Head of Security and Platform Engineering

You have already applied for this vacancy, please go to your account to see your progress.

Return To Application

NORTHSTANDARD GROUP EMPLOYEES AND DIRECTORS PRIVACY NOTICE 

Your personal privacy is of paramount importance to us at the NorthStandard Group.  

During the course of our activities we the NorthStandard Group will process data (which may be held on paper, or electronically, or otherwise) about our staff and we recognise the need to treat it in an appropriate and lawful manner. 

As defined by the General Data Protection Regulation (GDPR) NorthStandard is the Data Controller and ultimately responsible for ensuring the data you provide is kept secure, processed correctly and that you understand your legal rights in relation to the data you provide.

The recruitment software we use via this website is supplied by IRIS Software Group Limited and they are defined as a Data Processor under the GDPR. They will only process your data in accordance with our instructions.

IRIS can be contacted at: 4th Floor Heathrow Approach, 470 London Road, Slough, England, SL3 8QY

For Data Protection enquiries, please contact the Help Desk at support@networxrecruitment.com

 

In accordance with the UK Data Protection Act 2018 , the UK GDPR (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulation 2019, (UK GDPR)  Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation “GDPR”), the Irish Data Protection Act 2018 (Irish Act) and the  Singapore Personal Data Protection Act 2012, as amended by the Personal Data Protection (Amendment) Act 2020 (the Act) (the Singapore Act) (together the Data Protection Legislation) the purpose of this notice is to make you aware of how we will handle your personal data. 

It is intended to provide you with details of how we collect and use your personal data, as well as explaining your rights as a data subject.  The Notice applies to you whether you are a current (or former) employee, partner, worker, intern, agency worker, consultant, individual contractor or director of the NorthStandard Group. It also applies to third parties whose information you provide to us e.g. emergency contacts, beneficiaries of life assurance arrangements etc. Please ensure that you provide a copy of our external privacy notice to any third parties whose personal data you provide to us or advise them that this notice is available on our external website. 

Except where expressly stated this privacy notice applies to the Standard Club Group and the North Group (collectively referred to as NorthStandard, or the NorthStandard Group). 

Under the Data Protection Legislation, personal data is defined as:  

‘Any information relating to an identified or identifiable natural person’   

Who are we? 

NorthStandard operates a number of branches and subsidiaries worldwide. We may transfer information we hold about you to one or more of these locations (overseas transfer) if required.  

Who is our Data Protection Officer? 

We have a Data Protection Team which forms part of the NorthStandard Compliance team and the NorthStandard Legal team. 

Our Data Protection Team oversees compliance with data protection law and its contact details are: dataprotection@north-standard.com. 

For the Standard Club Group, we have the following relevant local registrations: 

• The UK and EU Data Protection Officer: dataprotection@north-standard.com; and 

• The Singapore Data Protection Officer: dataprotection@north-standard.com. 

For the North Group, the North Data Protection Officer is the Head of Group Compliance. 

All persons can be contacted at dataprotection@north-standard.com. 

This notice does not form part of any employee’s contract of employment and we may amend it at any time. 

 

1. What information do we collect about you?             

Personal data we may collect: 

• Names and titles 

• Gender (for the purposes of gender pay gap reporting) 

• Marital status 

• Date of birth 

• National Insurance number / PPS number 

• Driving license details 

• Address 

• Email address 

• Contact details 

• Nationality 

• Passport details 

• Proof of identity  

• Curriculum vitae 

• Your image (Photograph / video / webcam recording of you / CCTV footage)  

• Bank account details 

• Visa details 

• Emergency contact details 

• Details of your dependents and beneficiaries  

• Details of criminal convictions and offences  

• Your terms and conditions of employment or engagement 

• Training and development records 

• Disciplinary and grievance records 

• Performance management records 

• General correspondence 

Special category data 

• Diversity and inclusion (D&I) data 

• Medical details 

• Biometric data (thermal images using a thermal imaging camera) 

We need to collect this personal data from you to enable us to process your data for legal, personal, administrative and management purposes and to enable us to meet our legal obligations as an employer. 

In accordance with the Data Protection Legislation we have established the following lawful reasons for the processing of this data.   

• In some instances you will have provided your consent to the collection and sharing of this information;  

• Necessary for the performance of a contract which you are a party to; or 

• Necessary for the compliance with a legal obligation to which we are subject; or 

• Necessary for the purposes of carrying out the obligations and exercising our or your specific rights in the field of employment; or 

• Necessary for the vital interests of the individual; or 

• Necessary for the purposes of a legitimate interest pursued by us, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.  In this instance a legitimate interest assessment (“LIA”) will have been conducted to (i) identify a legitimate interest; (ii) show that the processing is necessary to achieve it; and (iii) balance it against your interests, rights and freedoms.  

Information about criminal convictions and offences warrants a higher level of protection. We will only process data relating to your criminal convictions and offences when permitted by law, or where provided voluntarily by you. We envisage that we may be required to process such information in order to meet our regulatory obligations in respect of the employment of staff within a financial services organisation and as authorised by local laws. If you are an EU citizen and we are required to process data relating to your criminal convictions and offences in relation to NorthStandard, or any UK or EEA entity, we will seek your consent. 

 

 

Furthermore the NorthStandard Group is able to process special category data where processing is necessary for the establishment, exercise or defence of legal claims, in connection with insurance or pension purposes where necessary and proportionate for those purposes, or whenever courts are acting in their judicial capacity. 

 

There is currently no specific legal obligation to obtain D&I, but NorthStandard’s financial services regulators have issued expectations that firms ensure D&I is appropriately dealt with.  As a result, D&I data will be collected on a strictly voluntary basis to help NorthStandard meet financial service regulators’ expectations (but not prescribed requirements) and consider its own stance on D&I.   As some of the data is special category data, consent is the lawful basis. 

 

NorthStandard may also process special category data for the periodic ‘fit and proper’ checks or performance of its health and safety obligations required by law.  Such processing is allowed where the processing is necessary for the purposes of performing or exercising obligations or rights which are conferred by law on the controller or the data subject in connection with employment, social security or social protection and when the processing is carried out, the controller has an appropriate policy document in place (DPA 2018 Schedule 1, Part 1, Para 1, and s. 46 of the Irish Act). 

 

CCTV operates both outside and inside our offices Piraeus, Greece and Newcastle, UK. Under the Data Protection Laws, we are permitted to do this when necessary for the purposes of our legitimate interests in protecting the safety and security of NorthStandard Group staff, visitors and property. 

 

2. Who do we share information about you with? 

                                                                                                

The sharing of personal data is required to support our business activities and to ensure that we meet any statutory or regulatory requirements as an employer and regulated insurance business. 

We have detailed below a list of the type of recipients we may share information about you with as the specific recipients may change from time to time. 

We do not share all information for all individuals with every third party and the list is subject to ongoing review and change. We will also not disclose your personal data to a third party unless we are satisfied that we either have your consent or there is a lawful reason for doing so. 

If required a full list of the names of all parties that we share information is available from our Data Protection Team (see details above).  

• Employees and directors of NorthStandard Group who need access to the personal data to perform employment related services. 

• Financial services regulators who oversee the activities of authorised insurance businesses. 

• Public bodies or authorities who deal with taxation, such as HMRC.  

• Public bodies or law enforcement agencies who are concerned with anti- money laundering, anti-bribery, financial sanctions activity and disclosure and barring services. 

• Corporate registrars who are legally required to hold certain company information. 

• Credit reference agencies who provide credit, background and financial service checks. 

• Our corporate insurers if required under the terms of our policy placed with them. 

• NorthStandard Group auditors and internal auditors. 

• Professional advisors such as lawyers, arbitrators, accounting firms, tax advisers and actuaries who provide support in operating our business. 

• Our company bankers, custodians and investment managers who make and receive payments on our behalf. 

• Website and internet service providers who provide support and hosting for our internet and intranet services. 

• Information technology (IT) support companies who provide day to day maintenance and support for our IT, email and database services. 

• Digital agencies who provide marketing and communications support. 

• Workflow management service providers. 

• Employee benefit providers who provide benefits as outlined in your employment contract, such as life cover, pension provision, cycle to work scheme and health related insurances e.g. Trustees of North of England P&I Association Retirement Benefits Scheme. 

• Providers of goods and services for the provision of gifts and flowers to staff, and or relatives, when it is felt the occasion would warrant such action.     

• Investment managers, corporate custodians and banks where they provide a service and require personal data to meet applicable financial crime legislation. 

• Where appropriate, as joint data controller, scheme actuaries and the Pension Trustees of the North of England P&I Association Limited retirement benefit scheme and the SMMI Pension scheme. 

• Payroll service providers for the provision of services of that type. 

• Where appropriate with our confidential reporting line (whistleblowing service) provider. 

• Recruitment agencies who we may deal with during the recruitment process. 

• Printers and publishers who provide electronic and paper-based solutions for company publications. 

• Learning, development and training service providers.  

• Travel agents, airlines, hotels, taxis and other travel and accommodation service providers for the provision of services of that type. 

• Embassies who provide visa processing services for overseas travel or work abroad. 

• International Group of Protection and Indemnity Clubs. 

• Software application and IT service providers who provide services to the Group. 

• Facilities suppliers. 

• Any company within the NorthStandard Group. 

 

3. Where do we send information about you to?                                     

We and other companies within NorthStandard Group operate a number of branches and subsidiaries worldwide. We may transfer information we hold about you to one or more of these locations (overseas transfer) if required to fulfil the purposes set out above.  We will only do this if one of the following conditions applies to the overseas transfer:-  

• it is necessary in order for us to perform a contract between you and us;   

• it is necessary in order for us to take measures to enter into a contract with you where you have requested us to do so; 

• it is necessary for us to establish, exercise or defend legal claims; or  

• If none of the conditions listed above apply, you have explicitly consented to the overseas transfer.   

Unless you have specifically consented to the transfer, we will only transfer personal data outside the UK or the European Economic Area (EEA) where:- 

• We transfer the data to a country or international organisation which the EU Commission, the UK Information Commissioner’s Office (ICO) (as applicable) or other applicable supervisory authority has decided ensures an adequate level of protection for your personal data; 

• the transfer of your personal data is subject to adequate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission and/or the ICO as applicable; or 

• one of the derogations in the Data Protection Legislation to transfer personal data outside the UK and/or the EEA (as applicable) applies. 

 

4. How long do we store information about you for?                                 

We are a regulated financial services entity and as such we are subject to prescribed retention periods in relation to personal data. We are also required to retain personal data to comply with limitation periods prescribed by law.   

We operate a data retention policy for each jurisdiction in which we operate that sets out the specific periods we will hold information for and when we need to destroy information that we no longer require for legal, regulatory or commercial reasons.  Overall the criteria used to establish the period for which personal data will be stored is determined by regulatory or legal requirements. This is also supported by a NorthStandard Group data retention policy that such information must not be kept for any longer than necessary to fulfil the purposes for which it was collected. Further details are available from the DPO. 

What are your rights?     

You have the following rights: 

 

• Right of information – controller must advise data subject of how personal data is processed; 

• Right of access - request access to any personal data we hold about you; 

• Right of rectification -have any personal data which we hold about you which is inaccurate or incomplete rectified; 

• Right to be forgotten - have personal data erased in certain circumstances. This right does not apply, for example, where the processing is necessary (i) to comply with a legal obligation or (ii) for the establishment, exercise or defence of legal claims 

• Right to restriction of processing - have the processing of your personal data restricted in certain circumstances. This right does not apply, for example, where we continue to use your personal data (i) for the establishment, exercise or defence of legal claims or (ii) to protect the rights of another; 

• Right of portability – To be provided with the personal data that you have supplied to us in a portable format that can be transmitted to another organisation without hindrance but in each case where (i) the processing is carried out by automated means and (ii) the processing is based on your consent or on the performance of a contract with you;  

• Right to object - object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct marketing purposes; and 

• Right to object to automated processing , including profiling -not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.  

If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Officer (details above). Please note some of these rights are restricted in some circumstances.  If you have provided your consent to any of the processing of your personal data, you have the right to withdraw your consent to that processing at any time, where relevant. Please contact the Data Protection Officer if you wish to do so.  

If you object to processing based on legitimate interests, we must no longer process that personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims. 

5. For individuals located outside of the UK or EU               

Australia 

The NorthStandard Group is aware of and always seeks to comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protections) Act 2012 (the Privacy Act) when managing and maintaining personal information in the course of its Australian business. 

For the purposes of the Privacy Notice, “Personal Data” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in material form or not. 

“Sensitive Data” means information or an opinion about: 

• Racial or ethnic origin 

• Political opinions 

• Membership of political association 

• Religious beliefs or affiliations 

• Philosophical beliefs 

• Membership of a professional or a trade association 

• Membership of a trade union 

• Sexual orientation or practices 

• Criminal record that is also personal information 

• Health information about an individual 

• Genetic information about an individual that is not otherwise health information 

• Biometric information that is to be used for the purposes of automated biometric identification or verification, or  

• Biometric templates 

If you have any specific questions regarding the manner in which The NorthStandard Group manages and maintains your Personal Information please contact us directly. 

The NorthStandard Group will only use and share the data we collect from you for the reasons described in “1. What information do we collect about you?” and “2. Who do we share information about you with?” We will not use your personal information for any other purpose without your consent, unless compelled to do so by an Australian Law, court or tribunal order, or enforcement body.  You may submit any questions or issues to the Data Protection Officer at dataprotection@north-standard.com will respond to you within 15 days. 

If we have not responded to you within 15 days or you are unhappy with the response you may submit a complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au. The NorthStandard Group will deal with the complaint in accordance with the requirements of the Privacy Act and the APPs.  A copy of the NorthStandard Australian Privacy Statement can be found at privacy policy. 

New Zealand 

The NorthStandard Group seeks at all times to comply with the New Zealand Privacy Act 2020 and Privacy Principles, and applies the principles detailed in the Health Information Privacy Code 2020. For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relate to any information about an identifiable individual.  If you are in New Zealand, you may submit any questions or issues to the Data Protection Officer at dataprotection@north-standard.com who will respond to you within 20 working days. 

If we have not responded to you within 20 working days or you are unhappy with the response you may submit a complaint to the Office of the Privacy Commissioner at www.privacy.org.nz 

Singapore 

For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relates to data, whether true or not, about an individual (whether living or who has been deceased for less than ten years) who can be identified: 

• From that data; or 

• From that data and other information to which the organisation has or is likely to have access. 

 

In accordance with the Personal Data Protection Act 2012 as amended by the Personal Data Protection (Amendment) Act 2020 (the Act) we have established the following lawful bases for the processing of this data: 

 

• Express consent has been received; 

• Contractual necessity (deemed consent); 

• Deemed consent by notification in accordance with s.15A(2) of the Act;  

• Processing is required to respond to an emergency that threatens the life, health or safety of the data subject (vital interests); 

• Necessary for the purposes of the legitimate interests pursued by NorthStandard; or 

• Business improvement purposes.  

 

If you are in Singapore, you may submit questions, issues or withdraw consent requests to the Data Protection Officer at  dataprotection@north-standard.com who will respond within 30 days.  If we have not responded within 30 days or you are unhappy with the response you may submit a complaint to the Personal Data Protection Commission at www.pdpc.gov.sg 

Japan 

 

For the purposes of the Privacy Notice, “Personal Data” is information about a living individual which can identify a specific individual by name, date of birth or other description contained in such information.  “Special Category Data” includes information about a person’s race, creed, social status, medical history, criminal record, any crimes a person has been a victim of, and any other information that might cause the person to be discriminated against. 

 

If you are in Japan, you may submit any questions or issues to the Data Protection Officer at dataprotection@north-standard.com who will respond within 30 days.  If we have not responded within 30 days or you are unhappy with the response you may submit a complaint to the Personal Information Protection Commission at www.ppc.go.jp 

 

Hong Kong 

 

For the purposes of the Privacy Notice, “Personal Data” and “Special Category” data is defined as:  

 

• Relating directly or indirectly to a living individual 

• From which it is practical for the identity of the individual to be directly or indirectly ascertained 

• In a form in which access to or processing of the data is practicable 

 

Please note that the provision of such data is voluntary however the refusal to provide the data may limit North Standard’s ability to provide the services requested. 

 

If you are in Hong Kong, you may submit any questions or issues to the Data Protection Officer at dataprotection@north-standard.com who will respond within 30 days.  If we have not responded within 30 days or you are unhappy with the response you may submit a complaint to The Office of the Privacy Commissioner for Personal Data at www.pcpd.org.hk 

 

People’s Republic of China (PRC) 

 

For the purposes of this Privacy Notice, “Personal Information” refers to various information related to an identified or identifiable natural person recorded electronically or by other means but does not include anonymised information. 

 

“Sensitive personal information” is personal information that, once leaked or illegally used, may easily lead to the infringement of the personal dignity of a natural person or may endanger his personal safety or property, including information such as biometrics, religious belief, specific identity, medical health status, financial accounts, and the person’s whereabouts, as well as the personal information of a minor under the age of 14 years. 

 

We are permitted to process personal information where such processing is necessary for human resources management.  We are required to obtain your consent to processing of sensitive personal information in China, and to sensitive personal information being transferred outside of China to the entities detailed in this privacy notice.  If you wish to withdraw consent or exercise any of your rights noted in section four, please contact our Data Protection Officer at dataprotection@north-standard.com who will respond in a timely manner. 

  

How do I make a complaint to a supervisory authority?      

   

Any breach of the Data Protection Laws will be taken seriously and if you consider that the data protection principles have not been followed in respect of personal data about yourself or others you have the right to lodge a complaint with the relevant data protection supervisory authority.  If you are unsatisfied with our response to any issues that you raise, you have the right to make a complaint with the data protection authority in your jurisdiction. 

 

NorthStandard’s UK data protection supervisory authority is the Information Commissioner’s Office. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Information Commissioner’s Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.  NorthStandard’s EU data protection supervisory authority is the Office of the Data Protection Commissioner. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois or at info@dataprotection.ie. 

 

Cookie policy  

 

A cookie is a small file which asks permission to be place on your computer’s hard drive. For full details of our cookie policy please refer to our main internet site or click here  

 

Changes to the Policy 

 

This Policy was last updated on December 2023. We reserve the right to make changes to this policy as required.  If you require this privacy notice information to be provided to you in paper form please contact: Our Data Protection Officer at dataprotection@north-standard.com