Skip to main content

Looking for consumer products? Gardens and Driveways

Employee privacy notice

The Purpose of this Document


1.1 We take your privacy seriously. This notice sets out your privacy rights and how we gather, use and share personal data about you during and after your working relationship with us, in
accordance with the General Data Protection Regulation (EU) 2016/679, as well as other data protection and privacy laws and separate UK data protection law as may be updated or replaced
from time to time.


1.2 It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that
you are aware of how and why we are using such information. We will update this notice if we make any significant changes affecting how we use your personal data, and if so, we will contact you to let you know about the change.


2 About us


2.1 We are what is known as the 'controller' of personal data we gather and use. When we say 'we', `our’ or 'us' in this notice, we are referring to Marshalls plc and its group companies, including without limitation Marshalls Group Limited, Marshalls Mono Limited, Marley Limited and Viridian Solar Limited, and all subsidiary companies of Marshalls plc.


2.2 This notice does not form part of your contract and it may be amended at any time.


3 Your Privacy Rights


3.1 You have various rights in respect of the personal data we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, please contact the Data Protection Executive at dataprotection@marshalls.co.uk.


(a) Right to object: You can object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. Please contact us as noted above, providing details of your objection.


(b) Access to your personal data: You can request access to a copy of your personal data that we hold, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing to the Data Protection Executive.


(c) Consent: Most of the time, we won't need your consent to use your personal data as we will be using it only to fulfil our obligations and exercise our rights as an employer. There are limited circumstances where we may ask for your consent to process your information. Where you have given us your consent to use personal data, you can
withdraw your consent at any time. Please see paragraph 10 (Our Legal Basis for Using your Personal Data) below.
 
(d) Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.


(e) Erasure: You can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. Please be aware that we may have legal obligations to retain employee records for a certain period after your employment: please see paragraph 12 (Data Retention) below for more information. Where we are required by law to keep certain information, we will be unable to delete such information.


(f) Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.


(g) Restriction: You can ask us to restrict the personal data we use about you where you have asked for it to be erased or where you have objected to our use of it.


(h) No automated-decision making: Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless (i) you have given us your consent (ii) it is necessary for a contract between you and us, or (iii) is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out automated decision-making in connection with your employment, but we will notify you in advance if this changes.


4 What kinds of Personal Data do we Use?


4.1 In the course of our working relationship with you, we will collect, store, and use the following categories of personal data about you:


(a) Personal contact details such as name, job title, home addresses, telephone numbers, and personal email addresses.


(b) Date of birth.


(c) Gender.


(d) Marital status and information about your dependants.


(e) Next of kin and emergency contact information.


(f) National Insurance number.


(g) Bank account details, payroll records and tax status information.


(h) Salary, annual leave, pension and benefits information.


(i) Employment start date.


(j) Location of employment or workplace.


(k) Identification information (including a copy of driving licence, passport and utility bills).


(l) Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).


(m) Employment records (including job titles, work history, working hours, training records and professional memberships).


(n) Compensation history.


(o) Performance information.


(p) Disciplinary and grievance information.


(q) CCTV footage and other information obtained through electronic means such as swipe card records.


(r) Information about your use of our information and communications systems (including email).


4.2 Some kinds of personal data are given special protection by the law – these are called 'special category' data. We will sometimes collect, store and use the following types of 'special category' personal data:


(a) Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.


(b) Trade union membership.


(c) Information about your health, including any medical condition, health and sickness
records.


(d) Genetic information and biometric data (for example, photographs and images captured by our CCTV system).


(e) Information about your criminal convictions and offences (from, for example, checks from the Disclosure and Barring Service).


5 How We Gather your Personal Data


5.1 We will obtain your personal data in different ways:


(a) directly from you, for example when you fill out an application;


(b) during the application and recruitment process, from an employment agency or background check provider, your former employers and credit reference agencies;


(c) from monitoring emails, internet and telephone usage and when we use CCTV in line with our Acceptable Use Policy, Social Media Policy and any CCTV notices at our premises.


6 How We Use your Personal Data


6.1 To summarise, we process your personal data for the following key purposes:
 
(a) primarily, so that we can fulfil our contractual obligations and legal obligations to you as your employer (for example, to pay you and provide benefits to you) and to exercise our legal rights;


(b) to comply with our legal obligations and regulatory requirements which we are subjected to as a company regulated by the Financial Conduct Authority (for example, the requirement to conduct thorough background checks on employees to ensure that they are "fit and  proper");


(c) some processing may be required for the public interest (for example, the sharing of information (which may include your personal data) with law enforcement agencies may be required for national security purposes); and


(d) to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests, or where necessary to protect the interests of you or others (for example, monitoring misuse of our IT systems).


6.2 More detail about how we use your personal data, as well as the categories of personal data involved, is set out in the Appendix.


7 How We Use Particularly Sensitive Personal Data


7.1 Special protection is given to certain kinds of personal data that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, and trade union membership.


7.2 We use this personal data primarily to comply with our legal obligations (including in respect of health and safety), for equal opportunity monitoring, to determine diversity within our workforce, to manage sickness and administer your benefits.


7.3 We may also process special categories of personal data about you for the following key purposes:


(a) as necessary for the purposes of carrying out the obligations of being your employer (for example, our obligations to provide certain benefits to you may involve the processing of your health information) and to exercise our rights as your employer;


(b) we may require to process special categories of information about you in the establishment, exercise or defence of legal claims (for example, in the context of an employment tribunal case or a personal injury claim); and

(c) for reasons of substantial public interest.


7.4 We may also be required to process information about any criminal convictions you may have when conducting background checks from the Disclosure and Barring Service.


7.5 More detail about how we use special categories of personal data and information about criminal convictions, as well as the categories of personal data involved, is set out in the Appendix.


8 If You Fail to Provide Personal Data


8.1 In some cases, if you fail to provide information when requested, we may not be able to perform the contract we have entered into with you fully (such as paying you or providing benefits), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our staff). This can have consequences in terms of your continued employment with us.


9 Monitoring


9.1 It is necessary for us monitor our staff in various ways in order to ensure safety and security and protect our staff. We monitor our staff in the following ways:


(a) staff may be captured by CCTV systems: we use the personal data collected from CCTV systems for security and disciplinary purposes;


(b) we require to conduct background checks and these may be monitored and renewed on a regular basis;


(c) monitoring use of company devices and email systems to ensure these are used appropriately;


(d) monitoring website access;


(e) monitoring when a member of staff has entered or tried to enter into a secure access area and at what time;


(f) drug and alcohol testing;


(g) equality monitoring.


9.2 We process personal data obtained through such monitoring in accordance with our Data Protection Policy and only carry these activities to the extent it is necessary and proportionate and it is permitted by law (please see the Appendix for more information).


9.3 If you have any concerns in relation to monitoring, please speak to the Data Protection Executive.


10 Our Legal Basis for Using your Personal Data


10.1 We only use your personal data where it is permitted by the laws that protect your privacy rights.


To find out more about the legal bases we rely on to use your personal data, please see the table set out in the Appendix.


10.2 We do not need your consent to use your personal data where the law otherwise allows us to use it. In limited circumstances, we may approach you for your consent to allow us to process certain personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can consider whether you give consent. You have no obligation to give consent if you are asked for it, and if you do give consent you may withdraw it at any time.


11 Sharing your Personal Data With Others


11.1 We will share your personal data with third parties where required by law, or where it is necessary to administer the working relationship with you or where we have a legitimate interest. We will only share your personal data to the extent needed for those purposes.


11.2 We share personal data for these purposes:
 
(a) between Group companies, for example if you transfer from one company to another within the Group;


(b) with government and regulatory bodies, such as the Financial Conduct Authority and the Information Commissioner's Office, where we have a legal obligation to do so (such as to comply with our statutory audit obligations or for the prevention and detection of crime); and


(c) with external providers, such as payroll, pension administration, benefits provision, occupational health and IT services.


12 Data Retention


12.1 We will never retain your personal data for any longer than is necessary for the purposes we need to use it for. Our general data retention procedures are set out in our Data Retention Policy.


12.2 Your emails will be retained for 7 years from the date of the email. Your email account will be retained for 6 months after your employment with us ends. Please see our Data Retention Policy for further information.


13 Transfers Outside the UK


13.1 We may need to transfer your personal data outside the UK to other service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area (EEA).


13.2 We will only transfer your personal information outside the EEA where either:


(a) the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or


(b) we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators, such as the EU style model clauses. Some US providers may also be certified under the EU-US Privacy Shield which confirms they have appropriate measures in place to ensure the protection of your data.


14 Right to Complain


14.1 You can make a complaint to us by contacting the Data Protection Executive at dataprotection@marshalls.co.uk or to the data protection supervisory authority – in the UK, this is the Information Commissioner's Office, at https://ico.org.uk/.


15 Keeping You Up to Date


15.1 We reserve the right to change this notice at any time. Where appropriate, we shall notify data users of this notice of those changes by email or through an announcement posted on the Marshalls intranet. 

 

APPENDIX

The information set out in the below table reflects the most common uses of employee personal data. However, this list is not exhaustive.

 

Purpose for Processing

Categories of Personal Data

Legal Basis

1                  

For the administration of your employment

Full name, date of birth, job title, residential address, email address, telephone number, national insurance number, bank account information, trade union membership.

Performance of a contract and in performance of our obligations and exercise of our rights as your employer

2                  

The recruitment and selection process

Full name, date of birth, residential address, email address, telephone number, national insurance number, CV, employment history and background checks.

Pursuance of our legitimate interests.

3                  

Checking you are legally entitled to work in the UK

Full name, date of birth, passport number.

Compliance with legal obligations.

4                  

Paying you and, if you are an employee, deducting tax and NIC

Full name, date of birth, national insurance number, bank account information.

Performance of a contract.

5                  

Conducting performance reviews, managing performance and determining performance requirements

Full name, job details and performance information.

Pursuance of our legitimate interests to ensure staff are performing well, to help us address any performance issue for compliance with our obligations under our employment contract with you.

6                  

Making decisions about salary reviews and compensation

Full name, job details, salary information and performance information.

Pursuance of our legitimate interests and to comply with our employment contract with you.

7                  

Recording health and safety incidents

Full name, health information (as is relevant to the specific incident, such as injury sustained or any underlying health conditions).

Pursuance of our legitimate interests, in compliance with legal obligations, and as necessary to exercise our rights as your employer.

8                  

Pensions and benefits administration

Full name, date of birth, residential address, national insurance number, pension scheme details.  Some benefits may require us to process health information, although in many cases employees will provide this directly to the benefit provider and not to us.

To comply with our legal obligations as an employer, to perform our contract with you which obliges us to provide you with certain benefits.

9                  

Disciplinary matters, staff disputes, employment tribunals

Full name, job details, performance information and information about the disciplinary matter

To exercise our rights as an employer and possibly in the pursuit or defence of legal claims.

10               

Staff training and development

Full name.

To perform our obligations as an employer to ensure staff are adequately trained, to comply with legal obligations (such as health and safety regulations which require certain roles to have training in first aid) and sometimes in pursuance of our legitimate interests.

11               

Recording of CCTV footage

Photographs and images captured by our CCTV system.

As required for public safety and for public interests.

12               

Monitoring use of company devices and IT systems

Information contained in emails and stored on company devices

It is in our legitimate interests to ensure that devices issued by us are used appropriately; it is also necessary for our legitimate interests in ensuring information security.

13               

Vetting, including background checks, identity checks and driving licence checks

Full name, date of birth, residential address history (including current address), email address, telephone number, national insurance number, details of any criminal convictions and offences.

To comply with legal obligations and as necessary to exercise our rights as an employer.

14               

Assessing our performance against equality objectives as set out by the Equality Act 2010

Information about your race or ethnicity, religious beliefs, sexual orientation, political opinions and trade union membership.

To comply with legal obligations to monitor and measure equal opportunities.

15               

Conducting Employee Engagement and other surveys to assess our own performance from time to time.

Full name, residential address, email address, telephone number (including mobile)

Pursuance of our legitimate interests, to monitor employees’ views on our performance as an employer.
Copyright © 2026 Marshalls.co.uk