Last updated: November, 2025
This Employee Privacy Promise explains how Millennium Support Ltd (“we”, “our”, or “us”) collects, uses, and protects personal information relating to the people we employ.
We take your privacy seriously and are committed to handling your data fairly, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
A) Data Protection Principles
We follow strict principles when processing personal data. In line with the UK GDPR, we ensure that all personal information is:
-
Processed lawfully, fairly, and transparently
-
Collected for specified, explicit, and legitimate purposes
-
Adequate, relevant, and limited to what is necessary
-
Accurate and kept up to date — any inaccurate data will be corrected or deleted without delay
-
Retained only as long as necessary for its purpose
-
Processed securely to protect against unauthorised or unlawful processing, loss, destruction, or damage
-
Transferred internationally only in compliance with applicable data protection laws
B) Types of Data Held
We keep several categories of personal data about the people we employ to manage employment effectively.
This data may be held in both paper and electronic form and can include:
-
Personal details (name, address, contact information)
-
Next of kin and emergency contact details
-
Photographs (e.g. for ID purposes)
-
Gender, marital status, disability or medical information (where relevant)
-
Right to work documentation
-
Equality and diversity information (e.g. race, religion, ethnicity)
-
Information provided during recruitment (CVs, cover letters, applications)
-
References from previous employers
-
Education, training, and employment history
-
National Insurance number, bank account details, and tax information
-
Driving licence or other documentation (if required for your role)
-
DBS checks and criminal record information (where applicable)
-
Employment details such as job title, contract, salary, and benefits
-
Records of absence, annual leave, and attendance
-
Performance management, appraisal, disciplinary, or grievance records
-
Training and development records
-
CCTV footage (where in operation)
-
IT system usage logs (including telephone, email, and internet use)
C) How We Collect Your Data
You provide most of the information we hold during recruitment and employment.
We may also receive data from:
-
Employment agencies
-
Former employers or referees
-
Regulatory or safeguarding bodies (e.g. CQC, DBS)
Your personal information is stored securely in HR systems and files accessible only to authorised personnel.
D) Lawful Basis for Processing
We process personal data under the following lawful bases:
| Activity | Lawful Basis |
|---|---|
| Managing your employment contract (e.g. pay, benefits, performance, conduct) | Performance of a contract |
| Ensuring compliance with legal and regulatory requirements (e.g. right to work, tax, DBS) | Legal obligation |
| Monitoring performance, attendance, and conduct | Legitimate interests |
| Managing absence and health-related matters | Legal obligation / legitimate interests |
| Providing training, supervision, and development | Legitimate interests |
| Responding to grievances or disciplinary matters | Legitimate interests |
| Managing restructuring or redundancy processes | Legitimate interests |
| Ensuring IT and data security | Legitimate interests |
| Preventing fraud or safeguarding individuals | Legitimate interests / legal obligation |
E) Special Category (Sensitive) Data
Special category data includes information about your:
-
Health
-
Race or ethnicity
-
Religious or philosophical beliefs
-
Sexual orientation
-
Trade union membership
-
Criminal convictions
We process this information only when necessary and lawful, including:
-
To meet our obligations under the Health and Social Care Act 2008 (Schedule 3) (e.g. DBS checks)
-
To comply with employment and equality laws (e.g. monitoring, adjustments, maternity pay)
-
To fulfil public interest obligations (e.g. reporting to CQC)
-
To manage sickness absence and occupational health
-
To make reasonable adjustments or assess fitness for work
Where required, we may rely on your explicit consent, which you can withdraw at any time.
F) Failure to Provide Data
If you do not provide information we require (for example, right to work documents or payroll details), we may not be able to enter into or continue your employment contract. In some cases, it may also prevent us from meeting our legal obligations.
G) Criminal Conviction Data
We collect criminal conviction data only where appropriate to your role and where the law allows it.
This is typically during recruitment and may be repeated during employment.
We use the Disclosure and Barring Service (DBS) to obtain relevant checks and rely on the lawful basis set out in the Health and Social Care Act 2008 (Schedule 3).
H) Who We Share Your Data With
We only share personal data where necessary, and always in accordance with data protection law.
We may share information with:
-
HM Revenue & Customs (HMRC)
-
Pension and healthcare providers (e.g. People’s Pension, Scottish Widows)
-
Insurance providers (e.g. Bollingtons)
-
Local authorities (for funding or regulatory purposes)
-
Regulators and public bodies (e.g. CQC, DBS, safeguarding boards)
-
Law enforcement agencies or courts (where required by law)
-
Banks, building societies, or letting agents (where you have provided consent)
-
Other employers (to provide employment references)
All third parties are required to maintain strict confidentiality and security standards.
We do not transfer employee data outside the UK or European Economic Area.
I) Protecting Your Data
We have robust organisational and technical measures in place to prevent unauthorised access, loss, or misuse of personal data.
Access is restricted to those who need it for legitimate work purposes.
All employees receive data protection training and are required to follow our policies on information security, confidentiality, and acceptable use.
J) Retention Periods
We only keep personal data for as long as necessary to fulfil its purpose or meet legal and regulatory requirements.
Examples include:
| Record Type | Retention Period |
|---|---|
| Personnel files (including training, performance, and absence records) | 6 years after employment ends |
| Payroll and wage records | 6 years |
| Statutory sick pay and maternity pay records | 6 years |
| Pension scheme and benefits records | 12 years after benefits end |
| Right to work, DBS, or criminal record checks | 6 years in line with personnel records |
| Health and safety assessments | Permanently (where required) |
After these periods, data is securely deleted or destroyed.
K) Automated Decision-Making
We do not use automated decision-making or profiling to make employment-related decisions.
L) Your Rights
You have the right to:
-
Be informed about how your data is used
-
Access the personal data we hold about you
-
Request correction of inaccurate or incomplete data
-
Request deletion of data in certain circumstances
-
Restrict or object to processing in some cases
-
Request data portability (transfer of your information to another organisation)
-
Withdraw consent where processing is based on consent
To exercise these rights, contact us using the details below. We will respond within one month.
M) Contacting Our Data Protection Officer
If you have any questions about this Employee Privacy Promise or how your personal data is handled, please contact our Data Protection Officer:
Email: [email protected]
Telephone: 01977 602867
Post: Data Protection Officer, Millennium Support Ltd, Wright Suite, First Floor, The Brewhouse, Nostell Business Estate, Wakefield, WF4 1AB
N) Complaints
If you believe your data rights have been breached, we encourage you to raise this internally first so we can address your concern.
You also have the right to contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
📞 0303 123 1113
🌐 https://ico.org.uk/concerns/