Skip to Main Content
ClaimsFind an AgentPay Your BillBecome an AgentContact Us
westfield logo
Search

Privacy Notice for International Employees and Contractors

Effective: 2023 November 27 Privacy Hub

Westfield Specialty Management Services Ltd., its subsidiaries and affiliates ("Westfield Specialty Ltd" or "we”, "us" or "our") respect your privacy.  

This Privacy Notice ("Privacy Notice") applies to Westfield Specialty and specifically to the personal data of employees, directors, officers, part-time workers and independent contractors (collectively, “employees”) of Westfield Specialty Ltd.

This Privacy Notice explains our practices regarding personal data, including the kinds of personal data we may collect and how we intend to use and share that personal data. 

1. Personal Data We Collect

Westfield Specialty Ltd collects personal data from current and former employees and independent contractors ("Employee Personal Data”). The personal data we collect may include without limitation: 

  • Contact Information: name, address, phone number, email address;
  • Identification Information: date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number;
  • Education and Work History Information: employment history, education, professional qualifications, information that may be recorded on a resume/CV or application form, language abilities;
  • Financial Information: salary information, financial information related to credit checks, bank details for payroll; and
  • Other Information: photographs, CCTV footage, contact information of third parties in case of any emergency and next of kin and beneficiaries under any insurance policy, information derived from surveys and contests, and any addition information which may be voluntarily disclosed by you in the course of your contract or relationship with Westfield Specialty Ltd. 

We may also collect special category personal data such as details of health and disability, including medical information, health insurance information, mental health, medical leave, maternity leave; information about national origin or immigration status; and optional demographic information (“Special Category Personal Data”). 

Where Westfield Specialty Ltd carries out background checks and risk assessments on employees this may involve the processing of criminal record data and this will only be processed where such processing is specifically authorized or required by law (“Data Concerning Criminal Convictions and Offences” and collectively with Special Category Personal Data “Sensitive Personal Data”). 

2. Purposes and Legal Bases for Processing Your Employee Personal Data 

We process Employee Personal Data of employees, directors, officers, part-time workers and independent contractors for the purposes set out below. The exact purposes depend on the nature of the data and our relationship with you. 

All Categories of Employee Personal Data 

Purpose: Maintaining records regarding you and your role at Westfield Specialty Ltd.

Legal Basis:

  • Westfield Specialty Ltd has a legal obligation to do so (Article 6(1)(c), UK GDPR), including compliance with employment and immigration laws.
  • Westfield Specialty Ltd has a legitimate interest in maintaining accurate and comprehensive records (Article 6(1)(f), UK GDPR). 

Contact Information, Identification Information, Education and Work History Information

Purpose: Making decisions regarding your continued appointment, including verifying your right to work. 

Legal Basis:

  • Necessary for managing and performing contracts with you (Article 6(1)(b), UK GDPR).
  • Legal obligation to comply with employment and immigration laws (Article 6(1)(c), UK GDPR).
  • Legitimate interest in effectively managing employee retention (Article 6(1)(f), UK GDPR). 

All Categories of Employee Personal Data

Purpose: Entering into or performing your employment contract. 

Legal Basis:

  • Necessary for performance of a contract (Article 6(1)(b), UK GDPR).
  • Legal obligation to comply with employment and immigration laws (Article 6(1)(c), UK GDPR).

Contact Information, Identification Information, Education and Work History Information, Financial Information

Purpose: Administering human resource functions including performance reviews and payroll, benefits, insurance, succession and compensation planning, and business travel or relocation. 

Legal Basis:

  • Necessary for performance of a contract (Article 6(1)(b), UK GDPR).
  • Legal obligation under employment law (Article 6(1)(c), UK GDPR).
  • Legitimate interest in providing employment benefits in accordance with your contract, arranging travel and supporting international mobility (Article 6(1)(f), UK GDPR).

Contact Information, Identification Information, Education and Work History Information, Financial Information

Purpose: Administering HR functions including performance reviews, training, internal directories, internal communications, system access, disciplinary action, termination and retirement. 

Legal Basis:

  • Necessary for performance of a contract (Article 6(1)(b), UK GDPR).
  • Legitimate interest in managing the business efficiently and protecting company interests, and to ensure that all performance reviews and disciplinary actions etc. are managed efficiently and effectively (Article 6(1)(f), UK GDPR).

Contact Information, Identification Information, Education and Work History Information, Financial Information

Purpose: Maintaining health and safety in the workplace, including managing leaves of absence (e.g., medical or maternity). 

Legal Basis:

  • Legal obligation to comply with employment and health and safety laws (Article 6(1)(c), UK GDPR).

Identification Information, Contact Information

Purpose: Communicating with you, vendors and business associates, authorising access to systems, facilities, devices and records, and contacting your emergency contacts. 

Legal Basis:

  • Legitimate interest in communicating effectively and ensuring employee safety (Article 6(1)(f), UK GDPR).
  • Legal obligation to comply with employment and health and safety laws (Article 6(1)(c), UK GDPR).

Identification Information, Contact Information

Purpose: Conducting audits, investigating and resolving complaints, grievances or misconduct, and monitoring network and system security (including internet and email monitoring). 

Legal Basis:

  • Legitimate interest in managing the business and resolving complaints, grievances or misconduct issues efficiently (Article 6(1)(f), UK GDPR).
  • Potential legal obligation (Article 6(1)(c), UK GDPR).

All Categories of Employee Personal Data

Purpose: Preparing for or responding to inquiries, investigations or proceedings by governmental, administrative, judicial or regulatory authorities, including civil litigation. 

Legal Basis:

  • Legitimate interest in ensuring investigations and proceedings are managed effectively (Article 6(1)(f), UK GDPR).
  • Potential legal obligation (Article 6(1)(c), UK GDPR).

Identification Information, Contact Information, Education and Work History Information

Purpose: Managing corporate transactions such as mergers, acquisitions, financing due diligence, reorganisations, bankruptcy, receivership, sale of company assets, or transition of service to another entity. Employee Personal Data may be transferred during such a transaction. 

Legal Basis:

  • Legitimate interest in managing the business (Article 6(1)(f), UK GDPR).

Sensitive Personal Data: Criminal Convictions and Offences

Purpose: May process employee personal data relating to criminal convictions and offences to determine whether employees should continue in their role with the organisation.

Legal Basis:

  • Legitimate interest in assessing fitness and propriety (Article 6(1)(f) and Article 10, GDPR; Schedule 1, Part 2, Paragraph 12, UK Data Protection Act 2018).

Special Category Personal Data (e.g., Health Data)

Purpose: Ensuring workplace health and safety, providing reasonable adjustments, monitoring demographics for diversity goals and administering related benefits (e.g., maternity, sick pay). 

Legal Basis:

  • Necessary to comply with employment, health and safety and related laws (Article 6(1)(c), GDPR; Article 9(2)(b), GDPR; Schedule 1, Part 1 Paragraph 1 and Part 2 Paragraph 8, UK Data Protection Act 2018).

Your Right to Object

You have the right to object to the processing of your Employee Personal Data where such processing is based on our legitimate interests. However, please note that Westfield Specialty Ltd may not be able to fulfil this request in all cases.

3. Disclosure of Employee Personal Data

We may share Employee Personal Data to the extent necessary for the above purposes with the following recipients: 

Vendors and Service Providers

We may engage third parties to perform certain functions on our behalf. To do so, we may disclose Employee Personal Data to our third-party vendors and service providers such as, benefit administration, compensation management, payroll management, onboarding & new hire management, background checks, talent acquisition & staffing and information technology systems providers. 

Affiliates and Subsidiaries

Westfield Specialty Ltd may share Employee Personal Data with our affiliates, including those in the U.S., and subsidiaries for our and our affiliates’ and subsidiaries’ internal business purposes. 

Governmental Authorities

We may disclose your Employee Personal Data to local tax authorities and any governmental or administrative body where we determine that it is necessary or desirable in order to comply with applicable laws, court orders, or government regulations or to protect the rights or property of Westfield Specialty Ltd or any of its employees. 

Merger, Sale or other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity, then your Employee Personal Data may be transferred as part of such a transaction as permitted by law and/or contract. 

Other Third Parties

Independent public accountants and auditors, authorized representatives of internal control functions such as, audit, legal and/or corporate security and Lloyds of London. 

Other Individuals

When you post content to the Intra-Westfield site(s), other internal individuals may be able to see certain Employee Personal Data about you, such as your name and/or picture in addition to the content you post. 

4. Your Individual Rights

In accordance with applicable law, you may have the right to:  

  1. request access to or a copy of your Employee Personal Data;  
  2. receive an electronic copy of your Employee Personal Data that you have provided to us, or ask us to send that data to another organization in a machine-readable format (known as the “right of data portability”);  
  3. request that we restrict our uses of your Employee Personal Data;  
  4. request correction of inaccurate, untrue or incomplete Employee Personal Data;  
  5. object to the processing of Employee Personal Data in certain circumstances; and  
  6. request erasure of your Employee Personal Data subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below. 

We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request – unless we are entitled to extend this period in which case we will inform you of this extension. To protect your privacy, Westfield Specialty Ltd may take steps to verify your identity before fulfilling your request. 

You also have the right to lodge a complaint with the applicable supervisory authority if you believe our processing of your Employee Personal Data violates applicable law. 

It is important that the Employee Personal Data we hold about you is accurate and current. Please keep us informed if your Employee Personal Data changes during the course of our relationship. 

Click Data Subject Rights Request, or contact a member of the Privacy Office by email or post, per the addresses below, to submit a request relevant to your rights. 

5. Data Retention

Westfield Specialty Ltd retains the Employee Personal Data we receive as described in this Privacy Notice for as long as necessary to fulfil the purpose(s) for which it was collected in accordance with our record retention policies, and as follows:  

  1. for the duration of your contract or relationship;  
  2. during or after the termination of the contract or relationship, for as long as necessary in order to resolve any queries or disputes; and  
  3. in case of a legal or regulatory obligation requiring us to retain specific records for a set period of time, for that period of time. 

6. Security of Your Employee Personal Data

We implement reasonable technical and organizational security measures designed to secure and protect Employee Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Employee Personal Data. 

7. International Transfers of Employee Personal Data

We may disclose Employee Personal Data for the above listed purposes to recipients located in countries outside of the UK, including the U.S., some of which may not have data protection laws equivalent to those in the UK. 

For intra-group transfers of Employee Personal Data, Westfield Specialty Ltd has entered into an intra-group data transfer agreement from Westfield Specialty Ltd to Ohio Farmers Insurance Company (“OFIC”) entities outside the UK/EEA/Switzerland or otherwise when we rely on a derogation for the international transfer of Employee Personal Data (e.g., where the transfer is necessary for the defence of legal claims).  

The identity and contact details of OFIC are set out in this section and below. The categories of Employee Personal Data processed by OFIC are set out above. OFIC may also transfer Employee Personal Data to the third party recipients who may be located outside the UK/EEA/Switzerland for the purposes set out herein. OFIC will only make such onward transfers to recipients ensuring appropriate safeguards in compliance with applicable law, or where otherwise permitted by the SCCs and which may include entry into SCCs.  

For cross-border transfers of Employee Personal Data to other recipients, including our service providers, Westfield Specialty Ltd will put in place appropriate safeguards so that Employee Personal Data is and remains protected. These may include implementing the Standard Contractual Clauses with the UK International Data Transfer Addendum or Binding Corporate Rules or otherwise when we rely on a derogation for the international transfer of Employee Personal Data (e.g., where the transfer is necessary for the defence of legal claims). 

You may obtain further information and a copy of the relevant data transfer mechanisms that we have in place via contacting privacy@westfieldgrp.com. 

8. Changes to This Privacy Notice

This Privacy Notice is reviewed and updated periodically. The most recent version of the Privacy Notice is reflected by the version date located at the top of this page. We encourage you to review this Privacy Notice often to stay informed of how we may process your information. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. 

9. Contact Us

For the purposes of UK data protection law, the entity which manages the hiring process where you are an applicant (Westfield Specialty Management Services, Ltd.) is the controller of personal data. 

If you have any question about this Privacy Notice or the practices described in it, or would like to contact us about any rights you may have with regard to your personal data, you can contact us via the Data Subject Rights Request above, email, or postal mail as follows: 

Email: privacy@westfieldgrp.com.

Post: 
Floor 36 
22 Bishopsgate 
London 
EC2N 4BQ 
United Kingdom