overrides your rights and freedoms. If not, we will stop processing your personal data. Either way, we will inform you of the outcome.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.
Erasure: This is also known as “the right to be forgotten” and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.
Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided with your consent or in relation to the products you have with us, and which we process by automated means, such as your account transaction data.
Restriction: You can ask us to restrict the personal data we use about you where:
• it is inaccurate;
• you have asked for it to be erased;
• you have objected to our use of it; or
• where you need this for the bringing or defending of legal claims.
When you have asked us to restrict the use of your personal data we may still store your information but will not use it further without your consent, unless we need to process it:
• to bring or defend legal claims;
• to protect the rights and freedoms of other individuals; or
• for other important public interest reasons.
Automated decision making and profiling
We may use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based on solely automated processing, including profiling, if this will have a legal or other significant effect on you (unless certain exceptions apply).
We will tell you where we will make such decisions and you have the right to ask for these to be reconsidered manually;
Credit Reference Agencies
In order to confirm your employment, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”).
To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
• Assess your creditworthiness to ensure you meet the criteria required for your role;
• Verify the accuracy of the data you have provided to us;
• Prevent criminal activity, fraud and money laundering;
• Ensure any offers provided to you are appropriate to your circumstances.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail on the Credit Reference Agency Information Notice (‘CRAIN’), which may be accessed via the links to the CRAs detailed below. Experian: https://www.experian.co.uk/crain
Fraud Prevention Agencies - CIFAS
General
1. We will check your details against the Cifas Databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their Staff and potential Staff. “Staff ” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part-time or for a fixed-term.
2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.
3. Details of the personal information that will be processed include: name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance number, and nationality. Where relevant, other data including employment details will also be processed.
4. We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.
5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us.
6. Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk.
Consequences of processing
7. Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).
8. A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.
Data transfers
9. Cifas may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then Cifas will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
Your rights
10. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.
11. For more information or to exercise your data protection rights, please contact us using the contact details provided.
12. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.
Links to other websites
Certain hypertext links in this website may lead you to websites which are not under our control. Once you have left our website we are unable to accept responsibility for the protection of any personal data you provide to the owner of that website. You should look at the privacy information applicable to that website.
Keeping up to date
We keep our Privacy Notice under regular review. This notice was last updated in June 2021.
Appendices
Appendix 1:
List Third Party Partners
We do not currently have any Third Party partners
Appendix 2:
Categories of supplier with whom we may share personal data for our business purposes.
Under data protection legislation, we must inform you of the categories of organisations with which we may share your personal data. We have listed these below.
Childcare Voucher providers
Communications providers – intranet, mail, email and SMS text services
Corporate rewards and benefits providers
Credit Reference Agencies
Dental Health service providers
Event co-ordinators
Fraud Prevention Services
Gym Membership providers
IT Consultants
IT service providers
Legal Services
Management Consultants
Market Benchmarking service providers
Market Research
Medical Scheme providers
Occupational Health service providers
Pension Scheme Administrators and Trustees
Professional Services firms
Recruitment Agencies
Risk Consultancy Services
Share Scheme Administrators
Software Providers
Training Providers
Transcription service providers
Travel Services providers
Web Analytics service providers
Website Hosting service providers