Privacy: employees

This document is also relevant for:

  • Prospective employees
  • People whose information has been provided as a beneficiary of insurance claims
  • People who are authorised to drive a company vehicle used by an employee

Information we collect

We collect, keep and process information about you during your recruitment, employment and after you stop working for us.

Why we collect information

We need to keep this information for reasons common to most employers.

We use it to:

  • comply with our employment contract
  • comply with some legal requirements
  • protect our legal position in the event of any legal proceedings, and
  • help us pursue our legitimate interests

Where legitimate interests exist, we have explained what these are in the sections below.

Where we get information from

Some of this information, for example your contact details, we obtain directly from you and some information is collected by others in the business during your employment (e.g. records about your performance).

General HR data

We hold information such as:

  • your name and contact information
  • information needed to pay you, and to pay your tax: your salary, bank account details, national insurance number, information about your paternity, maternity leave or adoption leave
  • information needed to meet our legal requirements and to protect us against fraud: for example, photocopies of your passport, birth certificate and/or driving licence.
  • details needed to manage your performance and career development, such as appraisal results, performance measures and training records
  • your employment history, cv, references and psychometric testing data to determine your suitability for employment or to assist us to identify any development needs
  • your photograph for use on security passes, our telephone system and visitor pass systems
  • information about your attendance, absence and holiday requests, including information about your maternity, paternity or adoption leave
  • information about your next of kin or contact details should there be an emergency in the workplace

And where necessary records of:

  • any grievances and action in accordance with our misconduct, performance improvement and absence management policies
  • any investigations into breaches of our policies and procedures or the law

Business records and documents

Any information generated by you and your colleagues during the normal course of our business will contain references to you and your actions. For example: minutes from meetings you attend and plans for projects you are working on.


We may keep information about your health (a special category of information under GDPR). This may include: pre-employment clearance from our occupational health team and any advice we may need to assist us to manage your condition in the workplace, reports from GPs and medical professionals, information about accidents, reasons for absence, and in some cases drug and alcohol test results. We use this information to comply with our health and safety obligations, to ensure that we consider how your job affects your health and vice versa, and to make any adjustments to your role that may be required. We also use this information to administer sick pay.

Sensitive information

We also collect and process some further special categories of information. In particular: your racial and ethnic origin which we use to monitor diversity and inclusion activity and also your membership of any trade union which we use to process payments on your behalf to your union. We will obtain your explicit consent when we capture this information, unless this is not required by law.


Any communication you send through the Company’s electronic systems (including emails) is monitored and stored in addition to keeping records of all internet usage. We do this so we can identify and investigate security incidents, protect our intellectual property and confidential information and also deal with any breaches of company policy.

We also keep records of telephone usage so we can ensure company phone lines/devices are being used in accordance with company policy and investigate any unusual use.

Driving on Company Business and use of Company Vehicles

We collect information to ensure that you are legally allowed to drive motor vehicles in the UK, ensure that your driving record is acceptable to our insurers and also ensure that your vehicle is legally compliant where you have been given permission to drive your own vehicle on company business.

This may extend to authorised drivers in your family and include:

  • Contact information
  • Copies of reports from our driving licence checking providers
  • Information about your driving performance, traffic violations and any accidents

And for users of company fuel cards, information about:

  • how much fuel you purchased
  • where you purchased it


We may disclose information about you to our suppliers such as:

  • Insurance providers (both for company vehicles, life insurance and employers liability)
  • Healthcare services providers
  • Psychometric test providers
  • Credit card providers (if you hold a company credit card)
  • Fuel card providers, licence verification services and our car leasing suppliers if you use a company vehicle or fuel card
  • Our pension provider(s) [see our Pension Privacy Notice for more information]
  • Training course providers
  • IT security service providers
  • Auditors and other professional advisors

We may also disclose information about you if a request for a reference is received, or for example a request from your mortgage provider to confirm your salary. We may also have to disclose information about your earnings to government organisations including the Department for Work and Pensions, HM Revenue and Customs, or law enforcement agencies.

Transfer outside of the EEA

The DPO will ensure any data going outside the EEA will only be transferred on the basis of one the mechanisms approved by the EU which may include standard contractual clauses, intra-group agreements, or binding corporate rules.

Automated decision making

We do not use automated decision making. Note that decisions about employment are not made automatically on the basis of psychometric test results.

How long do we keep your data?

We will keep information about your health and/or medical conditions for 5 years after you have left employment in order to manage the risk of any potential litigation that arises as a result of your employment. This may also be provided to the Department of Work and Pensions or HM Revenue and Customs to assist them to process any claim you may have in respect of any benefit.

All other data relating to your employment (with the exception of your employment history) will be kept for 6 years after you have left employment.

Information relating to any disciplinary action including formal warnings will be kept only for as long as the warning is live.

Your rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to, rectification of or erasure of your personal data.

You have the right to request that we restrict processing your data (have us store but not use your data), object to our processing of your data as well as in certain circumstances the right to data portability.

Exercising these rights

If you wish to exercise your rights please contact

However, you may also make the request to any Cybanetix employee, who will start the process for you. If the request is made verbally the Cybanetix staff member receiving the request will record it in writing and confirm the wording with you.

If we decide not to act on your request within a month, or refuse the request, we will set out clearly the reason why we have taken no action.

Right to complain

If you do not agree with our decision, or otherwise believe we have not complied with the requirements of GDPR, you can ask the Information Commissioners Office to review how we have handled your request.

Data security

Cybanetix protect your information by following the advice in the UK governments cyber essentials standard. We restrict who can access your information to just those who need it for the purposes described in this document. When we transmit your data over the Internet we encrypt it.

Contact details

Cybanetix Limited
Tintagel House
92 Albert Embankment

Tel: 020 8396 7442

Our data protection officer can be contacted at