Data Privacy Policy

1. Introduction


1.1 In this Data Privacy Notice the terms the "Company", "we", "us" and "our" are references to Dawnfresh Seafoods Limited company number SC052773 and Dawnfresh Farming Limited company number SC344049 both having a registered address at Bothwellpark Industrial Estate, Uddingston, Glasgow, G71 6LS and both being companies within the Dawnfresh group of companies of which the ultimate parent is Dawnfresh Holdings.


1.2 We hold and process data on all current and former employees, workers, individual contractors, contingent workers, applicants, interview candidates, interns, agency workers, consultants, directors, members (i.e. partners) ("staff" or "you" or "your"), and third parties whose information you provide to us in connection with the employment or other working relationship (eg. next of kin, emergency contact information and/or dependents).


1.3 We take your data protection rights and our legal obligations seriously.  Your personal data will be treated in a secure and confidential manner and only as set out below or otherwise notified to you in writing. 


1.4 Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.  The following Data Privacy Notice describes the categories of personal data we may process, how your personal data may be processed, for what purposes we process your data and how your privacy is safeguarded in the course of our relationship with you.  It is intended to comply with our obligations to provide you with information about the Company's processing of your personal data under privacy laws.  It does not form part of your contract of employment or engagement. 


1.5 If you have any questions about this Data Privacy Notice or would like to access the information it contains in a different format please contact us at HR@dawnfresh.co.uk.


1.6 Purely for the purposes of this Data Privacy Notice, references to employment include engagement where you do work for us and you are not an employee.


2. Responsibility for data privacy


2.1 The contact details of each of the Company's data controllers and, where applicable their representatives and relevant data protection contact, are available from the HR Department.


2.2 If at any time you have any questions regarding the processing of your personal data or if you believe your privacy rights have been violated, or if you are aware of an unauthorised disclosure of data, then please contact us at HR@dawnfresh.co.uk.


3. Processing of personal data


3.1 The Company collects and processes your personal data for the purposes described in this Data Privacy Notice.  As set out in our Data Privacy Policy, personal data means any information describing or relating to an identified or identifiable individual.  An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. 


3.2 The Company identified in your employment contract or contract for services will be the data controller of your personal data.  In addition, where processing of personal data is undertaken by other associated companies of the Company for their own independent purposes, these associated companies may be joint controllers of your personal data.


4. What data do we process?


4.1 We may collect various types of personal data about you for the purposes described in this Data Privacy Notice including:


4.1.1 Personal details: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, gender, nationality, civil/marital status, date of birth, age, home contact details (eg address, telephone or mobile number, e mail), immigration and eligibility to work information, driving licence, languages spoken, next of kin/dependent/emergency contact information, details of any disability and any reasonable adjustments required as a result;


4.1.2 Recruitment and selection data: skills and experience, qualifications, references, CV and application, record of interview, interview notes and assessment, vetting and verification information, right to work verification, information related to the outcome of your application, details of any offer made to you;


4.1.3 Data related to your engagement: contract of employment or engagement, work contact details (eg corporate address, telephone number, e mail), employee or payroll number, photograph, work location default hours, default language, time zone and currency for location, your worker ID and various system IDs, your work biography, your assigned business unit or group, your reporting line, your employee/contingent worker type, your hire/contract begin and end dates, terms and conditions of engagement, your cost centre, your job title and job description, your working hours and patterns, whether you are full or part time; your termination/contract end date; the reason for termination; your last day of work; exit interviews, references to be provided to prospective employers, status (active/inactive/terminated); position title; the reason for any change in job and date of change;


4.1.4 Regulatory and Professional Body data: records of your registration with any applicable regulatory authority or professional body, your regulated status and any regulatory certificates and references;


4.1.5 Remuneration and benefits data: your remuneration information (including salary/hourly plan/contract pay/fees information as applicable, allowances, overtime, bonus and incentive arrangements), payments for leave/absence (eg holiday pay, sick pay, family leave pay), bank account details, grade, national insurance number, tax information, third party benefit recipient information (eg expression of wish and dependents information), details of any benefits you receive or are eligible for, benefit coverage start date, expense claims and payments, loans, deductions, salary sacrifice arrangements, childcare vouchers, share scheme participation, information and agreements; 


4.1.6 Leave data: attendance records, absence records (including dates and categories of leave/time off requests and approvals), holiday dates, requests and approvals and information related to family leave (maternity, paternity, adoption, parental, shared parental, dependents), information related to special leave (eg bereavements, jury service, compassionate);


4.1.7 Absence management data: absence history, fit notes, details of incapacity, details of work impact and adjustments, details of treatment and prognosis, manager and HR communications, return to work interviews, meeting records, medical reports, occupational health reports;


4.1.8 Flexible working procedure data:  requests, consideration, correspondence, meeting notes and outcome records


4.1.9 Restructure and redundancy records: change plans, organisation charts, consultation records, selection and redeployment data;


4.1.10 Performance management data: colleague and manager feedback; your appraisals and performance review information, outcomes and objectives; talent programme assessments and records; succession plans; formal and informal performance management process records;


4.1.11 Training and development data: data relating to training and development needs or training received or assessments completed;


4.1.12 Disciplinary and grievance data: allegations, complaints, investigation and proceeding records and outcomes;


4.1.13 Health and safety data: health and safety audits, health and safety screening requests and results, risk assessments, incident reports;


4.1.14 Monitoring data (to the extent permitted by applicable laws): closed circuit television footage, system and building login (including by biometric data), system and building access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters;


4.1.15 Employee claims, complaints and disclosures information: subject matter of employment or contract based litigation and complaints, pre claim conciliation, communications, settlement discussions, claim proceeding records, employee involvement in incident reporting and disclosures;


4.1.16 Equality and diversity data: where permitted by law and provided voluntarily, data regarding gender, age, race, nationality, religious belief and sexuality (stored anonymously for equal opportunities monitoring purposes);


4.1.17 Any other personal data which you choose to disclose to Company personnel during the course of your engagement whether verbally or in written form (for example in work emails);


4.1.18 Informal opinion data generated in the course of your engagement relating to the administration or management of the Company's relationship with you;


4.2 Certain additional information may be collected where this is necessary and permitted by applicable laws. 


5. Special categories of data


5.1 To the extent permitted by applicable laws the Company may collect and process a limited amount of personal data within the above data listed at 4.1 falling into special categories, sometimes called "sensitive personal data".  This term means information relating to:-


5.1.1 Racial or ethnic origin;
5.1.2 Political opinions;
5.1.3 Religious or philosophical beliefs;
5.1.4 Physical or mental health (including details of accommodations or adjustments);
5.1.5 Trade union membership;
5.1.6 Sex life or sexual orientation;
5.1.7 Biometric and genetic data; and
5.1.8 Criminal records and information regarding criminal offences or proceedings. 


6. How does the Company collect data?


6.1 The Company collects and records your personal data from a variety of sources, but mainly directly from you.  You will usually provide this information directly to your managers or local Human Resources contact or enter it into our systems (for example, through your participation in HR processes, emails or verbal information which may be recorded electronically or manually).  In addition, further information about you will come from your managers or Human Resources or occasionally your colleagues (for example through colleague feedback). 


6.2 We may also obtain some information from third parties: for example, references from a previous employer, medical reports from external professionals, information from tax authorities, benefit providers or where we request supporting detail from educational or professional establishments.


6.3 In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings, instant message logs and email and Internet access logs), if and to the extent permitted by applicable laws.  In these circumstances, the data may be collected by the Company or a third party provider of the relevant service.  This type of data is generally not accessed on a routine basis but access is possible.  Access may occur, for instance, in situations where the Company is investigating possible violations of Company policies such as those relating to travel and expense reimbursement, use of the Company's systems, or employee conduct generally, or where the data are needed for compliance or customer purposes.  More frequent access to such data may occur incidental to an email surveillance program, if and to the extent permitted by applicable laws.


6.4 Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated.  Failure to provide any mandatory information will mean that we cannot carry out certain HR processes.  For example, if you do not provide us with your bank details, we will not be able to pay you.  In some cases it may mean that we are unable to continue with your employment or engagement as the Company will not have the personal data we believe to be necessary for the effective and efficient administration and management of our relationship with you.


6.5 Apart from personal data relating to you, you may also provide the Company with personal data of third parties, notably your dependents and other family members, for purposes of HR administration and management, including the administration of benefits and to contact your next of kin in an emergency.  Before you provide such third party personal data to the Company you must first inform these third parties of any such data which you intend to provide to the Company and of the processing to be carried out by the Company, as detailed in this Data Privacy Notice.


7. What are the purposes for which data are processed?


7.1 Your personal data are collected and processed for business purposes, in accordance with applicable laws and any applicable collective bargaining agreements.  Data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (eg in investigations or disciplinary proceedings). 


7.2 We may collect and process your personal data for purposes including:-
7.2.1 Recruitment and selection including:-
7.2.1.1 To assess your suitability to work for us including short listing, agreements and interviews;
7.2.1.2 To conduct pre employment checks including verification of your identity, checking your legal right to work and checking references;
7.2.1.3 To compare you with other applicants and make a decision whether to offer you employment;
7.2.1.4 To consider any reasonable adjustments either for the recruitment process or if you were to commence employment with us in the event you have a disability;
7.2.1.5 To make a job offer and provide a contract of employment;
7.2.1.6 Preparing to bring you on board as an employee where you accept an offer of employment from us.  In this case we will customise to make sense of the information gathered during recruitment for the purpose of your employment and will transfer some of this to our employment systems and files;
7.2.1.7 To contact you if you are not successful in your initial application but agree to be contacted should another potentially suitable vacancy arise; and
7.2.1.8 To deal with any query, challenge or request for feedback received in relation to our recruitment decision; 


7.2.2 Training, development, promotion, career and succession planning and business contingency planning;
7.2.3 Providing and administering remuneration, benefits and incentive schemes and reimbursement of business costs and expenses and making appropriate tax and social security deductions and contributions;
7.2.4 Allocating and managing duties and responsibilities and the business activities to which they relate, including business travel;
7.2.5 Identifying and communicating effectively with staff;
7.2.6 Managing and operating appraisal, conduct, performance, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions;
7.2.7 Consultations or negotiations with elected trade union representatives;
7.2.8 Conducting surveys for benchmarking and identifying improved ways of working and employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results);
7.2.9 Processing information about absence or medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and conduct related management processes;
7.2.10 for planning, managing and carrying out restructuring or redundancies or other change programmes including appropriate consultation, selection, alternative employment searches and related management decisions;
7.2.11 Operating email, IT, internet, social media, HR related and other company policies and procedures.  To the extent permitted by applicable laws, the company carries out monitoring of the Company's IT systems to protect and maintain the integrity of the Company's IT systems and infrastructure; to ensure compliance with the Company's IT policies and to locate information through searches where needed for a legitimate business purpose;
7.2.12 Satisfying our regulatory obligations to supervise the persons employed or appointed by the Company to conduct business on its behalf, including preventing, detecting and investigating a wide range of activities and behaviours, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities;
7.2.13 Protecting the private, confidential and proprietary information of the Company, its employees, its clients and third parties;
7.2.14 Complying with applicable laws and regulation (for example maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulation to which the Company is subject in the conduct of its business);
7.2.15 Monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti discrimination laws;
7.2.16 Planning, due diligence and implementation in relation to a commercial transaction or service transfer involving the Company that impacts on your relationship with the Company for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules;
7.2.17 For business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images;
7.2.18 To operate the relationship with third party customer and suppliers including the disclosure of relevant information in line with the contractual requirements and standards of production and operation required by our customers or disclosure of information to data processors for the provision of services to the Company;
7.2.19 Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances;
7.2.20 To support HR administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement;
7.2.21 To comply with reference requests where the Company is named by the individual as a referee;
7.2.22 To set and change access permissions;
7.2.23 To provide technical support and maintenance for HR information systems;
7.2.24 To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you;
7.2.25 To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside the UK; and
7.2.26 For other purposes permitted by applicable laws, including legitimate interests pursued by the Company where these are not overridden by the interests or fundamental rights and freedoms of staff and where these have been explained to you before the relevant data is collected or the processing is carried out.


7.3 Special categories of data may be collected and processed by the Company for the following purposes:-
7.3.1 Documentation such as passports, work permits, details of residency, proof of citizenship will be processed to assess and review eligibility to work in the UK;
7.3.2 Your racial or ethnic origin, religion, philosophical or political belief, sexual orientation or disability status may be used for the collection of statistical data subject to applicable laws, or where required to record such characteristics to comply with equality and diversity requirements of applicable local legislation or to keep the Company's commitment to equal opportunity under review;
7.3.3 Health and medical information may be used to comply with employment, health and safety or social security laws.  For example to provide statutory incapacity or maternity benefits, avoid breaching legal duties to you, to ensure fair and lawful management of your employment, avoid unlawful termination of your employment, to administer the Company's private medical and long term disability schemes, to make reasonable accommodations or adjustments and avoid unlawful discrimination or dealing with complaints arising in this regard;
7.3.4 Trade union membership may be recorded to ensure that you receive any relevant rights that you may have in connection with any Trade Union membership, as required to enable us to meet our obligations under employment law, or in order to operate trade union subscription check off at your request;
7.3.5 Information regarding your racial or ethnic origin, religion, philosophical or political belief, sexual orientation, sexual life and sexual orientation may be used in the event of a complaint under the Company's grievance, whistleblowing, anti bullying and harassment or similar policies where such characteristics or information are relevant to the particular complaint, in order to comply with employment law obligations;
7.3.6 Biometric data may be used to provide you with access to our buildings on site and to ensure the security of the Company's buildings and operations.


7.4 Additional information regarding specific processing of personal data may be notified to you locally or as set out in applicable policies.


8. Legal bases for processing


8.1 Personal data
8.1.1 Whenever the Company processes your personal data we do so on the basis of a lawful condition for processing.  Processing of special categories of data is always justified on the basis of an additional lawful condition.
8.1.2 In the majority of cases, the processing of your personal data will be justified on one of the following bases:-
8.1.2.1 The processing is necessary for compliance with a legal obligation to which the Company is subject (for example, disclosing the information to HMRC, making statutory payments, avoiding unlawful termination, avoiding unlawful discrimination, meeting statutory record keeping requirements or health and safety obligations); or
8.1.2.2 Where there is no legal obligation we will process your data where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (for example collecting bank details to pay your salary or processing information to provide you with the contractual benefits you are entitled to).
8.1.2.3 Where the above two grounds at 8.1.2.1 or 8.1.2.2 do not apply we may process your personal data where the processing is necessary for the legitimate interests pursued by the Company (being those purposes described in the section above), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (for example reviewing your performance at work).
8.1.3 We may on occasion process your personal data for the purpose of legitimate interests pursued by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
8.1.4 In exceptional circumstances where we have no legitimate interest in processing but you ask us to process data for a particular purpose we may carry out the processing on the basis of your consent (for example if you ask us to provide pay information to a bank for a mortgage application made by you).  Where we rely on this we will make this clear at the time.


8.2 Special categories of data


8.2.1 The special categories of personal data that may be processed by the Company are set out in this Data Privacy Notice.  Where we process special categories of data it will be justified by a condition set out at 8.1.2 above and also by one of the following additional conditions:
8.2.1.1 The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or the Company in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
8.2.1.2 The processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
8.2.1.3 The processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency);
8.2.1.4 The processing is necessary for purposes authorised by applicable law.  This includes as provided under the Data Protection Act 2018.
8.2.1.5 The processing is necessary for the establishment, exercise or defence of legal claims; or
8.2.1.6 In exceptional circumstances the processing is carried out subject to your explicit consent (as explained below).
8.2.2 We may seek your consent to certain processing which is not otherwise justified under one of the above bases.  If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit.  Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent.  You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from the Company. 


9. Automated decision making and profiling


9.1 We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing should this position change.


10. Retention of personal data


10.1 The Company endeavours to ensure that personal data are kept as current as possible and that irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable. 


10.2 The Company's general approach is to only retain personal data for as long as is required to satisfy the purpose for which it was collected by us or provided by you.  This will usually be the period of your employment/contract with us plus the length of any applicable statutory limitation period following your departure, although some data, such as pension information, may need to be kept for longer.  We may keep some specific types of data, for example, tax records, for different periods of time, as required by applicable law.  However, some personal data may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
 Please refer to the Data Retention Policy, available in the employee handbook.


11. Disclosures of personal data


11.1 Within the Company, your personal data can be accessed by or may be disclosed internally on a need to know basis to:
11.1.1 Human Resources, including managers and team members;
11.1.2 Members of the management team responsible for managing or making decisions in connection with your relationship with the Company or when involved in an HR process concerning your relationship with the Company;
11.1.3 System administrators; and
11.1.4 Where necessary for the performance of specific tasks or system maintenance by staff in the Company teams such as the Finance and IT Department


11.2 Certain basic personal data, such as your name, location, job title, contact information, employee number and any published skills and experience profile may also be accessible to other employees.  The security measures in place within the Company to protect your data are set out below.
11.3 Your personal data may also be accessed by third parties whom we work together with (including without limitation, Healthshield, BUPA, NGA ResourceLink, Integral OH, Punter Southall, Royal London, HMRC and their associated companies and sub contractors) for providing us with services, such as hosting, supporting and maintaining the framework of our HR information systems. 
11.4 Personal data may also be shared with certain interconnecting systems such as our payroll and system.  Data contained in such systems may be accessible by providers of those systems, their associated companies and sub contractors. 
11.5 Examples of third parties with whom your data will be shared include tax authorities, regulatory authorities, the Company's insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of the Company's benefits programs.  The Company expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security. 
11.6 Where these third parties act as a "data processor" (for example a payroll provider) they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes.  In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services. 
11.7 In addition, we may share personal data with customers or national authorities in order to comply with a legal obligation to which we are subject.  This is for example the case in the framework of imminent or pending legal proceedings or a customer or statutory audit. 


12. Security of data


12.1 The Company is committed to protecting the security of the personal data you share with us.  In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.  The Company uses a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.
12.2 A number of the measures that we use to protect information are set out in our GDPR Policy.
12.3 If you are in possession of personal data of any kind (eg data collected in emails, address books, Excel spreadsheets or contained in curricula vitae or elsewhere) you must ensure that the data are kept in a safe place where unauthorised access cannot occur.  Where data is retained in hard copy, storage in a locked drawer or cabinet, accessible only to authorised individuals, is generally the most effective means of securing the data.  Where data is kept in electronic form, appropriate password protection and appropriately secured areas should be used.  You must comply with the security obligations contained in the Company's policies or procedures communicated to you.
12.4 You should not create, copy or export personal data relating to any other person outside of official company storage locations and systems except where necessary for a specific authorised and lawful purpose under this Data Privacy Notice.  In this event appropriate measures must be taken to protect the confidentiality and integrity of the data during the processing.  Once the relevant processing is complete, steps should be taken to store or return the relevant data within the official storage locations/systems with all less formally held records (e.g. local folders, hard copies, emails saved outside of formal manged folders) securely erased.


13. INTERNATIONAL Transfer of Personal Data


13.1 From time to time your personal data (including special categories of personal data) may be transferred to third parties (e.g. service providers or regulators as set out above), who may have systems or suppliers located outside the European Union and whose data protection laws may be less stringent than those in the UK. 
13.2 The Company will ensure that appropriate or suitable safeguards are in place to protect your personal information and that transfer of your personal information is in compliance with applicable data protection laws. 
13.3 Where required by applicable data protection laws, the Company has ensured that service providers (including other Company associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant Company exporter.  You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting HR@dawnfresh.co.uk
13.4 You have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards used.  Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.


14. Your rights as a data subject


14.1 Right to access, correct and delete your personal data


14.1.1 The Company aims to ensure that all personal data are correct.  You also have a responsibility to ensure that changes in personal circumstances (for example, change of address and bank accounts) are notified to the Company so that we can ensure that your data is up to date. 
14.1.2 You have the right to request access to any of your personal data that the Company may hold, and to request correction of any inaccurate data relating to you.  You furthermore have the right to request deletion of any irrelevant data we hold about you. 


14.2 Data portability
 Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal data is processed by automatic means, you have the right to receive all such personal data which you have provided to the Company in a structured, commonly used and machine readable format, and also to require us to transmit it to another controller where this is technically feasible.


14.3 Right to restriction of processing:
 You have the right to restrict our processing of your personal data where:
14.3.1 You contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
14.3.2 Where the processing is unlawful but you do not want us to erase the data;
14.3.3 Where we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
14.3.4 Where you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether the Company has compelling legitimate grounds to continue processing.
 Where personal data is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise or defence of legal claims.
14.4 Right to withdraw consent
 Where we have relied on your consent to process particular information and you have provided us with your consent to process data, you have the right to withdraw such consent at any time.  You can do this by contacting your local Human Resources contact.  It will only however be rarely that we rely on your consent to process personal data for your employment or engagement.
14.5 Right to object to processing justified on legitimate interest grounds
 Where we are relying upon legitimate interest to process data, then you have the right to object to that processing.  If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims.  Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
14.6 Right to complain
 You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. 
14.7 For further information regarding your rights, or to exercise any of your rights, please contact HR@dawnfresh.co.uk. 


15. Additional Data Privacy Notices


 We may undertake certain processing of personal data which are subject to additional Data Privacy Notices and we shall bring these to your attention where they engage.


16. Notice of changes


16.1 The Company may change or update this Data Privacy Notice at any time. 
16.2 Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated the Data Privacy Notice so that you know which information we process and how we use this information. 
16.3 This Data Privacy Notice was last updated and reviewed on 15th May 2018.