Employee privacy notice
Reynolds Porter Chamberlain LLP (ICO registration Z6620421) herein referred to as “RPC LLP”/“we”/“us”/“our” is a data controller responsible for processing the personal data you provide to us.
RPC LLP is committed to managing personal data securely and effectively. We will only keep the personal data required to undertake our business processes and will only share or transfer the data you provide us for the purposes outlined below.
Our data protection policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation and applicable national law.
What information do we collect and from whom?
We collect and process personal data about you when you apply for a job with us, as we process you becoming an employee or partner and throughout your time working for us.
We may also collect personal data about you from third parties in the course of verifying your employment history and obtaining references or through your participation on events or training courses. The personal data we process includes:
- your name, home address and phone number;
- your photograph;
- your qualifications;
- your job title, salary, benefits and bank details;
- your next of kin and dependents;
- your racial or ethnic origin or religion or similar information;
- your work history and performance;
- results of tests such as psychometric tests, training results or exams undertaken, where relevant;
- your absence, physical and mental health;
- your access to and use of our network, systems and facilities, including your browser history;
- your IP address and information related to any device you use to access our systems or communicate on business matters;
- monitoring your use of telephones (mobile, voicemail and SMS), email and other messaging systems;
- your username and password when accessing restricted website content;
- information relating to the commission of criminal offences and proceedings for such offences;
- any other information you may provide.
We will also process data we receive from you, data that is publicly available and data from third parties such as referees and background checking services.
How do we use this information and what is the legal basis for this use?
We process the personal data listed in the above section for the following purposes:
- selecting and recruiting new employees, including verifying qualifications, employment history and suitability for the role;
- as required to establish and fulfil a contract of employment with you. This may include verifying your identity, undertaking due diligence or background checks, paying you and communicating with you. We require this information in order to enter into a contract with you and are unable to do so without it;
- to manage your benefits, including bonuses, healthcare and pensions;
- to comply with applicable law and regulation, including to monitor compliance with equal opportunities legislation;
- in accordance with our legitimate interests in managing and protecting RPC LLP's business interests and legal rights including but not limited to use in connection with monitoring performance and security of IT systems;
- to assess and manage your performance and fitness to work;
- to support any disciplinary or legal proceedings if you are found in breach of your contract;
- to promote our services to clients, including posting business contact details and photos on our website or in client promotional literature, in accordance with our legitimate interests;
- to manage our relationship with you and correspond with you, in accordance with our legitimate interests;
- to manage risk for RPC LLP;
- to respond to any issues, complaints or grievances we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website, our services or your employment;
- we may use your information to invite you to take part in research or surveys, according to our legitimate interests.
With whom and where will we share your personal data?
RPC LLP may share your personal data with other RPC Businesses for the purposes of proper and effective management of their businesses. Such purposes include finance and HR purposes as well as background checks and compliance with applicable legal and regulatory requirements. Further information about the RPC Businesses may be found on our website (www.rpc.co.uk) in the section headed "Legal and regulatory notices".
We may also share the personal data you provide with the below third parties where this is necessary for legal or regulatory reasons and to facilitate us to provide our services to you or our clients and undertake our business processes. These third parties may include:
- our professional advisors such as our auditors and external legal and financial advisors;
- barristers, solicitors, other legal representatives and experts engaged in a matter in which we are acting, which may include foreign law firms;
- to undertake background checks;
- our suppliers, business partners and sub-contractors; (including IT service suppliers and cloud platform service providers);
- government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws;
- to entities providing feedback and legal ranking services.
Personal data may also be shared with third party service providers who will process it on behalf of the RPC Businesses for the purposes above.
These may include cloud platform service providers.
In the case of sensitive data such as health, racial or ethnic origin or criminal offences, information will only be disclosed to third parties on a confidential and limited basis.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.
We may share your personal data in accordance with this privacy notice with third parties located in a place other than the RPC Business you customarily deal with.
How long will you keep my personal data?
We will not keep your personal information for any purpose(s) for longer than is necessary and we will only retain the relevant personal information that is necessary in relation to the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
- We will retain information relating to any job application for as long as it takes to process your application and, if it is unsuccessful, for an additional period of around 6 months unless you agree to us retaining it for a longer period. In the case of graduate recruitment we will keep information for up to two years from the scheme entry date applied for.
- We will keep employee and contractor files for seven years from the date employment with us ends or longer in the event of any dispute or legal proceedings. We may retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any disposal to take place.
Where is my data stored?
The personal data that we collect from you may be stored on a mix of RPC and various cloud provider platforms and may be transferred to, and stored outside the European Economic Area (EEA). It may also be processed by staff operating outside of the EEA who works for us, for one of the RPC Businesses or for one of our suppliers. Where we do so, the third party's country data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.
Where such transfers occur, we ensure the confidentiality and protection of all data is preserved through compliance with legal requirements and the current Data Protection legislation. This is managed by all RPC Businesses, including those outside of the EEA by entering into Data Transfer Agreements with each other, which all contain the model clause agreements approved by the relevant regulatory authority. Data encryption, integrity and confidentiality are enforced by following best practice. RPC also ensures that cryptographic controls are implemented following industry best practice, through the use of VPN tunnels, TLS and by conducting regular testing.
What are my rights in relation to my personal data?
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data if you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.
Where can I find more information about how RPC businesses handle my data?
If you have any queries please contact us on firstname.lastname@example.org or by writing to Reynolds Porter Chamberlain LLP, Tower Bridge House, St Katharine's Way, London E1W 1AA. You can also contact your local HR or recruitment manager.
If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/
This privacy notice may be amended from time to time. You may access and obtain a copy of this privacy notice at any time from www.rpc.co.uk/privacy-policy/employee-privacy-notice so that you are always informed of the way we collect, use, store and handle personal data.
 The RPC Businesses are a network of affiliated firms, comprising Reynolds Porter Chamberlain LLP and Reynolds Porter Chamberlain Consulting LLP in England, Reynolds Porter Chamberlain in Hong Kong, RPC Premier Law Pte Ltd in Singapore and RPC France SAS in France.