Privacy Notice: Staff

  1. Introduction

Your privacy is important to us so we developed this privacy notice to explain how we manage and look after your information.

This privacy notice covers staff, including contractors.

  1. Who we are

We are UK Payments Administration Limited (UKPA), a London based company that provides services to organisations operating in the UK payments industry.

Our business address is:
UK Payments Administration Limited
2 Thomas More Square
London
E1W 1YN

You can contact us in the following ways:

  • By speaking to your line manager
  • By writing to the above address
  • By emailing us at rrc@ukpayments.org.uk
  • By telephoning us on 020 3217 8565
  1. How we engage with staff

UKPA engages with its own staff and those of its clients through its Human Resources (HR) team. This can happen in one of two contexts:

  • Provision of HR services within UKPA’s resource management processes; or
  • Provision of outsourced HR services on behalf of our Clients, in accordance with the Framework Services Agreement between UKPA and the Client, or other agreements with the Clients from time to time.

Both (a) and (b) are provided by UKPA, as part of a shared service facility, with common processes and standards of data protection being applied across (a) and (b).

As regards the collection and processing of personal data in UKPA’s HR Service:

  • in relation to (a), UKPA is both a Controller and Processor of personal data;
  • in relation to (b), UKPA is a Processor and the Client is the Controller.

However, in both cases UKPA’s obligation under General Data Protection Regulation (“GDPR”) is to assure staff (and prospective staff and retired staff) involved in the HR processes (the data subjects) that their personal data will be protected in accordance with GDPR statutory requirements.

  1. How we use your information

This privacy notice tells you what to expect when we collect your personal information.

It applies to information we collect about:

  • job applications
  • job applicant assessments
  • secondments
  • job offers (including offers to employees, agency workers and contractors)
  • reference and background checks
  • employment contracts
  • employee pay
  • health
  • pension
  • leaving the company
  • employment activity records

We may collect and process additional personal information in the course of job-related activities throughout the period of your employment with us. This collection will be on the basis of your employment contract and in some instances your consent.

The processing of your personal information is carried out to pursue our legitimate interests (details of which are provided below) and is conducted in a way which might reasonably be expected as part of running our business and does not materially impact your rights.

  • Job applicants

When you apply for a role we ask for your name, phone numbers, and email address. We will also ask you about your previous experience, education, qualifications, most recent position, current employer, current compensation package and compensation expectations, skills, competencies, right to work information, CV and for answers to questions relevant to the role you have applied for. Our Human Resources team will have access to all of this information. Some of this information will also be made available to our hiring managers.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to anyone outside of our Human Resources team, including hiring managers, in a way which can identify you. Any information you do provide will only be used to produce and monitor equal opportunities statistics.

  • Assessment

We might ask you to participate in assessment days, complete tests or personality profiling questionnaires and/or to attend an interview or a combination of these. Information will be generated by you and by us.

This processing is necessary to provide the relevant information to enable us to employ suitable applicants.

  • Secondments

We also offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or from organisations who think they could benefit from their staff working with us.

Applications are sent directly to us. Once we have considered your application, if we are interested in speaking to you further, we will contact you using the details you provided.

We might ask you to provide more information about your skills and experience or invite you to an interview.

If you are seconded to us, you will be expected to adhere to a confidentiality agreement and code of conduct which will be agreed with your organisation.

We might also ask you to complete our pre-employment checks which are described in this notice above. Whether you need to do this will depend on the type of work you will be doing for us and the extent of vetting checks within your own organisation.

This processing is necessary for us to fulfil our obligations to avoid conflicts of interest and to protect the information we hold.

  • Offer of employment, references and background checks

If we make you an offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks as a condition of your employment. This is done through a 3rd party data processor on behalf of UKPA (refer to Section 5 – Recipients we share your data with). You will be required to provide the following documents:

  • Proof of your identity, residency, and right to work. We will ask you to attend our office with original documents; we will take copies.
  • We will ask you to provide information so we can complete pre – employment checks. This is done through a data processor (refer to Section 5 – Recipients we share your data with).
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work. This is done through a data processor (refer to Section 5 – Recipients we share your data with).
  • Bank details to process payroll payments
  • Conflicts of interest declaration
  • Declaration of secrecy
  • HMRC new starter declaration to process payroll
  • Emergency contact details; so we know who to contact in case you have an emergency at work

This processing enables us to carry out pre-employment checks, confirm the identity of applicants, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

  • Employment contract

Your employment contract provides the terms and conditions upon which you agree to work for us. In addition your employment contract captures personal data:

  • name
  • address
  • start date
  • job title
  • compensation
  • signature

This information is processed and is necessary to enable us to create and implement a contract of employment between you and us.

  • Employee compensation

Your employment is paid at the salary stated in your contract. There is supplemental data provided by you, and third parties, for the payroll process:

  • national insurance number
  • tax code (provided by HMRC)
  • salary
  • bonus
  • start date
  • date of birth
  • pension contribution
  • benefits
  • bank details

This data is shared with the payroll provider, HMRC and pension provider to enable payment of your salary and the correct deductions to be processed. The processing is carried out on the basis of the employment contract between you and us and is necessary to enable us to (a) pay you, and (b) process correct tax and NI deductions and (c) provide statutory payroll information to HMRC, as we have a legal obligation to do so.

This data will not be shared outside of the European Union (EU).

  • Health

Before starting employment we will ask you to complete a health questionnaire assessed by our occupational healthcare professional to advise us if any adjustments are needed to the work environment or systems so that you may work effectively. You must complete the questionnaire as a condition of your employment.

Once the assessment is complete, we will use it to make any necessary adjustments and it will be placed in your HR file. This data is processed on the basis of the employment contract between yourself and us.

We offer membership of a private health scheme. To participate in the scheme it is necessary to provide the scheme provider with initial data, and recurring data.

This data is processed on the basis of a contract between you, us, and the provider. You may opt out of the health scheme at any time. However, should you exercise your right to opt out your participation in the scheme will immediately cease and your data will be retained for the statutory period. This data is necessary to enable the scheme to provide an appropriate service to you.

During the course of your employment occupational health data will be created and captured in your HR record:

  • workplace assessment
  • sickness at work
  • absence due to sickness
  • any other health – related absence from work
  • any other health – related data that you choose to provide us in order to help us support you in your employment

This data is processed on the basis of the employment contract between yourself and us.

Workplace assessment and sickness at work is monitored for operational performance, employee performance, and compliance with the Health and Safety at Work Act 1974. Absence due to sickness is monitored for operational performance and employee performance. The processing of health-related information is necessary for the Company to exercise specific rights relating to your contract of employment and meet the Company’s legal obligations.

  • Pension

We offer membership of a private pension scheme. To participate in the scheme it is necessary for us to provide the scheme provider with specific data.

This data is processed on the basis of a contract between you, us, and the provider. You may opt out of the Pension scheme at any time. This data is necessary to enable the scheme to provide an appropriate service to you.

If you choose to opt out of the company pension scheme we will auto – enroll you according to the auto – enrollment dates of the scheme unless you are not eligible to join the company scheme or provide us with the relevant Lifetime Allowance (LTA) information. At the point of auto-enrollment we will provide the pension scheme with specific data. This data is processed on the basis of our legal obligation. You are entitled to opt out of the auto-enrolled pension scheme once enrolled.

  • Employment records

Your employment with us creates records of employment.

We capture this data to create your record, which is processed by the HR department. This data is processed on the basis of our legal obligation.

During your term with UKPA we may include your personal information (such as name and contact details) in our policies and manuals that we use as part of the services that we supply to our clients. This will also include the provision of certain policies (e.g. the Dawn Raid policy) to clients and relevant 3rd parties, such as our landlord, so that the services can be provided to our clients.

  • Compliance training

We use personal information such as your name and business email address to set up and administer online compliance training. This data is processed on the basis of our legitimate interests to ensure regulatory compliance.

  • Auditors and other legal and professional advisers

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

  • Corporate transactions

In the event that shares in the Company are sold or disposed of or we sell/dispose of or buy/acquire any shares, entity, business or assets or otherwise restructure our business we may disclose personal data to other parties involved or interested in the relevant transaction (e.g., the prospective buyer or seller) and their advisors. Such disclosure may be made where it is in our legitimate interest to disclose it in connection with the relevant transaction and/or where we are under a duty to disclose or share personal data in order to comply with any legal obligation.

  1. Recipients we share your data with

We may share your personal information with the following recipients:

  • Government bodies and agencies (e.g. HMRC for tax purposes)
  • Regulators (e.g. Payment Systems Regulator, Information Commissioner’s Office)
  • Agents and sub-contractors who help us provide services (we employ other companies and individuals to perform functions on our behalf. Examples include processing compensation, providing employee benefits, and performing legal and other professional services. Those companies and individuals have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes)
  • Third party service providers (e.g. when we outsource some of the operations of our business to third party service providers. We restrict how such service providers may access, use and disclose your data)
  • Credit reference agencies
  • Legal and professional advisors, including auditors
  • Courts, to comply with legal requirements, and for the administration of justice
  • In an emergency to protect your vital interests
  • To protect security or integrity of our business operations
  • When we restructure our business or have a merger or re-organisation
  • Anyone else where we have your consent or as required by law

If we share your information, we will advise you at the time of who the data is being shared with.
We will not share your data for marketing purposes.

  1. Transfer of personal data outside the European Union (EU)

We are committed to implementing technical and organisational measures that, by default meet the requirements of the data protection legislation and the appropriate level of security. We will not share your personal data with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without your consent. We will not transfer your personal data to organisations outside the European Union (EU) unless that country or territory can ensure an adequate level of protection in relation to the processing of your personal data.

  1. Automated decision making including profiling

Your personal data is not subject to automated decision making, including profiling.

  1. How long do we keep your data?

We retain your data primarily to meet statutory and regulatory obligations; secondly your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements.

The following criteria are used to determine retention periods of your personal information:

  • For unsuccessful applicants, we will retain your data for up to six months
  • For successful applicants, we will retain your data in accordance with legal, regulatory and business requirements as set out in our data retention schedules – all of which you will have full access to upon joining us We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and seek your agreement or consent, as appropriate.

We will only process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you; in such circumstances we may use such information without further notice to you. Once you are no longer a member of staff, we will retain and securely destroy your personal information in accordance with our data retention policy.

Our retention schedules are available on request.

  1. Your rights

Data protection regulation gives you a number of rights regarding your personal information processed by us.

  • The right to be informed: our obligation is to provide you with details of how we process your information
  • The right of access: allows you to be aware of and verify the lawfulness of the processing
  • The right to rectification: allows you to request that data is rectified if it is inaccurate or incomplete
  • The right to erasure: allows you to request the deletion or removal of personal data where there is no compelling reason for its continued processing
  • The right to restrict processing: allows you to ‘block’ or suppress processing of personal data
  • The right to data portability: allows you to obtain and reuse your personal data for your own purposes across different services
  • The right to object: you must have an objection on grounds relating to your particular situation

You can contact us directly by post, email, or telephone, to exercise your rights.

  1. Requests, complaints or queries

We try to meet the highest standards when processing personal information. For this reason, we take any requests, complaints or queries we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

This privacy notice does not provide exhaustive detail of all aspects of our processing of personal information. However, we are happy to provide any additional information or explanation needed.

If you want to make a query, request, or a complaint about the way we have processed your personal information you can contact us directly:

  • By writing:

Risk and Compliance Team
UK Payments Administration
2 Thomas More Square
London, E1W 1YN

Alternatively you have the right to lodge a complaint with the regulator which oversees data protection law:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Tel: 0303 123 1113

  1. Changes to this privacy notice

We keep our privacy notice under regular review. Notifications of changes to this privacy notice will be via our website. This privacy notice was last updated in June 2018.

Our Story

Founded in 1985, UK Payments has over 30 years’ experience of successfully supporting a key element of the financial services sector – the payments industry.

Find out more

What We Do

We provide a comprehensive range of core support services and each of our teams has a broad and deep understanding of the payments and finance industry.

Find out more

Our Vision

Our vision of The Hub is as an outstanding environment in which to safely and effectively collaborate on industry issues and to resiliently deliver industry solutions.

Find out more

Read more about our vision of The Hub Find out more