GDPR Privacy Notice

INTRODUCTION
‍1.1 Enigma Legal will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection Policy.
‍
‍2. PURPOSE AND SCOPE
‍2.1 This notice explains what personal data (information) Enigma Legal holds about you, how we collect it, and how we use and may share information about you during your employment and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this privacy notice and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
‍
‍3. DUTIES AND RESPONSIBILITIES
‍3.1 Enigma Legals’ Data PrivacyManager (“DPM”) is responsible for this Privacy Notice.3.2 Any queries or concerns can be made to the DPM.

‍4. WHO COLLECTS THE INFORMATION
‍4.1 Enigma Legal Limited T/A Enigma Legal (Enigma Legal) is a data controller and gathers and uses certain information about you.

‍5. ABOUT THE INFORMATION WE COLLECT AND HOLD
‍5.1 The table set out inAppendix 1 summarises the information we collect and hold, how and why we do so, how we use it and with whom it may be shared.5.2 We may also need to share some of the categories of personal information set out in the schedule with other parties, such as external contractors and our professional advisers and potential purchasers of some or all of our business or on a re-structuring.Usually, information will be anonymised but this may not always be possible.The recipient of the information will be bound by confidentiality obligations.We may also be required to share some personal information as required to comply with the law.5.3 We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.5.4 ”Special categories” of particularly sensitive personal information, such as information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life and sexual orientation, genetic data, biometric data or trade union membership, require higher  levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
‍
‍6. WHERE INFORMATION MAY BEHELD
‍6.1 We will hold your personal information on our HR software platform. Additional information may be held at our offices, and/or by third party agencies, service providers, representatives and agents as described above.

‍7. HOW LONG WE KEEP YOUR INFORMATION
‍7.1 We keep your information during and after your employment for no longer than is necessary for the purposes for which the personal information is processed. Further details on this are available in the Records Retention Policy.

8. YOUR RIGHTS TO CORRECT AND ACCESS YOUR INFORMATION AND TO ASK FOR IT TO BE ERASED
‍8.1 Please contact EnigmaLegals’ DPM if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. 8.2 You also have the right to ask our DPM for some but not all of the information we hold and process to be erased (the right to be forgotten) in certain circumstances. Our DPM will provide you with further information about the right to be forgotten, if you ask for it.

‍9. KEEPING YOUR PERSONAL INFORMATION SECURE
‍9.1 We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 9.2 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.   

10. HOW TO COMPLAIN
‍10.1 We hope that our DPM can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone:0303 123 1113 for further information about your rights and how to make a formal complaint.

‍11. LEGAL OBLIGATION TO PROVIDE PERSONAL INFORMATION
‍11.1 You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide certain categories of information above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits, such as your pension entitlements and to administer statutory payments such as statutory sick pay (SSP). 11.2 If you do not provide this information, we may not be able to employ you, make these payments, or provide these benefits. Please contact HR for further information.

12. SITUATIONS IN WHICH WE WILL USE YOUR SENSITIVE PERSONAL INFORMATION
‍12.1 In general, we will not process particularly sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing, such as it is in the public interest to do so. 12.2 We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance. We need to process this information to exercise rights and perform obligations in connection with your employment.

‍13. DO WE NEED YOUR CONSENT?
‍13.1 We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

14. APPENDICES APPENDIX 1 -SUMMARY OF THE INFORMATION WE COLLECT AND HOLD

The information we collect: Identity and contact data including your name, maiden name, gender, marital status, title, date of  birth, photographs, contact details (i.e. address, home and mobile phone  numbers, email address) and emergency contacts (i.e. name, relationship and  home and mobile phone numbers)

The information we collect: Identity and contact data including your name, title, position held, photograph, contact details (i.e. company address, business phone numbers, business email address