Employee Privacy Policy - Template, Sample Form Online Pro · UK-law

✓ Valid in United Kingdom · drafted to comply with local law

Create your Employee Privacy Policy - Template, Sample Form Online for use in United Kingdom. Answer a few plain-English questions and the document fills in automatically as you go — then download it in Word and PDF, ready to sign or share. This version has been professionally rewritten to comply with local law.

Answer 31 simple questions — the document fills in as you go
Live preview: watch your document update in real time
Download as Word (.docx) and PDF
Edit your answers and re-download anytime

Save to access it later, on any device.

Fill in the details

0/31

Type below — the document on the right updates as you go.

Employee Privacy Policy - Template, Sample Form Online

🔒The clauses below are blurred in the preview. Fill in your details, then pay once to unlock the full document and download it as Word & PDF.

________

EMPLOYEE PRIVACY NOTICE

Prepared in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018

This privacy notice has been issued by ________ of ________ (company registration number ________; Information Commissioner's Office registration number ________). It is important that you read and consider this notice carefully. It contains important information about:

who we are and how to contact us;
how and why we collect, store, use and share your personal information;
the lawful bases on which we rely;
your rights in relation to your personal information; and
how to contact us and the supervisory authority should you have a complaint.

This notice does not form part of your contract of employment and we may update it at any time in accordance with the section headed \"Changes to this notice\" below.

\u00a7 1. Who we are

________ (hereafter \"we\", \"our\" or \"us\") is the \"data controller\" (as defined in Article 4 of the UK GDPR) in respect of the personal information collected and processed about you as an employee (hereafter \"you\" or \"your\"). This means that we are responsible for deciding how and why your personal information is held and used. Our nominated contact for data protection matters is ________, who may be contacted via ________.

\u00a7 2. Types of information we collect

2.1 Personal information collected from you

The personal information we collect from you directly may include:

________

2.2 Special category (sensitive) personal information

We may collect and process information which is classed as \"special category data\" under Article 9 of the UK GDPR. This includes any information relating to:

your racial or ethnic origin;
your political opinions;
your religious or philosophical beliefs;
your trade union membership;
your genetic data;
your biometric data (where used for the purpose of uniquely identifying you);
your physical or mental health or condition; and
data concerning your sex life or sexual orientation.

Examples of the specific types of special category data we process include:

________

2.3 Criminal offence information

We may collect and process information relating to criminal convictions and offences, or related security measures, in accordance with Article 10 of the UK GDPR and Schedule 1 to the Data Protection Act 2018. The types of information in this category include:

________

Full details of our procedure for processing criminal offence data, including its retention and erasure, are set out in our relevant policy document, which can be found at: ________. We maintain an appropriate policy document as required by paragraph 5 of Schedule 1 to the Data Protection Act 2018.

\u00a7 3. How your information is collected

3.1 Information you provide to us

We will collect personal information which you provide to us directly, for example during recruitment, on commencement of employment and during the course of your employment.

3.2 Information from third parties

We may also collect information about you from the following sources:

________

3.3 Monitoring

Your personal information may be collected and processed through monitoring in the following manner:

________

Any such monitoring is carried out lawfully and proportionately, having regard to your reasonable expectation of privacy. Full details of our monitoring procedures can be found in our policy document, located at: ________.

3.4 Automated decision-making

You may be the subject of automated decision-making. Automated decision-making means the making of a decision solely by automated means, without any human involvement, which produces legal effects concerning you or similarly significantly affects you.

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam.

\u00a7 4. How we use your personal information

4.1 Purposes of processing

Your personal information will generally be processed for the following purposes:

________

Your special category data will generally be processed for the following purposes:

________

Any criminal offence information will generally be processed for the following purposes:

________

Any automated decision-making will generally take place in relation to the following matters:

________

Comprehensive details regarding the purposes of processing employee data are contained within our policy document entitled ________, which can be located at ________.

4.2 How we may share your personal information

In this notice, references to processing your personal information include the lawful sharing of that information with third parties.

In order to fulfil the above purposes, your personal information may be shared with the following recipients:

________

Your special category data may be shared with the following recipients:

________

Any criminal offence information may be shared with the following recipients:

________

Where any of your personal information is shared with a third party who acts as a processor on our behalf, we will only permit them to process such information for our specified purposes and in accordance with our written instructions, and not for their own purposes. We will enter into a written contract with each such processor as required by Article 28 of the UK GDPR.

\u00a7 5. How long we keep your personal information

Your personal information will only be retained for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements. Comprehensive details regarding our retention periods are contained within our policy document entitled ________.

\u00a7 6. Lawful bases for processing your personal information

6.1 General lawful bases

We are required to comply with data protection law when processing your personal information. We will only process your personal information for one or more of the following lawful bases set out in Article 6(1) of the UK GDPR:

where it is necessary for the performance of your contract of employment, or to take steps at your request prior to entering into that contract;
where it is necessary in order to comply with a legal obligation to which we are subject;
where it is necessary for the purposes of our legitimate interests or those of a third party (provided that your interests, rights and freedoms do not override those interests). Where we rely upon this basis, details of the legitimate interests concerned will be provided to you;
where it is necessary to protect your vital interests or those of another person; and/or
where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In general, to meet the purposes described above, we will usually process your personal information in order to enter into and perform our contract of employment with you, and to comply with our legal obligations as an employer.

6.2 Lawful bases applicable to special category data

In addition to a lawful basis under Article 6, we must satisfy a separate condition under Article 9(2) of the UK GDPR and, where relevant, a condition in Schedule 1 to the Data Protection Act 2018, before processing special category data. We will only process such data where one or more of the following additional conditions applies:

where it is necessary for the purposes of carrying out obligations and exercising rights in the field of employment, social security and social protection law;
where it is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent;
where the processing is carried out in the course of the legitimate activities of a foundation, association or not-for-profit body with a political, philosophical, religious or trade union aim;
where the information has manifestly been made public by you;
where the processing is necessary for the establishment, exercise or defence of legal claims;
where the processing is necessary for reasons of substantial public interest;
where the processing is necessary for the purposes of preventive or occupational medicine, the assessment of working capacity, medical diagnosis or the provision of health or social care;
where the processing is necessary for reasons of public interest in the area of public health; and/or
where the processing is necessary for archiving in the public interest, scientific or historical research purposes or statistical purposes;
in certain limited circumstances, where you have given your explicit consent.

In general, to meet the purposes described above, we will usually process your special category data where it is necessary for the purposes of performing or exercising obligations or rights in connection with employment, social security and social protection law.

6.3 Lawful bases applicable to criminal offence information

We will only process criminal offence information where it is permitted by Article 10 of the UK GDPR and where a condition in Schedule 1 to the Data Protection Act 2018 is met, including where one or more of the following additional conditions applies:

where it is necessary for the purposes of preventing or detecting unlawful acts;
where it is necessary for protecting the public against dishonesty, malpractice or other seriously improper conduct;
where it is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

In general, we will usually process criminal offence information in order to prevent and/or detect unlawful acts and to comply with our legal and regulatory obligations.

6.4 Lawful bases applicable to automated decision-making

We will only carry out automated decision-making which produces legal effects concerning you or similarly significantly affects you where one or more of the following conditions in Article 22(2) of the UK GDPR applies:

where it is necessary for entering into, or the performance of, your contract of employment;
where it is authorised by law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or
where it is based on your explicit consent.

\u00a7 7. Keeping your information secure

We have put in place appropriate technical and organisational measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, in accordance with Article 32 of the UK GDPR. Details regarding the storage and security of your personal information can be found in our policy document: ________.

We are ISO 27001 certified, which supports us in maintaining the security of your personal information.

We have procedures in place to deal with any suspected personal data breach, including notification to the Information Commissioner's Office and to affected individuals where we are legally required to do so. Details can be found in our ________.

\u00a7 8. Transfers of your information outside the United Kingdom

In order to meet the purposes described above, we may transfer your personal information outside the United Kingdom. Your personal information may be transferred to:

________

If you require any further information regarding transfers of your personal information outside the United Kingdom, or the safeguards in place, this can be found in our policy document entitled ________, which can be located at ________.

\u00a7 9. Your rights

Under the UK GDPR and the Data Protection Act 2018 you have a number of important rights, which you may exercise free of charge. In summary, these include the right to:

be informed about how we use your personal information (the right to transparency);
access your personal information and certain supplementary information (the right of access);
require us to correct any inaccurate or incomplete personal information we hold about you (the right to rectification);
require the erasure of your personal information in certain circumstances (the right to erasure / \"right to be forgotten\");
receive the personal information you have provided to us in a structured, commonly used and machine-readable format and to have it transmitted to a third party in certain circumstances (the right to data portability);
object to the processing of your personal information in certain circumstances, including processing carried out on the basis of our legitimate interests;
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
restrict our processing of your personal information in certain circumstances;
where we rely upon your consent to process your personal information, withdraw that consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

For further information on each of these rights, including the circumstances in which they apply, please refer to the guidance published by the Information Commissioner's Office (ICO).

If you would like to exercise any of these rights, please contact ________ via ________.

\u00a7 10. How to make a complaint

We hope that we can resolve any query or concern you may raise about our use of your personal information. If you have any concerns, you can make a complaint to us using the contact details set out above.

You also have the right to lodge a complaint with the Information Commissioner's Office, which is the supervisory authority for data protection matters in the United Kingdom. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.

The ICO can be contacted as follows:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113. Website: https://www.ico.org.uk

\u00a7 11. Changes to this notice

This privacy notice was published on ________ and was last updated on ________.

We may amend this privacy notice from time to time. We will notify all employees of any material changes by:

________

\u00a7 12. Contacting us

If you wish to contact us in relation to any aspect of this notice or your data protection rights, please contact: ________ via ________.

This privacy notice is fully and robustly endorsed at all levels by ________.

Signed: __________________________

Name: ________

Position: ________

For and on behalf of ________

Date: ___________________________

EMPLOYEE ACKNOWLEDGEMENT

I, ________, an employee of ________, confirm that I have been provided with a copy of this privacy notice, which I have read and understood.

Signed: __________________________

Print name: ________

Date: ___________________________

Fields you complete are inserted into the document live. This template is general guidance only — not legal advice.