Lexington is built around people, our fabulous team, clients, customers and suppliers, so your trust is of utmost importance to us.
We take the privacy and security of your personal information very seriously. Lexington and all of its associated and subsidiary companies (“we”, “us” and “our”) are committed to protecting the privacy of any personal information you give us and we will comply with all relevant data protection legislation and related applicable UK legislation.
Keeping your data safe
Who’s in control of your personal data?
The following of our Group companies may from time to time be the “controller” of all personal data collected and used for the purposes of providing and promoting our services:
- Lexington Catering Limited (registered in England and Wales with company registration number 03428444 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Elior UK Holdings Limited (registered in England and Wales with company registration number 02352329 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Elior UK Plc (registered in England and Wales with company registration number 1106729 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Elior UK Services Limited (registered in England and Wales with company registration number 5032425 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Waterfall Elior Limited (registered in England and Wales with company registration number 10182710 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Taylor Shaw Limited (registered in England and Wales with company registration number 06576188 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Caterplus Services Limited (registered in England and Wales with company registration number 02594800 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- The Riverside Events LLP (registered in England and Wales with company registration number OC350199 and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET);
- Edwards and Blake Limited (registered in England and Wales with company registration number 03461947and registered office address at The Courtyard, Catherine Street, Macclesfield, Cheshire SK11 6ET).
This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
Where do we collect data from?
We collect personal data from a variety of sources and in a variety of ways, including the following:
- from you when you make a booking or an enquiry either through one of our websites (including our website contact form) or otherwise (for example, by email, telephone or via social media);
- from you when you enter a raffle or competition (for example, by giving us your business card in a business card raffle);
- from you when you complete a feedback form, questionnaire or survey; and
- from other customers if you attend an event that is run or organised by them and at which we are asked to provide catering or reception services.
What data do we collect and why?
We collect the following personal data about you and use it for the following purposes:
- When you make a booking or enquiry, we collect your full name, address, email address, telephone number, the company you are from (if you are booking or enquiring on behalf of a company) and details about your booking or enquiry. We will also collect any additional personal data you choose to send to us as part of your booking or enquiry. If you contact us on social media, we will also collect your social media handle.
- We don’t ask you for dietary requirements at booking stage but if you (or any other guests) have any dietary needs, we will need to ask you for these before the event so that we can ensure that we provide appropriate meals.
- When you enter a raffle or competition, we collect your full name, email address, telephone number and any other personal data which you submit as part of the raffle or competition (for example, your work address if this appears on your business card in a business card raffle).
- When you complete a customer feedback form, questionnaire or survey, we collect your name, address, email address, telephone number, gender, dietary requirements and any feedback or information you provide about your experience of our catering or reception services.
- When we obtain information about you from other customers, this information will include your name and any dietary requirements that you have. We sometimes also receive your email address from customers, for example if we are providing catering and reception services at a corporate event that you are attending and it is easiest for us to communicate directly with guests.
Some personal data is designated as “special category” personal data. This is personal data which is subject to higher levels of protection because it is more sensitive. This includes information about health, race, religion and political opinions. We don’t usually collect any special category data, but we do need to know about any dietary requirements that you or any guests have. Usually this will only tell us what food is required (e.g. “gluten-free” or “no pork”) but occasionally it might include some special category data (e.g. “coeliac disease” or “Muslim”). You should note the following points specifically about this type of data:
- We will only use this data to make sure you are provided with a safe and suitable meal for you. Usually this is only used in conjunction with your name so that we know who needs to be served with a particular meal.
- If you are providing dietary requirements about yourself or anyone else, where possible you should only tell us the food required and not any information about the reason for the food being required.
- If you do give us information about the reason for the food being required and this reveals a health issue or your or someone else’s religion, you should make sure that you and/or that other person are aware of the fact that we will process this data and happy for us to do so.
What do we use your personal data for?
We use your personal data for the following purposes:
- to fulfil bookings, respond to enquiries and correspondence and to provide our catering and reception services to you;
- to ensure we can provide you with a safe and suitable meal for you;
- to enable you to participate in raffles and competitions that you enter and to fulfil those raffles/competitions (for example, we use your email address to contact you if you win a prize);
- to improve our business (for example, we use feedback gathered through feedback forms, questionnaires and surveys to see what people liked and didn’t like about our services so that we can act on this feedback); and
- to communicate with you about your event or an event you are attending.
Where we hold your email address, we use this to contact you with information about our services that we think that you will be interested in. We will ask you for your consent and/or give you an opportunity to opt out of receiving such communications when we collect your information. You can change your mind at any time and object to receiving such communications by clicking the “Unsubscribe” link in each email. We also use telephone numbers that we hold to market and promote our services by telephone. We will screen against the Telephone Preference Service and Corporate Telephone Preference Service before we do this and you can let us know at any time that you don’t want to receive further calls by telling the person who calls you.
What is our legal basis for using your personal data?
Where we process your personal data for the purposes of fulfilling a booking you have made and corresponding with you in relation to that booking, we do this on the basis that it is necessary to perform our contract with you to provide our services. Similarly, if you make an enquiry about a booking and we process your personal data in order to communicate with you regarding your enquiry, we do this on the basis that it is necessary to take steps at your request prior to entering into a contract with you.
For all other purposes listed above, we process your personal data on the basis that it is in our legitimate interests to do so. The legitimate interests that we rely on are as follows:
- We have a legitimate interest in responding to any queries, comments and correspondence that you send to us so that we can ensure we provide a high standard of service and a good impression of our business to anyone who gets in touch with us.
- We have a legitimate interest in running raffles and competitions in order to promote our business.
- We have a legitimate interest in collecting customer feedback so that we can continue to improve our business.
- We need to know guests’ dietary requirements as we have a legitimate interest in ensuring appropriate meals are provided for all guests.
- We have a legitimate interest in using personal data for marketing purposes so that we can promote our business.
You have a legal right to object to us using your personal data where we process your data on the basis of our legitimate interests. To object to marketing, you can respond to our emails and confirm “Unsubscribe” or tell the Elior/Lexington representative making a marketing call to you or email GDPRenquiry@elior.co.uk. To object to all other uses set out above, you can either choose not to provide us with the data in the first place (e.g. by not entering a competition or completing a feedback form anonymously) or you can email GDPRenquiry@elior.co.uk. We may not always be required to stop processing your data if we have compelling legitimate reasons to continue to do so.
Who do we share your personal data with?
We need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us, such as IT service providers and hosting providers.
We will also share your personal data with third parties in the following circumstances:
- where you have specifically consented to us sharing your data with a particular third party;
- where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party; and
- if our business or any part of it is acquired by a third party, in which case we will need to share your personal data with that third party.
If we hold your personal data as a result of a relationship or potential relationship with the business that you work for, your business details will be stored in our client relationship management system. Some of the information within this system (including your contact name and contact details, business name and details, revenue, employee numbers and market) will be visible by employees across the Elior Group in the EEA, Dominican Republic, Chile, India, Mexico and the USA.
We do not transfer or store your personal data outside the European Economic Area (EEA). If we do transfer your data outside the EEA, we will inform you and we will ensure that equivalent protections to those in the UK are put in place to protect your personal data.
How long do we keep your personal data for?
We will keep all your personal data for up to 6 years from our last event or contract with you, or if we feel that your personal data is not needed for such a period of time we will delete your personal data sooner.
What rights do you have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
If you want to exercise any of these rights, please email us at GDPRenquiry@elior.co.uk or write to us at The Courtyard, Catherine Street, Macclesfield, Cheshire, SK11 6ET.The rights you have are as follows:
- a right to access your information (subject to some exceptions);
- a right to receive an electronic copy of the information that we use to fulfil your booking and/or respond to booking enquiries and to ask us to send that information to a third party if it is technically possible to do so;
- a right to object to us processing your information where we rely on our legitimate interests as the basis of our processing. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so;
- a right to have inaccurate personal data corrected;
- a right to have your data erased in certain circumstances, for example if we no longer need your data or we have processed your data unlawfully; and
- a right to have processing of your data restricted in certain circumstances, for example if you think the data is inaccurate and we need to verify its accuracy. “Restricting” personal data means that we only store it and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or protect a third party or the public.
How can you contact us?
What if you have a complaint?
You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data. You can find out how to do this by visiting www.ico.org.uk
What if this policy changes?
This document explains how the Company collects and uses information about potential, existing and former colleagues, workers and contractors / consultants for employment or service related purposes.
It provides an overview of the data that we collect, the purposes for which we use that data, the legal basis which permits us to use your information and the rights that you have in relation to your information.
This section does not form part of any contract of employment or other contract to provide services. If there are any changes to the way in which your personal information is used, this section will be updated, or a new privacy notice provided and we will notify you of the changes.
The contact details of the Company for the purposes of data protection compliance are as follows:
Address: People Services, Elior UK, The Courtyard, Catherine Street, Macclesfield, SK11 6ET
Telephone: 01625 448777 Email: email@example.com
What is personal information?
Personal information is any information that tells us something about you. This could include information such as name, contact details, date of birth, medical information and bank account details.
How do we collect personal information?
We collect personal information about you from various sources including:
- from you when you contact us directly through the application and recruitment process or during your employment;
- from other people when we check references or carry out background checks; and
- we also collect information about job-related activities through the course of your employment with us, or for contractors, the services you provide for us.
What information do we collect?
We collect the following categories of information about you:
- Personal contact details such as name, title, address, telephone number and personal email addresses;
- Date of birth;
- Marital status and dependents;
- Next of kin and emergency contact information;
- National insurance number;
- Bank account details, payroll records and tax status information;
- Salary, annual leave, pension and benefits information;
- Start and end date of employment;
- Location of employment or workplace;
- Copy of your driving licence if we provide you with a company car or if you need to drive as part of your employment;
- Recruitment information (including copies of right to work documentation, references and other information in your CV or cover letter or otherwise provided as part of the application process);
- Employment records (including job titles, work history, working hours, training records and professional memberships);
- Compensation history;
- Performance information (including appraisals);
- Disciplinary and grievance information;
- CCTV footage and other information obtained through electronic means such as swipecard records;
- Information about your use of our information and communication systems;
- Information about your race or ethnicity, and religious belief; sexual orientation and political opinions;
- Trade union membership;
- Information about your health, including any medical condition, health and sickness records;
- Information about criminal convictions and offences committed by you; and
- If you are applying for a job on a client site or where you will work with one particular client, our clients sometimes ask us to carry out additional screening checks depending on the nature of their particular business. If this is the case, we will let you know at the time the check is carried out, what the check is and what information it will reveal. If we need your consent to the check, we will also ask for it at that stage.
How do we use your information?
We use your information for the following purposes:
- To make decisions about your recruitment and appointment;
- To determine the terms on which you work for us;
- To check you are legally entitled to work in the UK;
- To pay you and, if you are an employee, to deduct tax and national insurance contributions;
- To provide benefits to you, which may include private medical insurance, private health insurance, life assurance, childcare vouchers;
- To liaise with your pension provider;
- To administer the contract we have with you;
- For business management and planning purposes, including accounting and auditing and the use of your work/personal mobile number for our disaster recovery plan;
- To conduct performance reviews, manage performance and determine performance requirements;
- To make decisions about salary reviews and compensation;
- To assess your qualifications for a particular job or task, including decisions about promotions;
- To gather evidence for possible grievance or disciplinary hearings;
- To make decisions about your continued employment or engagement;
- To make arrangements for the termination of our working relationship;
- For education, training and development;
- To deal with legal disputes involving you or other employees, workers or contractors, including accidents at work;
- To ascertain your fitness for work;
- To manage sickness absence;
- To comply with health and safety obligations;
- To prevent fraud;
- To monitor your use of our information and communication systems to ensure compliance with our IT policies;
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
- To conduct data analytics studies to review and better understand employee retention and attrition rates; and
- To carry out equal opportunities monitoring.
What is the legal basis that permits us to use your information?
Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal bases to use your information for employment-related purposes:
- Where we need information to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation; and
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- In more limited circumstances we may also rely on the following legal bases:
- Where we need to protect your interests (or someone else’s interests); or
- Where it is needed in the public interest or for official purposes.
Some information is classified as “special” data under data protection legislation. This includes information relating to health, racial or ethnic origin, religious beliefs or political opinions, sexual orientation and trade union membership. This information is more sensitive, and we need to have further justifications for collecting, storing and using this type of personal information. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process special categories of personal information and criminal conviction information in the following circumstances:
- In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent;
- We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
- We will use information about your race or ethnic origin, religious, philosophical beliefs, your sexual life or sexual orientation to ensure meaningful equal opportunity monitoring and reporting. The legal basis of this processing is that it is in the public interests to carry out diversity monitoring; and
- We will use trade union membership information to pay trade union premiums, register the status of a protected employee and comply with employment law obligations.
What happens if you do not provide information that we request?
We need some of your personal information in order to perform our contract with you. For example, we need to know your bank details so that we can pay you. We also need some information so that we can comply with our legal obligations. For example, we need information about your health and fitness to work to comply with our health and safety obligations.
Where information is needed for these purposes, if you do not provide it we will not be able to perform our contract with you and may not be able to offer employment or continue with your employment. We explain when this is the case at the point where we collect information from you.
How do we share your information?
We share your personal information in the following ways:
- With other entities in the Elior group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, provision of employee benefits or for system maintenance support and hosting of data.
- Where we use third party services providers who process personal information on our behalf in order to provide services to us. This includes IT systems providers and IT contractors, payroll / expense providers and pension administration providers.
- We will share your personal information with regulators, including the Food Standards Agency, where we are required to do so to comply with our regulatory obligations.
- We will share your personal information with third parties where we are required to do so by law. For example, we are required to provide tax-related information to HMRC.
- If we sell any part of our business and/or integrate it with another organisation, your details may be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs the new owners of the business will only be permitted to use your information in the same or similar way as set out in this section.
- We will also share your personal information with the benefit providers we work with in order to provide the benefits that you are entitled to as part of your employment with us.
- Where we share your personal information with third parties we ensure that we have appropriate measures in place to safeguard your personal information and to ensure that it is solely used for legitimate purposes in line with this section.
How do we keep your information secure?
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. Maintaining data security means using appropriate technical or organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage
When do we transfer your information overseas?
We do not routinely transfer your data outside of the UK and the European Economic Area. If we ever do transfer your personal data to countries outside of the UK and the European Economic Area which do not offer an equivalent level of protection for personal information to the laws in the UK, we will ensure that appropriate safeguards are put in place to protect your personal information.
For how long do we keep your information?
As a general rule we keep your personal information for the duration of your employment and for a period of six years after your employment ends. If you are an applicant we will keep your information for a period of twelve months in case appropriate opportunities arise. However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer. Full details of the retention periods that apply to your information are set out in our Data Retention Policy which is available on the extranet.
Your rights in relation to your information
You have a number of rights in relation to your personal information, these include the right to:
- be informed about how we use your personal information (which we do in this section);
- obtain access to your personal information that we hold;
- request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate;
- request that we erase your personal information in the following circumstances:
- if Elior UK is continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
- if Elior UK is relying on consent as the legal basis for processing and you withdraw consent;
- if Elior UK is relying on legitimate interests as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
- if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation); and/or
- if it is necessary to delete the personal data to comply with a legal obligation.
- ask us to restrict our data processing activities:
- where you consider that personal information is inaccurate;
- where our processing of your personal information is unlawful;
- where we no longer need the personal information, but you require us to keep it to enable you to establish, exercise or defend a legal claim; or
- where you have raised an objection to our use of your personal information;
- request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information;
- object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information; and
- not be subject to automated decisions which produce legal effects, or which could have a similarly significant effect on you.
If you would like to exercise any of your rights or find out more, please contact firstname.lastname@example.org
If you have any complaints about the way we use your personal information, please contact People Services via email on email@example.com who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority (the Information Commissioner).