Endemol Shine and its group companies and labels (together ESG) operate in many different countries. Many of these countries have laws related to the collection, use, transfer and disclosure of the personal information of individuals, including our employees and contractors. We take these obligations very seriously, and we are committed to protecting the privacy of our current and former employees and contractors.
The purpose of this Employee and Contractor Personal Information Protection Notice (Privacy Notice) is to give you information about what personal data we process, how and why and what your rights are.
For ease, we’ve summarised the various topics that this Privacy Notice covers in the chart below. Please go to the corresponding paragraphs if you want to read more.
|Who is the data controller?
|Endemol Shine UK Limited (“ESUK”) with registered office at Shepherds Building Central, Charecroft Way, Shepherds Bush, London, W14 0EE, UK or the subsidiary company of ESUK named in your contract of engagement (“Company” or “we”) are the data controller of the personal data we collect from and about you.
For further information, please go to paragraph 1.
|Who does this Privacy Notice cover?
|This Privacy Notice covers everyone working for Endemol Shine UK Limited and any of its subsidiaries in any capacity.
For further information, please go to paragraph 2.
|What personal data do we collect from you?
|We may collect data from and about you. We collect personal details, documentation required under immigration laws, compensation and payroll, position, talent management information, management records, systems and application access data.
For further information, please go to paragraph 3.
|How do we use your personal data?
|We collect your personal data mainly for managing workforce, communications and emergencies, business operations and security, compliance, dispute resolution, health and safety, intranet and corporate and commercial matters.
For further information, please go to paragraph 4.
|On what legal basis do we process your personal data?
|We collect your personal data to perform the obligations under our contract with you, to comply with our legal obligations as well as to pursue our legitimate interests.
For further information, please go to paragraph 5.
|How do we process your personal data?
|We process your personal data through both electronic and manual means and it is protected through reasonable security measures.
For further information, please go to paragraph 6.
|Who has access to your personal data?
|All personnel within ESG will generally have access to your business contact information such as name, position, telephone number, postal address and email address.
We might share your personal data with other entities within ESG, professional advisers, service providers and clients, public, judicial, governmental authorities and litigants, and third parties in connection with Other Purposes.
For further information, please go to paragraph 7.
|Is your personal data transferred abroad?
|We might transfer your personal data to other countries within or outside the European Economic Area. In any case, we always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data.
For further information, please go to paragraph 8.
|What are your rights with regard to your personal data?
|You have the right to obtain confirmation whether or not your personal data exist and to verify the accuracy of the data and request rectification, update or amendment, deletion, anonymisation or restriction of processing. You can also in certain circumstances object to the processing of your personal data or lodge a complaint with the relevant supervising authority.
For further information, please go to paragraph 9.
|Retention period applying to your personal data
|The personal data we collect is retained for the duration of your working relationship and, after the termination of that working relationship for a period of up to seven (7) years.
For further information, please go to paragraph 10.
|Please make sure we have your up to date personal data and inform us of any significant changes to that personal data. Please also inform your dependents whose personal data you provide to us about the contents of this Privacy Notice.
For further information, please go to paragraph 11.
|Changes to the Privacy Notice
|We may modify or update this Privacy Notice including in order to comply with applicable law.
For further information, please go to paragraph 12.
1. Who is the data controller?
Endemol Shine UK Limited (“ESUK”) with registered office at Shepherds Building Central, Charecroft Way, Shepherds Bush, London, W14 0EE, UK or the subsidiary company of ESUK named in your contract of engagement (with their address as set out in that contract) acting in its capacity of data controller (Company or we), provides this Privacy Notice regarding the processing of your data for the purposes related to the performance of the working relationship (as further described below) with you. You can contact us at the following email address: firstname.lastname@example.org.
2. Who does this Privacy Notice cover?
This Privacy Notice applies to:
a) any employee, subject to any type of (employment) agreement, including any internship or apprenticeship contract, training programme, access-to-work contract, on-call contract, and, when necessary (for example in emergency situations and for benefits administration), to such employee’s spouse, domestic/civil partner or dependents (together dependents);
b) self-employed workers and independent contractors and freelancers;
c) any other individual performing a work activity or professional performance for the benefit of the Company.
(the above listed individuals are collectively defined as you and the relevant agreement with the Company, whatever form it takes as described under a), b) and c) above, is also defined as the working relationship).
3. What personal data do we collect from you?
Before entering into a working relationship or in the course of the working relationship with the Company, the Company will collect data or may have data collected about you. We refer to such information as personal data which includes, for example, the following:
Personal Details: name, employee identification number, work and home contact details (email, phone numbers, physical address), language(s) spoken, gender, date and place of birth, national insurance number, driving licence information, marital/civil partnership status, domestic partners, dependents, emergency contact information and photographs, employment status (eg active, inactive, maternity replacement).
Documentation Required under Immigration Laws: Citizenship, passport data, details of residency or any work permit.
Compensation and Payroll: Base salary, bonus, benefits, compensation type, details on stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, banking details, working time records (including vacation and other absence records, leave status, hours worked), pay data and life insurance beneficiaries.
Position: Description of positions, job title, management category, job code, salary plan, pay grade or level, job function(s) and sub function(s), details of any directorships, company name and code (legal employer entity), branch/unit/department, location, employment status and type, full-time/part-time, terms of employment, employment contract, work history, hire/re-hire and termination date(s) and reason, length of service, business travel details, retirement eligibility, promotions and disciplinary records, date of transfers, and line manager(s) information.
Talent Management Information: Details contained in letters of application and resume/CV (e.g., previous employment background, education history, professional qualifications, language and other relevant skills, certification, certification expiration dates), development programmes planned and attended, e-learning programmes, performance and development reviews, willingness to relocate and information used to populate employee biographies.
Management Records: Details of any shares of common stock or options.
System and Application Access Data: Information required to access company systems and applications such as active directory, email address, employee ID, other system and application user IDs and passwords, electronic content produced using company systems, building access information from any access control card system, office premises CCTV footage, access to documents and other materials, as well as incident response data (to the extent permitted by local legislation and Company policy).
We may also process special categories of data, when permitted by local law. Such data include criminal background checks (if authorised under local laws), health/medical information or disability status, trade union membership information, religion, race or ethnicity when necessary. We collect this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; and diversity-related personal data (such as gender, race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination. We will only use such sensitive information for the purposes as described in paragraph 5 and as provided and permitted by law.
4. How do we use your personal data?
We will process your personal data in compliance with applicable laws for the following purposes:
a) Managing Workforce: HR administration and managing work activities and personnel generally, including recruitment, absence, performance management, promotions and succession planning, rehiring, salary and payment administration, pension and benefits administration, managing business expenses and reimbursements, planning and monitoring of training requirements and career development activities and skills
b) Communications and Emergencies: facilitating communication with you, ensuring business continuity, protecting the health and safety of employees and others.
c) Business Operations and security: operating and managing IT and communications systems, managing product and service development and improvement, managing and allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, re-organizations or disposals and integrations, building security and crime prevention.
d) Compliance: Complying with legal and other requirements, including audits, inspections and other requests from government or other public authorities.
e) Dispute resolution, responding to legal process such as subpoenas, pursuing legal rights and remedies.
f) Health and safety: Complying with legal obligations on occupational safety and health.
(defined together as the Contractual Purposes).
g) Intranet: Publishing details of the employee including the photograph on the Company’s and ESG’s intranets, including The Hub (the Intranet Purposes);
h) Corporate and commercial matters: if the Company is involved in a merger or transfer of all or a material part of its business, the Company may transfer your information to the party or parties involved in the transaction (the Other Purposes);
5. On what legal basis do we process your personal data?
We process your personal data to perform the obligations under the contract with you, to comply with legal obligations arising in the context of your contract, as well as to pursue the legitimate interests of the Company.
The processing of your personal data for Contractual Purposes is mandatory as the refusal to provide the personal data would make it impossible to sign and perform the contract between you and the Company.
The processing of your personal data for Intranet Purposes and Other Purposes, are carried out in compliance with the legitimate interest of the Company which adequately balances the interests of the Company and you. That processing is not mandatory and, for this reason, you may oppose the processing as described in Paragraph 9 of this Privacy Notice. If you object to this data processing, data will not be processed for the legitimate interest purposes, but we will continue to process any relevant data on another legal basis as appropriate.
6. How do we process your personal data?
We process your personal data through both electronic and manual means and it is protected by reasonable security measures. We will take appropriate administrative, technical, personnel and physical measures designed to protect personal data that are consistent with applicable privacy and data security laws and regulations that in particular include protecting personal data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access. This includes requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.
7. Who has access to your personal data?
All personnel within ESG will generally have access to your business contact information such as name, position, telephone number, business postal address and email address.
We may share your personal data for the purposes specified in this Privacy Notice with the following categories of entities that can be located within and, in compliance with Paragraph 8 below, outside the European Union as follows:
a) Other entities in the Endemol Shine group: Companies in ESG which need access to your personal data in order to manage services and activities coordinated at the group level.
b) Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, and other professional advisors in all of the countries in which ESG operates.
c) Service Providers and Clients: Companies that provide products and services to the Company or ESG such as payroll, pension scheme, benefits, human resources, performance management, training, expense management, IT systems supply and support, assistance with equity compensation programmes, credit cards, medical or health services, trade bodies and associations services, travel services and others. Companies which the Company or ESG provide products or services to such as broadcasters.
d) Public, Judicial, Governmental Authorities and Litigants: Entities that regulate or have jurisdiction over the Company or ESG such as regulatory authorities, law enforcement, public bodies and judicial bodies or other third parties in connection with judicial or regulatory proceedings.
e) Other Purposes: A third party in connection with any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of ESG’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).
The types of data processors appointed by the Company include providers such as Workday Inc. providing a global HR management software to support the Company’s operations. You can also find a list of the affiliate companies in ESG on the Hub.
Access to personal data within the Company will be limited to those who have the “need to know” for the purposes described in Paragraph 4 of this Privacy Notice, and may include your managers and their designees, personnel in HR, IT, Compliance, Legal, Finance and Accounting and Internal Audit.
8. Is your personal data transferred abroad?
Due to the global nature of ESG’s operations, the Company may disclose personal data to personnel and departments throughout ESG (and to some third parties providing services as described above such as Workday (mentioned above) and Mercer who provide the Company with pension services) to fulfil the purposes described in Paragraph 4 of this Privacy Notice.
This may include transferring personal data to other countries (including countries other than where you are based that have a different data protection regime than the one existing in the country where you are based). If you are located in the European Economic Area (EEA), this may include countries outside of the EEA and in particular the United States. We have adopted appropriate safeguards to protect your personal data regardless of where it resides. You can find the list of member states by clicking on the following link: https://europa.eu/european-union/about-eu/countries/member-countries_en.
Further information can be provided by filing a request to the Company as per Paragraph 9 of this Privacy Notice.
9. What are your rights with regard to your personal data?
You have the right to:
a) Obtain confirmation as to whether or not your personal data exists and to be informed of its content and source, verify its accuracy and request its rectification, update or amendment.
b) Request the deletion, anonymisation or restriction of the processing of your personal data processed in breach of the applicable law.
c) Object to or request the limiting of the processing, in all cases, of your personal data for legitimate reasons.
d) Receive an electronic copy of your personal data, if you would like to port the personal data, which you have provided to us, to yourself or to a different provider (data portability), when the personal data is processed by automatic means and the processing is either (i) based upon your consent or (ii) necessary for the provision of the company service; and
e) Lodge a complaint with the relevant data protection regulatory authority.
You may send your request to your local Human Resources representative. Please note, however, that certain personal data may be exempt from such access, correction and deletion requests pursuant to applicable data protection laws or other laws and regulations.
10. Retention period applying to your personal data
The personal data collected pursuant to this Privacy Notice is retained for the duration of the working relationship and, after the termination of the working relationship up to seven (7) years, except for longer periods where the retention of the personal data is necessary due to litigation, requests filed by competent authorities or in compliance with applicable laws.
In any case, we will take steps to ensure that the personal data processed is relevant and not excessive for its intended use, and is accurate and complete for carrying out the purposes described in this Privacy Notice. Accordingly, we will retain personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After the applicable retention period has ended, the Company shall securely destroy or delete the personal data or anonymise it.
11. Your obligations
Please keep personal data up to date and inform us of any significant changes to personal data. You agree to inform your dependents, whose personal data you provide to the Company, about the content of this Privacy Notice, and to obtain their consent (provided they are legally competent to give consent) for the processing of that personal data by the Company as set out in this Privacy Notice.
You further agree to follow applicable law and both the Company’s and ESG’s policies, standards and procedures that are brought to your attention when handling any personal data to which you have access in the course of your working relationship with the Company, in particular the ESG Data Protection Policy. You will not access or use any personal data for any purpose other than in connection with and to the extent necessary for your working relationship with the Company. You understand that these obligations continue to exist after termination of your working relationship with the Company.
12. Changes to the Privacy Notice
We may change or update this Privacy Notice including as a result of different interpretations, decisions and opinions relating to the EU Privacy Regulation and will notify you accordingly.