M P Gallucci Quantity Surveyors Limited (MPGQS) is committed to protecting the privacy and security
of your personal information. This Privacy Notice describes how we collect and use personal information
about you during and after your working relationship with us, in accordance with the General Data
Protection Regulations (GDPR).
MPGQS is a “data controller”. This means that we are responsible for deciding how we hold and use
personal information about you. We are required under data protection legislation to notify you of the
information contained in this privacy notice.
This notice applies to current and former employees, workers and contractors. This notice does not form
part of any contract of employment or other contract to provide services and we therefore may update this
notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific
occasions when we are collecting or processing personal information about you, so that you are aware of
how and why we are using such information.
1. Data Protection Principles
We will comply with data protection law which details that all personal information we hold about
you must be:
• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way
that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long s necessary for the purposes we have told you about
• Kept securely
2. The type of information we hold on you
Personal data, or personal information, means any information about you, the individual, from which
you can be identified. It does not include data where the identify has been removed (anonymous
data). There are “special categories” of more sensitive personal data which require a higher level of
2.2 We will collect, store and use the following categories of personal information about you:
• Personal contact details such as name, title, address, telephone numbers and personal email
• Date of Birth
• Marital status and dependants
• Next of kin and emergency contact information
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 3
• National Insurance Number
• Bank account details, payroll records and tax status information
• Salary, annual leave, pension and benefits information
• Start date
• Location of employment or workplace
• Copy of driving licence
• Recruitment information (including copies of right to work documentation, references and other
information included in a CV or cover letter or as part of the application process)
• Employment records (including job titles, work history, working hours, training records and
• Compensation history
• Performance information
• Disciplinary and grievance information
• CCTV footage and other information obtained through electronic means such as swipe card
• Information about your use of our information and communication systems
2.2 We may also collect, store and use the following “special categories” of more sensitive personal
• Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
• Information about your health, including any medical conditions, health and sickness records
• Information about personal convictions and offences
3. How is your personal information collected?
We collect personal information about employees, workers and contractors through the application
and recruitment process, either directly from candidates or from an employment agency or
background check provider. We may sometimes collect additional information from third parties
including former employers, credit reference agencies or other background check agencies.
We will collect additional personal information in the course of job-related activities throughout the
period of you working with us.
4. How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use
your personal information in the following circumstances:
• Where we need to perform the contract we have entered into with you
• Where we need to comply with a legal obligation
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 4
• Where we need to protect your interests (or someone else’s interests)
• Where it is needed in the public interest (or for official purposes)
5. Situations in which we will use your personal information
We need all the categories of information as listed above, primarily to allow us to perform our contract
with you and to enable us to comply with legal obligations. In some cases we may use your personal
information to pursue legitimate interests of our own or those of third parties, provided your interests
and fundamental rights do not override those interests. The situations in which we will process your
personal information are listed below.
• Making a decision about your recruitment or appointment
• Determining the terms on which you work for us
• Checking you are legally entitled to work in the UK
• Paying you and, if you are an employee, deducting tax and National Insurance contributions
• Providing the following benefits to you:
– Company vehicle or car allowance
– Company bonus scheme
– Life Insurance (death in service)
– Private medical scheme
• Liaising with your pension provider
• Administering the contract we have entered into with you
• Business management and planning, including accounting and auditing
• Conducting performance reviews, managing performance and determining performance
• Making decisions about salary reviews and compensation
• Assessing qualifications for a particular job or task, including decisions regarding promotions
• Gathering evidence for possible grievance or disciplinary hearing
• Making decisions about your continued employment or engagement
• Making arrangements for the termination of our working relationship
• Education, training and development requirements
• Dealing with legal disputes involving you, or other employees, workers and contractors, including
accidents at work
• Ascertaining your fitness to work
• Managing sickness absence
• Complying with health & safety regulations
• Preventing fraud
• Monitoring your use of our information and communication systems to ensure compliance with
our IT policies
• Ensuring network and information security, including preventing unauthorised access to our
computer and electronic communications systems and preventing malicious software distribution
• Conducting data analysis studies to review and better understand employee retention and attrition
• Equal opportunity monitoring
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 5
Some of the above grounds will overlap and there may be several which justify our use of your
6. If you fail to provide personal information
Failure to provide certain information when requested may mean we are unable to perform the
contract we have entered into with you (i.e. paying you or providing a benefit) or may prevent us
from complying with our legal obligations (i.e. ensuring the health and safety of our workers).
7. Change of Purpose
We will only use your personal information for the purposes for which it was collected, unless we
reasonably consider that we need to use it for another reason which is compatible with the original
purpose. Should we need to use your personal information for an unrelated purpose we will notify
you and explain the legal basis allowing us to do so.
Please note we may process your personal information without your knowledge or consent in
compliance with the above rules only where this is required or permitted by law.
8. How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection.
We need to have further justification for collecting, storing and using this type of information. We
have in place appropriate safeguards and policy document we are required by law to maintain when
processing such data.
We may process special categories of personal information in the following circumstances:
• In limited circumstances, with your explicit written consent
• Where we need to carry out our legal obligations or exercise rights in connection with employment
• Where it is needed in the public interest, such as for equal opportunities monitoring
• In relation to our occupational pension scheme
Less commonly, we may process this type of information where it is needed in relation to legal claims
or where it is needed to protect your interests (or someone else’s interests) and you are not capable
of giving your consent, or where you have already made the information public. We may also process
such information about members or former members in the cours of legitimate business activities and
with the appropriate safeguards.
8.1 Our obligations as an employer
We will use your particularly sensitive personal information in the following ways;
• We will use information relating to leave of absence, which may include sickness absence or
family related leaves, to comply with employment and other laws
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 6
• We will use information about your physical or mental health, or disability status, to ensure your
health and safety in the workplace and to assess your fitness to work, to provide appropriate
workplace adjustments, to monitor and manage sickness absence and benefits.
• We will use information about your race or national or ethic origin, relations, philosophical or
moral beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and
8.2 Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance
with our written policy to carry out our legal obligations or exercise specific rights in the field of
employment law. In limited circumstances we may approach you for your written consent to allow
us to process certain particularly sensitive data. If we do so we will provide you with full details of
the information that we would like and the reason we need it, so that you can carefully consider
whether you wish to consent. It is not a condition of your contract with us that you agree to any
request for consent from us.
9. Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so,
usually where processing is necessary to carry out our obligations and provided we do so in line with
our data protection policy.
Less commonly, we may use information relating to criminal convictions where necessary in relation
to legal claims, where it is necessary to protect your interests (or someone else’s) and you are not
capable of giving your consent, or where you have already made the information public.
We may process such information about members or former members in the course of legitimate
business activities with the appropriate safeguards.
We will only collect information about criminal convictions if it is appropriate given the nature of the
role and where we are legally able to do so. Where appropriate, we will collect information about
criminal convictions as part of the recruitment process or where we may be notified of such
information directly by you in the course of your working for us.
10. Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make
a decision without human intervention. We are allowed to use automated decision-making in the
• Where we have notified you of the decision and given you21 days to request a reconsideration
• Where it is necessary to perform the contract with you and appropriate measures are in place to
safeguard your rights
• In limited circumstances, with your explicit written consent and where appropriate measures are
in place to safeguard your rights.
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 7
If we make an automated decision on the basis of any particularly sensitive personal information, we
must have either your explicit written consent or it must be justified in the public interest. We must
also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impace on you based solely on
automated decision-making, unless we have a lawful basis for doing so and have notified you.
We do not envisage any decisions will be taken about you using automated means, however we will
notify you in writing should this position change.
11. Data sharing
We may have to share your data with third parties, including third-party service providers and other
entities in the company.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU. If we do so you can expect a similar
degree of protection in respect of that personal information.
Why might we share your personal information with third parties:
Where required by law, where it is necessary to administer the working relationship with you or where
we have another legitimate interest in doing so.
Which third-party service providers profess your personal information:
“Third parties” includes third party service providers (including contractors and designated agents)
and other entities within the company. Activities carried out by third party services providers are
payroll, pension administration, benefits provision and administration and IT services.
How secure is your information with third party service providers and others within the
All our third party service providers and entities within the company are required to have in place
appropriate security measures in line with our policies to protect your personal information. We do
not allow third party service providers to use your personal data for their own purposes and only
permit them to process it for specified purposes and in accordance with our instructions.
We might share your personal information with other entities in the company when:
As part of our regular reporting activities on company performance, in the context of a business
reorganisation or restructuring , or for system maintenance support and hosting of data.
Other third parties:
We may share your personal information with other third parties, e.g. in the context of a possible sale
or restructuring of the business and may also need to share it with a regulator or to comply with the
Transfer of information outside the EU:
MPGQS may need to transfer your personal information to countries outside the EU Area (EEA).
This means that the country we may make the transfer to is deemed to provide an adequate level of
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 8
protection for your personal information. You can obtain further information about the measures in
place from our HR Department.
12. Data security
We have put in place measures to protect the security of your information, details of which are
available on request.
Third parties will only process your personal information on our instructions and where they have
agreed to treat the information confidentially and keep it secure.
We have appropriate security measures to prevent your personal information from being accidentally
lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal
information to those employees, agents, contractors and third parties who have a business need to
know. They will only process your personal information our instructions and are subject to a duty of
We have procedures in place to deal with any suspected data security breach and will notify you and
any applicable regulator of a suspected breach where we are legally required to do so.
13. Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we
collected it for, including for satisfying any legal, accounting or reporting requirements. To determine
the appropriate retention period we consider the amount, nature and sensitivity of the personal data,
the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it
and whether we can achieve those purposes through other means, and any legal requirements that
In some circumstances we may anonymise your personal information so it can’t be associated with
you, in which case we may use such information without further notice to you. Once you are no
longer an employee, worker or contractor of MPGQS we will retain and securely destroy such
information in accordance with any laws and regulations which may apply.
14. Rights of access, correction, erasure and restrictions
Under certain circumstances, by law, you have the right to:
• Request access to your personal information (a “data subject access request”), which enables you
to receive a copy of the personal information we hold about you and check that we are lawfully
• Request correction of the personal information we hold on you, which enables you to have any
incomplete or inaccurate information corrected.
• Request erasure of your personal information. This allows you to ask us to delete or remove
personal information where there is no good reason for us to continue to process it. You also have
Document: MPG/HR/GDPR/001 Version: 1 Last Updated: 11/05//2018 9
the right to ask us to delete or remove your personal information where you have exercised your
right to object to processing (see below)
• Object to processing of your personal information where we are relying on a legitimate interest
(or those of a third party) and where there is something about your particular situation that makes
you want to object to processing on this ground. You also have the right to object where we are
processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This lets you ask us to
suspend the process of personal information about you, e.g. should you want us to establish its
accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
There is no fee payable to access your personal information or exercise any of the above rights,
however we may change a reasonable fee if your request is clearly unfounded or excessive.
Alternatively we may refuse to comply with the request in such circumstances.
It is important personal information we hold on you is accurate and current and it is your duty to
inform us of any changes during your working relationship with us.
Anyone wanting to review, verify, correct or request erasure of their personal information,
object to the processing of it or request we transfer a copy to another party should contact HR
We may need to request specific information from you to help us confirm your identity and ensure
your right to access the information, or exercise any of your other rights. This is a security measure
to ensure personal information is not disclosed to any person who has no right to receive it.
15. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing
and transfer of your personal information for a specific purpose, you have the right to withdraw this
consent for that specific purpose at any time. To withdraw your consent please contact HR and once
we have received notification of your withdrawal of consent in writing, we will no longer process
your information for the purpose or purposes you originally agreed to, unless we have a legitimate
basis for doing so in law.
16. Changes to this privacy notice
We reserve the right to update this notice at any time and will provide you with a new notice when
we make any substantial updates. We may also notify you in other ways from time to time in regards
to the processing of your personal information.
Should you have any questions about this privacy notice please contact Michael Gallucci or