Employee privacy notice
This is the employee privacy notice. If you have engaged with Insight in a non-employment capacity, the general privacy notice is more appropriate for you.
Insight is committed to protecting the privacy and security of all personal information. The Insight affiliate responsible for your personal information will be the Insight entity identified in your employment contract or contract for services and is the data controller of your personal information. In addition, where the personal information is processed by our parent company BNY Mellon's Group for their own independent purposes, the BNY Mellon Group companies will be independent controllers of your personal information.
This page summarises the nature of the information that is stored by Insight, why and how it is used, your rights in regard to this data, as well as the protections in place to safeguard it.
There is no need for you to take any action.
In this notice we cover:
1. Personal information we collect, when and why we use it
2. How we use your personal data
3. How Insight collect information
4. Legal basis for processing your data
5. Data retention
6. Data sharing
7. Your rights as a data subject
We may amend this document from time to time to keep it up to date with legal requirements and the way in which we operate our business. If we make significant changes to this document, we will inform you by notice on the Insight intranet or email.
This notice does not form part of any contract of employment or other contract to provide services.
Personal information we collect, when and why we use it
We may collect the following personal information about you for the purposes described in this notice:
- Personal details: your title, name, previous or maiden name, gender, nationality, civil/marital status, date of birth, age, personal contact details, national ID number, eligibility-to-work information, passport, driving licence, languages spoken; emergency contact information, details of any disability and any reasonable adjustments required as a result
- Recruitment and selection information: skills and experience, qualifications, references, CV and application, interview and assessment data, background and verification information related to the outcome of your application, details of any offer made to you
- Information related to your engagement: contract of employment or engagement, work contact details, employee or payroll number, photograph, work location, your worker ID and various system IDs, your work biography, your assigned business unit or group, your reporting line, your employee/contingent worker type, your termination/contract end date, the reason for termination, your last day of work, exit interviews
- Regulatory information: records of your registration with any applicable regulatory authority, your regulated status, including any criminal record or credit background checks which may be necessary, and any regulatory certificates and references
- Remuneration and benefits information: your remuneration information (including salary/hourly plan/contract pay/fees information as applicable, allowances, overtime, bonus and commission plans), payments for leave/, bank account details, grade, tax information, details of any benefits you receive or are eligible for, benefit coverage start date, expense claims and payments, information and agreements
- Leave and absence management information: attendance records, absence records, holiday dates, requests and approvals and information related to family leave or other special or statutory leave, absence history, fit notes, details of incapacity, details of work impact and adjustments, manager and Human Resources (HR) communications, return to work interviews
- Performance management information: colleague and manager feedback, your appraisals and performance review information, outcomes and objectives, talent programme assessments and records, succession plans, formal and informal performance management process records
- Training and development information: data relating to training and development needs or training received or assessments completed
- Monitoring information (to the extent authorised by applicable laws): closed circuit television footage, system and building login and access records, photo on access card, download and print records, call or meeting recordings, information captured by IT security programmes and filters
- Employee claims, complaints and disclosures information: subject matter of employment or contract based litigation and complaints, pre claim conciliation, communications, settlement discussions, claim proceeding records, employee involvement in incident reporting and disclosures
- Equality and diversity information (where authorised by law and consent provided voluntarily): information regarding gender, age, nationality, religious belief, sexuality and race (stored anonymously for equal opportunities monitoring purposes)
How we use your personal data
Subject to applicable law, your personal data may be stored and processed by us for the following purposes:
Recruitment and selection
- To evaluate applications for employment and make decisions in relation to selection of employees
- Pre-employment screening including, where relevant and appropriate, identity check, right to work verification, reference check, credit check, financial sanction check, criminal record checks
- To make job offers, providing contracts of employment or engagement and preparing to commence your employment or engagement where you accept an offer from us
- To contact you should another potentially suitable vacancy arise
- To deal with any query, challenge or request for feedback received in relation to our recruitment decisions
- To monitor programmes to ensure equality of opportunity and diversity
Ongoing management of all aspects of employees' relationships with Insight
- To manage and maintain HR hard copy records, files and systems, including technical support and maintenance of HR systems and managing electronic and hard copy records in line with Insight's retention schedules
- Providing and administering remuneration, benefits, pensions and incentive schemes
- To make appropriate tax and national insurance deductions and contributions
- To set and change building and system access permissions
- Identifying and communicating effectively with employees
- Where appropriate, publishing appropriate internal or external communications or publicity material, including via social media
- Managing and operating performance reviews, capability, attendance and talent programmes
- Managing grievances, allegations (e.g. whistleblowing, harassment), complaints, investigations and disciplinary processes, and making related management decisions
- Training, development, promotion, career and succession planning
- Business contingency planning and response to active incidents
- Processing details with employee consent of membership of trade unions, works councils and other employee representative bodies and to administer any associated subscriptions paid direct from salaries
Absence management and health and safety
- Processing information about absence
- Processing medical information regarding physical or mental health or condition to assess eligibility for incapacity or permanent disability related remuneration or benefits:
- determine fitness for work
- facilitate a return to work
- make adjustments or accommodations to duties or the workplace
- make management decisions regarding employment or engagement or continued employment or engagement or redeployment
- conduct related management processes
Compliance monitoring, security and systems use
- Measuring the performance of Insight's IT systems by monitoring employee usage of Insight systems; this includes analysing times, locations and activities whilst users are logged into the network.
- Auditing, monitoring, investigation and compliance monitoring activities in relation to Insight policies, the Insight Code of Conduct, applicable law, the prevention and detection of criminal activity and to protect Insight's assets and premises
Responding to legal and regulatory requests
- Comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorised by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country
Termination of employment and managing post-employment relationships
- Complying with reference requests where Insight is named by the individual as a referee
- Administering termination and post-termination matters, e.g. outplacement services, liaison with employee legal representatives, enforcing restrictive covenants, loan repayments, overpayments, expense reimbursements, employee benefits, conduct termination and post-termination litigation
To the extent authorised by local laws, Insight may collect and process a limited amount of personal information falling into special categories, sometimes called 'sensitive personal information'. This term means information relating to:
- health-related details, including any special dietary requirements and any reasonable adjustments that the Company may be required by law to make to your working arrangements (excluding Netherlands, Germany)
- information revealing racial or ethnic origin
- judicial information, including the results of criminal or police records checks which can include details of offences, alleged offences and sentences and information from other intelligence sources (subject to relevant local laws and record retention periods)
- marital status and next of kin
- political opinions or contributions, religious beliefs or other similar beliefs and sexual orientation, should you choose to provide any such information to the Company (excluding Netherlands, Germany (except for church tax))
Insight protects personal data within an Information Security Management System which complies with ISO27001.
How Insight collect information
We collect your personal information from a variety of sources, but in most circumstances directly from you. You will usually provide this information directly to your managers or local HR contact, or enter it into our systems for example, through Employee Self Service (ESS), your participation in HR processes (including recruitment), emails and instant messages which may be recorded electronically or manually. In addition, further information about you will come from your managers, HR or occasionally from your colleagues.
We may also obtain some information from third parties, e.g. references from a previous employer, medical reports from external professionals, information from tax authorities, benefit providers or where we employ a third party to carry out a background check (where authorised by applicable law) or, occasionally, from clients.
In some circumstances, personal information may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings, instant message logs and email and Internet access logs), if and to the extent authorised by applicable laws.
Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated. The failure to provide mandatory information will mean that we cannot carry out certain HR processes. For example, if you do not provide us with your bank details, we will not be able to pay you.
Apart from personal information relating to you, you may also provide Insight with personal information of third parties, notably your dependants and other family members, for purposes of HR administration and management, including the administration of benefits and someone to contact in an emergency. Before you provide such third party personal information to Insight you must first inform these third parties of any such information that you intend to provide and of the processing to be carried out by Insight, as detailed in this notice.
Legal basis for processing your data
Your personal information is collected and processed for various business purposes, in accordance with applicable laws and collective bargaining agreements.
We will only collect, use and share your personal information where we are satisfied that one or more of the following legal bases apply:
- The processing is necessary for compliance with a legal obligation to which Insight is subject, for example, disclosing information to local tax authorities, making statutory payments, avoiding unlawful termination, avoiding unlawful discrimination, meeting statutory record keeping requirements or health and safety obligations
- The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, prior to entering into such a contract, for example collecting bank details to pay your salary or processing information to provide you with the contractual benefits to which you are entitled
- The processing is based on your consent. Where consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from Insight
- The processing is necessary for the legitimate interests pursued by Insight or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. Insight considers that it has a legitimate interest in processing personal information for the purposes set out above, and to support the achievement of its immediate and long-term business goals and outcomes
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
For the above purposes, personal information may be transferred within or outside of the jurisdiction where you are employed or perform work, either within Insight or to third parties, including, but not limited to:
- any holding company, subsidiary, affiliate of BNY Mellon Group
- certain third party including suppliers and service providers including; payroll, pension providers to whom Insight may disclose personal information when required by law or court order, or as requested by any government or regulator or law enforcement authority or agency
Insight may also disclose personal information to a third party where it is necessary to do so in order to protect or pursue Insight's legitimate interests (ensuring this is proportionate and limited to that information which is strictly necessary in the circumstances). This may include, but not be limited to, disclosure to a party with whom Insight is in negotiation for the sale or transfer of a business, assets or services. Insight will take appropriate steps to ensure that the recipient of personal information in such circumstances puts in place an adequate level of protection for such personal information in accordance with applicable legal requirements.
Where Insight transfers personal information internally within Insight or to any third party between different jurisdictions, including, but not limited to, transfers outside of the European Economic Area (EEA) including the USA, and to other jurisdictions that have not been deemed to offer adequate protection, for the purposes outlined in this document, it will take appropriate steps to ensure that there is an adequate level of protection for personal information in place in accordance with applicable legal requirements.
Your rights as a data subject
You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the end of this document. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us
- the right to request that we correct your personal data if it is inaccurate or incompletethe right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we must retain it
- the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we must refuse that request
- the right to lodge a complaint with the applicable data protection regulator in the country where the relevant Insight entity is located if you think that any of your rights have been infringed by us. If you are not sure which part of Insight is using your data or which is the relevant data protection regulator, you can ask us to clarify this using the contact details in the end of this document
- when we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated to you.
In the UK, your rights arise from the General Data Protection Regulation as retained, amended EU law, and the supervisory authority is the UK Information Commissioner (https://ico.org.uk/).
Within the EEA, your rights arise from the General Data Protection Regulation. The lead supervisory authority is the Data Protection Commissioner of the Irish Republic (https://dataprotection.ie/)
Main contact: Information Risk
Address: 160 Queen Victoria Street, London EC4V 4LA
1Insight is the corporate brand for certain companies operated by Insight Investment Management Limited (IIML). Insight includes, among others, Insight Investment Management (Global) Limited (IIMG), Insight Investment International Limited (IIIL) and Insight North America LLC (INA), each of which provides asset management services
Insight protects personal data within an Information Security Management System which complies with ISO27001.