Privacy Notice for International Employees and Contractors
Effective: 2023 November 27
Westfield Specialty Management Services Ltd., its subsidiaries and affiliates ("Westfield Specialty Ltd" or "we”, "us" or "our") respect your privacy. This Privacy Notice ("Privacy Notice") applies to Westfield Specialty and specifically to the personal data of employees, directors, officers, part-time workers and independent contractors (collectively, “employees”) of Westfield Specialty Ltd.
This Privacy Notice explains our practices regarding personal data, including the kinds of personal data we may collect and how we intend to use and share that personal data.
1. Personal Data We Collect
Westfield Specialty Ltd collects personal data from current and former employees and independent contractors ("Employee Personal Data”). The personal data we collect may include without limitation:
- Contact Information: name, address, phone number, email address;
- Identification Information: date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number;
- Education and Work History Information: employment history, education, professional qualifications, information that may be recorded on a resume/CV or application form, language abilities;
- Financial Information: salary information, financial information related to credit checks, bank details for payroll; and
- Other Information: photographs, CCTV footage, contact information of third parties in case of any emergency and next of kin and beneficiaries under any insurance policy, information derived from surveys and contests, and any addition information which may be voluntarily disclosed by you in the course of your contract or relationship with Westfield Specialty Ltd.
We may also collect special category personal data such as details of health and disability, including medical information, health insurance information, mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information (“Special Category Personal Data”).
Where Westfield Specialty Ltd carries out background checks and risk assessments on employees this may involve the processing of criminal record data and this will only be processed where such processing is specifically authorized or required by law (“Data Concerning Criminal Convictions and Offences” and collectively with Special Category Personal Data “Sensitive Personal Data”).
Failure to Provide Employee Personal Data
If you fail to provide Employee Personal Data when requested, we may not be able to: (i) perform the contract we have entered into with you; or (ii) comply with applicable legal obligations.
2. Purposes and Legal Bases Of Your Employee Personal Data
We process Employee Personal Data of employees, directors, officers, part-time workers and independent contractors for the following purposes, depending on the nature of the personal data and the relationship we have with you:
Category of Personal Data Purpose of Processing Legal BasisAll categories of Employee Personal DataMaintaining records regarding you and your role at Westfield Specialty LtdWestfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment and immigration laws
Westfield Specialty Ltd has a legitimate interest to ensure that we maintain accurate and comprehensive records (Article 6(1)(f), UK GDPR)Contact Information, Identification Information, Education and Work History InformationMaking a decision about your continued appointment, including the right to workWestfield Specialty Ltd must be able to manage and perform contracts with you (Article 6(1)(b), UK GDPR)
Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment and immigration laws
Westfield Specialty Ltd has a legitimate interest in effectively managing the retention of employees (Article 6(1)(f), UK GDPR)All categories of Employee Personal DataEntering into or performing the contract entered into with youWestfield Specialty Ltd must be able to manage and perform contracts with you (Article 6(1)(b), UK GDPR)
Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment and immigration lawsContact Information, Identification Information, Education and Work History Information, Financial InformationAdministering payroll benefits, insurance, and other benefits-related functions including succession and compensation planning, business travel or relocationWestfield Specialty Ltd must be able to manage and perform contracts with you (Article 6(1)(b), UK GDPR)
Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment laws
Westfield Specialty Ltd has a legitimate interest in ensuring employment benefits are provided in accordance with your contract, to arrange business travel and international mobility (Article 6(1)(f), UK GDPR)Contact Information, Identification Information, Education and Work History Information, Financial InformationAdministering human resource functions including performance reviews and appraisals, training, internal directories and charts, internal communications including authorizing and administering access to or use of our systems, facilities, devices and records, and dealing with disciplinary action, termination and retirementWestfield Specialty Ltd must be able to manage and perform contracts with you (Article 6(1)(b), UK GDPR)
Westfield Specialty Ltd has a legitimate interest in managing its business, to protect its interests and to ensure that all performance reviews and disciplinary actions etc. are managed efficiently and effectively (Article 6(1)(f), UK GDPR)Contact Information, Identification Information, Education and Work History Information, Financial InformationMaintaining health and safety in the workplace including managing leaves of absence (e.g., medical and maternity)Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment and health and safety lawsIdentification Information, Contact InformationCommunicating with you, vendors, and business associates including authorizing, granting and administering access to or use of our systems, facilities, devices and records as well as with your emergency contactsWestfield Specialty Ltd has a legitimate interest to ensure that it communicates promptly and effectively regarding employees and to guarantee their safety (Article 6(1)(f), UK GDPR)
Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR) including to comply with employment and health and safety lawsIdentification Information, Contact InformationCarrying out audits and to investigate and resolve complaints, grievances or misconduct, network and system security and access-related issues, including by protecting the company by monitoring internet access and use, and emails transmittedWestfield Specialty Ltd has a legitimate interest to manage its business and to efficiently and effectively resolve complaints, grievances or misconduct issues (Article 6(1)(f), UK GDPR)
Westfield Specialty Ltd may have a legal obligation to do so (Article 6(1)(c), UK GDPR)All categories of Employee Personal DataPreparing for and acting in relation to inquiries, investigations or proceedings, by governmental, administrative, judicial or regulatory authorities, including civil litigationWestfield Specialty Ltd has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), UK GDPR)
Westfield Specialty Ltd may have a legal obligation to do so (Article 6(1)(c), UK GDPR)Identification Information, Contact Information, Education and Work History InformationIf Westfield Specialty Ltd is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity, then Employee Personal Data may be transferred as part of such a transaction. Creating promotional information including videos, and promotional literature for internal and external use.Westfield Specialty Ltd has a legitimate interest to manage its business (Article 6(1)(f), UK GDPR)Sensitive Personal Data Data Concerning Criminal Convictions and OffencesWestfield Specialty Ltd may process Employee Personal Data relating to criminal convictions and offences to determine whether employees should continue their role with the organizationWestfield Specialty Ltd may have a legitimate interest to determine an employee’s ongoing fitness and propriety for a role (Article 6(1)(f) and 10, GDPR); Schedule 1 Part 2 paragraph(12), UK Data Protection Act 2018)Special Category Personal DataWestfield Specialty Ltd may process Special Category Personal Data including health data to ensure health and safety in the workplace and to provide reasonable workplace adjustments, to monitor demographic information to achieve diversity goalsWhere this involves the processing of health data, this is necessary for Westfield Specialty Ltd to comply with employment and other laws (including, health and safety laws) to, for example, ensure your health and safety in the workplace and to assess your fitness to work, to provide reasonable workplace adjustments, to monitor and manage medical absence and to administer benefits including statutory maternity pay, and statutory sick pay (Article 6(1)(c) GDPR and Article 9(2)(b) GDPR, Schedule 1 Part 1, Paragraph(1) or Part 2, Paragraph (8), UK Data Protection Act 2018)
You have a right to object to the processing of your Employee Personal Data where that processing is carried out for our legitimate interests. Please note however that Westfield Specialty Ltd may not be able to fulfil this request in all instances.
3. Disclosure of Employee Personal Data
We may share Employee Personal Data to the extent necessary for the above purposes with the following recipients:
Vendors and Service Providers
We may engage third parties to perform certain functions on our behalf. To do so, we may disclose Employee Personal Data to our third-party vendors and service providers such as, benefit administration, compensation management, payroll management, onboarding & new hire management, background checks, talent acquisition & staffing and information technology systems providers.
Affiliates and Subsidiaries
Westfield Specialty Ltd may share Employee Personal Data with our affiliates, including those in the U.S., and subsidiaries for our and our affiliates’ and subsidiaries’ internal business purposes.
Governmental Authorities
We may disclose your Employee Personal Data to local tax authorities and any governmental or administrative body where we determine that it is necessary or desirable in order to comply with applicable laws, court orders, or government regulations or to protect the rights or property of Westfield Specialty Ltd or any of its employees.
Merger, Sale or other Asset Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity, then your Employee Personal Data may be transferred as part of such a transaction as permitted by law and/or contract.
Other Third Parties
Independent public accountants and auditors, authorized representatives of internal control functions such as, audit, legal and/or corporate security and Lloyds of London.
Other Individuals
When you post content to the Intra-Westfield site(s), other internal individuals may be able to see certain Employee Personal Data about you, such as your name and/or picture in addition to the content you post.
4. Your Individual Rights
In accordance with applicable law, you may have the right to: (i) request access to or a copy of your Employee Personal Data; (ii) receive an electronic copy of your Employee Personal Data that you have provided to us, or ask us to send that data to another organization in a machine-readable format (known as the “right of data portability”); (iii) request that we restrict our uses of your Employee Personal Data; (iv) request correction of inaccurate, untrue or incomplete Employee Personal Data; (v) object to the processing of Employee Personal Data in certain circumstances; and (vi) request erasure of your Employee Personal Data subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request – unless we are entitled to extend this period in which case we will inform you of this extension. To protect your privacy, Westfield Specialty Ltd may take steps to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the applicable supervisory authority if you believe our processing of your Employee Personal Data violates applicable law.
It is important that the Employee Personal Data we hold about you is accurate and current. Please keep us informed if your Employee Personal Data changes during the course of our relationship.
Click Data Subject Rights Request, or contact a member of the Privacy Office by email or post, per the addresses below, to submit a request relevant to your rights.
5. Data Retention
Westfield Specialty Ltd retains the Employee Personal Data we receive as described in this Privacy Notice for as long as necessary to fulfill the purpose(s) for which it was collected in accordance with our record retention policies, and as follows: (i) for the duration of your contract or relationship; (ii) during or after the termination of the contract or relationship, for as long as necessary in order to resolve any queries or disputes; and (iii) in case of a legal or regulatory obligation requiring us to retain specific records for a set period of time, for that period of time.
6. Security of Your Employee Personal Data
We implement reasonable technical and organizational security measures designed to secure and protect Employee Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Employee Personal Data.
7. International Transfers of Employee Personal Data
We may disclose Employee Personal Data for the above listed purposes to recipients located in countries outside of the UK, including the U.S., some of which may not have data protection laws equivalent to those in the UK.
For intra-group transfers of Employee Personal Data, Westfield Specialty Ltd has entered into an intra-group data transfer agreement from Westfield Specialty Ltd to Ohio Farmers Insurance Company (“OFIC”) entities outside the UK/EEA/Switzerland or otherwise when we rely on a derogation for the international transfer of Employee Personal Data (e.g., where the transfer is necessary for the defense of legal claims). The identity and contact details of OFIC are set out in this section and below. The categories of Employee Personal Data processed by OFIC are set out above. OFIC may also transfer Employee Personal Data to the third party recipients who may be located outside the UK/EEA/Switzerland for the purposes set out herein. OFIC will only make such onward transfers to recipients ensuring appropriate safeguards in compliance with applicable law, or where otherwise permitted by the SCCs and which may include entry into SCCs. For cross-border transfers of Employee Personal Data to other recipients, including our service providers, Westfield Specialty Ltd will put in place appropriate safeguards so that Employee Personal Data is and remains protected. These may include implementing the Standard Contractual Clauses with the UK International Data Transfer Addendum or Binding Corporate Rules or otherwise when we rely on a derogation for the international transfer of Employee Personal Data (e.g., where the transfer is necessary for the defense of legal claims).
You may obtain further information and a copy of the relevant data transfer mechanisms that we have in place via contacting privacy@westfieldgrp.com.
8. Changes to This Privacy Notice
This Privacy Notice is reviewed and updated periodically. The most recent version of the Privacy Notice is reflected by the version date located at the top of this page. We encourage you to review this Privacy Notice often to stay informed of how we may process your information. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law.
9. Contact Us
For the purposes of UK data protection law, the entity which manages the hiring process where you are an applicant (Westfield Specialty Management Services, Ltd.) is the controller of personal data.
If you have any question about this Privacy Notice or the practices described in it, or would like to contact us about any rights you may have with regard to your personal data, you can contact us via the Data Subject Rights Request above, email, or postal mail as follows:
Email: privacy@westfieldgrp.com.
Post:
Floor 36
22 Bishopsgate
London
EC2N 4BQ
United Kingdom