privacy-policy-employees

Privacy notice

Data subjects who are current, former or prospective employees of Intelliflo

Scope

This privacy notice applies to all data subjects whose personal data is collected through either being a current or former employee of Intelliflo or by taking part in Intelliflo's recruitment processes.

Responsibilities

The Data Protection Officer is NCC Group, contactable at dataprotection@Intelliflo.com is responsible for ensuring that this notice is made available to data subjects prior to Intelliflo collecting/processing their personal data.

All employees of Intelliflo who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured where necessary.

Privacy notice

1. About Intelliflo

Intelliflo is a technology company that provides business management software to UK financial advice firms through its Intelligent Office (iO) software. Through iO, firms can access Intelliflo’s Personal Finance Portal and Automated Advice services, which enables them to offer online advice solutions to support the traditional, face-to-face advice model. iO is a cloud-based system which enables users to utilise it in a flexible, fluid way. Intelliflo’s open API technology enables developers to interact and build a business management system based upon iO in a liquid manner.

Our Data Protection Officer and data protection representatives can be contacted directly here:

The Intelliflo HR team is the data controller for the information you provide as a job applicant, current and former employee. If you have any queries about the process or how we handle your information please contact us at dataprotection@Intelliflo.com alternatively, employees may review the data flow diagrams held on Confluence under HR.

What data do we collect?

Job application stage

The personal data we would like to collect at job application stage is:

Personal data type: Source (where Intelliflo obtained the personal data from you, the data subject, or from a third party)
Personal details including name and contact details. Previous work experience and education. CV either by direct application or via an employment agency, both are uploaded into the Recruitment Portal of the HR CRM.
Eligibility to work in the UK, passport and visa details. Initial confirmation via email with the individual or through the employment agency. Copies provided by you or through the employment agency.

The personal data we collect is held in the HR Database and will be used for the following purposes:

  • For the purposes of progressing your application
  • Assess your suitability for employment
  • To answer questions relevant to the role you have applied for

Our legal basis for processing for the personal data:

  • Legal obligations
  • Legitimate interests

Any legitimate interests pursued by us, or third parties we use, are as follows:

  • To ensure we are shortlisting suitable and eligible applicants for hiring managers to review and move to interview stage
  • The HR team and hiring managers will have access to your data

Interview stage

The personal data we would like to collect at interview stage is:

Personal data type: Source (where Intelliflo obtained the personal data from, whether directly from you, the data subject, or from a third party)
Confirmation of personal details including name and contact details and previous work experience and education. CV and set competency interview questions and notes taken.
Eligibility to work in the UK. Check of passport.
Possible capability assessment. Set assessment to check level of knowledge and/or understanding.
CCJ & credit check. Declaration form.
Criminal record/background check (only carried out on offer of employment). Disclosure and barring service.

The personal data we collect is held in the HR CRM system. It will be used for the following purposes:

  • For the purposes of progressing your application
  • Assess your suitability for employment
  • To answer questions relevant to the role you have applied for

Our legal basis for processing for the personal data:

  • Legitimate interests
  • Legal obligations

Any legitimate interests pursued by us, or third parties we use, are as follows:

  • To assist hiring managers to move successful applicants through the interview process
  • The HR team and hiring managers will have access to your data

Our legal basis for processing personal data relating to criminal convictions and offences:

  • Consent, requested in the applicant declaration form.

Offer stage

The personal data we would like to collect and process at offer stage is:

Personal data type: Source (where Intelliflo obtained the personal data from if it has not been collected directly from you, the data subject. Note if the personal data has been accessed from publicly accessible sources):
Confirmation of personal details including name and contact details. Email from successful candidate or from the employment agency representing the candidate.
Eligibility to work in the UK and proof of identity. Current passport and where applicable, visa, we will make copies and hold them in your HR file.
Proof of qualifications You will be asked to bring in original documents, we will make copies and hold them in your HR file.
Use of personal email address. Consent to a 3rd party reference company undertaking reference checks on the company’s behalf. Employer, credit and criminal. Consent letter is emailed with the offer pack. Once received back, this information along with your personal email address is uploaded into the reference portal.
Health assessment request form including name, address, DoB, gender, contact number and email address. Assessment form for completion and sending directly to a third party in a stamped addressed envelope.
Personal details including name, address, gender, DoB, bank details, marital status and NINO. Employee payroll form, used for payroll processes and held in your HR file.
Emergency contact details So that we know who to contact in the event that there is an emergency at work.
Personal details including name and address and salary details. Contract of employment. A signed copy will be held in your HR file.
Name, address and NINO. Pension enrolment form. Encrypted copy is sent to our IFA. Used for payroll purposes and the original kept on HR file.

The personal data we collect is held in the HR CRM and hard copy. It will be used for the following purposes:

  • Carrying out pre-employment checks
  • It is a requirement to identify our employees, their right to work in the UK and seek assurance as their ability to carry out their role, trustworthiness, integrity and reliability
  • Assess your continued suitability for employment
  • Payroll purposes
  • The ability to contact a relative in the event of an emergency
  • To give you a gift on your birthday, certain staff members will be told of your birthday so that they can order you a voucher

Legal basis

Our legal basis for processing for the personal data:

  • Legitimate interests
  • Legal obligations
  • Contractual obligations

Any legitimate interests pursued by us, or third parties we use, are as follows:

  • The HR team will have access to all data; the finance team will have access to payroll details to make salary and expenses payments
  • Eligibility to work in the UK
  • Reference checks in line with current FSA statements as requested by our parent company

The special categories of personal data concerned are:

  • Health data

Employment stage

. . .
Personal data type Source Legal basis
Occupational health records We may ask you to fill in an occupational health form if you become unwell and we will keep this form on file. Legitimate interest – ensuring empl,broyees are fit to work, take time off for illness when necessary and have reasonable adjustments made where necessary.
Legal basis for processing special category data (health data) – processing is necessary for the purposes of occupational medicine and for the assessment of the working capacity of the employee.
GP health records Occasionally it may be necessary for us to request records from your GP. You will be asked to give consent first, and we will request specific records for your benefit. Legitimate interest – ensuring employees are fit to work, take time off for illness when necessary and have reasonable adjustments made where necessary. Legal basis for processing special category data (health data) – processing is necessary for the purposes of occupational medicine and for the assessment of the working capacity of the employee. N.B. Consent is requested under confidentiality law, not under the General Data Protection Regulations.
Pay increase letters Where you are given a pay increase we will keep the letters detailing this. Legitimate interest - Record of communication with employee and showing past history to increases.
Disciplinary letters Where disciplinary action is required we will keep a copy of the letters that have been sent to you. Legitimate interest - Record of communication and any warnings given. Removed from file once warnings are spent.
Change of address details Where your address has been changed we will keep a copy of this. Legitimate interest - Current address is keep as a check against the HR & payroll system
Payroll data Your payroll data will be kept for the duration of your employment. Legitimate interest - For reporting purposes.
Childcare voucher information - Salary sacrifice Where the salary sacrifice scheme is used this information will be stored. Legitimate interest - For reporting and auditing purposes and as confirmation of consent to process salary sacrifice.
Cycle hire scheme details Where the cycle hire scheme is used, this information will be stored. Legitimate interest - For reporting and auditing purposes and as confirmation of consent to process salary sacrifice.
Qualifications We will keep a copy of your qualifications. Legitimate interest - As proof of level of learning.
Training agreements Where you have entered into a training agreement with Intelliflo we will keep a copy of this. Legitimate interest - In case of any re-imbursement needed if employment comes to an end.
File notes from meetings Where there are formal meetings and notes have been taken, a record of these notes will be stored. Legitimate interest - In case issues need to be revisited or legal action is taken against Intellfilo.
Resignation letter If you resign, a copy of your resignation letter will be kept. Legitimate interest - As a record for payroll and reporting/auditing purposes.
Confirmation of resignation When we confirm receipt of your letter of resignation we will keep a record of this. Legitimate interest - As a record for payroll and reporting/auditing purposes.
Settlement agreements If you enter into a settlement agreement we will keep a record of this. Legitimate interest - As a record for payroll and reporting/auditing purposes.
Termination details If your contract is terminated with Intelliflo we will keep a record of this. Legitimate interest - As a record for payroll and reporting/auditing purposes.
References We will keep a copy of your reference so that we are able to provide this if requested. Legitimate interest - Consistency purposes.
PMR data This information will be kept on Sage and not all data will be retained once you leave unless it is about pay or specific training due to performance issues. Legitimate interest - In case issues need to be revisited or legal action is taken against Intellfilo.

Disclosure

Intelliflo will pass on your personal data to third parties. The following third parties will receive your personal data for the following purpose(s) as part of the processing activities:

Aviva

If you are employed by Intelliflo, relevant details about you are provided to Aviva for the purposes of managing our Group Personal Pension scheme. This will include, you name, address, date of birth, NINO and salary.

Details are uploaded into the Aviva portal and starters and leavers are managed through this system.

Kingston Hospital

When you receive your offer pack you will be asked to complete a Work Health Assessment prior to your start date, which will help to determine if you are fit to undertake the work that you have been offered or advise us if any adjustments are needed to the work environment or systems so that you can work effectively.

Kingston Hospital send the HR department via email a pre- employment health screening form outlining the outcome of their assessment and if any further action is required.

Hargreaves Lansdown

If you are employed by Intelliflo, relevant details about you are provided to our independent financial advisors as they manage our pension. These include, you name, address, date of birth, NINO and salary data.

AON

If you are employed by Intelliflo, relevant details about you are provided to our insurance brokers as they manage our Life and Income Protection insurance. These include, you name, address, date of birth, NINO and salary data; where applicable information on your health, which might contain sensitive data.

Verifile

On receipt of your offer via email, you will be asked to complete and return a consent form, which gives permission for Verifile to contact you via your personal email with a link to their portal, where you will be asked to complete details to assist with reference checking. These include details for employment references, credit and criminal check details.

Vitality

If you are employed by Intelliflo, relevant details about you are provided to our private medical insurances as they manage our private medical scheme.

You can join the private medical scheme by completing an application form which asks for name, date of birth and for any family members details should you wish to cover them too. These details along with your home address and company email details are then uploaded into the scheme portal directly by HR.

HR amend the portal when employees leave the business, so that they benefit can be stopped.

Meerkat

Meerkat administer the DSE risk assessment on Intelliflo’s behalf. At the beginning of employment HR will email Meerkat with the employees work email address; a link will then be sent to the employee so that they can complete the risk assessment. Actions are then send to HR for rectifying.

LinkedIn Learning

LinkedIn Learning is an on-line training platform which sits with our academy platform. HR and Learning & Development have administration rights and set up employees using their work email address. They also delete employees when they leave.

PluralSight

PluralSight is an on-line training platform. HR and the development manager have administration rights and set up employees using their work email address. They also delete employees when they leave.

Infinite Cloud

Infinite Cloud support the payroll module on Netsuite (Finance system). The HR manager will call or email the support helpline to discuss issues. Personal data can be accessed to carry out legal obligations.

Microsoft Office 365

Intelliflo use Microsoft's Office 365 platform, any personal data you put in email or other parts of Office 365 will be held by Microsoft. Data will also be sent to Office 365 so that you can be authenticated by Microsoft.

SagePeople

HR CRM system holding all data on candidates and employees.

Duo security

Intelliflo use a product called Duo Security to provide SSO (Single Sign On) and Two Factor Authentication, data related to your username and name will be sent to Duo for this to work.

Other systems which will hold details related to account you may require as part of your job.

Intelliflo use a large number of SaaS or hosted systems you will be required to use as part of your day to day job, these systems will hold account information you require to authenticate and so that your colleagues can understand who has said what - these include product management systems like Jira, Aha!, and Github, infrastructure systems like DigiCert, AWS and PagerDuty, and other corporate systems like SalesForce, Netsuite, Slack and Microsoft Office 365.

Jitterbit

We use this to integrate our systems.

Absorb

Absorb is our LMS provider. It provides our staff training and as an employee of Intelliflo you will have an account with Absorb.

Any company requesting references

We will supply reference requests to any company who requests reference information, this includes Name, last job title and dates worked at Intelliflo.

Invesco

Invesco are our parent company. They may receive employee data for several different reasons, these will include budgeting and compensation purposes, related to use by Intelliflo staff of Invesco run application. When data is sent to Invesco it will be transferred securely to them, and it could be viewed in any of their offices around the world. This can include offices in the EEA and offices outside the EEA such as Atlanta. These transfers are protected by EU model clauses which Intelliflo and Invesco have in place.

CCTV

CCTV is used as a method to ensure staff safety and security and will be used for this purpose at all times. This is reflected in the positioning of the cameras and retention of the footage. CCTV is used to monitor the ingress/egress points of Intelliflo's spaces at our Wimbledon Office. This footage is not generally displayed or viewed. It will be viewed when security alarms go off out of hours so that we can confirm there are no intruders in the office or as part of an investigation into a security or personnel issues. Footage is deleted 90 days after it is recorded, unless it is being retained as part of an investigation, in which case it will be stored until the investigation or issue is resolved.

Retention period

For data related to people who have applied for jobs, assuming you did not progress past applicant stage - your data will be held for no more than 6 months.

For data related to you being an employee of the business we will store the personal data held under legal obligations to HMRC for 7 years.

Any data that may be needed for exercising or defending a legal claim will be retained for the life of the data subject. This may include: Sickness Records, Disciplinary and Grievance records, and termination payments.

For data required to answer reference requests from third parties on ex-employees, we will hold data for the life of the data subject.

Intelliflo archives emails 7 years after receipt, so we will hold information in emails for upto 7 years.

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing
  • Right of portability – you have the right to have data you supplied to us transferred to another organisation, in machine readable format
  • Right to object – you have the right to object to certain types of processing such as direct marketing
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling
  • Right to judicial review: in the event that Intelliflo refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below

All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Intelliflo (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Intelliflo’s data protection team.

The details for each of these contacts are:

  Supervisory authority contact details Intelliflo data protection team contact details
Contact name: Information Commissioners Office Data Protection Officer
Address line 1: Wycliffe House Wellington House
Address line 2: Water Lane 60 – 68 Wimbledon Hill Road
Address line 3: Wilmslow Wimbledon
Address line 4:   London
Address line 5: SK9 5AF SW19 7PA
Email: casework@ico.org.uk dataprotection@Intelliflo.com
Telephone: 0303 123 1113 TBC

Last updated: 27 April 2020