Skip to content
Close

Privacy Notice

(for recruitment, employees, workers and contractors)


1. ABOUT THIS DOCUMENT
1.1 Labb Limited respects your privacy and is committed to protecting your personal data. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us.
1.2 This privacy notice applies to all personal data whether it is stored electronically, on paper or on other materials.
1.3 It is important that you read this privacy notice, (together with any other privacy notice we may provide), so that you are aware of how and why we are using such information. This privacy notice does not form part of any contract of employment or other contract to provide services. We may update this privacy notice at any time.

2. IMPORTANT INFORMATION
2.1 This privacy notice applies to all prospective, current and former employees, agency workers, workers, apprentices, volunteers and contractors. If you fall into one of these categories you are a ‘data subject’.
2.2 Labb Limited (a company with company number 08888815) is the controller and responsible for your personal data (collectively referred to as ‘the Company’, ‘we’, ‘us’ or ‘our’ in this privacy notice).
2.3 The COO is responsible for overseeing questions in relation to this privacy notice If you have any questions about this privacy notice or how we handle your personal information, including any requests to exercise your legal rights, please contact the COO using the details set out below.

Contact details
Our full contact details are as follows:
Name & Address: Labb Limited, Future Business Centre, King’s Hedges Road,
Cambridge, CB4 2HY
Telephone Number: +44 1223 626155
COO: Mark Forster
Email address: mark.forster@labbconsulting.com

3. DATA PROTECTION PRINCIPLES
3.1 We will comply with data protection law. This says that the personal information we hold about you must be:
(a) Used lawfully, fairly and in a transparent way.
(b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
(c) Relevant to the purposes we have told you about and limited only to those purposes.
(d) Accurate and kept up to date.
(e) Kept only as long as necessary for the purposes we have told you about.
(f) Kept securely.
3.2 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

4. HOW WE COLLECT DATA ABOUT YOU
4.1 Personal data might be provided to us by you, or someone else (such as from a former employer, or a credit reference agency, recruitment agencies, named referees, background check providers your doctor, the Disclosure and Barring Service in respect of criminal convictions), or it could be created by us (e.g. your manager or other colleagues). We may also collect data from publicly accessible sources such as LinkedIn or jobs board. We will collect additional personal data in the course of job-related activities throughout the period of you working for us or after termination.
4.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
4.3 If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (for example if you fail to provide us with your bank account details we will be unable to pay you), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

5. THE TYPE OF DATA WE COLLECT
5.1 We will collect, store and use the following categories of personal data about you, including but not limited to:
(a) Personal information: such as title, name, gender, marital status, date of birth, dependants and photographs.
(b) Contact information: address, telephone numbers, personal email addresses, next of kin and emergency contact information.
(c) Recruitment records: such as references and other information included in a CV, cover letter, or as part of the application process. Including but not limited to employment history, driving licence (where applicable to the role), DBS check (where applicable to the role), current pay and benefits, references and any information you provide to us during an interview. Results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied.
(d) Identification documents: including passport, driving licence, information in relation to immigration status and right to work.
(e) Contractual information: including contracts, changes to terms and conditions, start and end dates, job titles, promotions, location of work, working hours, holiday entitlement, pension, benefits and working time opt-out agreement.
(f) Personnel records: including disciplinary and/or grievances, performance information, training records, appraisals, information relating to maternity, details of absence, flexible working requests, qualifications, professional memberships and exit interviews.
(g) Financial data: including salary, fee rates, overtime pay/hours, hours of work, bonus, expenses, National Insurance Number, maternity payments, payroll and wage records, tax status information, PAYE records, travel and subsistence, benefits in kind, season tickets, loans and bank account details.
(h) Electronic/digital data: such as CCTV footage and other information obtained through electronic means such as swipe-card records, vehicle tracking, location data.
(i) IT & communications: information about your use of our information and communication systems and information contained about you in emails and our communication systems.
(j) Accident records any reportable accident, death or injury in connection with work.
(k) Legal disputes: in which you or others are involved, including accidents at work and compensation.
(l) Test results: personality profiling testing and other competency tests.
(m) Any other category of personal data which we may notify you of from time to time.
5.2 We may also collect, store and use the following special categories of personal data:
(a) Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
(b) Information about your health, including any medical condition, health and sickness records.
(c) Trade union membership.
(d) Genetic information and biometric data.
(e) Information about criminal convictions and offences.

6. HOW WE USE YOUR PERSONAL DATA
6.1 During a recruitment process, we need to process personal information in order to decide whether to enter into a contract with a candidate. It is in also in our legitimate interests to fill any vacancies and decide whether to appoint candidates to the role. It is also beneficial to our business to use candidates personal data to monitor and ensure legal, regulatory and internal governance (e.g. with our policies and procedures) during the recruitment exercise, and to deal with any complaints and/or disputes. If a candidate fails to provide information when requested, which is necessary for us to consider their application (such as evidence of qualifications or work history), we will not be able to process their application successfully. For example, if we require a credit check or references for the role and the candidate fails to provide us with relevant details, we will not be able to progress their application.
6.2 Once appointed, we will process your personal data primarily to allow us to perform our contract with you (for example we will process your bank details in order to pay you) and to enable us to comply with our legal obligations (for example we must disclose your salary to HMRC).
6.3 In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties. We have a legitimate interest to process your personal data, which includes but is not limited to the following:
(a) to run our business and plan for the future;
(b) to monitor, manage and improve our performance;
(c) to monitor and ensure legal, regulatory and internal governance (e.g. with our policies and procedures);
(d) to manage and protect the health and safety of our staff;
(e) to monitor and protect our security; and
(f) to deal with any complaints and/or disputes.

6.4 On occasions we may use your personal information where we need to protect your vital interests (i.e. to protect your life). For example, if an employee collapses at work, we would inform paramedics that they suffer from diabetes as this is necessary in order to protect their vital interests.
6.5 Some of the legal basis for processing will overlap and there may be several grounds which justify processing your data. For example we have a contractual obligation to pay you, we also have a legal obligation to pay you for the hours worked.
6.6 Generally we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason

Special Categories of Personal Data
6.7 We will only process special categories of your personal data (as defined in 5.2) in certain situations in accordance with the law.
6.8 We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
(a) where it is necessary for carrying out rights and obligations under employment law;
(b) where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
(c) where you have made the data public; and
(d) where processing is necessary for the establishment, exercise or defence of legal claims.
6.9 In limited circumstances, we may approach you for your written consent to allow us to process special categories of your personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract that you have to consent; and you can withdraw your consent later at any time.
6.10 We have in place appropriate policy documents and safeguards which we are required by law to maintain when processing such data. Please refer to the data protection policy and data retention policy.
Examples of when we might process your data
6.11 We have set out below, examples of the purposes in which we process your personal data and special categories of your personal data (identified with an asterisk* beside them). Purposes include but are not limited to the following:

(a) During the recruitment process, to assess your skills, qualifications, and suitability for the role; to decide on a shortlist for interview; to determine your application and whether to offer you a position; to keep records related to our hiring processes and to keep records of the information provided to us during the recruitment process.
(b) Determining the terms on which you work for us (e.g. salary compensation, benefits) including where relevant the termination of your contract with us) and administering the contract with you.
(c) Checking you are legally entitled to work in the UK. *
(d) Paying you and if you are an employee, deducting tax and National Insurance contributions.
(e) Providing benefits to you.*
(f) Liaising with our third-party service providers (such as pension provider or insurers) in respect of any benefits which relates to you.*
(g) Assessing performance: including assessing qualifications for a particular job or task, decisions about promotions, career progression. Assessing, education, training and development requirements. Conducting performance reviews, appraisals, managing performance, determining performance requirements, determining bonus entitlements and targets.*
(h) Liaising with education and/or training providers as part of your apprenticeship e.g. performance, objectives etc.
(i) To carry out grievance and/or disciplinary investigations and/or procedures in relation to you or others and making decisions relating to you. *
(j) Dealing with legal disputes involving you or others including accidents at work.*
(k) In order to manage COVID cases, ensure the health and safety of staff and curb the spread of COVID, we may share personal details with the local authority, contact tracing or other authority as appropriate.*
(l) Dealing with suspected criminal activity involving you or others.* (m) For the purpose of seeking legal or other professional advice regarding you and/or others in the context of the working relationship. *
(n) We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence, to make decisions about your absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions. *

(o) To pay trade union subscriptions and to comply with our legal obligations in respect of trade union members.*
(p) If you apply for an ill-health pension under a pension arrangement operated by a group company, we will use information about your physical or mental health in reaching a decision about your entitlement. *
(q) Determining whether your engagement is deemed employment for the purposes of Chapter 10 of Part 2 of the Income Tax (Earnings and Pensions) Act 2003 (ITEPA 2003) and providing you with a status determination statement in accordance with the applicable provisions of ITEPA 2003.
(r) If you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, we will use information about your physical or mental health, or disability status in reaching a decision about your entitlements under the share plan.*
(s) To monitor and protect the security (including network and information security) of the organisation. This includes monitoring your use of our information and communication systems; such information may also be used in the course of disciplinary, capability or grievance investigations/proceedings. It also includes monitoring of circuit television (CCTV) images, such images may also be used in the course of disciplinary or grievance investigations/proceedings.
(t) To monitor location details for lone workers, and manage schedules of work.
(u) To monitor compliance by you, us and others with our policies, procedures and our contractual obligations.
(v) Information about your gender, race, national or ethnic origin, religious, philosophical or moral beliefs, your sexual life or sexual orientation to monitor equal opportunities.*
(w) Business management and planning, including accounting and auditing.
(x) For system maintenance support and hosting of data.
(y) To provide a reference upon request from a prospective employer.
(z) To comply with data subject access requests as we consider appropriate.
(aa) For any other reason which we may notify you of from time to time.

Information about criminal convictions

6.12 We do not envisage that we will hold information about criminal convictions.
7. AUTOMATED DECISION-MAKING
7.1 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
8. DATA SHARING
8.1 We may share your personal data with the parties set out below for the purposes set out at paragraph 6 above. Data recipients include but are not limited to the following:
(a) Other group companies: for business management and regulatory purposes.
(b) Payroll administrator: to process the payroll
(c) Pension provider: trustees or scheme managers for the provision and administration of the pension.
(d) Training providers: mentor, tutor or course administrator as part of an apprenticeship scheme.
(e) Benefit providers: for the provision and administration of benefits
(f) Regulators or otherwise to comply with the law: such as HM Revenue & Customs, the ICO, and other authorities based in the UK who require reporting of our processing activities.
(g) The Police: for the purpose of law enforcement.
(h) Professional advisers: including medical professionals (e.g. Occupational Health), lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services for the purpose of seeking legal or other professional advice and assistance..
(i) Service providers: based within the UK who provide CCTV, IT and system administration services. We will share personal data relating to your participation in any share plans operated by a group company with third party administrators, nominees, registrars and trustees for the purposes of administering the share plans. We will share personal data regarding your participation in any pension arrangement operated by a group companywith the trustees or scheme managers of the arrangement in connection with the administration of the arrangements.
(j) Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. We may also share your data with others in order to comply with our legal obligations.

6.1 We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
9. INTERNATIONAL TRANSFERS
9.1 We may transfer your personal information to third parties providing services to us who are based outside the UK.
9.2 Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(a) transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the UK; or
(b) using specific contracts approved by the UK which give personal data the same protection it has in the UK.
10. DATA SECURITY
10.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
10.2 We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. DATA RETENTION
11.1 We will only retain your personal data for as long as we reasonably consider necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
11.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11.3 Details of retention periods are set out in the data retention policy which is available from the COO and which may be amended from time to time. 

11.4 Recruitment records: we generally retain your personal information for a periodof 6 months after we have concluded the recruitment exercise and communicated our decision to you about whether to appoint you to the position. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy. If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you are successful in being appointed to the role your personal information obtained as part of the recruitment exercise will be kept as part of your employment records (as set out below).
11.5 Employment records: we generally retain your personal information for the duration of your employment/engagement and for a period of 7 years thereafter. We retain your personal information for such period to comply with our legal and regulatory obligations and as evidence in the event of any dispute/claim arising. After this period, we will securely destroy your personal information.
11.6 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
12. YOUR LEGAL RIGHTS
12.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise your rights, please contact us and we will explain at that time if your rights are engaged.
12.2 Legal rights under data protection laws are as follows:
(a) Request access to your personal data. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply
with local law.

(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
(e) Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b)  where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer of your personal information to another party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(g) Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
12.3 Please contact us if you have any queries or concerns about the way in which we process your personal data (contact details are set out above). You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns in the first instance before you approach the ICO.
13. CHANGES TO THIS PRIVACY NOTICE
13.1 We shall keep this privacy notice under review and (if appropriate) we reserve the right to update this privacy notice at any time, if we do so, we will provide you with an updated copy of this notice as soon as reasonably practicable. We may also notify you in other ways from time to time about the processing of your personal information. If you have any questions about this privacy notice, please contact the COO
(contact details set out above).