Employee Privacy Policy

Let’s start with introductions.

Your privacy is important to us. When we process your personal data we comply with UK GDPR and the Data Protection Act 2018, together with other relevant data protection and privacy legislation.

Your personal data includes all the information we hold that identifies you or is about you. More information about the types of personal data we collect from you is set out below.

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We will comply with the relevant legislation to make sure that your information is properly protected and used appropriately.

This privacy notice provides information about the personal data we process, why we process it and how we process it. This privacy notice applies to current and former employees, workers and contractors. It does not form part of any contract of employment or other contract to provide services.

Privacy and data protection are ever changing and enhancing the rights of individuals. As such, we review how we use personal data, and we may update this privacy notice from time to time to reflect changes in applicable laws or the way we use your personal data. The privacy notice displayed on this page is always the most up to date version.

We would encourage you to re-visit our privacy notice from time to time so that you are aware of any relevant updates we have made.

Our company registration

Coopland & Son (Scarborough) Limited is a company incorporated in England and Wales with registered company number 00465947 and with a registered office address at Caxton Way, Pindar Business Park, Eastfield, Scarborough, North Yorkshire, YO11 3YT. Throughout this notice, when we use terms like ‘we’, ‘us’, ‘our’, or even ‘Cooplands’, we’re referring to Coopland & Son (Scarborough) Limited.

Our data protection registration

We are the organisation that is responsible for the processing of your personal data (or the ‘controller’ for the purposes of the data protection) and, as such, we are registered with the UK’s data protection supervisory authority the Information Commissioner’s Office (the “ICO”).

The details of our registration with the ICO are:

Data Controller Name: Coopland & Son (Scarborough) Limited

Registration number: Z5443704


Our Privacy & Data Protection team

If you ever have a query about how we’re handling your personal data, or you want to exercise a right in relation to your information (as set out below), there’s a number of ways you can contact our team.

You can write to us at: Coopland & Son (Scarborough) Ltd, Caxton Way, Pindar Business Park, Eastfield, Scarborough, North Yorkshire, YO11 3YT

If you prefer to email: info@cooplands-bakery.co.uk

If talking is more your thing, call us on 01723 585222


How do we categorise the information we collect about you?

We may collect, use, store and transfer the following kinds of personal data about you:

Identity Information

Information specifically related to your identity which includes including your first, middle and last names, maiden name, marital status, title, date of birth, gender, National Insurance number and other recognised official identity documents.

Contact Information

Information including your home address, personal email address, telephone numbers and social media handles.

Salary Data

Information required to facilitate the payment of your salary including your bank account details, National Insurance number, payroll records, tax status, salary, pension and benefits information including life assurance and ill health cover.

HR Data

Information including your start date, annual leave, leaving date and reasons for leaving, copy of your driving licence/passport, recruitment information (including copies of right to work documentation, references and, skills and qualities other information included in a CV or cover letter or as part of the application process), education and employment records (including job titles, work history, working hours, place of work, holidays, training records and professional memberships), performance information, accident records, maternity and paternity information, disciplinary and grievance information, photographs, next of kin, emergency contact, information about your dependants, death in service information.

Sensitive Information

There are instances where we may be required to collected sensitive or special category data including information about your race or ethnic origin, health and any medical conditions, health and sickness records, criminal records checks and details about any absences (other than holidays) from work including time on statutory parental leave and sick leave.


How we may collect your personal data. 

We collect personal data about you either directly from you or from an employment or recruitment agency. We may sometimes collect additional information from third parties including former employers, educational organisations or public agencies/publicly available sources.

We will collect additional personal data about you in the course of job-related activities while you are working for us.


Being transparent about our personal data processing.

We process your personal data for HR, employment and administrative purposes. We need your personal data to make sure you have all you need to be able to work at Cooplands, to make sure you are safe and secure at work and to make sure you receive all the benefits to which you are entitled.

We process Identity Data, Contact Data, Salary Data, HR Data on a combination of grounds, including where we need to process the information to perform the contract we have entered into with you, where we need to comply with a legal obligation and where it is necessary for our legitimate interests to process your information and your interests and fundamental rights do not override those interests. The purposes for which we process Identity Data, Contact Data, Salary Data and HR Data include:

  • Making a decision about your recruitment or appointment (Legitimate Interest);
  • Determining the terms on which you work for us (Legitimate Interest);
  • Paying you and, if applicable, deducting tax and National Insurance contributions (Legal Obligation);
  • Providing benefits to you (Contractual Requirement);
  • Enrolling you in a pension arrangement (Legal Obligation);
  • Administering the contract we have entered with you (Contractual Requirement;
  • Business management and planning (Legitimate Interest);
  • Conducting performance reviews, managing performance and determining performance requirements (Contractual Requirement);
  • Making decisions about salary reviews and compensation (Contractual Requirement and Legitimate Interest);
  • Assessing qualifications for a particular job or task, including decisions about promotions (Legitimate Interest);
  • Gathering evidence for possible grievance or disciplinary hearings (Legitimate Interest);
  • Making decisions about your continued employment or engagement (Legitimate Interest);
  • Making arrangements for the termination of your employment (Legal Obligation and Legitimate Interest);
  • Education, training and development requirements (Legitimate Interest);
  • Dealing with legal disputes (Legal Obligation);
  • Ascertaining your fitness to work-(Legal Obligation);
  • Managing sickness absence (Legal Obligation);
  • Complying with health and safety obligations (Legal Obligation) ;
  • Monitoring your use of our information and communications systems to ensure compliance with our IT policies (Contractual Requirement and Legitimate Interest);
  • Ensuring networking and information security (Legitimate Interest); and
  • Equal opportunities monitoring and to report on gender pay gaps (Legal Obligation).

Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

We are required to have further justification to process Sensitive Information about you. In most scenarios, we will process your Sensitive Information where we need to carry out our legal obligations or exercise rights in connection with your employment. We may also process Sensitive Information about you where it is necessary in relation to legal claims. In limited circumstances, we may process Sensitive Information on the grounds of your consent.

Some of the reasons for which we process Sensitive Information include:

  • Ensuring your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and health insurance; and
  • We will use information about your race or national or ethnic origin to ensure meaningful equal opportunity monitoring and reporting.

If you fail to provide personal data

  • If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as ensuring the health and safety of our workers).

When we share your personal data.

We only transfer your personal data to the extent we need to as part of your employment with us.

Recipients of your personal data include:

  • payroll providers;
  • insurers;
  • banks;
  • HMRC;
  • storage and archive providers;
  • pension brokers and providers;
  • healthcare providers;
  • the hosted data centre we use;
  • third parties that provide benefits and perks to you;
  • providers of online systems and platforms that we use;
  • third parties holding events that you wish to attend;
  • legal advisers to the extent they need to see your personal data to provide us with legal advice; and
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice; an

We do not transfer your personal data outside of the EEA.

The security of your personal data.

Unauthorised access.

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Specific access.

We limit access to your personal data to those employees, agents, contractors and other third parties who have been authorised to access your personal data.


We have put in place procedures to deal with any suspected personal data breach and will notify you and the appropriate supervisory authority of a breach where we are legally required to do so.

How long we keep personal data.

Following termination of your employment, your file will be securely archived at the next available opportunity. We will retain your personal data for seven years from the date your file is archived. We retain your information for this period in case any issues arise following the end of your employment or in case you have any queries about the period in which you were employed by us. Your information will be kept securely at all times in line with our policies that relate to data protection and IT security. Following the end of the seven-year period, your files and personal data we hold about you will be permanently deleted or destroyed.

You have rights when it comes to your personal data.

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them, if we believe that is the case upon receipt of a request from you we will let you know.

  1. Access to your data

You have the right to ask us to confirm that we process your personal data, as well as access to and copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.

2. Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information.

3. Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you.

4. Right to restrict processing

In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we do not have to delete it.

5. Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller.

6. Right to object

You are entitled to object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
  • for direct marketing purposes (including profiling); and/or
  • for the purposes of scientific or historical research and statistics.

We do not intend to use your personal data to send you direct marketing nor for scientific or historical research and statistics.

Automated decision making

Automated decision making means making a decision solely by automated means without any human involvement.

We do not carry out any automated decision making using your personal data.

What to do when things don’t go as planned.

The UK’s supervisory authority is the Information Commissioners Office.

Postal Address:

Information Commissioner, Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Web: https://ico.org.uk/make-a-complaint/

Telephone: 0303 123 1113

If you’d like more information about this privacy notice.

If you have any queries about this privacy notice, please feel free to get in touch with our Privacy & Data Protection team and we will do our best to answer your questions.

This Privacy Notice is effective from the May 2022.