1. How your personal data is used
REL (the “Company”) needs to collect, store and process personal information about you (the “Supplier”) for Company/Supplier purposes. As such the Company is a Data Controller as defined in the General Data Protection Regulation (GDPR). The personal information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the registration process, while you are working for us, at the time when your agreement with us ends and after you have left. This includes using personal information to enable us to comply with your agreement with us, if applicable, to comply with any legal requirements, pursue the legitimate interests of the Company and its affiliates and meet our obligation to respond as required under law in the event of legal proceedings. If you do not provide this data, we may be unable, in some circumstances to comply with our obligations and we will tell you about the implications of that decision should such occasion arise.
2. Types of personal data held
- personal details such as name, address, postcode, phone numbers
- date of birth
- information gathered during the registration process,
- personal information needed for payment and expenses purposes, including bank account details
- correspondence with or about you,
- photographs and videos which you may have supplied us
3. You may be referred to in Company documents, records and reports that are produced by you or by us in the course of carrying out the tasks that you perform on behalf of the Company.
4. Lawful Basis for Processing
The law on data processing allows us to process your data for certain reasons only. In the main, we process your data in order to comply with a legal requirement, or to effectively manage the agreement we have with you. We will also process your data to pursue our legitimate business interests as a company performing outsourced sales and marketing activities. We will never process your data where these interests are overridden by your own interests.
The information below categorises the types of data processing we undertake and the lawful bases we rely on:
|Activity requiring your data||Lawful basis|
|Carry out the tasks that you have accepted to complete for the Company e.g. using your name and contact details and phone number to offer tasks for you to complete on our behalf||Our legitimate interest|
|Ensuring you are paid||Legal obligation|
|Making reasonable adjustments for disabled
|Making decisions about rates of pay and other expenses due to you||Our legitimate interests|
|Effectively monitoring both your conduct, including timekeeping and attendance, and your performance and to undertake procedures where necessary||Our legitimate interests|
|Maintaining comprehensive up to date records about you to ensure, amongst other things, effective correspondence can be achieved||Our legitimate interests|
|Dealing with legal claims made against us||Our legitimate interests|
|Preventing fraud or reporting crime||Our legitimate interests|
|Ensuring our administrative and IT systems are secure and robust against unauthorised access||Our legitimate interests|
|Managing the relationship between Company and Supplier||Our legitimate interests|
|Ensuring that you have the correct equipment, systems and processes to fulfil the tasks that you have accepted||Our legitimate interests|
|Holding information that is specific to accreditation which you may have
|Our legitimate interests|
5. We may process special categories of personal data
Special categories of data are data relating to your:
- health or disability
- sex life/orientation
- race/ethnic origin
- political opinion
- trade union membership
- genetic and biometric data
We will process special category data when the following applies:
- you have given us explicit consent to the processing
- we must process the data in order to carry out our legal obligations
- we must process data for reasons of public interest
- you have already made the data public
- the personal information is required to protect your health in an emergency
6. Other than as mentioned below, we will only disclose personal information about you to third parties if we are legally obliged to do so, where we need to comply with any contractual duties to you, or where we have a legitimate interest in doing so, for instance we may need to pass on certain personal information to companies including but not limited to those involved in the administration of the payment to you, expenses, finance and registration functions, hotel, travel, in store accreditation companies, in store data capture, analytics and reporting companies, e-mail and telecommunication companies, point of sale and other companies used in delivering equipment, mail and courier companies, third party online data storage and transfer companies, journey and territory planning companies, our clients and with any other third parties necessary to pursue the Company/Supplier In such cases above, we may enter into Contract or other legal acts with such third parties that cover processing of your personal information.
We may transfer personal information about you to other group companies for purposes connected with the management of the Company’s business and we may also require you to provide your personal contact information to other businesses in connection with performing tasks allocated to you on behalf of the Company.
7. Employees within our company who have responsibility for registration and administration of payment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.
8. Your personal information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements or as a part of using the commercial services of IT or SaaS providers who provide processing services to the Company. In such cases, we perform due diligence on such providers and contractually require them to comply with the requirements of the General Data Protection Regulation (GDPR) concerning the protection of your personal information. In addition, your personal information may be processed outside of the European Economic Area by one or more of our affiliated companies, where applicable to the tasks that you perform for the business or your relationship with the Company.
9. We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
10. Your personal information will be stored for a reasonable time, or as otherwise determined by an applicable Data Retention Policy, in order for the Company to manage and conduct the Company/Supplier relationship and up to a maximum period, determined based on legal and governmental obligations the Company may have, based on the employment, tax and commercial regulations in the jurisdiction where you perform tasks allocated by the Company.
11. If in the future we intend to process your personal information for a purpose other than that which it was collected we will provide you with personal information on that purpose and any other relevant personal information.
12. You have the right to enquire of the Company human resources representative, certain personal information in your Supplier records depending on your country of residence and any applicable local data protection laws. Under the GDPR, if you are a resident of the EU, you will have the following additional rights with respect to your personal information, effective as of May 25, 2018:
- the right to be informed of the details about the data we hold on you and what we do with it
- the right of access to your personal information
- the right to rectification with respect to your personal information
- the right to erasure subject to legal and other obligations
- the right to restrict processing subject to legal and other obligations
- the right to data portability, subject to reasonable limitations
- the right to object to processing subject to legal and other obligations
- rights in relation to automated decision making and profiling.
13. If you have been asked to provide your consent for the processing, any specific personal information, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn or the legal obligations of the Company to process your personal information.
14. REL is the controller of data for the purposes of the GDPR.
Contact details of Controller and Information Compliance Manager
15. If you have any concerns as to how your data is processed, you can contact:
Simon Collins Information Compliance Manager at firstname.lastname@example.org
You can also write using the address of REL
210 Wharfedale Road
If you do not find resolution in the first instance with the Information Compliance Manager or the HR Department, then you have the right to lodge a complaint with the Information Commissioners Office (ICO) on
Live chat: Have an online conversation with someone at the ICO at
Email: Use the form at https://ico.org.uk/global/contact-us/email/