People Privacy Notice

Privacy Policy 2024
8 August 2024

 

We are committed to respecting your privacy and protecting your personal information (data) in line with data protection laws. This privacy notice explains how we use your personal data and tells you about your privacy rights.

This privacy notice covers the areas set out below.

This privacy notice explains how we collect and use your personal data if you work for us or have applied to work for us. Your personal data includes:

  • details we collect from you as part of the recruitment or contracting process
  • information you provide when you sign up for employee benefits, and
  • information we collect or create while you are working for us.

In this privacy notice, ‘we’ and ‘us’ mean either Royal Mail Group Limited or the other company named in your contract of employment or engagement. Royal Mail Group Limited includes Royal Mail and Parcelforce Worldwide.

This notice applies to you if you currently work for us or have worked for us in the past. It is not part of your contract of employment or any other contract to provide services. We may update this notice at any time.

If you are (or you work for) a Parcelforce Worldwide owner-driver or courier, please see our ‘Owner-driver and courier privacy notice’.

What is personal data?

Personal data is information which relates to a person who could be identified from it (for example, your name, email address and other personal details).

Where can I find more information about how my personal data is used?

The policies and guides on our PSP Policy and Information Site (referred to as PSP) provide more details of how we will use your personal data in specific circumstances. If you do not have access to PSP, you can find the policies on our intranet site.

The letters and forms relating to these policies and guides are also available through PSP. If you do not have access to PSP, please ask your manager to access the documents for you.

If you sign up to an employee scheme or benefit, the terms, conditions and any related information for that scheme or benefit will explain how we use personal data in those circumstances.

If you use information and communication systems (such as online platforms and communication tools), we may provide separate privacy notices which explain how we and our IT providers use your data.

You should read this privacy notice together with any other notice we provide about how we use personal data.

We need to use your personal data for several purposes. These include information you give us and information we collect while you are working for us. The table below gives more details of the personal data we use and where we get it from.

Type of data

What it includes

Where we get it from

Your personal details

This includes your:

  • name
  • date of birth
  • sex or gender
  • user IDs and passwords for our systems and your electronic devices (including laptops and handheld devices)
  • home and work addresses, phone numbers, email addresses and other contact details
  • National Insurance number and tax code
  • passport details, and
  • emergency contact details.

You usually provide this information when you apply for a job or when you update your records.

You may provide the information on a form given to your line manager or HR, or you may input the information directly into PSP and other systems such as SuccessFactors and My Bundle+.

User IDs and log-in details such as passwords will be created when you need access to business services for or in connection with your job.

Your work history, education and training details

This includes your:

  • educational and professional qualifications
  • job applications and CVs
  • employment history
  • references and other information gathered as part of the application process
  • membership of any professional organisations, and
  • records of training completed throughout your time working with us.

You provide some of this information when you apply for a job or a new position with us.

 

We also receive some information from other people and organisations such as:

  • your previous employers
  • employment agencies
  • training providers, and
  • background check providers (for example, the Disclosure and Barring Service).

 

Records relevant to your work for us

This includes:

  • your right to work
  • your work location
  • any documents required for specific roles (for example, drivers’ records)
  • your work attendance records, and
  • your employment history when working for us, including job titles, duties and working hours.

You provide some of this information. We collect the rest during your time working for us.

Your financial and pay records

This includes:

  • your bank account details
  • your payroll and expenses records
  • your pension records
  • your tax records, and
  • any employee benefits, voluntary deductions or salary sacrifice arrangements.

You provide some of this information (for example, your bank account details and pension arrangements). We collect the rest during your time working for us.

Shareholder records

This includes:

  • details of any Royal Mail plc free shares you have been given
  • details of any Royal Mail plc shares you have bought, and
  • records of dividends you have received.

We collect this information while you are working for us (for example, when you receive or buy shares and during certain administration activities).

Performance information

This is information relating to your performance at work (for example, information recorded in appraisals).

You provide some of this information (for example, evidence you have presented during the appraisal process). The rest is created by other people, such as your line manager, as part of their role.

Conduct and grievance information

This is information relating to your conduct or any grievances raised by you or against you. It includes:

  • records of your conduct
  • records of how these issues are handled and settled, and
  • information about decisions and action taken as a result of these issues.

This information will only be created where appropriate and in line with relevant policies. Information may be provided by you, your colleagues or members of the public.

We will also create information as part of any investigation.

Information collected through our systems

This includes:

  • information relating to your use of business information and communication systems
  • information collected by our entry and exit systems at site,
  • CCTV footage and other images or audio recordings, and
  • information collected through handheld devices and other technology. (This includes data relating to your working hours and your location and movements on our property, in our vehicles or at delivery.)

We will collect this information while you are working for us.

Information about your race or ethnic background, religious beliefs, sex or gender and sexuality

This includes details of your:

  • race or ethnic background
  • religious belief
  • gender identity, and
  • sexuality.

You will provide this information only if you choose to.

Trade union membership

This includes:

  • details of your membership
  • requests for membership fees to be paid from your pay, and
  • records of payments made.

You or your trade union will provide this information. For example, requests for membership fees to be paid from your salary will come from you or your trade union.

Information about your health

This includes:

  • information about your time off work
  • details of your medical conditions
  • your sickness records, and
  • occupational health assessments and other records.

You will provide some of this information when you provide details of any time you are off work because of your health.

 

We may also receive information from other people or organisations (for example, if you agree to be assessed by occupational health services).

Accident records

This includes:

  • records of any accidents or health and safety incidents you have been involved in, and
  • information about decisions and action taken as a result of these incidents.

You will provide some of this information if you report an accident.

 

We will collect the rest of the information while reporting, investigating and responding to the accident or incident.

Information about your criminal convictions, offences, and alleged offences

This includes:

  • records relating to your criminal convictions
  • details of any crimes you have been accused of, and
  • details of the penalties those crimes, such as fines or prison sentences.

You may provide this information when you apply to work for us or when you are working for us.

 

We may also collect this information from:

  • organisations such as background check providers (for example, the Disclosure and Barring Service), and
  • our employees and other people working for us, as part of their everyday duties.

Information collected from publicly available sources, including your social-media posts

This is information relevant to your work or us. It includes:

  • information about you which is posted on social-media accounts (for example, your interests, activities and opinions), and
  • information about your use of social media.

This is normally information you post publicly on your social media accounts or which other people post online. 

 

Other people may sometimes share posts you have made available to them. We may also collect information through monitoring the media and public information relating to Royal Mail. We will only collect this information when appropriate and in line with relevant policies.

Your preferences for how we communicate with you

These are your choices about how we send information to your personal email or phone.

 

This information may relate to:

  • employee benefits and surveys
  • business news
  • business strategy
  • work opportunities, and
  • our products and services.

You normally provide this information when you register at or log in to myroyalmail.com. 

 

If you are leaving work with us, we may collect this information at your exit interview.

 

Under data protection law, we can only use your personal data if we have a lawful basis (genuine legal reason) for doing so.

We use your personal data for the following.

  • Recruitment – recruiting employees, contractors and temporary workers
  • Security vetting – carrying out security and background checks
  • Staff administration – personnel management, keeping employment and work records and managing attendance and performance
  • Payroll – providing pay and benefits, and deducting tax and National Insurance contributions
  • Pensions and benefits administration
  • Training and development
  • Occupational health – managing attendance, assessing your fitness to work, and supporting you in work
  • Personnel matters – managing performance, and dealing with HR issues and grievances
  • Managing resources – tracking our people and their movements, such as their GPS locations, to monitor performance and working patterns, plan routes and manage resources efficiently
  • Meeting legal and regulatory requirements – for example, monitoring equal opportunities and health and safety responsibilities, and keeping mail safe
  • Claims and legal action – responding to claims and taking legal action
  • Employee and worker communications – providing you with information about us, your role and employee benefits you may be entitled to
  • Research – for example, carrying out opinion surveys, and analysing our performance and effect on the environment and economy
  • Business management and planning – running our business, managing organisational structures, and identifying and reducing risks to our business
  • Company administration helping Royal Mail plc to keep shareholder records and manage shares belonging to our employees
  • Managing business systems – giving you access to business services you need to use for your work.
  • Monitoring our use of information and communication systems – to identify trends and make sure we keep to the law, business standards and policies
  • Information security – maintaining network and information security, and preventing unauthorised access to our systems
  • Preventing and detecting crime – including using CCTV to monitor our sites
  • Processing for performance – to understand your performance and provide support, coaching, recognition and rewards, including through the My Doorstep App
  • Dealing with complaints – responding to, investigating and settling complaints made by customers or colleagues
  • Keeping in touch – communicating with you about employee benefits and surveys, our news and strategy, and information about our products and services. We also contact former employees about our news and opportunities with the business. 

Lawful bases for using personal data

The lawful bases for using your personal data are as follows.

  • Contract – we need to use the information for a contract you have with us (such as your employment or services agreement) or because you have asked us to take specific steps before entering into a contract with us.
  • Legal obligation – we need to use the information to keep to the law, including employment and labour regulations, and our obligations under postal and tax regulations.
  • Legitimate interests – we need to use the information for the following legitimate interests of ours or another organisation.
    • Training and developing people
    • Maintaining standards of conduct and behaviour
    • Communicating effectively with people
    • Managing a business effectively
    • Providing services to customers
    • Protecting information, rights, property and safety
  • Consent – you have given us clear permission for us to process your personal information for a specific purpose.
  • Public interest – we need to use the information to do something that is in the public interest, such as preventing or detecting fraud or criminal activities.
  • Vital interest – we need to use the information to protect your, or someone else’s, life or safety.

More than one of the lawful bases above will apply to some activities. Please contact us if you need details about the specific lawful basis we rely in a particular situation. Our contact details are in section 10.

Special categories of personal data

In some situations, we need to use ‘special categories of personal data’, often referred to as sensitive information. This includes information about your health, ethnic background, religious beliefs, sex or gender, sexuality and trade-union membership. We may do this when we need to:

  • in connection with legal rights or duties relating to your employment
  • to support or defend legal claims
  • to prevent crime or protect the public from dishonesty
  • to assess your ability to work and provide occupational health services
  • to protect your (or someone else’s) vital interests (for example, sharing information about your health in an emergency)
  • if it is in the public interest
  • if you have already made the data public (for example, about your trade union membership, if you are officially acting as a trade union representative, or if you have posted information online), and
  • if you specifically give us permission, for example to share information about your health in order to receive occupational health services).

Information about criminal offences and convictions

We use information about criminal convictions and offences to meet our legal responsibility to keep the mail safe and in relation to employment.

You will find more information about the way we use special categories of personal data, and information about criminal offences and convictions, in our ‘Special Category Data – Appropriate Policy Document’.

Information you must provide by law or as part of your contract

You must provide some personal information for legal purposes or as part of your contract. If you don’t, this may prevent us from:

  • keeping to the contract we have with you (such as paying you or providing employee benefits if you are entitled to them), or
  • carrying out our legal duties (such as protecting the health and safety of our employees).

If we need you to provide information for legal purposes, we will explain this to you.

We take the security of your personal data extremely seriously and have strict policies and standards to make sure it is handled and kept securely. This includes:

  • controlling who has access to your personal data
  • following suitable procedures, and
  • using technology to keep your personal data safe.

Our Information Security Policy, which covers the security of personal data, is available on our intranet at:
https://intranet.royalmailgroup.com/CompanySecretarysOffice/Pages/Royal-Mail-Group-Policies.aspx

If you do not have access to our intranet, please ask your manager for the policies.

Our employees, agents and contractors may use your personal data for the purposes set out above. For example, your manager and staff in HR may use your information to make sure you are paid correctly and to manage your attendance.

We may also share your personal data with the following organisations and for the following reasons.

Our suppliers

We may share your personal data with other organisations providing services to help us run our business. For example:

  • our IT suppliers need to use your personal data so that you can access our email and other IT systems, and
  • the printers creating and sending out payslips need your personal details so that you receive accurate records of your pay.

All our suppliers must have suitable security in place to protect your personal data in line with our policies. We only allow them to use your personal data for specific purposes and in line with our instructions.

When required by law or for regulatory purposes

We may share your personal data with other organisations to prevent or detect crime, or to protect someone’s rights, property or safety. These organisations include the police, law enforcement agencies and fraud-prevention agencies.

We may also have to share your information with:

  • the courts and people or organisations we are in dispute with, as part of legal action, and
  • regulators such as the Information Commissioner, to meet our legal or regulatory responsibilities.

We may share your personal data overseas if we, or another person or organisation, need it for any of the reasons set out above.  For example, if we use a service or technology provider based overseas, we may need to share your data with them.

We will make sure that your personal data is suitably protected by the overseas organisation (for example, by a contract approved by law for this purpose).

We will only keep your data for as long as we need to use it. We will decide how long that is for different types of information, based on:

  • how long we need the information for the purpose we use it for, and
  • legal and regulatory requirements, such as if we need to keep employment records or financial information for a specific period of time for legal reasons or in case of potential claims.

There are more details in our Data Protection and Privacy Policy, which is on our intranet at

https://intranet.royalmailgroup.com/CompanySecretarysOffice/Pages/Royal-Mail-Group-Policies.aspx

If you do not have access to our intranet, please ask your manager for the policy.

You have the following rights in relation to your personal data.

The right to be told how your data is used

We will give you information about how we use your personal data through privacy notices such as this one or notices that are available when we collect personal data from you.

The right to access your personal data

You have the right to see your personal data and details of how we use it.

You can ask for details of the personal data we hold about you by contacting our Information Rights Team at information.rights@royalmail.com. We will need proof of your identity. We will also need you to tell us which information and uses you want to know about, and any dates when we may have used that data. 

The right to have your data corrected (the right to rectification)

You have the right to have your data corrected if it is wrong or incomplete.

We will, as far as reasonably possible, make sure that your personal data is correct and up to date. However, we rely on you to check that some of the information we hold about you is correct and up to date. Please let us know about any changes to your information (for example, by updating your personal information in PSP or letting your manager know).

The right to object

You have the right to object your personal data being used. Even though you may have a right to object to us using your data, we may continue to use it if the law allows us to do so. Also, you only have the right to object to us using your personal data in limited situations. For example, this right does not apply if we need to use your personal data under your contract with us or to meet our legal responsibilities.

If you want us not to use your personal data for sending direct marketing of our business, products or services to your personal email address or phone number, you should:

  • use the unsubscribe link in emails we send you
  • reply STOP in text messages, or
  • write to us at any time. 

The right to have your data deleted (the right to erasure)

You have the right to ask us to delete your personal data if there is no legitimate reason for us to continue using it. However, if there is a legitimate reason for us to use it, we will not be able to delete it.

The right to restrict use of your data

You have the right to block the use of your personal data in some circumstances (for example, if you and we are in dispute over whether it is accurate).

The right to transfer your data (data portability)

This right only applies to personal data which you have provided to us and which we use with your permission or because we need to under a contract with you.

This right enables you to reuse your personal data across different services, allowing you to move or copy data from one organisation to another.

Your right to withdraw permission

If you have given us permission to use your personal data in a certain way, you can withdraw that permission at any time.

This only applies in circumstances where you have given us permission to use your personal data for a specific purpose. It does not apply where our legal basis for using your personal data is not ‘consent’. For example, the right to withdraw permission will not apply if we need to use your personal data for the purpose of your contract with us, or to meet a legal obligation.

For support relating to your personal data rights, please contact our Information Rights and Governance Team at information.rights@royalmail.com.

We sometimes use your personal data to analyse your abilities and behaviour. For example, we use online testing as part of our recruitment procedures. You have the right to object to this use of your data. (See section 8 for more information.)

We will not base any decision that will have a major effect on you just on automated assessments (that is, without a person being involved), unless the law allows us to do so. In these cases, we will tell you beforehand. 

If you have any questions about your personal data or this privacy notice, please contact our Information Rights and Governance Team.

Information Rights and Governance Team
Royal Mail Group
Pond Street
Sheffield
S98 6HR

Email: information.rights@royalmail.com

Work queries

If you have any questions about the data we use for work purposes or in relation to HR policies, please speak to your manager.

You can also get advice by calling the HR Advice Centre on 0345 6060603 or 5456 7100, or the Senior Manager Helpline on 01142 414815 or 5456 4815.

If you are a manager working for Parcelforce Worldwide, please call 0345 6042787 or 5456 4747.

Our Data Protection Officer

You can contact our Data Protection Officer at:

Royal Mail Group

185 Farringdon Road

London

EC1A 1AA

Email: information.rights@royalmail.com

Your right to complain to the Information Commissioner’s Office

If you believe we have not met our legal duties, you can complain to the Information Commissioner’s Office at the following address.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

SK9 5AF

Website: www.ico.org.uk

We will review our privacy notice regularly and post any updates on this web page. This privacy notice was last updated in December 2023.