Next plc and its subsidiaries (“Next”) are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018, once enacted.
Looking after the personal information you share with us is very important, and we want you to be confident that your data is kept safely and securely and to understand how we use it.
We have published this notice to help you understand;
If we make changes to this notice we will notify you by updating it on our careers website, on the Intranet and also on NEP (Next Employee Portal)/NDEP.
Next acts as ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Next determines the purposes and ways in which any personal data are, or will be, processed.
Should you need to contact us please write to:
Data Protection Officer,
Next Retail Ltd.
or via firstname.lastname@example.org quoting Security and Privacy Enquiry.
This Privacy Notice was last updated on the 24th May 2018.
As your employer we need to keep and process information about you for normal employment purposes.
The types of personal information we may collect includes the following but please note this list is not exhaustive;
For unsuccessful job applicants we will collect much less information about you, limited to what you provide in your CV or job application, interview notes and any tests that you undertake as part of the interview process.
You will have provided much of the information we hold but some may come from other internal sources, such as your manager, or external sources, such as referees.
We will keep and use this information in order to enable us to run the business and manage our relationship with you lawfully and appropriately during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left.
We use your information to enable us to communicate with you, process your job application, fulfil your employment contract, comply with any legal requirements, pursue our legitimate interests and protect our position in the event of legal proceedings.
We use your information in a number of ways but again please note this list is not exhaustive;
We may need to process your data to pursue our legitimate business interests for example to prevent fraud, for administrative purposes or reporting potential crimes.
You may also be referred to in company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of Next.
Where necessary, we may keep information relating to your health, which could include reasons for absence, GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations, to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.
If you leave employment and, under any share plan operated by a group company, the reason for leaving is determined to be ill-health, injury or disability, we will use the information about your physical or mental health, or disability status in reaching a decision about your entitlements under the share plan.
Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we do this under the legitimate interests of the Company or where it is required by law or to protect your health in an emergency.
In addition, we monitor computer, telephone and mobile telephone use, as detailed in the Acceptable Use Policy available on the intranet and NEP/NDEP.
Unsuccessful job applicants:
We may share your information with certain third parties such as the following;
In some cases, we may transfer your personal data to countries outside the European Economic Area. For example, Next works with Capita India who provide a number of support services to Next.
Where we carry out these transfers we will ensure that such transfers are compliant with the General Data Protection Regulation and the Data Protection Act 2018 and that appropriate measures are put in place to keep your personal information secure.
You are entitled to request the following from Next, these are called your Data Subject Rights and there is more information on these on the Information Commissioners’ website at www.ico.org.uk
For further details on these rights and our approach to data protection generally please see the Data Protection Policy on the Intranet and NEP. If you have any questions about them, please contact the Data Protection Officer email@example.com
If you are unhappy with the way in which Next has handled your personal information and you have already been in contact with us (on the above details) and feel we did not resolve your issues to your satisfaction, you can contact the Information Commissioners Office (The UK’s Data Protection Regulator) via www.ico.org.uk