Associate of Employee Privacy Notice
Who we are
What is a privacy notice?
What personal data do we collect and when?
How do we use your personal data?
Why are we allowed to handle and store your personal data?
How do we protect your personal data?
How long do we keep your personal data for?
Who else sees your personal data?
Where is your data stored?
Do we process children's data?
What rights do you have over the data we store and how can you ask us to stop storing it?
What can you do if you are unhappy with how we handle your data?
1. Who we are
We are River Island Clothing Co. Limited ("us/we") and we control the River Island website and all of our stores (except for certain international franchised stores). We are wholly owned by River Island Holdings Limited.
We are an English company with registered company number: 00636095 and our registered office is at Chelsea House, Westgate, London W5 1DR. We are the data controller responsible for your personal information and we are registered at the UK Information Commissioner's Office with registration number Z6555707.
2. What is a privacy notice
This notice contains our obligations and promises to you about the different types of personal data we might collect about you because one (or more) of our employees or Directors has a connection with you, and has provided us information to process and store.
3. What personal data do we collect and when?
Depending on your connection with River Island, we collect some of the following information about you:
- Name and Surname
- Email address
- Date of Birth
- Passport/Travel Documentation
- Contact phone number(s)
- Your bank details
- Your medical/health information
- Your driver’s licence details
- Your National Insurance number, child’s date of birth/adoption, and your Shared Parental Leave/Pay information
We collect the information in the following circumstances:
- When you contact us by telephone or email in connection with your relationship with us and our Employee/Director
- When our Employee/Director nominates you as an emergency contact or next of kin
- When our Employee/Director nominates you as a family member or other individual to be included in Healthcare cover funded by the Employee/Director
- When you provide your information as a parent/guardian giving consent for one of our young apprentices on business travel, or are named by the parent/guardian as a host
- When you complete a DVLA mandate to drive a company vehicle allocated to one of our employees/Directors
- When you provide an employee with your bank details to receive their payment from us, where the employee does not have their own account
- When you participate in a Shared Parental Leave agreement with one of our employees
4. How do we use your personal data?
We use your personal data in the following ways:
- To keep a record of when and why you contact us, or to record your relationship as emergency contact/next of kin; and to keep your contact details up-to-date for use in the event of an incident requiring communication with you relating to our Employee or Director when deemed appropriate and necessary
- To enable third parties to carry out logistical or other business functions on behalf of our Employees, Directors and yourself, such as validating driver mandates, travel and accommodation arrangements, event attendance etc
- To respond to your queries, requests and complaints relating to your data, or on behalf of an Employee with whom you are connected
- To facilitate healthcare cover with our third party provider and progress healthcare claims against the policy under which you are offered cover
- To arrange Shared Parental Leave in partnership with other employers
- To process an employee’s pay into your bank account in the exceptional circumstance where you have an agreement with them to deal with their pay on their behalf, in the absence of an employee personal bank account
In order to help us manage our relationships with you, we sometimes work with third parties. These include travel agencies, hotels and taxi firms, healthcare providers and professionals, company car providers, DVLA, and employers of our employees' partner/spouse. We therefore pass on your personal data to these third parties, on the condition that they agree to handle your information in line with this notice. Some of these third parties may also be controllers of your personal information and you should refer to their own privacy notices if required.
5. Why are we allowed to handle and store your personal data?
There are number of legal bases which allow us to use your personal data. The following sets out more detailed explanations of the bases we rely on to collect and process your personal data:
- Contractual obligations
- Legal compliance
- Legitimate Interest
If a travel consent form for a young apprentice is completed by you or a relative, giving home address and other personal information, we ask for your consent to process your data, for the specific purpose and duration of the visit. If a driver mandate is provided to us for you to become an approved driver of a company vehicle, your consent is obtained when you complete the form D796, allowing checks on your driver's licence for 3 years by our car provider.
We use this basis to administer our obligations as the Employer, where your personal information has been provided for a number of purposes, including for example as an Employee’s emergency contact or additional driver of a company car; or if you have been included in a contractual or statutory benefit to which they are entitled, or if we are carrying out other duties on behalf of our Employees or Directors on the basis of our contract with them.
In some circumstances, we may be legally required to collect and process your data e.g. to pass it on to the police if criminal activity is suspected. We are also required to obtain and share information for Shared Parental Leave with your employer. Personal information obtained for the purpose of safeguarding our young apprentices is also processed on the basis of legal compliance.
We may use your data to help us fulfil a particular function, where such use of your data is necessary and where doing so does not significantly affect your rights, freedom or interests. For example, we might need to transfer your data from one part of our company to another for administrative purposes.
6. How do we protect your personal data?
It is our duty to protect all personal data gathered and in order to do this our teams follow our internal data management policies and handle the data with the greatest level of care and expertise available to us. They do this by using various security technologies and internal procedures to ensure that it is kept safe and secure.
7. How long do we keep your personal data for?
We only keep your personal data for as long as is necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will generally delete the data, or in some cases anonymise it. The use of anonymized data helps us to maintain some historical data analysis and carry out system testing.
8. Who else sees your personal data?
Sometimes we will share your personal data with trusted third parties. We will do this in the following circumstances:
- In the event of an incident involving our Employee/Director, e.g. to Emergency Service personnel attending, if the Employee/Director is unable to provide the information and if it is necessary for the Emergency Services to carry out their work
- To progress healthcare provision and claims on your behalf, e.g. with insurance companies
- Facilitating apprentices traveling on business, e.g. with travel agencies, driver service providers, hotels and venues
- Progressing additional driver mandates, with our car provider and/or DVLA
- Managing Shared Parental Leave
- To detect any fraudulent activity, or assist law enforcement authorities
- Handling complaints and requests, including Individual Rights Requests where data has been shared for the above reasons with third parties
When we share information with third parties, we will ensure that:
- We only provide the data they need to perform their specific function
- They only use the data provided as intended
- They have the requisite measures in place to protect your data and delete it once the function has been performed, or delete it when we cease working with them
9. Where is your data stored?
Some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we ensure that our partners are contractually-bound to protect your data to the same degree that is required in the European Union.
10. Do we process children's data?
We do not knowingly collect personal data from children under 16. The necessary data is obtained from you and/or our Employee/Director as the child's parent, for the specific purposes of:
- Insurance and healthcare cover and claims
11. What rights do you have over the data we store and how can you ask us to stop storing it?
- You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this by contacting our Human Resources Team by emailing: email@example.com
- If we are processing your personal data on the basis of our legitimate interest, you have the right us to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
- If we are processing your personal data on the basis that we have received your consent, you have the right to withdraw your consent, to prevent us from further use of that data in our processes. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
- You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:
- Full name (we will ask you to verify your identity)
- Full address
- Email address
- Phone number
- The employee with whom you are connected
- Specific details on what you require or are requesting
We will process your request and will either respond within 30 days, or contact you to gather more information before we fulfil your request. In the event that we might refuse to fulfil your request (for example if it is unreasonable), we will give a full explanation as to why.
Please submit your requests through the following channels:
FAO: HR Services, River Island Clothing Co. Limited, Chelsea House, Westgate, London W5 1DR.
Or send an email to: firstname.lastname@example.org
12. What can you do if you are unhappy with how we handle your data?
You should first contact the Human Resources team as outlined in Section 11. However, if you still feel that your data is not being handled appropriately, you have the right to lodge a complaint with the Information Commissioner's Office.
If you are outside of the UK, please contact the relevant data protection regulator in your country of residence.
We may update this notice and our policies from time to time, so please check back here for the latest version.