Employee Privacy Notice
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you before, during and after your working relationship with us.
Automobile Association Developments Limited of Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA is a “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. If it is different, the AA company entity which employs you will be named in your contract of employment.
Within this privacy notice, employee means, and applies to, current and former employees, workers and contractors. This privacy notice also applies to companies within the AA Group which means AA Limited, together with any entity in which AA Limited directly or indirectly has at least a 50% shareholding.
We may update this privacy notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such data.
1. What kinds of personal data about you do we process?
Personal data that we’ll process in connection with your employment if relevant, includes:
• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
• Date of birth;
• Gender;
• Your nationality;
• Your residency and/or citizenship status, if relevant, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK;
• Proof of your identity and right to work in the UK, such as copies of passport, driving licence or utility bills;
• Marital status and dependents;
• Next of kin and emergency contact information;
• Family members;
• National Insurance number;
• Bank account details, payroll records and tax status information;
• Salary, annual leave, pension and benefits information;
• Details of your nominated beneficiaries for the receipt of benefits that they may be able to access (such as a spouse’s pension or death in service payment);
• Employment start and end date;
• Location of employment or workplace;
• Copy of driving licence;
• Vehicle and driving information, (as necessary for specific job roles) such as vehicle tracking through mobile application, telematics data, information about your vehicle (including assessing and predicting faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style), location and routes taken;
• Recruitment information (including copies of right to work in the UK documentation, references and other information included in a CV or cover letter or as part of the application process);
• Employment records (including job titles, work history, working hours, training records and professional memberships);
• Compensation history;
• Performance information;
• Disciplinary and grievance information;
• Video footage (CCTV and safety cameras) and other information obtained through electronic means such as swipe card records;
• Voice recordings;
• Information about your financial credit status (for example credit and debt history, County Court judgements and solvency status);
• Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud;
• Information about your use of our information and communications systems;
• Driving licence and categories of vehicle you are permitted to drive; and
• Photographs;
We may also collect, store and use the following “special categories” of more sensitive personal data:
• Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions for equality monitoring purposes;
• Details of any relevant trade union membership;
• Details of any AA membership, including your eligibility for membership and your use of it;
• Information about your health, including any medical condition, disability, health and sickness or occupational health records; and
• Genetic information and biometric data; and information about criminal convictions and offences.
As part of our employment processes we sometimes undertake searches about you at Fraud Prevention Agencies and/or Credit Reference Agencies who will supply us with information, including information from the electoral register, to support our recruitment decision. The agencies will record details of the search but will not make them available for use by lenders to assess your ability to obtain credit. We may use scoring methods to assess your ongoing suitability for a specific role.
Given the nature of our business, we have legal and regulatory obligations to ensure that the people we employ can be relied upon and are responsible. We may therefore ask questions throughout your continued employment or engagement about any prior civil or criminal proceedings you may have been subject to and may also conduct criminal record checks with the Disclosure and Barring Service where they are appropriate to the role.
A copy of our pre-employment screening policy is available to you on request by contacting hr.operations@theaa.com.
2. How is your personal data collected?
We’ll collect personal data from the following general sources:
• From you directly through the application and recruitment process;
• Recruitment agencies;
• Your former employer(s); and
• Your named referees.
• We will collect additional personal data in the course of job-related activities throughout the period of you working for us.
• AA Group companies, if you already have worked for or provided services to them;
• AA Group companies if you undertake any job-related training with them;
• The Driver and Vehicle Licensing Agency (DVLA) and the Driver and Vehicle Standards Agency (DVSA); and
• From other sources such as Fraud Prevention Agencies, Credit Reference Agencies, The
Disclosure and Baring Service, HMRC, DWP, Warwickshire Police Vetting Unit (Police National Computer, Police National Database, Special Branch, Experian, Other non-conviction databases), publicly available directories and information (e.g., telephone directory, social media, internet, news articles), other organisations to assist in prevention and detection of crime, police and law enforcement agencies.
3. What do we use your personal data for?
• Making a decision about your recruitment or appointment;
• Determining the terms on which you work for us;
• Checking you are legally entitled to work in the UK;
• Paying you and, if you are an employee, deducting tax and National Insurance contributions;
• Providing benefits which you are entitled to (including if appropriate) employee products within the AA Group, as well as for rewards and recognition;
• Liaising with your pension provider;
• Administering the contract we have entered into with you;
• Record keeping, business management and planning, including accounting and auditing;
• Conducting performance reviews, managing performance and determining performance requirements;
• Making decisions about salary reviews and compensation;
• Assessing qualifications for a particular job or task, including decisions about promotions;
• Gathering evidence for possible grievance or disciplinary hearings;
• Making decisions about your continued employment or engagement;
• Making arrangements for the termination of our working relationship;
• Managing your education, training and development requirements;
• Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
• Ascertaining your fitness to work;
• Managing sickness absence;
• To provide appropriate workplace adjustments;
• To provide you with equipment and materials on site or at your home which are relevant to your role;
• Complying with health and safety obligations;
• To prevent fraud;
• To comply with legal and regulatory obligations, requirements and guidance;
• To monitor your use of our information and communication systems to ensure compliance with our IT policies;
• To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
• To conduct data analytics studies to review and better understand employee retention and attrition rates;
• Equal opportunities monitoring;
• To facilitate the restructure or sale of one or more parts of our business;
• In the event of a service provision change or business change under the Transfer of Undertakings (Protection of Employment) Regulations 2006 (as amended);
• For reporting activities on company performance within the AA Group; and
• To enable other AA Group companies to perform any of the above purposes.
4. What are the legal grounds for our processing of your personal data (including when we share it with others)?
• Where we need to perform the contract we have entered into with you.
• Where we need to comply with a legal obligation or exercise rights in connection with employment such as providing information on salary and tax to HMRC and the DWP.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests such as: to follow guidance and recommended best practice of government and regulatory bodies to undertake business management and planning, including accounting and auditing, to administer our good governance requirements and those of other members of the AA Group, such as internal reporting and compliance obligations or administration required for Annual General Meeting processes, to monitor and record information on your use of our information and communication systems and to use CCTV and security access mechanism to our buildings and premises.
• Where we need to protect your interests (or someone else’s interests).
• With your consent or explicit consent in some instances for of our processing of special categories of personal data for example information about your health or criminal record.
5. When do we share your personal data with other organisations?
We may share information with the following third parties for the purposes listed above:
• Your named referees
• AA Group companies and service providers;
• The Trustees of the Pension Fund;
• Business partners;
• Governmental and regulatory bodies such as HMRC, DWP, the Financial Conduct Authority, the
Prudential Regulation Authority and the Information Commissioner’s Office;
• The Driver and Vehicle Licensing Agency and the Driver and Vehicle Standards Agency;
• Fraud Prevention Agencies, Credit Reference Agencies, The Disclosure and Baring Service; and
• Other organisations and businesses who provide services to us such as: organisations carrying out background, credit and fraud checks, training providers, payroll providers, pension administrators, occupational health, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.
We may also require you to submit an application to Warwickshire Police for Non-Police Personal Vetting Level 2 or 3 (NPPV2, NPPV3) where DriveTech requires it.
6. How and when can you withdraw your consent?
In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. We very rarely rely on consent but if we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting hr.operations@theaa.com.
7. Is your personal data transferred outside the UK or the EEA?
We’re based in the UK, but sometimes your personal data may be transferred outside the UK and European Economic Area. If we do so, we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
8. Automated decision-making
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. We’ll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.
We may do this to decide to offer you a promotion or change in job role for certain sections of our business where we have requirements in relation to geographical location, driving licence points and unspent convictions or Driver Certificate of Professional Competence (CPC) Digital Drivers/Tachograph Card. We may also do this using data from other parts of the AA including telematics data captured on a driving assessment exercise, including driving behaviour and location information.
Employees unable to meet these requirements may not be able to progress further in a promotion or role change process.
Owing to the nature of our business some roles are subject to checks with the Disclosure and Barring Service. We may make an annual update check for some individuals who will be part of a randomly generated pool of personnel.
You have rights in relation to automated decisions and can ask that a person reviews it by contacting hr.operations@theaa.com.
9. Data retention – How long will you use my data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Further information over retention periods, please refer to the Personal Data Retention Policy & Schedule.
10. Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us. You can make changes to your contact information and bank details on MyHR.
11. Do we do any monitoring involving processing of your personal data?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
12. Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data which you provided to us to another party.
13. Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you in particular that you can in some instances object to an automated decision, and ask that a person reviews it.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact dataprotection@theaa.com.
14. Data Protection officer
We have a dedicated data protection officer (“DPO”). If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO at dataprotection@theaa.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues