People Privacy Notice

We are committed to respecting your privacy and protecting your personal information (data) in line with data protection laws. This privacy notice explains how we use your personal data and tells you about your privacy rights.

This privacy notice covers the areas set out below.

This People Privacy Notice explains how we collect and use your personal data if you work for us or have applied to work for us. Your personal data includes:

  • details we collect from you as part of the recruitment or contracting process
  • information you provide when you sign up for employee benefits, and
  • information we collect or create while you are working for us.

In this privacy notice, ‘we’, ‘us’ and ‘Royal Mail Group’ mean either Royal Mail Group Limited or the other company named in your contract of employment or engagement. Royal Mail Group Limited includes Royal Mail and Parcelforce Worldwide.

This notice applies to you if you currently work for us or have worked for us in the past. It is not part of your contract of employment or any other contract to provide services. We may update this notice at any time.

If you are (or work for) a Parcelforce Worldwide owner-driver or courier, please see our ‘Owner-driver and courier privacy notice’.

What is personal data?

Personal data is information which relates to a person who has been or could be identified from it (for example, your name, email address and other personal details).

Where can I find more information about how my personal data is used?

The policies and guides on our PSP Policy and Information Site provide more details of how we will use your personal data in specific circumstances. If you do not have access to PSP, you can find the policies on our intranet site.

The letters and forms relating to these policies and guides are also available through PSP. If you do not have access to PSP, please ask your manager to access the documents for you.

If you sign up to an employee scheme or benefit, the terms and conditions (or related information) for that scheme or benefit will explain how we use personal data in those circumstances.

If you use information and communication systems (such as online platforms and communication tools), we may provide separate privacy notices which explain how we and our IT providers use your data.

You should read this People Privacy Notice together with any other notice about our uses of personal data which we provide for specific circumstances.

We need to use your personal data for several purposes. These include information you give us and information we collect while you are working for us. The table below gives more details of the personal data we use and where we get it from.

Type of data

What it includes

Where we get it from

Your personal details

This includes your:

  • name
  • date of birth
  • sex or gender
  • user IDs and passwords for your electronic devices (including laptops and PDAs)
  • home and work addresses, plus work and personal phone numbers, email addresses and other contact details,
  • National Insurance number and tax code
  • passport details, and
  • emergency contact details.

 

You usually provide this information when you apply for a job or when you update your records.

You may provide the information on a form given to your line manager or HR, or you may input the information directly into PSP and other systems such as SuccessFactors and My Bundle+.

Your work history, education and training details

This includes your:

  • educational and professional qualifications
  • job applications and CVs
  • employment history
  • references and other information gathered as part of the application process,
  • membership of any professional organisations, and
  • training records throughout your time working with us.

You provide some of this information when you apply for a job or a new position with us.

 

We also receive some information from other people and organisations such as:

  • your previous employers
  • employment agencies
  • training providers, and
  • background check providers (for example, the Disclosure and Barring Service).

 

Records relevant to your work for us

This includes:

  • your right to work
  • your work location
  • any documents required for specific roles (for example, drivers’ records)
  • your work attendance records, and
  • your employment history when working for us, including job titles, duties and working hours.

 

You provide some of this information. We collect the rest during your time working for us.

Your financial and pay records

This includes:

  • your bank account details
  • your payroll records
  • your pension records
  • your tax records, and
  • any employee benefits, voluntary deductions or salary sacrifice arrangements.

 

You provide some of this information (for example, your bank account details and pension arrangements). We collect the rest during your time working for us.

 

Shareholder records

This includes:

  • details of any Royal Mail plc free shares you have been given,
  • other Royal Mail plc shares you have bought, and
  • records of dividends you have received.

We collect this information while you are working for us (for example, when you acquire shares and during certain administration activities).

Performance information

This is information relating to your performance at work (for example, information recorded in appraisals).

 

You provide some of this information (for example, evidence you have presented during the appraisal process). The rest is created by other people, such as your line manager, as part of their role.

 

Conduct and grievance information

This is information relating to your conduct or any grievances raised by you or against you. It includes:

  • records of your conduct
  • records of how these issues are handled and settled, and
  • information about decisions and action taken as a result of these issues.

 

This information will only be created where appropriate and in line with relevant policies. Information may be provided by you, your colleagues or members of the public.

We will also create information as part of any investigation.

Information collected through our systems

 

This includes:

  • information relating to your use of business information and communication systems,
  • information collected by our entry and exit systems at sites,
  • CCTV footage and other images or audio recordings, and
  • information collected through PDAs and other technology. (This includes data relating to your working hours and your location and movements on our property, in our vehicles or on delivery.)

 

We will collect this information while you are working for us.

Information about your race or ethnic background, religious beliefs, sex or gender and sexuality

 

This includes details of your:

  • race or ethnic background
  • religious belief
  • gender identity, and
  • sexuality.  

 

You will provide this information only if you choose to.

Trade union membership

This includes:

  • details of your membership,
  • requests for membership fees to be paid from your pay, and
  • records of payments made.

 

You or your trade union will provide this information. For example, requests for membership fees to be paid from your salary will come from you or your trade union. 

Information about your health

 

This includes:

  • information about your time off work,
  • details of your medical conditions,
  • your sickness records, and
  • occupational health assessments and other records.

 

You will provide some of this information when you provide details of any time you are off work because of your health.

 

We may also receive information from other people or organisations (for example, if you agree to be assessed by occupational health services).

 

Accident records

This includes:

  • records of any accidents or health and safety incidents you have been involved in, and
  • information about decisions and action taken as a result of these incidents.

 

You will provide some of this information if you report an accident.

 

We will collect the rest of the information while reporting, investigating and responding to the accident or incident.

 

Information about your criminal convictions and offences, and alleged offences

This includes:

  • records relating to your criminal convictions,
  • details of any crimes you have been accused of committing, and
  • details of the penalties those crimes, such as fines or prison sentences.

You may provide this information when you apply to work for us or when you are working for us.

 

We may also collect this information from:

  • organisations such as background check providers (for example, the Disclosure and Barring Service), and
  • our employees, and other people working for us, as part of their everyday duties.

 

Details of your
social-media posts about yourself, our business or other employees

 

This includes:

  • information about you which is posted on social-media accounts (for example, your interests, activities and opinions), and
  • information about your use of social media.

 

This is normally information you post publicly on your social media accounts.  Sometimes other people may share with us posts you have made available to them.

Your preferences for how we communicate with you

These are your choices about how we send information to your personal email or phone.

 

This information may relate to:

  • employee benefits and surveys,
  • business news,
  • business strategy,
  • work opportunities, and
  • our products and services.

 

You normally provide this information when you register at or log in to myroyalmail.com. 

 

If you are leaving work with us, we may collect this information at your exit interview.

Under data protection law, we can only use your personal data if we have a lawful basis (genuine legal reason) for doing so.

We use your personal data for the following.

  • Recruitment – recruiting employees, contractors and temporary workers
  • Security vetting – carrying out security and background checks
  • Staff administration – personnel management, keeping employment and work records and managing attendance and performance
  • Payroll – providing pay and benefits, and deducting tax and National Insurance contributions
  • Pensions and benefits administration
  • Training and development
  • Occupational health – managing attendance, assessing your fitness to work, and supporting you in work
  • Personnel matters – managing performance, and dealing with HR issues and grievances
  • Managing resources – tracking our people and their movements, such as their GPS locations, to monitor performance and working patterns, plan routes and manage resources efficiently
  • Meeting legal and regulatory requirements – for example, monitoring equal opportunities and health and safety responsibilities, and keeping mail safe
  • Claims and legal action – responding to claims and taking legal action
  • Employee and worker communications – providing you with information about us, your role and employee benefits to which you may be entitled
  • Research – such as carrying out opinion surveys, and analysing our performance and effect on the environment and economy
  • Business management and planning – running our business, managing organisational structures, and identifying and reducing risks to our business
  • Company administration helping Royal Mail plc to keep shareholder records and manage shares belonging to our employees
  • Monitoring our use of information and communication systems – to identify trends and make sure we comply with the law, business standards and policies
  • Information security – maintaining network and information security, and preventing access to our systems which we have not allowed
  • Preventing and detecting crime – including using CCTV to monitor our sites
  • Keeping in touch – communicating with you about employee benefits and surveys, our news and strategy, and information about our products and services. We also contact former employees about our news and opportunities with the business.  

Lawful basis for using personal data

Our lawful bases for using your personal data are:

  1. Contract: the use is necessary for a contract or agreement with you, such as your employment or services agreement.
  1. Legal Obligation: the use is necessary to comply with the law. This includes compliance with employment and labour regulations, and our obligations under postal and tax regulations.
  1. Legitimate Interests: the use is necessary for the following legitimate interests of ours or another organisation:

    • Training and developing people
    • Maintaining standards of conduct and behaviour
    • Communicating effectively with people
    • Managing a business effectively
    • Providing services to customers
    • Protecting information, rights, property and safety
  1. Consent: in limited cases we may obtain your consent to use data for specific purposes.
  1. Public Interest: in other limited cases we may need to use your personal data to carry out a task in the public interest, such as preventing or detecting unlawful acts.
  1. Vital Interest: very occasionally, we may need to use your personal data to protect your, or someone else’s, vital interests, such as in a health emergency.

Please note that more than one of the lawful bases above will apply to some activities. Please contact us using the details below if you need details about the specific lawful basis on which we rely in a particular situation.

Special categories of personal data

In some situations, we need to use ‘special categories of personal data’. This includes information about your health, ethnic background, religious beliefs, sex or gender, sexuality and trade-union membership. We may do this where we need to:

  • in connection with legal rights or duties relating to your employment
  • to support or defend legal claims
  • to prevent crime or protect the public from dishonesty
  • to assess your ability to work and provide occupational health services
  • to protect your (or someone else’s) vital interests (for example, sharing information about your health in an emergency)
  • if it is in the substantial public interest
  • if you have already made the data public (for example, trade union membership if you are officially acting as a trade union representative), and
  • if you explicitly consent, for example to share information about your health to receive occupational health services).

Information about criminal offences and convictions

We use information about criminal convictions and offences to meet our legal responsibility to keep the mail safe and in relation to employment.

You will find more information about the way we use special categories of personal data, and information about criminal offences and convictions, in our ‘Special Category Data – Appropriate Policy Document’.

Information you must provide by law or as part of your contract

You must provide some personal information for legal purposes or as part of your contract. If you don’t, this may prevent us from:

  • keeping to the contract we have with you (such as paying you or providing employee benefits if you are entitled to them), or
  • carrying out our legal duties (such as protecting the health and safety of our personnel).

If we need you to provide information for legal purposes, we will explain this to you.

We take the security of your personal data extremely seriously and have strict policies and standards to make sure it is handled and kept securely. This includes:

  • controlling who has access to your personal data,
  • following suitable procedures, and
  • using technology to keep your personal data safe.

Our Information Security Policy, which covers the security of personal data, is available on our intranet at intranet.royalmailgroup.com/CompanySecretarysOffice/Pages/group_policies.aspx.

If you do not have access to our intranet, please ask your manager for the policies.

Our employees, agents and contractors may use your personal data for the purposes set out above. For example, your manager and staff in HR may use your information to make sure you are paid correctly and to manage your attendance.

We may also share your personal data with the following organisations and for the following reasons:

Our suppliers

We may share your personal data with other organisations providing services to help us run our business. For example:

  • our IT suppliers need to use your personal data so that you can access our email and other IT systems, and
  • the printers creating and sending out payslips need your personal details so that you receive accurate records of your pay.

All our suppliers must have suitable security in place to protect your personal data in line with our policies. We only allow them to use your personal data for specific purposes and in line with our instructions.

Where required by law or for regulatory purposes

We may share your personal data with other organisations to prevent or detect crime, or to protect someone’s rights, property or safety. These organisations include the police, law enforcement agencies and fraud-prevention agencies.

We may also have to share your information with:

  • the courts. and people or organisations with which we are in dispute, as part of legal action, and
  • regulators such as the Information Commissioner, to meet our legal or regulatory responsibilities.

We may share your personal data overseas if we or another person or organisation needs it for any of the reasons set out above.  For example, if we use a service or technology provider based overseas, we may need to share your data with them.

We will make sure that your personal data is suitably protected by the overseas organisation (for example, by a contract approved by law for this purpose).

We will only keep your data for as long as we need to use it. We will determine how long to retain different data based on the following requirements:

  • for how long we need the information for the purpose or purposes for which we use it, and
  • legal and regulatory requirements – such as where we need to retain employment or work records or financial data for an additional period of time in order to comply with the law or in case of potential claims.

Our Data Protection and Privacy Policy is available on the intranet at:

https://intranet.royalmailgroup.com/CompanySecretarysOffice/Pages/group_policies.aspx

If you do not have access to our intranet, please ask your manager for the policy.

You have the following rights in relation to your personal data.

The right to be informed about how your data is used

We will give you information about how we use your through privacy notices such as this one or notices that are available when we collect personal data from you.

The right to access your personal data

You have the right to see your personal data and details of how we use it.

You can ask for details of the personal data we hold about you by contacting our Information Rights Team at information.rights@royalmail.com. We will need proof of your identity. We will also need you to tell us which information and uses you want to know about, and any dates on which we may have used that data.  

The right to have your data corrected (right to rectification)

You have the right to have your data corrected if it is wrong or incomplete.

We will make sure that your personal data is correct and up to date, as far as we reasonably can. However, we rely on you to check that some of the information we hold about you is correct and up to date. Please let us know about any changes to your information (for example, by updating your personal information in PSP or letting your manager know).

The right to object

You have the right to object to some uses of your personal data, such as in direct marketing.  For example, you can ask us to stop sending information about our news, strategy, products and services to your personal email account or phone. To do this:

  • use the unsubscribe link in emails we send you,
  • reply STOP in text messages, or
  • write to us at any time. 

In other circumstances, even though you may have a right to object to our using your data, we may continue to use it where the law allows us to do so.  Also, you only have the right to object to our using your personal data in limited situations – for example, this right does not apply where we need to use your data under your contract with us or to meet our legal responsibilities.  

The right to have your data deleted (the right to erasure or ‘to be forgotten’)

You have the right to ask us to delete your personal data if there is no legitimate reason for us to continue using it. However, if there is a legitimate reason for us to use it, we will not be able to delete it.

The right to restrict use of your data

You have the right to block the use of your personal data in some circumstances (for example, if you and we are in dispute over whether it is accurate).

The right to transfer your data (data portability)

This right only applies to personal data which you have provided to us and which we use on the basis you consent to this or because it is necessary to perform a contract with you.

It enables you to reuse your personal data across different services, allowing you to move or copy data from one organisation to another if you choose.

Your right to withdraw consent

If have given us consent to use your personal data in a certain way, you can withdraw that consent at any time.

Please also note that this only applies in circumstances where you have given consent to the collection and use of your personal data for a specific purpose and does not apply where our legal basis for using your personal data is not consent. For example, where we need to use your personal data for the purposes of your contract with us, or to comply with a legal obligation, then the right to withdraw consent will not apply.

For support relating to your personal data rights, please contact our Information Rights and Governance Team at information.rights@royalmail.com.

We sometimes use your personal data to analyse your abilities and behaviour. For example, we use online testing as part of our recruitment procedures. You have the right to object to this use of your data. (See section 8 for more information.)

We will not base any decision that will have a major effect on you just on automated assessments (that is, without human input) unless the law allows us to do so. In these cases, we will tell you beforehand.  

If you have any questions about your personal data or this privacy notice, please contact our Information Rights and Governance Team.

Information Rights and Governance Team
Royal Mail Group
Pond Street
Sheffield
S98 6HR

Email: informationrights@royalmail.com

Work queries

If you have any questions about the data we use for work purposes or in relation to HR HR policies, please speak to your manager.

You can also get advice by calling the HR Advice Centre on 0345 6060603 or 5456 7100, or the Senior Manager Helpline on 01142 414815 or 5456 4815.

If you are a manager working for Parcelforce Worldwide, please call 0345 6042787 or 5456 4747.

Our Data Protection Officer

You can contact our Data Protection Officer at:

Royal Mail Group

100 Victoria Embankment

London

EC4Y 0HQ

Email: information.rights@royalmail.com

Your right to complain to the Information Commissioner’s Office

If you believe we have not met our legal duties, you can complain to the Information Commissioner’s Office at the following address.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

SK9 5AF.

Website:

www.ico.org.uk

Changes to this privacy notice

We will review our privacy notice regularly and post any updates on this web page. This privacy notice was last updated in December 2020.