ABAC Center of Excellence Limited , trading as “ABAC Center of Excellence Limited” recognises its responsibilities as a global services provider and a leader in providing background screening and certification services across the globe. We believe in the core principles of confidentiality and integrity of information we receive or process. ABAC Center of Excellence Limited believes that it is obliged to abide by the national and international legislations with reference to its services in each jurisdiction it operates in conduct of its business.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).
This notice applies to current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information
We will comply with data protection legislation including GDPR. Our core principles of data security are as follow;
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
2.DATA PROCESSING FOUNDATION
We will only use your personal information when the law allows us. Most commonly, we will use your personal information in the following circumstances;
Where we need to perform the contract, we have entered into with you
ABAC Center of Excellence Limited responsibilities arising from the contract of employment. The data shall be processed in order to meet the company employment screening policy.
Where we need to comply with a statutory or legal obligation
Our statutory responsibilities are those imposed on the company by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity pay; family leave; work permits; and equal opportunities monitoring.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests:
ABAC Center of Excellence Limited has a legitimate interest in processing personal data during employment or contractor relationship. Processing data from employees allows us to manage the employment relationship. Our management responsibilities are those necessary for the organisational functioning of the company.
3.SENSITIVE DATA PROCESSING
We will use your particular sensitive personal information in the following ways:
- We will use information relating to leaves of absence, which may include sickness absence or family related leave, to comply with employment and other laws.
- We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and management sickness absence and to administer benefits.
- We will use information about your race, national or ethnic origin, religious, to ensure meaningful equal opportunity monitoring and reporting.
- We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our employment screening policy.
- In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
4.WHEN DATA IS COLLECTED
- when you fill our candidate information form for applying for any job position with ABAC Center of Excellence Limited;
- when you contact our HR department via telephone or email;
- when we collect data through our HR and benefit systems;
- when we collect data through the implementation of any HR Employee Relations Policies e.g. Disciplinary;
- in the course of managing your employment, for example performance reviews, Payroll;
- when your complete staff surveys;
- when you apply for a vacancy internally or externally for screening purposes;
- When ABAC Center of Excellence Limited is intending to hire your services
- when we receive your Personal Data from third parties, for example security screening; and recruitment agencies.
5.WHAT WE COLLECT
|Information about you
|name, address, date of birth, marital status, nationality, race, gender, religion, and preferred language, details of any disabilities, work restrictions and/or required accommodations
|Information to contact you at work or home
|name, address, telephone, and e-mail addresses.
|Information about who to contact in a case of emergency (yours or ours)
|name, address, telephone, e-mail addresses and their relationship to you.
|Information to identify you
|Photographs, passport and/or driving license details, proof of residence, electronic signatures.
|Information about your suitability to work for us
|References, interview notes, work visas ID information such as passport details and driving license information, records/results of pre-employment checks, including criminal record checks, credit and fraud checks.
|Information about your skills and experience
|CVs, resumes and/or application forms, references, records of skills and experience: qualifications, skills, training and other compliance requirements.
|Information about your terms of employment with ABAC Center of Excellence Limited
|Letters of offer and acceptance of employment, your employment contract.
|Information that we need to pay you
|Bank account details, national insurance or social security numbers (where applicable).
|Information that we need to provide you with benefits and other entitlements
|Length of service information, health information, leave requests.
|Information to allow you to access our buildings and systems
|Employee identification number (UIN), computer or facilities access and authentication information, identification codes, passwords, answers to security questions, photographs, video images.
|Information relating to your performance at work
|Performance ratings, leadership ratings, targets, objectives, records of performance reviews, records and/or notes of 1 to 1s and other meetings, personal development plans, personal improvement plans, correspondence and reports.
|Information relating to discipline, grievance and other employment related processes
|Interview/meeting notes or recordings, correspondence.
|Information relating to your work travel and expenses
|Bank account details, passport, driving license, vehicle registration
6.WHY WE COLLECT
|To assess your suitability to work To perform vacancy and applicant management activities To conduct screening, assessments and interviews; To maintain a library of correspondence; To make offers and provide contracts of employment To conduct pre-employment checks, including determining your legal right to work and carrying out criminal record and credit checks where applicable – for more information about ABAC Center of Excellence Limited preemployment checks see our Personnel Screening procedure.
|Human Resources (“HR”), finance and other business administration purposes
|Staffing, including resource planning, recruitment, termination, and succession planning; Budgetary and financial planning and administration; Organisational planning and development and workforce management Compensation, payroll, and benefit planning and administration, including salary, tax calculations, reward and recognition payments, insurance and pensions Workforce development, education, training and certification Performance management; Problem resolution, including carrying out internal reviews, grievances, investigations, audits; Business travel and expense management To conduct business reporting and analytic Administration of flexible work arrangements Administration of employee enrolment and participation in activities and program offered to eligible employees Work-related injury and illness, including the management of employee Health & Safety, and disabilities To communicate with you and to facilitate communication between you and other people Compliance and compliance reporting, including conflict of interest and gifts and hospitality reporting Risk management, Project Management, Training and quality purposes.
|Physical access control Authorising, granting, administering, monitoring and terminating access to or use of our facilities, records, property and infrastructure including communications services such as business telephones and email/internet use
Prevention and detection of crime.
|Information Technology (“IT”) administration purposes:
|IT Systems access control and use monitoring IT fault reporting, management and resolution Systems administration, support, development, management and maintenance.
|To comply with our legal obligations.
7.CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your information may be shared internally for the purposes of managing the employment relationship. This includes members of the HR and recruitment team, training team, managers and IT staff if access to the data is necessary for the performance of their roles.
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We require third parties to respect the security of your data and to treat it in accordance with the law.
We may also share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from Human Resources.
10.RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing within 24 hours of the given consent. To withdraw your consent, please contact our Compliance team at the given contact information in this policy.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
11.TRANSFERRING INFORMATION OUTSIDE THE EU
We will transfer the personal information we collect about you outside the EU in order to perform our contract with you. There is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information. However, to ensure that your personal information does receive an adequate level of protection we have put in place the following appropriate measure[s] to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection: we have a centralised compliance program and at minimum all entities comply with ISO 27001:2013 and GDPR directives. If you require further information about these protective measures, you can request it from the Compliance Department.
We know that few countries do not have the same standard of data protection legislations, for this reason we adhere to strict supplier management policy which includes the screening of all new suppliers, annual security questionnaires and reviews, and the use of formal processing agreements. Our processing agreements also include terms dictating that the suppliers that:
- are only permitted to process your personal data for recruitment;
- can only retain your personal data for a maximum period of 90 days (unless they are restricted by law from doing this);
- must immediately notify ABAC Center of Excellence Limited of any suspected or actual data breach of your personal data;
- shall take all appropriate technical and security measures to safeguard your personal data;
- will only transfer your personal data in accordance with approved data transfer provisions.
We may also transfer your data to the USA. The USA has weaker data protection laws than that of the EEA and therefore we will ensure that only organisations who are a part of the EU-US Privacy Shield initiative will handle your personal data.
More details on this certification can be found at www.privacyshield.gov/welcome.
12.DATA SUBJECT RIGHTS
UK and European Data Protection legislation gives you as a data subject a number of rights which include:
- the right to information;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to request data portability;
- the right to object to processing.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party you may contact our compliance team;
- Huma Khalid
Senior Compliance Officer
Tel: +971 43589884;
Please note some restrictions may apply to the applications of the rights. For further details, please refer to the information provided on the website of The Information Commissioner and you may access via this link <https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/>