MyUnidays Ltd of 2 Castle Boulevard, Nottingham, NG7 1FB is controller.
By using the Site, you acknowledge that your personal information will be collected and used in line with this policy.
If you are an employee, staff member or job candidate, click here.
The Site is hosted by Hubspot Inc on behalf of MyUnidays Ltd.
Information that we collect from you
Information that we collect: We collect information about prospective partners and suppliers from publicly available sources, such as LinkedIn, Facebook, public websites and Hubspot.
When you visit, register or view information about products or services on the Site, you may be asked to provide certain information about yourself. We may also collect information about your usage of our Site as well as information about you from messages you submit to the Site and e-mails or correspondence you send to us. We may collect your IP address, device type and software characteristics, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with the platform, including the pages accessed and links clicked.
Information that you provide: You may provide personal information to us as part of your interaction with us. We may collect and retain that.
Information that we obtain from third party sources: From time to time, we may receive personal information about you from third party sources (including AdAge, Facebook, LinkedIn and Hubspot)
Use of your information
Your information will enable us to improve our products and services, target appropriate partners, understand more about prospective partners and suppliers, select partners and suppliers to work with.
We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
In particular, we may use your information to contact you for your views on our services and to notify you occasionally about important changes or developments to the Site or our services.
Further, we might also use your information to let you know about other products and services which we offer which may be of interest to you. If you change your mind about being contacted in the future, please contact us directly to let us know.
In addition, collecting this information enables us to verify your identity and it positions us to better prevent fraud, and to understand the users of the Platform, such as where they come from and what content is of interest to them. We use this information for our internal analytics purposes, to improve the quality of our products and services.
Lawful basis for processing
We will normally collect personal information from you for the following lawful basis: where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, where we have your consent to do so, or where we need the personal information to perform a contract with you. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we may not be able to enter into or perform the contract or comply with our legal obligations if you do not provide that information. We will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will do so in the interests of providing direct marketing, to prevent and detect fraud, for organisational reasons, for network and information security purposes, to ensure we comply with the law and comply with your individual rights, to ensure we suppress any requests you make, to provide personalised messages, to retain evidence of our compliance and to defend ourselves against claims or fraud, for monitoring of performance, to improve our use of AI, for web analytics, to host data in the cloud, to carry out limited international transfers (our business is across a number of countries), for the purposes of an acquisition or legal restructuring, to update your details and preferences, and for logistics.
If you contact us, we may keep a record of that correspondence.
For content that includes intellectual property rights, such as photos and videos ("Media"), subject to your account settings, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license ("Licence") to use any Media that you provide in connection with your communications with us via the Site for any of our commercial or non-commercial purposes including, without limitation, in our printed publications, presentations, promotional materials, advertising or on our Site. This License ends when you delete your Media or your account unless your content has been shared with others, and they have not deleted it.
When you delete Media, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
Disclosure of your information
Your personal information will be held on our secure servers in Ireland may be accessed by or given to our staff and contractors, some of whom may be located outside the European Economic Area, who act for us for the purposes set out in this policy or for other compatible purposes.
Those parties process information and provide support services on our behalf, including media agencies and companies such as Salesforce and Hubspot. We may also pass aggregate information on the usage of our Site to third parties, but this will not include information that can be used to identify you.
Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Finally, we will share personal information with our group companies, and if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
You have the right to access, correct, update and request deletion of your personal information, and also the right to ask us not to process your personal data for marketing purposes. In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. You can exercise your rights through our Site or by contacting us directly at DPO@myunidays.com.
Our Site may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- We think it is really important that we send you communications about our products, and services however, you have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or through your account settings. Please note that you cannot unsubscribe from certain email correspondence from us which is not for marketing purposes, such as messages relating to your account transactions or when we are required to email you about system updates or issues.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Where we process your information based on our legitimate interests, you have the right to object to that processing, subject to certain exceptions
Security and data retention
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We will retain your information for a reasonable period or as long as the law requires.
We use appropriate technical and organisational measures such as encryption, physical security, access restrictions to our application to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
Where you have chosen a password that allows you to access certain parts of the Site, you are responsible for keeping this password confidential. We advise you not to share your account log-in details, including your password, with anyone. We will not be liable for any unauthorised transactions entered into using your name and password.
The transmission of information via the internet e.g by email is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, in relation to a service being requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will not keep personal information for longer than 2 years after our last contact.
Automated Decision Making
In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to, for example, choose how to order our custom tiles on our website for you. We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making, including removing such automated decision making upon a written request.
Accessing and updating
You are entitled to see the information held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed in the first instance by email to DPO@myunidays.com.
Privacy statement dated 20th December 2018.
If you are in any doubt regarding the applicable standards, or have any comments or questions, please contact us at the contact details in Section 10 below.
2. Types of personal information we collect
In the course of your employment at UNiDAYS, or when making an application for employment, we may process personal information about you and your dependents, beneficiaries and other individuals whose personal information has been provided to us.
The types of personal information we may process include, but are not limited to:
- Identification data – such as your name, gender, photograph, date of birth, staff member IDs.
- Contact details – such as home and business address, telephone/email addresses, emergency contact details.
- Employment details – such as job title/position, office location, employment contract, performance and disciplinary records, grievance procedures, sickness/holiday records, salary, start date, team, reporting structure, leave date.
- Background information – such as academic/professional qualifications, education, CV/résumé, criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
- National identifiers – such as national ID/passport, immigration/visa status, social security numbers (US only), details of nationality and citizenship.
- Spouse & dependents information, marital status
- Financial information – such as banking details, tax information, withholdings, salary, benefits, expenses, company allowances, stock and equity grants.
- IT information – information required to provide access to company IT systems and networks such as IP addresses, log files and login information.
- Medical conditions and disabilities – information to enable us to make reasonable adjustments in accordance with our legal obligations.
- Information you provide to us – e.g. in engagement surveys.
If you are a contingent worker, the type of personal information we process is limited to that needed to manage your particular work assignment with UNiDAYS.
Sensitive personal information includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life ("Sensitive Personal Information"). As a general rule, we try not to collect or process any Sensitive Personal Information about you, unless authorized by law or where necessary to comply with applicable laws.
However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.
3. Purposes for processing personal information(i) Recruitment purposes
If you are applying for a role at UNiDAYS then we collect and use this personal information primarily for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying our reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it.
If you are accepted for a role at UNiDAYS, the information collected during the recruitment process will form part of your ongoing staff member record.
If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within UNiDAYS in the future.
(ii) Employment or work related purposes
Once you become a staff member at UNiDAYS, we collect and use this personal information for the purpose of managing our employment or working relationship with you – for example, your employment records and contract information (so we can manage our employment relationship with you), your bank account and salary details (so we can pay you), your equity grants (for stock and benefits plans administration) and details of your spouse and dependents (for emergency contact and benefits purposes).
We process our staff members' personal information through a global human resources system ("HR System"), which is a tool that helps us to administer HR and staff member compensation and benefits at an international level and which allows staff members to manage their own personal information in some cases.
(iii) The UNiDAYS global directory
We maintain a global directory of staff members which contain your professional contact details (such as your name, location, photo, job title and contact details). This information will be available to everyone in UNiDAYS to facilitate global cooperation, communication and teamwork.
(iv) Other legitimate business purposes
We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently – for example, for general HR resourcing on a global level, IT security/management, accounting purposes, or financial planning. We may also process your personal information to measure employee engagement, investigate violations of law or breaches of our own internal policies.
(v) Law-related purposes
We also may use your personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member personal information as required by law (e.g. for tax, health and safety, anti-discrimination laws), under judicial authorization, or to exercise or defend the legal rights of the UNiDAYS global group of companies.
4. Who your personal information is shared with
We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Policy and that the security and confidentiality of the information is maintained.
(i) Disclosures to other group companies
As mentioned above, we will share your personal information with other members of the UNiDAYS group around the world in order to administer human resources, staff member compensation and benefits at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.
(ii) Disclosures to third party service providers
In addition, we make certain personal information available to third parties who provide services to us. We do so on in accordance with applicable data privacy law. This includes our hosting or other processing of some personal information using third party service providers.
For example, some personal information will be available to our staff member stock and benefit plans service providers and third party companies who provide us with payroll support services recruitment, relocation, tax, immigration/consular and travel management services, in addition to employee engagement survey providers. To give some specific names as examples, we use Sage People for our HR suite, 7 Geese for performance management, Vitality for our health insurance and Peakon for engagement surveys.
(iii) Disclosures to other third parties
We may also disclose personal information to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
- In response to lawful requests by public authorities (including for national security or law enforcement purposes);
- As necessary to establish, exercise or defend against potential, threatened or actual litigation
- Where necessary to protect the vital interests of another person;
- In connection with the sale, assignment or other transfer of all or part of our business; or
- With your consent.
5. Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (i.e. to administer an employment or work relationship with us), in relation to the field of employment or where the processing is in our legitimate interests to prevent and detect fraud, for organisational reasons, for network and information security purposes, to ensure we comply with the law and comply with your individual rights, to ensure we suppress any requests you make, to retain evidence of our compliance and to defend ourselves against claims or fraud, for monitoring of performance, for analytics, to host data in the cloud, to carry out limited international transfers (our business is across a number of countries), for the purposes of an acquisition or legal restructuring, to update your details and preferences, and for logistics provided that these legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at Section 10 below.
6. Transfer of personal information abroad
As we operate at a global level, we may need to transfer personal information to countries other than the ones in which the information was originally collected. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal information from the European Economic Area to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law.
7. Data retention periods
Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Policy or as otherwise required by applicable law. Generally, this means your personal information will be retained until the end of; your employment, employment application, or work relationship with us, plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits. We have determined that such “reasonable period of time” shall not exceed five (5) years.
8. Your data privacy rights
You may exercise the rights available to you under applicable data protection laws as follows:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided at Section 10 below.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided at Section 10 below.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
9. Updates to this Policy
This Policy may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform staff members by company-wide email and indicate at the top of the Policy when it was most recently updated. We encourage you to check back at this website periodically in order to be aware of the most recent version of this Policy.
10. Contact details
Please address any questions or requests relating to this Policy to DPO@myunidays.com or alternatively, you can raise any concerns with your line manager, local HR department or Data Protection Officer (DPO).