Privacy Policy

Privacy Policy

Protecting your data

This privacy policy has been created by Rialto. This Privacy Policy is intended to inform you about the Data User's policies and practices in treating Personal Data and Non-personal Information


We take your privacy very seriously therefore we urge to read this policy very carefully because it contains important information about:

  • who we are,
  • how and why we collect, store, use and share personal information,
  • your rights in relation to your personal information, and
  • how to contact us and supervisory authorities in the event that you have a complaint.


Rialto (‘we’ or ‘us’) collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data protection Regulations and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services

 

1) Our Contact Details
Rialto- Data Protection Officer: Alessandro Caiazzo- Director

Address: 125 Deansgate MANCHESTER M3 2BY

Phone Number: 07340007860

E-mail: info@rialtolimited.com

 

2) The Type of Personal Information we collect:

Personal Data Type

 

  • Contact details such as name, title, addresses, telephone numbers and personal email addresses.
  • Emergency Contact number
  • Bank Account Details
  • Date of Birth
  • Gender
  • Dependants
  • NI Number
  • Bank Account details for payroll and tax status information
  • Information included in a CV and covering letter
  • Disciplinary and grievance information
  • CCTV footage
  • Right to work documentation


3) Personal information from other sources
We may receive information about you from other sources.

This information includes: References – Past Employers

We will add this information to the information we hold about you for the following purposes: Support a job application.

4) Sensitive personal information

Sensitive personal information includes any information which relates to the following:

  • your genetic data
  • your biometric data
  • your ethnic origin
  • your political opinions
  • your religious beliefs
  • whether you belong to a trade union
  • your physical or mental health or condition
  • your sexual orientation, and
  • whether you have committed a criminal offence
  • health declaration
  • Occupational Health Advice


Some examples of the types of personal sensitive personal information we process include:

Sickness Self-Certification and Fitness Notes relating to your physical and mental well-being


5) Personal information you provide about third parties

There may be circumstances when you provide us with information about a third party relevant to your employment such as references for others; solicitor correspondence etc. If you do, you are responsible for ensuring data protection legislation is complied with, they have been provided with a copy of this privacy notice, and that you have a suitable legal justification for sharing their personal and/or sensitive data with us.


If you have been appointed by an individual to act on their behalf, you must provide written proof of authority to act on their behalf as we may request together with proof of your identity.

 

6) Monitoring

We may also monitor, intercept, read and/or record your telephone, email and other electronic communications for the purpose of monitoring and recording to establish facts, to establish compliance with regulatory procedures, to prevent or detect crime, to investigate or detect the unauthorized use of our systems or to ascertain compliance with our practices or procedures. We may also monitor and record communications to check that they are relevant to its business.


7) How we use your personal information

We may process personal data and sensitive personal data concerning you in our manual and computerized/automated filing systems internally and, so far as is reasonably necessary, externally, for the purposes of complying with statutory requirements, meeting our legitimate interests, properly conducting our business, complying with the terms of your employment and for all purposes in connection with your employment with us.


8) Who your information may be shared with

We may share your information with:

  • Professional advisors;
  • Any third-party providing services to us for the benefit of its employees e.g. Payroll provider;
  • HM Revenue and Customs or other authorities;
  • Prospective purchasers of all or any part of our business in return for suitable confidentiality undertakings regardless of the country to which the data is to be transferred. In this situation we will, so far as possible, share anonymized data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction;
  • Law enforcement agencies in connection with any investigation to help prevent unlawful activity;
  • Government bodies for the purposes of accounting, tax and regulatory compliance;
  • We will not share your personal information with any other 3rd parties.
  • We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

9) How long your personal information will be kept

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information.

10) Reasons we can collect and use your personal information


We rely on the following as the lawful basis on which we collect and use your personal information:

(1). You have given your consent;

(2). It is necessary for entering into or performing a contract with you (*);

(3). It is necessary for compliance with a legal obligation (**);

(4). legitimate interests (***);

The legitimate interests relied upon are as follows:

to ensure individual has the right to work in the UK
to allow fulfilment of employment contract

(5) it is necessary for the performance of a task carried out in the public interest


We need all the categories of information in the list above primarily to allow us to perform our contract with you (*) and to enable us to comply with legal obligations (**). In some cases we may use your personal information to pursue legitimate interests (***), provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.


We have indicated by asterisks the purpose or purposes for which we are processing or will process your personal information, as well as providing a description of which categories of data are involved.


  • Making a decision about your recruitment or appointment. (*)
  • Determining the terms on which you work for us. (*)
  • Checking you are legally entitled to work in the UK. (**)
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions. (*) (**) (***)
  • Providing the following benefits to you:
  • Liaising with your pension provider. (*) (**) (***)
  • Administering the contract we have entered into with you. (*)
  • Business management and planning, including accounting and auditing. (**) (***)
  • Conducting performance reviews, managing performance and determining performance requirements. (*)
  • Making decisions about salary reviews and compensation. (*) (**)
  • Assessing qualifications for a particular job or task, including decisions about promotions. (*)
  • Gathering evidence for possible grievance or disciplinary hearings. (*)
  • Making decisions about your continued employment or engagement. (*) (**)
  • Making arrangements for the termination of our working relationship. (*) (**)
  • Education, training and development requirements. (*)
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work. (*) (**) (***)
  • Ascertaining your fitness to work. (*) (**) (***)
  • Managing sickness absence. (*)
  • Complying with health and safety obligations. (**)
  • To prevent fraud. (**)
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies. (*) (**)
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution. (*) (**)
  • To conduct data analytics studies to review and better understand employee retention and attrition rates. (***)
  • Equal opportunities monitoring. (**)


Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.


We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


The basis upon which we process your sensitive information (i.e. special category as defined in the GDPR) is:

(1). for employment, social security or social protection reasons;

(2). the explicit consent of users;

(3). to protect the vital interests of the data subject;

(4). that such sensitive information has been made publicly available by the data subject;

We [envisage OR do not envisage] that we will hold information about criminal convictions. [We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.] [Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.]


11) Consequence of our use of your personal information

The consequence to you of our use of your personal information is:

For fulfilment of the employment contract. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).


12) Keeping your information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will also use technological and organisation measures to keep your information secure. These measures may include the following examples:

All data secured with access restricted to those who need access e.g. Office Manager; Payroll etc

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


13) Your obligations to safeguard personal data of others

In the course of your duties you may have access to the personal data of other individuals during the course of your employment. You must undertake any mandatory RIALTO data protection training, and ensure that you do not inappropriately obtain, retain, amend, use, delete, transmit or compromise the security of the personal data of others.


​Failure to comply with your data protection obligations puts at risk the individuals whose personal information is being processed, carries the risk of significant civil and criminal sanctions for you and RIALTO and may, in some circumstances, amount to a criminal offence for which you are personally liable. Because of the importance of data protection obligations, it may lead to disciplinary action under our procedures, up to and including dismissal for gross misconduct.

If at any time you have any queries, you should contact us immediately.


14) What rights do you have?

Under the General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • request access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • request us to correct any mistakes in your information which we hold
  • request the erasure of personal information concerning you in certain situations, where there is no good reason for us to continue processing it
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances
  • request a transfer of your personal information to another party

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulations (http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)

If you would like to exercise any of these rights, please:

  • email, call or write to us
  • let us have enough information to identify you
  • let us know the information to which your request relates

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Right to withdraw your consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact info@rialtolimited.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Do you need extra help?

If you would like this policy in another format (for example: audio, large print, braille) please contact us using the details at the end of the policy.

15) Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

1.    Where we have notified you of the decision and given you 21 days to request a reconsideration.

2.    Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.

3.   In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

[We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.]

16) How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at the address below.

You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data. The ICO’s address is:

Wycliffe House, Water Lane, WILMSLOW, Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO Website https://www.ico.org.uk/concerns

17) Changes to the privacy policy

We may change this privacy policy from time to time and will notify all employees of any changes by:

By email and line manager

18) Contacting us

Our Data Protection Officer is Alessandro Caiazzo.

If you have any questions about this policy or the information we hold about you, please contact us.

e-mail: acaiazzo@rialtolimited.com

telephone: 07340007860

Share by: