Skip to main content

‹ Back to Home

Privacy Policy


Restoration and Renewal Sponsor Body – Privacy Policy

Purpose

Restoration and Renewal Sponsor Body is committed to being transparent about how the personal data of our users is collected and used. This privacy notice serves to promote awareness and demonstrate compliance with the requirements of the General Data Protection Regulations (GDPR).

Controller and Data Protection Officer

Restoration and Renewal Sponsor Body as a legal entity is the ‘Controller’. The ‘Data Protection Officer’ is Gurdip Juty who is also the Senior Information Risk Officer (SIRO).

Personal Data Collected

Restoration and Renewal Sponsor Body will obtain personal data only by lawful and fair means so that we can manage the relationship or contract between us. Where appropriate, we will collect data with the knowledge and consent of the individual concerned. We will adopt all necessary measures to ensure that the personal data collected and processed is complete and accurate to reflect the current situation of the data subject.

Types of personal data we collect may include (but not limited to):

  • Your name and contact details, including email address and telephone number, date of birth and gender;

  • Information about your marital status, next-of-kin, dependants and emergency contacts;

  • The terms and conditions of your employment, details of your qualifications, skills, experience, references and employment history, including start and end dates, with previous employers and within current role;

  • Information about your pay, including entitlement to benefits such as pensions, details of your bank account and national insurance number, subscription to trade union;

  • Information about your nationality and entitlement to work in the UK;

  • Information about any criminal convictions you may have, and information needed in relation to security clearance or criminal records checks permitted by law;

  • Details of your days of work, working hours, rostering and attendance at work;

  • Details of periods of leave taken by you, including holiday, sickness absence, special leave, career breaks, sabbaticals and the reasons for the leave;

  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;

  • Assessments and evidence of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence;

  • Training, talent management and coaching records;

  • Photographs of you in connection with your work;

  • Diversity data (if you choose to supply it);

  • Information relating to Register of Staff Interests;

  • Information required for participation in the National Fraud Initiative (prevention and detection of fraud), this includes Accounts Payable, payroll and pensions data such as name, address, date of birth, national insurance number and bank account/sort code;

  • Information about medical or health conditions, including whether you have a disability or need for which we may be required to make reasonable adjustments;

  • Contact details for business continuity; and

  • Images captured by the security cameras operating on the Parliamentary Estate and data capturing your movements around the estate.

We may collect this information in a variety of ways through application forms or other documents you complete or provide, from correspondence with you or through interviews, meetings or other assessments. In some cases, we may collect personal data about you from third parties, such as references supplied by former employers or information from employment background check providers.

Lawful Basis

The lawful basis for collecting and processing your personal data will depend on the specific reason we have collected it. We will act in accordance with all applicable laws and contractual obligations and not process data unless one of the following requirements are met:

  • Where the data subject has given their consent to do so;

  • Where processing is necessary for the performance of a contract (employment or other) that data subject is party to or intended to enter;

  • Where necessary to comply with a legal obligation to which the Controller is subject to;

  • Where processing is necessary in order to protect the vital interests of the data subject(s);

  • Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

  • Where processing is necessary for our legitimate interests and is fair when balanced against your interests and rights.

A further lawful basis is required when processing ‘Special Categories’ of data; these include racial or ethnic origin; religious or philosophical beliefs; trade or professional memberships, genetic and biometric data; health data; sex life or sexual orientation. We will only process this data where one of the following conditions apply:

  • Where the Data Subject expressly consents to;

  • Where the processing relates to data which has already been made public by the data subject;

  • Where the processing is necessary for carrying out obligations and exercising rights under employment, social security or social protection law;

  • Where the processing is necessary to protect the vital interests of the data subject(s) should they be physically or legally incapable of giving consent.

In any situation whereby Special Categories of data are to be processed, prior approval must be obtained from the DPO and the basis for processing clearly recorded.

Sharing

Personal data may be shared internally if access is necessary for services to perform their role. This may include (but not limited to) your Line Manager disclosing information to HR Office, Payroll, Information Management and Digital Services.

We may also disclose your personal data to third parties where we have a lawful basis for doing so, such as:

  • Pre-employment references/checks from other employers

  • Criminal records checks from the Disclosure Barring Service

  • Provision of shared services (for example pension provider)

  • Security bodies and Police for their enquiries (for example audit, fraud, crime prevention/detection)

We will only transfer personal data to, or allow access by, third parties when it is assured that the information will be Processed legitimately and protected appropriately by the recipient. It should be noted that third parties are separate data Controllers and should be contacted directly if you wish to exercise any of your rights relating to the personal data they hold about you.

Storage and Retention

We take the security of your data seriously. All personal data you provide will be stored securely, both physically and electronically. We have in place internal policies and controls to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

Personal data is held in data centres within the UK or European Union for the purposes of hosting, maintenance and back up. We (or processors acting on our behalf) may also store or process your personal data in countries outside the UK but only where we are assured of the security of the data and the adequacy of the data protection regimes of those countries and organisations holding the data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Under GDPR any personal data held or processed by us must not be retained for longer than is necessary for its core purpose. In general, we will hold your personal data for the duration of your employment. In some cases, we will hold your personal data for a shorter period or beyond the end of your employment with us. For full details of the periods for which your data are held, please refer to the Authorised Records Disposal Practice. Your Rights

As a data subject, you can exercise the following rights in relation to the personal data we hold:

  • access and obtain a copy of your data on request;

  • request us to change incorrect or incomplete data;

  • request us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;

  • object to the processing of your data where we are relying on our legitimate interests as the legal basis for processing: and

  • withdraw your consent to us processing your data where we are relying on consent.

  • You also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you would like to exercise any of these rights, please contact the Data Protection Officer. You have some obligations under your employment contract to provide us with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under your duty of good faith to your employer. You may also have to provide data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable us to enter lawfully into a contract of employment with you. If you do not provide other information, this will hinder or even frustrate our ability to administer the rights and obligations arising as a result of the employment relationship. There may be other occasions where it is necessary to process your personal data that are not detailed in this privacy notice; please do contact your manager or the Data Protection Officer if you would like these explained.


Restoration and Renewal Delivery Authority Ltd – Privacy Policy

Purpose

Restoration and Renewal Delivery Authority Ltd is committed to being transparent about how the personal data of our users is collected and used. This privacy notice serves to promote awareness and demonstrate compliance with the requirements of the General Data Protection Regulations (GDPR).

Controller and Data Protection Officer

Restoration and Renewal Delivery Authority Ltd as a legal entity is the ‘Controller’. The ‘Data Protection Officer’ is Gurdip Juty who is also the Senior Information Risk Officer (SIRO).

Personal Data Collected

Restoration and Renewal Delivery Authority Ltd will obtain personal data only by lawful and fair means so that we can manage the relationship or contract between us. Where appropriate, we will collect data with the knowledge and consent of the individual concerned. We will adopt all necessary measures to ensure that the personal data collected and processed is complete and accurate to reflect the current situation of the data subject.

Types of personal data we collect may include (but not limited to):

  • Your name and contact details, including email address and telephone number, date of birth and gender;

  • Information about your marital status, next-of-kin, dependants and emergency contacts;

  • The terms and conditions of your employment, details of your qualifications, skills, experience, references and employment history, including start and end dates, with previous employers and within current role;

  • Information about your pay, including entitlement to benefits such as pensions, details of your bank account and national insurance number, subscription to trade union;

  • Information about your nationality and entitlement to work in the UK;

  • Information about any criminal convictions you may have, and information needed in relation to security clearance or criminal records checks permitted by law;

  • Details of your days of work, working hours, rostering and attendance at work;

  • Details of periods of leave taken by you, including holiday, sickness absence, special leave, career breaks, sabbaticals and the reasons for the leave;

  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;

  • Assessments and evidence of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence;

  • Training, talent management and coaching records;

  • Photographs of you in connection with your work;

  • Diversity data (if you choose to supply it);

  • Information relating to Register of Staff Interests;

  • Information required for participation in the National Fraud Initiative (prevention and detection of fraud), this includes Accounts Payable, payroll and pensions data such as name, address, date of birth, national insurance number and bank account/sort code;

  • Information about medical or health conditions, including whether you have a disability or need for which we may be required to make reasonable adjustments;

  • Contact details for business continuity; and

  • Images captured by the security cameras operating on the Parliamentary Estate and data capturing your movements around the estate.

We may collect this information in a variety of ways through application forms or other documents you complete or provide, from correspondence with you or through interviews, meetings or other assessments. In some cases, we may collect personal data about you from third parties, such as references supplied by former employers or information from employment background check providers.

Lawful Basis

The lawful basis for collecting and processing your personal data will depend on the specific reason we have collected it. We will act in accordance with all applicable laws and contractual obligations and not process data unless one of the following requirements are met:

  • Where the data subject has given their consent to do so;

  • Where processing is necessary for the performance of a contract (employment or other) that data subject is party to or intended to enter;

  • Where necessary to comply with a legal obligation to which the Controller is subject to;

  • Where processing is necessary in order to protect the vital interests of the data subject(s);

  • Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

  • Where processing is necessary for our legitimate interests and is fair when balanced against your interests and rights.

A further lawful basis is required when processing ‘Special Categories’ of data; these include racial or ethnic origin; religious or philosophical beliefs; trade or professional memberships, genetic and biometric data; health data; sex life or sexual orientation. We will only process this data where one of the following conditions apply:

  • Where the Data Subject expressly consents to;

  • Where the processing relates to data which has already been made public by the data subject;

  • Where the processing is necessary for carrying out obligations and exercising rights under employment, social security or social protection law;

  • Where the processing is necessary to protect the vital interests of the data subject(s) should they be physically or legally incapable of giving consent.

In any situation whereby Special Categories of data are to be processed, prior approval must be obtained from the DPO and the basis for processing clearly recorded.

Sharing

Personal data may be shared internally if access is necessary for services to perform their role. This may include (but not limited to) your Line Manager disclosing information to HR Office, Payroll, Information Management and Digital Services.

We may also disclose your personal data to third parties where we have a lawful basis for doing so, such as:

  • Pre-employment references/checks from other employers

  • Criminal records checks from the Disclosure Barring Service

  • Provision of shared services (for example pension provider)

  • Security bodies and Police for their enquiries (for example audit, fraud, crime prevention/detection)

We will only transfer personal data to, or allow access by, third parties when it is assured that the information will be Processed legitimately and protected appropriately by the recipient. It should be noted that third parties are separate data Controllers and should be contacted directly if you wish to exercise any of your rights relating to the personal data they hold about you.

Storage and Retention

We take the security of your data seriously. All personal data you provide will be stored securely, both physically and electronically. We have in place internal policies and controls to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

Personal data is held in data centres within the UK or European Union for the purposes of hosting, maintenance and back up. We (or processors acting on our behalf) may also store or process your personal data in countries outside the UK but only where we are assured of the security of the data and the adequacy of the data protection regimes of those countries and organisations holding the data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Under GDPR any personal data held or processed by us must not be retained for longer than is necessary for its core purpose. In general, we will hold your personal data for the duration of your employment. In some cases, we will hold your personal data for a shorter period or beyond the end of your employment with us. For full details of the periods for which your data are held, please refer to the Authorised Records Disposal Practice. Your Rights

As a data subject, you can exercise the following rights in relation to the personal data we hold:

  • access and obtain a copy of your data on request;

  • request us to change incorrect or incomplete data;

  • request us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;

  • object to the processing of your data where we are relying on our legitimate interests as the legal basis for processing: and

  • withdraw your consent to us processing your data where we are relying on consent.

  • You also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

If you would like to exercise any of these rights, please contact the Data Protection Officer. You have some obligations under your employment contract to provide us with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under your duty of good faith to your employer. You may also have to provide data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable us to enter lawfully into a contract of employment with you. If you do not provide other information, this will hinder or even frustrate our ability to administer the rights and obligations arising as a result of the employment relationship. There may be other occasions where it is necessary to process your personal data that are not detailed in this privacy notice; please do contact your manager or the Data Protection Officer if you would like these explained.