Privacy Policy

HR PRIVACY NOTICE

We are Superdry LTD, a company registered in England under company number 07063562, with its registered office at Unit 60 The Runnings, Cheltenham, Gloucestershire, GL51 9NW (referred to in this privacy notice as "we", "us" or "Superdry"). You may be employed or engaged under a subsidiary entity of Superdry LTD (as listed in appendix) and this policy will still apply, the controller of your data will be your employing or recruiting entity.

This privacy notice helps you understand how we use your personal data, who we share it with and what rights you have relating to your personal data.

If you have any questions about this privacy notice or how we handle your personal data please contact HR@superdry.com.

We have appointed a Data Protection Officer (DPO), HelloDPO who can be contacted at the following address: hello@hellodpo.com.

What Personal Data Do We Collect About You?

Throughout your recruitment and employment, we will collect and process personal data about you. This includes the following information:

Basic contact details including full legal name, telephone number, personal email address, and postal address;
Recruitment data including interview notes, assessment results, questionnaire responses, CV and full work history and references from previous employer(s);
Details of salary and benefits, bank/building society, national insurance number and tax information;
Your nationality and immigration status and personal data from related documents, such as your passport or other identification and immigration information;
Details of your spouse/partner and any dependants;
Details of your pension arrangements, and all personal data included in these;
Details of your working patterns, attendance, and annual leave requirements;
Details of your place of work/property;
Performance reviews, appraisals, probation review, and improvement plans;
Contracts of employment or similar, including details of updates to these
Details of any employee relations matters including disciplinary, grievance, performance, investigation, capability, litigation,
Details of your health and wellbeing where relevant to your role, safety, attendance or wellbeing
CCTV images & video
Equality and diversity data including gender, gender identity, age, race, nationality, religious belief and sexuality
Details of professional development training; and
Personal data about your use of our IT, communication, telephone, email, door access and other systems.

What Is Our Lawful Basis For Using Your Personal Data?

When we use your personal data, we must have a lawful reason. This is referred to as a “lawful basis”. The table below sets out the personal data we collect and use about you and the lawful basis we will rely on.

You are required (by law or under the terms of your contract of employment, or in order to enter into your contract of employment) to provide the categories of personal data marked “*”. If you do not provide this personal data, we may not be able to continue to employ you, pay you or provide occupational and statutory benefits.

PERSONAL DATA PURPOSE OF PROCESSING LAWFUL BASIS PROCESSED
Basic contact details including full legal name; telephone number; personal email address; and postal address*	To enter into an employment contract with you	Contractual necessity
	To enable us to send you updates relating to working with us	Contractual necessity
	To enable us to send you any legal or regulatory changes that may affect you, for example changes to tax regulations	Legal obligation
Airport employees only: Details of address history covering the last continuous five years. Continuous references for the last five years, including education and character references.	To undergo additional vetting conducted by the authorities of the specific airport, to allow you to work airside	Contractual necessity
Recruitment data including interview notes, assessment results, questionnaire responses, CV and full work history and references from previous employer(s) (including sensitive personal data regarding unspent criminal convictions) *	To assess your suitability to work for us	Contractual necessity
Details of salary and benefits, bank/building society, national insurance number, and tax information*	To pay you for the work that you do, pay you expenses and pay you annual leave	Contractual necessity
	For us to meet legal requirements around tax and payment	Legal obligation
Your nationality and immigration status and personal data from related documents, such as your passport or other identification and	To demonstrate that you can legally work, while you are employed by us	Legal obligation

immigration information*
Details of your spouse/partner and any dependants	To enable us to contact someone on your behalf in the event of an emergency	Legitimate interests: to take appropriate action in the case of an emergency
Details of your spouse/partner and any dependants	To administer your pension and life assurance benefits in the event of your death in service	Contractual necessity
Details of your pension arrangements, and all personal data included in these *	To administer your pension benefits	Legal obligation Legitimate Interests: to be able to facilitate any occupational pension benefits above legal requirements.
	To comply with our autoenrolment pension obligations	Legal obligation
Details of your working patterns, attendance and annual leave requirements *	To ensure we are meeting Working Time Regulations requirements and you are taking/planning sufficient rest breaks and annual leave	Legal obligation
	To meet flexible working time requests made by you	Legal obligation
	To pay you for the work that you do, any absence related pay, and pay you annual leave	Contractual necessity
	To ensure you are meeting the working hours set out and agreed in your contract of employment	Contractual necessity
Details of your place of work/property	To maintain a safe working environment	Legitimate interests: To maintain a safe working environment
Personal data in your sickness and absence records (including sensitive personal data regarding your physical and/or mental health) *	To maintain employment records	. Legitimate interests: to maintain employment records to comply with corporate governance obligations and good employment practice
	To administer sick pay entitlement, and to facilitate employment-related health and sickness benefits	Legal obligation
Performance reviews, appraisals, probation review, and improvement plans*	To continually assess your suitability to perform your role and offer the chance of additional training and promotion	Legitimate interests: to maintain employment records to comply with corporate governance obligations and good employment practice
Contracts of employment or similar, including details of updates to these	To maintain a record of your contractual terms and ensure these are fulfilled	Contractual necessity
Details of any employee relations matters including disciplinary, grievance,	To comply with our obligations under employment law and other relevant legislation	Legal obligation

investigation, capability, litigation	To maintain a safe and respectful working environment	Legitimate interests: To maintain a safe and respectful working environment
Details of your health and wellbeing where relevant to your role, safety, attendance or wellbeing (including sensitive personal data regarding your physical and/or mental health) *	To maintain a safe working environment	Legitimate interests: To maintain a safe working environment
	To comply with legal requirements regarding our support to your health, safety and wellbeing at work	Legal obligation
	To assess where required your suitability to perform your role	Legitimate interests: to maintain employment records to comply with corporate governance obligations and good employment practice
CCTV images & video	To maintain a safe environment and to investigate any incidents that occur	Legitimate interests: To maintain a safe environment and to investigate any incidents that occur
Equality and diversity data (including sensitive personal data such as gender, gender identity, age, race, nationality, religious belief and sexuality)	To monitor and promote diversity across the workforce	Legitimate interests: To monitor and promote diversity across the workforce
	To comply with legal requirements regarding reporting equality and diversity data	Legal obligation
Details of professional development training *	To record and manage training taken by employees	Legitimate interests: to maintain employment records and to comply with legal, regulatory, and corporate governance obligations and good employment practice, to ensure safe working practices
Details of professional development training *	To ensure where required we are meeting legal requirements by providing appropriate training	Legal obligation
Personal data about your use of our IT, communication, telephone, email, door access and other systems*	To protect our networks, and personal data of employees and suppliers, against unauthorised access or data leakage	Legitimate interests: to protect our commercial, technical and personal data
	To ensure our business policies, such as those concerning security and internet use, are adhered to and to ensure that commercially sensitive
	information is kept confidential
	To check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with
	To prevent unauthorised access and modifications to our systems
	As part of investigations by regulatory bodies, or in connection with legal proceedings or requests	Legal obligation Legitimate interests: to maintain employment records to comply with corporate governance obligations and good employment practice
	To ensure you are meeting the working hours, patterns and locations set out and agreed in your contract of employment and relevant company policy	Contractual necessity

Special Category Data

As your employer, it will be necessary for us to collect and process more sensitive personal data about you, this is known as “special category data”. Special category data includes:

details of medical history or special requirements you may need. This will enable us to make any reasonable adjustments in your workplace; and
details of illness and time off for periods of sickness. This will enable us to monitor staff levels within the teams, pay you the required sick pay and support your return to work as required;
details of criminal convictions where declared during the recruitment process or course of your employment and where relevant for us to assess your suitability to be employed or engaged within your role
the equality and diversity data you choose to share with us during the recruitment process or during the course of your employment, to be used for the purpose of monitoring and promoting diversity across the workforce and meeting legal obligations to report on diversity and equality data

If you require any further information regarding the processing of special category data please contact HR@superdry.com.

Sharing Your Personal Data With Third Parties

During your employment and post-employment, it may be necessary for us to share your personal data with third parties, to assist with your employment and the operational running of our business. The types of third parties with whom we will share your personal data, includes:

our payroll provider;
our HR systems providers;
our pension providers;
our benefits providers;
our occupational health provider;
our professional development providers;
IT services providers;
Relevant airport security authorities;
regulatory or law enforcement agencies;
professional advisors, such as lawyers, auditors and accountants;
our training providers/online training platform providers;
lettings agents or lending agencies (letting/mortgage reference purposes);
prospective/previous employers (reference purposes); or
potential purchasers of some or all of our business or on a re-structuring.

When we share your personal data with third parties, we only permit them to process your personal data for specified purposes in accordance with our instructions. We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws and the recipient of the personal data will be bound by confidentiality obligations.

Keeping Your Personal Data Secure

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way.

We limit access to your personal data to those who have a genuine business need. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with a suspected personal data security breach. We will notify you and any relevant regulator of a suspected personal data security breach where we are legally required to do so.

How Long Do We Keep Your Personal Data For?

We will keep all personal data, obtained during your time as an employee and post-employment, for no longer than is necessary.

Details of our retention periods are set out below:

Personal data	Trigger point	Retention
Employee and personnel file records	Termination of employment	6 years
Payroll data	End of the relevant tax year	6 years
Maternity/paternity/adoption data	End of the relevant tax year	6 years
Recruitment data	Closure of recruitment process with offer or decline of application	6 years
National minimum wage data	End of the relevant tax year	6 years
Retirement & other benefit schemes	End of the scheme year	6 years

Transferring Data Overseas

In some cases, we may need to transfer personal data outside the United Kingdom (UK) and/or European Economic Area (EEA), and/or your relevant local country. Where this is the case, we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.

Whenever we transfer your personal data out of the UK and/or EEA and/or your relevant local country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We may transfer your personal data to countries for whom there has been an adequacy decision by the UK Secretary of State (as applicable) confirming that the country provides an adequate level of protection for personal data; or
we may use specific contracts approved by the UK Secretary of State which give personal data the same protection it has within the UK. When we rely on this measure we will ensure that the third party can comply with the provisions of such contracts and we have confirmed that the country to which the personal data is transferred provides enforceable data subject rights and effective legal remedies for data subjects are available there; or
a specific exception applies under applicable data protection law.

Please contact HR@Superdry.com if you would like further information about the specific mechanism used by us when transferring your personal data overseas.

Your Data Subject Rights

Under data protection laws you have the following rights:

Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see point d below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request that your personal data is sent to another controller (the right of portability). In certain circumstances, you have the right to get your personal data from us in a way that is accessible and machine-readable, and you also have the right to ask us to transfer your personal data to another organisation. This does not apply to all of your personal data, only personal data that you have provided to us and which is held electronically. We only have to comply with this right if it is technically feasible to provide this personal data in a commonly used format, for example, a CVS file.
Withdraw consent to processing of your personal data (where this is the basis upon which we are processing your personal data).

If you wish to exercise any of your data subject rights, please contact HR@Superdry.com. In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the date the request was received. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests unless there are exceptional circumstances.

How To Complain

We hope that we can resolve any query or concern you raise about our use of your personal data. If not, you can contact your relevant local supervisory authority for further information about your rights and how to make a formal complaint. If you’re in the UK this is the UK Information Commissioner’s Office, who can be contacted at ico.org.uk or via telephone on 0303 123 1113.

APPENDIX

List Of Subsidiary Employing Entities

C-Retail Ltd
DKH Retail Limited Liaison Office
DKH Retail Ltd
SMAC A/S
SuperDry France
SuperDry Germany Gmbh
Superdry Hong Kong Limited
Superdry Retail LLC
SuperGroup Europe
SuperGroup India Pvt Ltd
SuperGroup Internet Ltd
SuperGroup Netherlands
Supergroup Retail Ireland Ltd
Supergroup Retail Spain SLU