Login
IET logo - link to site homepage
Start of main content

Employee Privacy Notice

This Privacy Notice explains how the IET process personal data of temporary, permanent, or contractual employees.

The IET collects personal data relating to our employees to manage the employment relationship. As your employer, the IET is the Controller of the personal data it processes for this purpose and follows applicable data protection laws including but not limited to the UK GDPR and Data
Protection Act 2018. For example, IET employees based in other countries can expect their personal data to also be processed in accordance with local legislation where applicable.
.

The IET are registered with the Information Commissioners Office (Ref: Z7792223)

The Personal Data We Process

You will have already provided some of the personal data that we process about you in order to consider you for temporary or full-time employment during the recruitment process. This is covered under our Recruitment Privacy Notice.

The following list explains the purpose for use of your personal data

  • Making a decision about your suitability for a role or position and communication with you.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK (where applicable) and to provide you with
    the security clearance appropriate for your role.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
    Providing salary reviews, benefits, perks and compensation.
  • Liaising with your pension provider, providing information about changes to your employment
    such as promotions, changes to working hours.
  • General administration of the contract we have entered with you.
  • Business management and planning, including accounting and auditing.
  • Access to IET offices systems and devices including photographic access card. Creating a profile
    on the IET Intranet, including photographic image.
  • Determining performance requirements and objectives, conducting performance reviews,
    managing performance, and monitoring performance against set KPI where appropriate.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence and any other steps relating to possible grievance or disciplinary matters, or
    complaints and associated hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements and monitoring completion of mandatory
    training and policies.
  • Dealing with legal disputes involving you, or other employees, workers and contractors,
    including accidents at work.
    Page 2 of 6
  • Ascertaining your fitness to work, managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • To monitor your business and personal use of our information and communication systems to
    ensure compliance with our policies.
  • When necessary authorised persons may access your work accounts or work records to obtain
    information required for complaints handling, disciplinary or data breach investigations, or data
    subject rights purposes.
  • To ensure network and information security, including preventing unauthorised access to our
    computer and electronic communications systems and preventing malicious software
    distribution.
  • To conduct data analytics studies to review and better understand employee retention and
    attrition rates.
  • Diversity and equal opportunities monitoring
  • CCTV monitoring to ensure safety and security of employees, visitors and IET assets.
  • During the course of your work photographs or video may be captured with your permission
    such as through attendance at IET events or programmes.

The following list describes the types of personal data we may process when you work for the IET

  • Personal contact details such as name, title, address, telephone numbers, and personal email
    address.
  • Dates of birth, marriage, and divorce.
  • Gender.
  • Marital status and dependants.
  • Next of kin, emergency contact and death benefit nominee(s) names and contact details.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, parental leave, pension, benefits and perks information.
  • Start date, leaving date.
  • Location of employment or workplace.
  • Interview notes and assessments.
  • Copy of driving licence, passport, birth and marriage certificates, decree absolute.
  • Recruitment information (including copies of right to work documentation, references and
    other information included in a CV or cover letter or as part of the application process, such as
    employment history, educational history, qualifications and copies of certificates).
  • Full employment records including contract, terms and conditions, job titles, work history,
    working hours, promotion, absences (including sickness absence and health professional fitness
    to work documentation), attendances, training and apprenticeship records and professional
    memberships.
  • Compensation history.
  • Performance and appraisal information.
  • Disciplinary and grievance information.
    Page 3 of 6
  • Secondary employment and volunteering information.
  • Office CCTV footage and other information obtained through electronic means such as office
    entry swipe card records.
  • Information about your use of our information and communications systems.
  • Accident book, first aid records, injury at work and third-party accident information.
  • Evidence of how you meet the confirmation of your security clearance, where applicable. This
    can include passport details, nationality details and information about convictions/allegations
    of criminal behaviour.
  • Evidence of your right to work in the UK/immigration status.
  • Photographs, videos, audio, presentations taken during the course of your work activities
    (including your profile image used on the IET intranet). Transcription or video recording of IET
    online meetings you attend (with your agreement).
  • Customer phone calls handled by the Member & Customer Engagement team employees will
    be recorded. This is kept for a maximum of 30 days unless legally required and is only accessible
    to authorised staff for lawful use. A transcription note of the call is held on the callers account.
    Evaluation information may be extracted from the transcript for coaching and training use.

Lawful Basis For Processing Personal Data

Our lawful basis for processing personal data for employment purposes under UK GDPR are Article 6

(1) Processing shall be lawful only if and to the extent that at least one of the following applies:

(b) processing is necessary for the performance of a contract to which the data subject is party or in
order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(d) processing is necessary in order to protect the vital interests of the data subject or of another
natural person;

Lawful Condition For Processing Special Category Personal Information

We may also collect, store, and use the following "special category" of personal information: 

  • Information about your race or ethnicity, religious beliefs, gender, sexual orientation, disability, political or philosophical opinions,
  • Trade union membership
  • Information about your health, including any medical condition, health, and sickness records
  • Genetic information and biometric data
  • Information about criminal convictions/allegations and offence

Our lawful condition for processing special category personal data for employment purposes under UK GDPR is as follows:

Article 9 (2)

(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by domestic law or a collective agreement pursuant to domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject (where the Data Protection Act 2018 Schedule 1(1) condition is met);

(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;

(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject domestic law; (where one of the 23 conditions set out in paragraphs 6 to 28 of Schedule 1 of the DPA 2018 are met for example - Schedule 1 Part 2 (8) Equality of opportunity or treatment)

(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject.

Data Sources and Sharing Your Personal Data

We typically collect personal information about our employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We will sometimes collect additional information from third parties including our service providers, former employers, credit reference agencies or other background check agencies.

Third parties includes third-party service providers (including contractors and designated agents) and other entities within the IET.

We will in some circumstances need to share your data with third parties, including IET third-party service providers where lawful to do so. This will, in some circumstances, involve sharing special categories of personal data and, where relevant, data about criminal convictions/allegations.

Employment activities are carried out by third-party service providers for the purposes of the; employee benefits platform, training (including eLearning), apprenticeship training programme (including sharing minimal personal data with Education & Skills Funding Agency for funding purposes), payroll, pension administration, health and life cover insurance provision, benefits provision and administration, health and occupational health service, IT services, security vetting, cycle to work, eye care.

We will conduct third party due diligence and always ensure appropriate contracts are in place and we require all third parties to respect the security of your data and to treat it in accordance with the law. We will in some circumstances transfer your personal information outside the UK and EEA. If we do, you can expect a similar degree of protection in respect of your personal information.

How long we will keep your personal data

We will process and retain your personal data for as long as is necessary to provide employment services to you and to fulfil and manage your employee benefits, and to comply with any applicable legal obligations, in accordance with statutory retention periods and our Retention Schedule.

Your Data Subject Rights

At any point while we are holding or processing your personal data, you have the following rights (the rights are not all absolute and are dependant on the lawful basis relied upon for processing your personal data and may be subject to data protection law exemption):

  • Right to be informed to be informed with privacy information at the time we collect your personal data (such as this Privacy Notice).
  • Right of access - You have the right to request a copy of the information that we hold about you.
  • Right of rectification - You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right of erasure - you may request the data we hold about you to be erased from our records. This right is not absolute and only applies in certain circumstances
  • Right to restriction of processing - Where certain conditions apply, you have the right to restrict the processing of your personal data. This means we will store the personal data, but not use it.
  • Right of data portability - You have the right to have the personal data you have provided us, or have it transmitted to another organisation, in a machine-readable format.
  • Right to object - You have the right to object to certain types of processing. This includes an absolute right to prevent your personal data being used for direct marketing.
  • Right to object to automated processing, including profiling - You have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects you.
  • Right to complain - You have the right to lodge a complaint with us (as the data controller) or with a supervisory authority.

How to Exercise Your Rights

You can exercise any of the above rights by contacting the data protection office at compliance@theiet.org.

Data Protection Complaints

In the event that you wish to make a complaint about how your personal data is processed by us or by third parties acting on our instruction, in the first instance please contact IET Data Protection Officer at PrivacyOffice@theiet.org.

You have the right to make a complaint to the Supervisory Authority if you have reason to believe the IET has not handled personal data in accordance with data protection law. The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO).

If you are located in the EU/EEA you may raise a complaint with the IET’s EU GDPR Representative - European Data Protection Office (EDPO). You can contact EDPO regarding matters pertaining to the GDPR by using EDPO’s online request form: https://edpo.com/gdpr-data-request/  or by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you are resident in India you may contact the IET India Designated Grievance Officer at india@theiet.org. 

Your responsibilities

Employees are contractually bound by confidentiality.

Updates to this policy

Version: Nov 2023

Updated: October 2025