Privacy statement for our employees
This section includes our privacy statement to staff, volunteers, interns, apprentices and contractors (including prospective employees).
What types of personal data do we process
Your personal data may include your name and surname, age, identity number contact details (e.g. your home address, postal address, email address or phone number), banking details and any other information we request from you from time to time. Other information which might be personal data may include:
“work and educational background”: We may collect information about your academic history, volunteering experience and employment history when you apply as an employee, volunteer or intern;
“device and device event information”:We may collect information such as your IP address, unique device identifier, the nature of the access device which you used to access our website, the geographic location from which you accessed our website, hardware model and settings, operating system type and version, browser language, system activity, and crashes;
“log information”: When you use our website, we may automatically collect and store certain information in server logs when you access our website, which may include your site activity information, such as details of how, when and for how long you accessed our website, what links you went to, what content you accessed, the amount of content viewed and the amount of time spent on the specific content.
“location information”:We may use various technologies to determine your actual location, such as geographical data from your access device (which is usually based on the GPS or IP location).
Personal data does not include information that has been de-identified to the extent that it cannot be re-identified again.
Compulsory personal data we require
Only your email address, name and surname, contact details, identity number and such other information as we specify from time to time, constitutes compulsory information. All other information is optional. If you do not agree to share compulsory information with us, then you will not be able to work for us. If you do not agree to share your optional information with us, then we might limit the work that you do with us.
How and when do we collect your personal data
Active collection from you:
- You apply for a position with us or contact us in relation to volunteering for us, or fundraising on our behalf.
- As part of the everyday administration and management of your contract with us. For example:
- You let us know if there is a change to your personal data.
- You apply for or notify us of leave.
- You complete your appraisal.
- You register to become involved in work-related activities such as a first aider, fire warden, surge roster staff or registered driver.
- You file a complaint or raise a concern.
- You attend or complete one of our training courses.
- You sign in at one of our buildings.
- You make a formal complaint or raise a concern about your work with us.
Passive collection:
- As part of the everyday administration of work-related activities. For example:
- You use an ICT approved or ICT provided system or technology.
- You are present (CCTV) at one of our sites.
Why do we collect and use your personal data
- To recruit and select employees, interns and volunteers.
- To enable payment of salary, tax, pension contributions and expenses.
- To manage your contract with us. For example, processing leave requests and maintaining appropriate levels of conduct and performance etc.
- To meet legal obligations. For example, we may process your personal data (including sensitive data such as physical or mental health) to protect your health and safety and to fulfil our equal opportunities obligations etc.
- To take appropriate action in the event that a formal complaint or concern is raised, including safeguarding.
- To run background checks in accordance with our due diligence policies and procedures.
- To plan staffing levels and necessary cover.
- To keep you informed of, and to improve our strategy, plans, activities and services. For example, we welcome and encourage your feedback, and in some cases might actively seek this.
Other employees might access your personal data where this is required for work purposes. Where this is the case, the organisation relies on all employees to access and use personal data in accordance with their obligations under our data protection policy.
In what situations do we collect personal data from other sources
We run a background check on all employees using a third party screening and due diligence service provided by Thomson Reuters. We might also use sources in the public domain such as Google or the Driver and Vehicle Licensing (DVLA) database for this purpose. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests such as the risk of fraud, corruption, bribery, terrorism and money laundering
In what situations do we share personal data with other organisations
- With law enforcement agencies if we receive a valid legal instruction.
- With third parties that we contract to administer HR activities on our behalf including payroll, pension and health/insurance cover providers.
- If you are involved in an insurance claim, we might share your personal data with insurance companies / brokers.
- As part of our recruitment and selection processes, we might run a background check on you. This may include sharing your personal data with employment agencies, previous employers and our third party screening and due diligence service provided by Thomson Reuters.
- We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.
We only share personal data with another organisation if we have a legal basis to do so.
In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes appropriate data protection clauses to ensure that they do not use personal data for their own marketing purposes, and that they have adequate security measures in place to protect your personal data.
From time to time, Islamic Relief and its service providers may need to transfer and/or store your personal data on servers and/or organisations in a jurisdiction other than where it was collected, and we hereby notify you, and you acknowledge, that such jurisdiction may not have comparable data protection legislation.
If the jurisdiction to which your personal data is transferred does not have laws which provide for the protection of personal data in a manner which is at least similar to the protections afforded under South African law, we will take reasonably practicable steps to ensure that your personal data is adequately protected in that jurisdiction.
What is our legal basis for collecting and using personal data
Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, to enable payment of your salary, tax, pension contributions and expenses.
Where the processing is required under the law. For example, collecting your medical information to protect your health & safety.
Where the processing is in our legitimate interests. For example, using your leave details to plan staffing levels and necessary cover. We will only rely on this legal basis if your interests and fundamental rights do not override our interest.
Where the processing is in your vital life interest. For example, sharing your personal data with emergency services in the event of a medical emergency.
Retention of your personal data
We may keep personal data for as long as you continue to access our website, for the duration of your employment with us and any reasonable time thereafter, or for as long as reasonably necessary or until you contact us and ask us to destroy the retained information.
Notwithstanding the foregoing and any other provision of this privacy statement, we may keep some or all of your personal data if and for as long as:
- we are required by law, a code of conduct or a contract with you to keep it;
- we reasonably need it for lawful purposes related to our functions and activities;
- we reasonably need it for evidentiary purposes;
- you agree to us keeping it for a specified further period; and/or
- it is permitted by law.