Privacy Policy (Employees and Contractors)
V1 15.06.26
Please click the links in the Table of Contents below to see specific sections of the policy, or you can download a PDF at the bottom of this article.
- Who We Are
- Scope of This Policy
- The Personal Data We Collect
- How We Use Your Personal Data
- Special Category Data
- Where We Get Personal Data From
- Sharing Your Personal Data
- International Transfers
- Data Retention
- Data Security
- Your Rights
- Automated Decision Making
- Data Protection Responsibilities
- Complaints
1. Who We Are
Associate Enterprises Limited (“we”, “us”, “our”) provides consultancy, audit services, online platforms (including LMS services) and other professional services.
We are the data controller for the personal data described in this Privacy Policy.
Contact details
Email: desk@assent1.com
Address Details see https://www.clemarkgroup.com/about/
2. Scope of This Policy
This policy applies to:
- Employees
- Workers and contractors
- Job applicants (where relevant to employment records retained)
3. The Personal Data We Collect
We process the following categories:
3.1 Core Employment Data
- Name and contact details
- Employment contract details
- Job role and organisational data
3.2 Payroll & Financial Data
- Bank details
- Salary and pay records
- Tax and National Insurance details
- Pension information
3.3 HR Records
- Personnel files
- Performance records
- Annual leave records
- Training and development records
3.4 Absence & Health Data (Special Category)
- Sick leave records
- Health-related absence information
Processed under:
- Article 9(2)(b) UK GDPR and Schedule 1 DPA 2018 employment condition
3.5 Recruitment Data
For successful candidates:
- Contact details
- Employment history
- Qualifications
- References
For diversity monitoring (where applicable):
- Ethnicity
- Disability information
Special category data is processed in line with employment law obligations.
3.6 Contractor / Consultant Data
- Contact details
- Qualifications
- Skills, experience and project history
Typically retained for up to 7 years after last engagement.
4. How We Use Your Personal Data
We use employee and contractor data to:
| Purpose | Lawful Basis |
|---|---|
| Manage employment contracts | Article 6(1)(b) – Contract |
| Pay employees and meet tax obligations | Article 6(1)(c) – Legal obligation |
| Manage HR records and performance | Article 6(1)(b) – Contract |
| Monitor absence and workforce wellbeing | Article 6(1)(b) + Article 9(2)(b) |
| Recruitment and onboarding | Article 6(1)(b) or (a) |
| Maintain workforce diversity data | Article 9(2)(b) |
| Engage and manage contractors | Article 6(1)(a) or (b) |
5. Special Category Data
We process limited special category data such as:
- Health (sickness absence)
- Diversity data (ethnicity, disability)
This is processed:
- For employment law purposes
- Under appropriate safeguards
- In line with Schedule 1 of the Data Protection Act 2018
6. Where We Get Personal Data From
We collect personal data from:
- You directly
- Recruitment processes (including references)
- Recruitment platforms (e.g. Indeed)
- Previous employers (where applicable)
7. Sharing Your Personal Data
We may share your data with:
7.1 Group Companies and Affiliates
We may share personal data within our corporate group, including:
- Parent companies
- Subsidiaries
- Affiliated or related companies
This is for purposes such as:
- Delivering our services
- Internal administration
- Business operations and reporting
All group companies are required to:
- Process personal data in accordance with this Privacy Policy
- Apply appropriate security and confidentiality controls
7.2 External Providers
- Payroll providers
- Pension providers
- HR and recruitment systems
- Accounting systems (e.g. for reporting to HMRC)
7.3 Authorities
- HMRC
- Regulatory bodies
7.4 Internal Access
- HR personnel
- Line managers (as necessary)
- Internal auditors
All sharing is controlled and limited to what is necessary.
8. International Transfers
Where systems are cloud-based, your data may be processed outside the UK.
We ensure safeguards such as:
- UK adequacy regulations
- Standard contractual clauses
9. Data Retention
We retain employee and contractor data as follows:
| Data Type | Retention |
|---|---|
| Personnel files | 6 years after employment ends |
| Payroll data | 3–6 years post-employment |
| Pension records | Up to 75 years |
| Financial records | Minimum 7 years |
| Recruitment data (unsuccessful) | 6 months |
| Contractor data | Up to 7 years after last engagement |
10. Data Security
We implement appropriate technical and organisational measures, including:
- Encrypted storage and transfer
- Access controls and role-based permissions
- Restricted HR and finance systems
11. Your Rights
You have the following rights under UK GDPR:
- Access your personal data
- Correct inaccurate information
- Request deletion (where applicable)
- Restrict processing
- Object to processing
- Data portability (where applicable)
Some rights may be limited where data must be retained for legal obligations (e.g. tax records).
12. Automated Decision-Making
We do not carry out automated decision-making or profiling affecting employees or contractors.
13. Data Protection Responsibilities
Employees and contractors are required to:
- Handle personal data in line with company policies
- Maintain confidentiality
- Report any data breaches promptly
14. Complaints
If you are unhappy with how we handle your data, you can contact us first: https://assentuk.freshdesk.com/support/tickets/new.
We will acknowledge your complaint within 30 days and investigate without delay. We will provide a response to your complaint and communicate the outcome.
If you are not satisfied with our response, you have the right to submit a complaint to the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
Telephone: +44303 123 1113
15. Updates to This Policy
We may update this policy periodically. The latest version will be provided internally.