GDPR Fair Processing Notice

Issue No: 1 – Issue Date: 23/05/2018 WagesbyNet Ltd

1. Scope

All data subjects whose data is processed by WagesbyNet Ltd.

2. Responsibilities

The Data Protection Officer/GDPR Owner is responsible for ensuring that this notice is placed in front of potential data subjects who will be employed by WagesbyNet Ltd prior to collecting/processing their personal data. This notice will be provided upon request to a client for the transfer of data pertaining to payroll & pension outsourcing contract agreement between WagesbyNet Ltd and the client who has outsourced their payroll function. The Data Controller (Client) must ensure that their GDPR Fair Processing Notice has been placed in front of a potential data subject when collecting data for payroll and pension setup.

3. Fair Processing Notice

The personal data we collect will be used for the following purposes (or part thereof):

  • Fully managed payroll and pension outsourcing on behalf of the client.
  • Internal personnel records for staff of WagesbyNet Ltd.
  • Email notifications to advise business owners/authorised payroll contacts of specific payroll duties, legislation of changes in services.
  • Notification to HMRC, DWP and any regulatory authority deemed as lawful and correct.

By consenting to this, you are giving us permission to perform those actions. You may withdraw consent at any time by emailing admin@wagesbynet.com

What is personal data?

Under the EU’s General Data Protection Regulation Personal Data is defined as “any information relating to an identified or identifiable natural person (‘data subject’; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person”. Special categories of Personal Data Certain data are classified under the Regulation as “special categories”:

  • Racial
  • Ethnic origin
  • Political opinions
  • Religious beliefs
  • Trade‐union membership
  • Genetic data
  • Biometric data
  • Health data
  • Sexual orientation
  • Data concerning a natural person’s sex life

Consent is required for WagesbyNet Ltd to process personal data. WagesbyNet Ltd at the time of writing does not collect ‘special category’ personal data. If we request ‘special category’ personal data we will always tell you why and how the information will be used. Why does WagesbyNet Ltd need to collect and store personal data? WagesbyNet Ltd is:

  • An employer (Data Controller)
  • As an employer it is necessary to hold relevant information relating to its own employees for personnel records, payroll and pension processing and health and safety. As such, WagesbyNet Ltd is Data Controller under GDPR.
  • An outsourced payroll and pension provider for businesses in the UK (Data Processor)
  • As an outsourced payroll and pension provider, it is necessary to hold relevant information relating to the employees of the companies that it has a contract with. As such, WagesbyNet Ltd is Data Processor and the client will remain Data Controller.

WagesbyNet Ltd will act on behalf of the client and use the employers’ data, so that it can:

  • Add new and maintain employee data held within the payroll software
  • Process and calculate pay
  • Process and calculate pension calculations
  • Process Attachment of Earnings Orders
  • Report to HMRC liabilities and perform EPS/FPS
  • Keep employee and employer pension scheme records up to date
  • Setup and provide an ePayslip or Online Payslip & P60 service
  • Provide help‐desk support to a client’s employees if requested
  • Keep Department of Work & Pensions up to date with employee records
  • Liaise and make available employee data under legislation such as Child Maintenance Service, Court Orders and any other legal or regulatory requirements
  • Make BACS and Autopay transactions to pay employee wages

4. Document Owner and Approval

The Data Protection Officer/GDPR Owner is the owner of this document and is responsible for ensuring that this procedure will be reviewed in line with the review requirements of the GDPR. A current version of this document is available to members of WagesbyNet Ltd staff on the internal shared document area. This procedure was approved by the Director of WagesbyNet Ltd and is issued on a version‐controlled basis under his signature.