Login
Start of main content

Employee Privacy Notice

This Privacy Notice explains how the IET process personal data of temporary, permanent, or contractual employees.

The IET collects personal data relating to our employees to manage the employment relationship. As your employer, the IET is the Controller of the personal data it processes for this purpose and follow applicable data protection laws including, but not limited to the UK GDPR and Data Protection Act 2018. For example, employees based in the EU can expect their personal data to also be processed in accordance with the EU GDPR.

The IET are registered with the Information Commissioners Office (Ref: Z7792223)

The Personal Data We Process

You will have already provided some of the personal data that we process about you in order to consider you for temporary or full-time employment during the recruitment process. This is covered under our Recruitment Privacy Notice.

The following list explains the purpose for use of your personal data

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
  • Liaising with your pension provider, providing information about changes to your employment such as promotions, changes to working hours.
  • General administration of the contract we have entered with you.
  • Business management and planning, including accounting and auditing.
  • Conducting performance reviews, managing performance, and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence and any other steps relating to possible grievance or disciplinary matters and associated hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work, managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • To monitor your business and personal use of our information and communication systems to ensure compliance with our policies.
  • When necessary authorised persons may access your work accounts to obtain information required for disciplinary or data breach investigations, or data subject rights purposes.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.
  • Diversity and Equal Opportunities monitoring
  • CCTV monitoring to ensure safety and security of employees and IET assets.
  • For audit purposes

The following list describes the types of personal data we may process when you work for the IET

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Dates of birth, marriage, and divorce.
  • Marital status and dependants.
  • Next of kin, emergency contact and death benefit nominee(s) information.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, parental leave, pension, and benefits information.
  • Start date, leaving date.
  • Location of employment or workplace.
  • Interview notes and assessments.
  • Copy of driving licence, passport, birth and marriage certificates, decree absolute.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process, such as educational history and qualifications).
  • Full employment records including contract, terms and conditions, job titles, work history, working hours, promotion, absences (including sickness absence and health professional fitness to work documentation), attendances, training and apprenticeship records and professional memberships.
  • Compensation history.
  • Performance and appraisal information.
  • Disciplinary and grievance information.
  • Secondary employment and volunteering information.
  • Office CCTV footage and other information obtained through electronic means such as swipe card records.
  • Information about your use of our information and communications systems.
  • Photographs, videos, audio, presentations taken during the course of your work role activities (including your profile image used on the IET intranet).
  • Accident book, first aid records, injury at work and third-party accident information.
  • Evidence of how you meet the confirmation of your security clearance, where applicable. This can include passport details, nationality details and information about convictions/allegations of criminal behaviour.
  • Evidence of your right to work in the UK/immigration status.

Lawful Basis For Processing Personal Data

Our lawful basis for processing personal data for employment purposes under UK GDPR is as follows:

Article 6 (1) Processing shall be lawful only if and to the extent that at least one of the following applies:

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

Lawful Condition For Processing Special Category Personal Information

We may also collect, store, and use the following "special category" of personal information: 

  • Information about your race or ethnicity, religious beliefs, gender, sexual orientation, disability, political or philosophical opinions,
  • Trade union membership
  • Information about your health, including any medical condition, health, and sickness records
  • Genetic information and biometric data
  • Information about criminal convictions/allegations and offence

Our lawful condition for processing special category personal data for employment purposes under UK GDPR is as follows:

Article 9 (2)

(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by domestic law or a collective agreement pursuant to domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject (where the Data Protection Act 2018 Schedule 1(1) condition is met);

(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;

(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject domestic law; (where one of the 23 conditions set out in paragraphs 6 to 28 of Schedule 1 of the DPA 2018 are met for example - Schedule 1 Part 2 (8) Equality of opportunity or treatment)

(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject.

Data Sources and Sharing Your Personal Data

We typically collect personal information about our employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We will sometimes collect additional information from third parties including our service providers, former employers, credit reference agencies or other background check agencies.

Third parties includes third-party service providers (including contractors and designated agents) and other entities within the IET.

We will in some circumstances need to share your data with third parties, including IET third-party service providers where lawful to do so. This will, in some circumstances, involve sharing special categories of personal data and, where relevant, data about criminal convictions/allegations.

Employment activities are carried out by third-party service providers for the purposes of the; employee benefits platform, training (including eLearning), apprenticeship training programme (including sharing minimal personal data with Education & Skills Funding Agency for funding purposes), payroll, pension administration, health and life cover insurance provision, benefits provision and administration, health and occupational health service, IT services, security vetting, cycle to work, eye care.

We will conduct third party due diligence and always ensure appropriate contracts are in place and we require all third parties to respect the security of your data and to treat it in accordance with the law. We will in some circumstances transfer your personal information outside the UK and EEA. If we do, you can expect a similar degree of protection in respect of your personal information.

How long we will keep your personal data

We will process and retain your personal data for as long as is necessary to provide employment services to you and to fulfil and manage your employee benefits, and to comply with any applicable legal obligations, in accordance with statutory retention periods and our Retention Schedule.

Your Data Subject Rights

At any point while we are holding or processing your personal data, you have the following rights (the rights are not all absolute and are dependant on the lawful basis relied upon for processing your personal data and may be subject to data protection law exemption):

  • Right to be informed to be informed with privacy information at the time we collect your personal data (such as this Privacy Notice).
  • Right of access - You have the right to request a copy of the information that we hold about you.
  • Right of rectification - You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right of erasure - you may request the data we hold about you to be erased from our records. This right is not absolute and only applies in certain circumstances
  • Right to restriction of processing - Where certain conditions apply, you have the right to restrict the processing of your personal data. This means we will store the personal data, but not use it.
  • Right of data portability - You have the right to have the personal data you have provided us, or have it transmitted to another organisation, in a machine-readable format.
  • Right to object - You have the right to object to certain types of processing. This includes an absolute right to prevent your personal data being used for direct marketing.
  • Right to object to automated processing, including profiling - You have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects you.
  • Right to complain - You have the right to lodge a complaint with us (as the data controller) or with a supervisory authority.
  • Right to judicial review - You have the right to take legal action against a controller or processor where you consider that any of your rights have been infringed as a result of your personal data being processed in a way that does not comply with the UK GDPR. You also have the right to take legal action against the supervisory authority if they do not handle your complaint in an appropriate or timely manner.

How to Exercise Your Rights

You can exercise any of the above rights by contacting the data protection office at compliance@theiet.org.

In cases where we have contractually shared your data with a third party, we may also share your request with that third party so that they can assist us in fulfilling it.

Data Protection Complaints

In the event that you wish to make a complaint about how your personal data is processed by us or by third parties acting on our instruction, in the first instance please contact IET Data Protection Officer at PrivacyOffice@theiet.org.

You have the right to make a complaint to the Supervisory Authority if you have reason to believe the IET has not handled personal data in accordance with data protection law. The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO).

If you are located in the EU/EEA you may raise a complaint with the IET’s EU GDPR Representative - European Data Protection Office (EDPO). You can contact EDPO regarding matters pertaining to the GDPR by using EDPO’s online request form: https://edpo.com/gdpr-data-request/  or by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you are resident in India you may contact the IET India Designated Grievance Officer at india@theiet.org. 

Your responsibilities

Employees are contractually bound by confidentiality.

Updates to this policy

This policy will be kept up to date and amended where changes to data protection law dictate.

 Version: Nov 2023

Reviewed Jan 2024