Employment Rights Assessment

ERA Services - Privacy Policy

ERA Services CIC, company number, 12441128 registered at Solway House Business Centre, Parkhouse Road, Carlisle CA6 4BY(“We”) are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For collecting data covered by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the Data Controller is Sandra Movassagh and we are registered with the Information Commissioner Office (ICO), registration number ZA831080.

The purpose of this policy is for you to understand what data we collect, why and what we do with the data. We aim to comply with the principles set out in Article 5 of the GDPR. Article 5(1) requires that personal data shall be:  

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filling in an enquiry form on our site. We will use this information to send answers to your enquiries only. We may also ask for further information if you are reporting problems with our website. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these emails.
  • If you contact us by email, we will keep a record of that correspondence. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these mails.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. This will be stored: on our Google Analytics account – see Cookies below for further information.
  • Details of your registration for an ERA assessment. This will include Company Information, details of your Directors, latest company accounts and documentation provided as supporting evidence with the audit questionnaire.
  • Personal details required for any employee of our company in order to pay you and make necessary reports to HMRC. This will include proof of ID and address, evidence of right to work in the UK, bank details and National Insurance number.

IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Where we store your personal data

All information you provide to us is stored on our servers (see above: Information we may collect from you). We have computer safeguards such as firewalls and data encryption to protect your information. We also operate from a secure office building protected by alarms and covered by constant CCTV surveillance. The transmission of any personal data is done so in an encrypted manner using a Secure Sockets Layer (SSL).

Though we adhere to as many technical and organisational measures possible to safeguard your personal data, we unfortunately cannot guarantee the security of any personal data that you transfer over the internet to us.

Uses made of the information

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent by signing/accepting your contract of employment with us. You are able to remove your consent at any time. You can do this by contacting a Director
  • We have a contractual obligation
  • We have a legal obligation
  • We have a legitimate interest

We use information held about you in the following ways:

  • To reply to your enquiries
  • To provide you with information on our service that you request from us, where you have consented to be contacted for such purposes.
  • To conduct our assessment, should you enter into a contractual agreement with us for our services.
  • For employees of ERA Services to pay you and make onward payments to HMRC of tax and National Insurance contributions.

Disclosure of your information

We may disclose your personal information to members of our company, which means ERA Services CIC, its subsidiaries such as sales/marketing and the members of the auditing team assigned to your company.

How we protect personal data

We have computer safeguards such as firewalls and data encryption to protect your information. We also operate from a secure office building protected by alarms and covered by constant CCTV surveillance. The transmission of any personal data is done so in an encrypted manner using a Secure Sockets Layer (SSL). Though we adhere to as many technical and organisational measures possible to safeguard your personal data, we unfortunately cannot guarantee the security of any personal data that you transfer over the internet to us. The personal data that we collect from you may be transferred to, and stored at, a destination deemed ‘adequate’ for transference. At no point will it be shared or stored outside of those geographical limits. We will put in place appropriate protection to make sure your personal data remains adequately protected and is treated in line with this policy.

Your rights

Under the Data Protection Law, you have the following rights:

Right to be Informed – this is a key transparency requirement under the UK GDPR. You have the right to be informed about the collection and use of your personal data. As outlined in this policy, we will provide you with a clear concise information about what we do with your personal data.

Right of Access – to see the personal data we hold about you. This is called a Subject Access Request. If you would like a copy of the personal data we hold about you, contact the HR Director.

The law allows us to charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data. Should this be the case, our policy is a fee of £10.

Right to Rectification – We want to make sure that the personal data we hold about you is accurate, complete and up to date. If any of the details are incorrect, please let us know and we will amend, update or complete them.

Right to Erasure – in certain circumstances, you are able to exercise your “Right to be forgotten”. Requesting this service will result in the removal of all correspondence and data points that we hold on you as a company, including the request itself. To contact our data controller directly please make an enquiry to the operations director.

Right to Restriction of Processing – in certain circumstances, you have the right to ask us to restrict the processing of your information.

Right to Object to Processing – in certain circumstances, you have the right to object to the processing of your personal data

Right to Data Portability – in certain circumstances, you have the right to ask that we transfer the information you gave us to another organisation, or to you.

Rights to Automated Decision Making and Profiling – We do not conduct decision making and profiling which relies solely on automation. All decision making processes involve human involvement.

You are not required to pay any charge for exercising your rights. (Except for a ‘reasonable’ administrative fee where an access request is found to be manifestly unfounded or excessive, or if an individual requests further copies of their data). If you make a request, we have one month to respond to you.

What We Expect of an ERA Employee

All employees of ERA Services have a duty to uphold and follow the GDPR and Data Processing legislation in line with our Privacy Policy. In order to do this, we provide annual training and require that they complete this in a timely manner each year when it is provided and as part of the initial training upon joining the company.

We are fully GDPR compliant, both as a processor and controller of personal data and recognise our obligations to ensure full compliance on an ongoing basis.

We respect our employee’s rights to data privacy and protection and the safeguarding of personal information. As such, we are continually revising our internal procedures and working practices in order to meet the requirements of the GDPR.

We responsibly promote the awareness of the GDPR across our company through staff training and actively identifying any gaps and implement new policy requirements as it becomes appropriate.

In order to comply with the full GDPR legislation we have a legal responsibility to notify any breach of personal data to the supervisory authority.

In the case of a personal data breach, the processor (you), shall notify the controller (managing director), without undue delay after becoming aware of the said breach.

The notification of the above shall:

  1. Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned
  2. Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained
  3. Describe the likely consequences of the personal data breach
  4. Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects
  1. Please be advised that all data breaches, queries or errors must be reported to the data controller immediately for review/advice and/or reporting.

How to Complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

Request more details of your Free application

ERA AND UMBRELLA COMPANIES

Currently we know that there is talk of regulating umbrella companies and we understand why. The need to demonstrate compliance on a more frequent basis has affected many agencies and requesting additional certification from umbrella companies is now commonplace.

There are various companies who offer assessments and certifications and this gives agencies peace of mind that their contractors are being looked after and things are done correctly. Not all of these are affordable or accessible for smaller umbrella companies, but ERA Services has a fair and affordable pricing structure, and as long as you have 1 employee, you can opt for an ERA assessment.

ERA conducts a thorough, impartial assessment of all aspects of employment rights from minimum wage, holiday pay, modern slavery, and confirmation that all taxes are paid appropriately and on time for both your internal and umbrella workers, along with the additional responsibilities for your umbrella workers in line with AWR, the EAA Conduct Regulations and Key Information Documents.  The ERA audit is not just a case of ticking boxes and providing documents; in line with UKAS procedures, we look at the processes in place to ensure that a company is following them to be the best employer that they can be.

Holding an ERA certificate should reassure your agencies that you uphold the standards set for all employers in the UK and that your contractors are well taken care of.

ERA AND RECRUITMENT AGENCIES

We do recognise that in the temporary workforce sector that there has been much unrest over the last few years caused mainly by constant changes to taxation and employment law legislation and appreciate that recruitment agencies are under more and more pressure from end clients to evidence their compliance, and this includes their relationships with umbrella companies. The ERA assessment is tailored with additional questions that deal with your responsibilities as an employer of your internal staff, along with additional responsibilities for your temporary workers such as AWR day one and week 12 rights, EAA Conduct Regulations and the Key Information Document.

The ERA audit is not just a case of ticking boxes and providing documents; in line with UKAS procedures, we look at the processes in place to ensure that a company is following them to be the best employer that they can be.

Holding an ERA certificate should reassure your end clients that you uphold the standards set for all employers in the UK and that your contractors are well taken care of.

ERA AND EMPLOYERS

ERA conducts a thorough, impartial assessment of all aspects of employment rights from minimum wage, holiday pay, modern slavery, and confirmation that all taxes are paid appropriately and on time. The ERA audit is not just a case of ticking boxes and providing documents; in line with UKAS procedures, we look at the processes in place to ensure that a company is following them to be the best employer that they can be.