Below is an example and framework of what a Privacy Notice could look like. It is very important that your lawyer check your Privacy Notice before you give it to your employees to ensure that it contains all the necessary information and that it is GDPR compliant in light of your specific business.
1. EMPLOYER DETAILS
2. COLLECTION OF PERSONAL DATA
Explain how you will collect Personal Data and what types of Personal Data you will be collecting and processing. For example, Personal Data, including name, contact details and live location, is collected by the Skynamo Software while the Software is in use.
3. HOW YOUR PERSONAL DATA WILL BE USED
Explain how you will use the Personal Data you collect. For example, how will you use the reports generated by the Skynamo Software?
4. LAWFUL BASIS FOR PROCESSING
Explain on which legal basis in terms of Article 6 you are collecting, storing and processing the Personal Data. For example:
• Consent: the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes;
• Contract: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
5. DATA RETENTION PERIODS
[explain how long you will retain the employee’s personal data]
6. EMPLOYEE’S RIGHTS
Explain which rights the employee has in respect of their Personal Data. For example:
• Under GDPR, the employee has the right to request access to and rectification or erasure of personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
• If the employee has provided consent for the processing of their data, they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn.
• The employee has the right to lodge a complaint to the Information Commissioners’ Office if they believe that the employer has not complied with the requirements of the GDPR with regard to their personal data.
7. SUB – PROCESSORS
[will you make use of any sub-processors? For example – “we will be making use of Skynamo and the Skynamo Software which will process your Personal Data on our behalf”]
8. DATA TRANSFERS
Will employees’ Personal Data be transferred to third parties? If so, how will the data be protected? Will any data transfers be done to an area outside of the EEA?
For example – transfer of your Personal Data might happen outside the EEA if a support query is lodged with Skynamo. In order to ensure that your data is protected, we have a data transfer agreement in place with Skynamo that regulated these data transfers.
9. DATA BREACHES
Explain how you will deal with data breaches or refer to your Data Breach Policy if available. For example:
“We want you to report any suspected data breaches. Please refer to our Data Breach Policy for details of how we will deal with any suspected data security breach and notify you and any applicable regulator of a suspected breach.”
“We will follow these procedures if there is any suspected data security breach:
• We will, not later than 72 hours after having become aware of it, notify the personal data breach to the relevant supervisory authority”
10. DATA PROTECTION OFFICER [if applicable]
If you have appointed a Data Protection Officer, provide his or her details here
Please take note that the above information is merely to provide a guideline of the steps that employers whose employees use the Skynamo Software will need to take in order to be GDPR compliant. It does not constitute legal advise and Skynamo provides no guarantee that the information and steps provided are sufficient for your business to be GDPR compliant. Please consult your lawyer about your GDPR compliance.