Privacy Policy

This notice was last updated on 1st September2022.

The notice will be reviewed on an annual basis or when a change in legislation and/or practices dictates and any changes will be notified to you by posting an updated version on our websites and/or by contacting you via email.

We recommend that you regularly check for changes and review this policy when visiting our websites.

1.  Who are we?

Commercial Services Group (CSG) People Services is trading style of Commercial Services Kent Ltd (Reg No. 5858177), a company wholly owned by Kent County Council and registered in England andWales.

HR Connect, a trading brand within CSG People Services, delivers HR services to employers and employees of organisations that contract with us to provide services, for example – public / private sector organisations, schools and academies. We aim to maintain the highest possible standards and seek to adopt best practice with regards to the way in which we manage and process data in the course of our business.

CSG collects, uses and processes personal information about you. When we do we are regulated under the UK Data Protection Act 2018 (DPA 2018) and the EU GeneralData Protection Regulation (GDPR) which applies across the European Union. Depending on the service provided we are responsible as either a ‘controller’ or ‘processor’ of that personal information for the purposes of those laws.

If you have any questions, suggestions or complaints about the processing of your personal information please contact our Data Protection Officer (DPO) via email at DPO@csltd.org.uk.

We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers and their employees and other people with whom we interact in the course of undertaking our services.  This Privacy Notice offers both our customers and their employees with meaningful and accessible guidance on our approach to handling personal data.

2.  Our Services

We offer a number of HR Connect services including:

  • HR Delivery –including administration and issuing of employment contracts.
  • HR Helpline – an online and telephone advice service offering support and guidance on staffing matters relating to terms and conditions.
  • HR AdvisoryServices – providing specialist advice regarding HR and employment matters such as sickness absence and disciplinary issues alongside bespoke work such as investigations and mediation services.
  • Payroll Services– a comprehensive payroll service including processing staff payroll and addressing individual queries.
  • OccupationalHealth Services – including fitness for work assessments, work place assessments, ill health retirement assessments, vaccinations.
  • Support LineServices – Counselling, Workplace Mediation, Return to Work Coaching.
  • An online and telephone advice service offering support and guidance on staffing matters relating to health and work to support compliance with The Equality Act.
  • WorkplaceWellbeing Services - a range of consultancy and training services designed to support workplace wellbeing. This service includes: The Pulse - a staff and organisational survey, data analysis and insight reporting and Mental Health FirstAid Training - a fully accredited mental health education and awareness course.
  • Training –providing learning and development opportunities to individuals, groups and communities through our open course calendar, bespoke initiatives and personal development tools.
  • EmploymentCheck –an online system for Disclosure and Barring Services (DBS), Disclosure Scotland and reference checks.

In providing a service to our customers, it will be necessary for HRConnect to gather, obtain, record and hold your personal information.

3.  About the information we collect, use and retain

The section below summarises the information we collect, use and retain for our services, how and why we do so, how we use it and with whom it may be shared.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

4.  The personal information we collect and use

The table below summarises the information we collect, use and retain for our services, how and why we do so, how we use it and with whom it may be shared.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

For information collected for the purposes of our sub-brand: Kent-Teach, please see their Privacy Notice which is accessible via their website:

The information we collect How we collect the information Lawful basis How we use and may share the information
Personal information: such as name, address, telephone number, email address, date of birth, national insurance number, identification documents. From the customer organisation. For the performance of a contract (Please note this may be in relation to your own contract of employment with your employer or in relation to our contract of service with your employer). Legitimate interests in offering employment practice advice and other services. Provide an HR service to our customer – including administering recruitment, issuing contracts of employment and contractual variations, payment of salaries and administration of pensions, maintaining your personnel / payroll file on behalf of your employer. Undertake additional services that we offer to our customers e.g., investigation and mediation services. Provide training and development opportunities to individuals and groups of staff on behalf of our customers. Communicate with you on behalf of our customers where necessary throughout your employment lifecycle. Provide Support Line services to you – a confidential counselling service to you – no information is provided about your use of this service unless you have given us your consent. Fulfil requirements of pension schemes – e.g., Ill health retirement. Provide secure administrative access to our systems and relevant information for your employer as required.
Special Categories of Data (also known as sensitive personal data): including protected characteristics (such as sex, age, ethnic group, health and disability information), and data relating to your opinions or trade union membership. From the customer organisation. For carrying out legal obligations or exercising specific rights in employment or social law. For occupational health assessment. Where it is necessary for the establishment, exercise or defence of legal claims or where the courts are acting in their judicial capacity. We use consent where it is appropriate for us to do so . Provide Occupational Health advice to you and to your employer. Provide advice to your employer regarding your health and how it may impact on your ability to work.
Employment information: such as, information relating to Disclosure and Barring Service checks, work history, start dates, hours worked, post holdings, grade and salary information, attendance records, qualification details, training records and details of your professional registration and any restrictions which may apply. From the customer organisation. For the performance of a contract (Please note this may be in relation to your own contract of employment with your employer or in relation to our contract of service with your employer). Legitimate interests in offering employment practice advice and other services. Provide advice to our customer regarding HR and employment matters related to your employment. Fulfil safeguarding obligations.
Financial details: such as bank account details, payroll records, tax status information, pension and benefits information, details relating to statutory third-party payments i.e., court orders / attachment of earnings or voluntary payments. From the customer organisation. For the performance of a contract (Please note this may be in relation to your own contract of employment with your employer or in relation to our contract of service with your employer). Legitimate interests in offering employment practice advice and other services. Meet the statutory and contractual obligations of our customers in relation to pay / deductions and comply with their obligations under employment law.
Other Personal data: such as information related to recruitment, management, performance and employment of staff (for example disciplinary / absence / ill health / capability / performance management / grievance / investigation records) . From the customer organisation. For the performance of a contract (Please note this may be in relation to your own contract of employment with your employer or in relation to our contract of service with your employer). Legitimate interests in offering employment practice advice and other services. Provide advice to our customer regarding HR and employment matters related to your employment.
Management information: such as information related to recruitment, management, performance and employment of staff (for example disciplinary / absence / ill health / capability / performance management / grievance / management investigation records). From the customer organisation. For the performance of a contract (Please note this may be in relation to your own contract of employment with your employer or in relation to our contract of service with your employer). Legitimate interests in offering employment practice advice and other services. Provide advice to our customer regarding HR and employment matters related to your employment. Provide customers aggregated anonymised management information for statistical purposes – e.g. Employee Pulse Surveys. Provide customer account management including billing, handling of queries and provision of management information as required.

We may obtain other personal data from third parties with whom we liaise in providing a service to our Customers (e.g. HMRC / LGPS / Teachers’ PensionScheme / Disclosure and Barring Service / Legal Advisors / Parents/Guardians /Service Users), or by a representative acting on your behalf (trade union representative / solicitor).

We may also obtain sensitive personal data from third parties, with your consent and in compliance with legislation and professional guidelines, with whom we liaise in providing a service to your Employer e.g.your GP, Medical specialist, or by a representative acting on your behalf e.g. appointed advocate / solicitor.

Further details on how we handle personal information are set out in our Data Protection Policy and Policy statement on the secure storage, handling, use, retention and disposal of disclosure information.

Other than stated above, we will share personal information with law enforcement, our regulators or other authorities if required by applicable law.

As there is a statutory and contractual basis for collecting your personal data if you do not provide some or all of the details specified in the ‘The personal information we collect and use’ section, we maybe unable to enter into a contract with your organisation.

5.  How we use your information to make automated decisions

An automated decision is where an electronic system makes a decision using personal information without human intervention (e.g.monitoring your online activities and emails or events which trigger actions such as your sickness absence triggering our capability policy).  This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know.  These automated decisions can affect the services we may offer you now or in the future.

Automated decision making is allowed in the following circumstances:

  1. Where we have notified you of the decision and given you 21 days to request a reconsideration.
  2. Where it is necessary to fulfil our contractual obligations and requirements  and appropriate measures are in place to safeguard your rights.
  3. In limited circumstances, with your explicit consent and where appropriate measures are in place to safeguard your rights.  

If an automated decision is made, based on any particularly sensitive personal information, we must have either your explicit written consent or it must be justified

in the public interest, and we must put in place appropriate measures to safeguard your rights.

6.  How long your personal data will be retained

We will not keep your information for longer than is necessary, for either:

  • the purpose of administering your individual staff record
  • or as is necessary in providing a service to our customer
  • or as required bylaw

Upon expiry, any personal data which we are not legally obliged to retain, will be securely destroyed.

7.  Who we share your personal information with

Other than our customer we may share your personal or sensitive personal data with the following:

  • Representatives of recognised trade unions and professional associations or workplace colleagues identified by you to support in employment matters.
  • HM Revenue andCustoms, Department for Work and Pensions, Local Government Pension Scheme andTeachers Pension Scheme.
  • Cabinet Office –National Fraud Initiative, for the purposes of assisting the prevention and detection of fraud under a legal obligation.
  • Third parties engaged by the customer for the provision of identified services – i.e.Occupational Health Providers / Legal Advisors.
  • Third Party organisations - where you have instructed us to make payments / contributions from your salary or where we are advised directly to make deductions from your salary.
  • Local AuthoritySafeguarding Team/Local Authority Designated Officer (LADO) for the purposes of safeguarding children and young people.
  • Professional regulatory authorities such as the Teaching Regulation Agency.
  • Law enforcement, our regulators or other authorities if required by applicable law.

We will also share your personal information with third parties where it is necessary to administer our working relationship with you or where we have another legitimate interest in doing so (providing this is not overridden by your interests).

Customer information may be shared within KentHoldCo. Ltd. Group (ultimate holding company for CSG) under a Data SharingAgreement. The Agreement reflects the requirements of the UK GDPR and DPA2018. Where a customer organisation purchases multiple services from within theGroup the following information may be shared where this is required to deliver the services: title, name, email address / contact details, employee number, job title, products/services consumed.

We may also need to share some of the categories of personal information with other parties where a transfer of the business takes place. Usually, information will be anonymised or pseudonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations and legally binding data sharing agreements.

Access to data is only granted where authorised by our ICT supplier and specifically required in line with our contract with them. System data is hosted within the UK by an ISO 27001accredited supplier and supplier information security standards meet DBS requirements.

8.  Where information may be retained

Information may be retained at our offices and those of our service providers, representatives and agents as described above.

Some of the personal information you provide to us may be transferred to countries outside of the UK, or the EU/EEA. Where this occurs, CSG will make restricted transfer under UK “adequacy regulations” to protect individuals rights and freedoms for their personal data.  Where the UK has no “adequacy regulations” then the restricted transfer will be subject to appropriate safeguards whereby standard contractual clauses have been entered into with the organisation receiving the data.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK or the European Economic Area (EEA). 

9.  Reliance on UK exemptions from the GDPR

We may use information in reliance on the exemptions under the DPA 2018 where allowed e.g. where a claim to legal professional privilege would apply, in relation to the provision of confidential references or for the purposes of management forecasting (to the extent that such forecasting would be prejudiced by advance notification). 

10.  Your Rights

Under the DPA 2018 you have a number of rights which you can access free of charge which allow you to:

  • Know what we are doing with your information and why we are doing it.
  • Ask to see what information we hold about you.
  • Ask us to correct any mistakes in the information we hold about you.
  • Object to direct marketing.
  • Make a complaint to the Information CommissionersOffice.

Depending on our reason for using your information you may also be entitled to:

  • Ask us to delete information we hold about you.
  • Have your information transferred electronically to yourself or to another organisation.
  • Object to decisions being made that significantly affect you.
  • Object to how we are using your information.
  • Stop us using your information in certain ways.

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties.

Please note: your request may delay or prevent us delivering a service to you.

For further information about your rights, including the circumstances in which they apply, see the guidance from the UKInformation Commissioners Office (ICO) on individuals’ rights under the UKGeneral Data Protection Regulation https://ico.org.uk/

If you would like to exercise a right, please contact our DPO via email at dpo@csltd.org.uk or write to Data Protection Officer, Commercial Services Group, 1 Abbey Wood Road,King Hill, West Malling, ME19 4YT.

11.  Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures in place to deal with any suspected data security breach.We will notify you and the ICO as regulator of any suspected data security breach where we are legally required to do so.

12.  Who to Contact

If you have any questions, suggestions or complaints about the processing of your personal information, or you wish to exercise any of your rights please contact our Data Protection Officer (DPO) via email at DPO@csltd.org.uk or in writing by using the address below;

Data Protection Officer
Commercial Services Group
1 Abbey Wood Road
Kings Hill
West Malling
ME19 4YT

The UK General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.