J D Wetherspoon plc (JDW) is a ‘data controller’, meaning that we are responsible for deciding how we hold and use personal information about you.
This policy does not form part of any contract of employment or other contract to provide services.
Data protection principles
In compliance with data protection laws, the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way.
- collected for valid purposes only, which we have clearly explained to you – and not used in any way which is incompatible with those purposes.
- relevant to the purposes we have told you about and limited to those purposes only.
- accurate and kept up to date.
- kept only as long as necessary for the purposes which we have clearly explained to you.
- kept securely.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where identity has been removed (anonymous data).
There are ‘special categories’ of more sensitive personal data which require a higher level of protection.
A list of the types of personal data and special-category data collected by JDW is set out below.
We will collect, store and use the following categories of personal information about you when you enquire and/or apply for a position at JDW:
- personal contact details, such as name, title, address, telephone number and e-mail address
- date of birth
- employment history
Employees and contractors
In addition to the above, we also collect, store and use the following personal data about you during your employment:
- marital status and dependants
- next of kin and emergency contact information
- national insurance number
- bank account details, payroll records and tax status information
- salary, annual leave, pension and benefits information
- start and leave date
- location of employment or workplace
- copy of driving licence/passport – where required for providing proof of right to work and obtaining additional ID documents, such as an airport pass or checking driving endorsements (employees who drive on company business)
- recruitment information (including copies of right-to-work documentation, references and other information included in a CV or covering letter or as part of the application process)
- employment records (including job titles, work history, working hours, training records, education records, qualifications and professional memberships)
- compensation history
- performance information
- disciplinary and grievance information
- CCTV footage and other information obtained through electronic means, such as biometric data (T&A records)
- information about your use of our information and communications systems
- information about your use of any employee discount
We may also collect, store and use the following ‘special categories’ of more sensitive personal information about:
- your ethnicity, collected as part of our legal responsibilities
- your health, including any medical conditions, attendance at work and sickness records
- criminal convictions and/or offences
How is your personal information collected?
As part of the recruitment process, personal information is collected from applicants, employment agencies, former employers, universities and/or companies in relation to apprenticeships, credit reference agencies or other background-check agencies.
How we will use information about you
Most commonly, we will use your personal information in circumstances where:
- we need to perform the contract we have entered into with you.
- we need to comply with a legal obligation.
- it is necessary for our legitimate interests (or those of a third party) – and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- where we need to protect your interests (or someone else’s interests)
- where it is needed in the public interest or for official purposes
Situations in which we will use your personal information
The situations in which we will process your personal information include the following:
- making a decision about your recruitment or appointment, including ongoing appointments
- assessing your skills, qualifications and suitability for a role
- communicating with you about the recruitment process
- keeping records about our hiring process
- deciding whether to enter into a contract of employment with you
- determining the terms on which you work for us
- checking that you are legally entitled to work in the UK
Employees and contractors
- paying you and, if you are an employee, deducting tax and national insurance contributions
- paying third parties on your behalf, for example court payments or student loans
- accessing and using the myJDW app and related systems
- monitoring your use of our information and communications systems, to ensure compliance with our IT policies
- ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- monitoring equal opportunities
- providing benefits to you, where appropriate, including: free shares, life assurance, pension, private medical insurance, childcare vouchers and flexible benefits for Wethercentre employees
- liaising with pension providers
- administering the employment contract into which we have entered with you
- managing and planning the business, including accounting and auditing
- conducting performance reviews and managing performance
- making decisions about salary reviews and compensation
- assessing education, training and development requirements
- assessing qualifications for a particular job or task, including decisions about promotions
- gathering evidence for possible grievance or disciplinary hearings
- dealing with legal disputes involving you or other employees and contractors, including accidents at work
- ascertaining your fitness to work
- managing attendance at work and sickness absence
- complying with health and safety obligations
- preventing fraud
- terminating employment/working relationships
Some of the above grounds for processing will overlap, and there may be several grounds which justify our use of your personal information.
Change of purpose
We will use your personal information only for those purposes for which we collect it, unless we reasonably consider that we need to use it for another purpose compatible with the original one.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where required or permitted by law.
How we use special-category information
We will use your special-category data in the following ways – to:
- comply with employment and other laws
- monitor attendance at work and manage sickness absence
- administer benefits
- assess your fitness to work
- provide appropriate workplace adjustments
- comply with equal opportunity monitoring and reporting obligations
Do we need your consent?
Generally, we do not need your consent to process your personal information in accordance with this policy or to exercise our legal obligations or rights. In limited circumstances, we may ask for your written consent to allow us to process certain sensitive data. If we do, we will provide you with full details of the information we would like and the reason we need it, so that you can consider whether you wish to consent.
Information about criminal convictions
Where appropriate, we will collect information about criminal convictions as part of the recruitment process or when notified of such information directly by you, the police or a criminal-background-check agency. We will use information about criminal convictions and offences in the following ways:
- to establish, during processes of recruitment and selection, your suitability for the role
- when considering your suitability for continued employment
- when complying with licensing objectives
This takes place when an electronic system uses personal information without human intervention.
You will not be subject to decisions which will have a significant impact on you, based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means; however, if this position changes, we will notify you in writing.
Why might you share my personal information with third parties?
We do this in the following instances: where it is required by law; to detect or report a crime; to enforce or apply the terms of our contracts; to protect the rights, property or safety of our visitors and customers; where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
The following activities are carried out by third-party service providers: HR and pension administration; benefits provision and administration; training; payroll; IT services (such as e-mails, website-hosting and management); health and safety reporting; recruitment; recording CCTV; myJDW app; company credit-/petrol-card administration.
How secure is my information with third-party service providers?
All of our third-party service providers are required to implement appropriate security measures to protect your personal information, in line with our policies.
On occasion, some third-party service providers may transfer information outside of the European Economic Area (EEA). This may happen where servers of our third-party service providers are located in a country outside of the EEA. Where possible, we will seek to work with service providers whose servers are located within the EEA.
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- We will transfer your personal data only to those countries deemed, by the European Commission, to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in the EU.
We have appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed or accessed/used in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties with a business need to know. They will process your personal data only on our instruction and are subject to a duty of confidentiality.
We have implemented procedures to deal with any suspected personal data breach – where legally required to do so, we will notify you (and any applicable regulator) of a breach.
For how long will you use my information?
We will retain your personal information only for as long as necessary to fulfil those purposes for which we collected it. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances, we may anonymise your personal information, so that it can no longer be associated with you – in which case we may process such information without further notice to you.
Rights of access, correction, erasure and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you be accurate and current. If your personal information changes during your working relationship with us, please keep us informed.
Your rights in connection with personal information
Under certain circumstances, you have rights, under data protection laws, in relation to your personal data, as follows:
- Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information which we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information, where there is no good reason for our continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. However, please note that, for specific legal reasons which will be notified to you at the time of your request (if applicable), we may not always be able to comply with your erasure request.
- Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, because you consider that it affects your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party. Note that this right applies only to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you wish to exercise any of the rights set out above, contact: email@example.com. There is no fee to pay to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee, where your request is clearly unfounded, repetitive or excessive. Alternatively, in these circumstances, we could refuse to comply with your request.
What we may need from you
We may need to request specific information from you to help us to confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information about your request, to speed up our response.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right, at any time, to withdraw your consent for that specific purpose. To withdraw your consent, contact: firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another legitimate basis in law for doing so. If you withdraw consent, we may be unable to provide certain products or services to you. We will advise you, at the time you withdraw your consent, whether this is the case.
Time limit to respond
We try to respond to all legitimate requests within one month, but it could take longer – if this is the case, we will notify you and keep you updated.
If you have any questions about this privacy notice or how we handle your personal information, contact: email@example.com. You have the right, at any time, to make a data protection complaint to the relevant supervisory authority.
If we have been unable to resolve your concerns and you wish to lodge a complaint with a supervisory authority, these are:
- Information Commissioner’s Office (www.ico.org.uk) – for the UK
- Data Protection Commission (www.dataprotection.ie) – for the Republic of Ireland
Changes to this privacy notice
This policy was last updated in January 2022. We reserve the right to update this privacy notice at any time. We may also notify you in other ways, from time to time, about the processing of your personal information.
This site is controlled and operated by J D Wetherspoon plc, England. Any claim in relation to the information on this site shall be governed by the laws of England, with English Courts having exclusive jurisdiction.