Data Protection

This policy forms part of our employment contract. If you are looking for your own data protection rights as a website visitor please see our privacy policy.


Our data protection policy details the rights and obligations you have over personal data stored with us.

This policy is effective from the moment you sign it and lasts infinitely including after the termination of your employment. Failure to comply with this policy is an act of gross misconduct and may result in the immediate termination of your employment.

“Personal Data” is any information that could be used to identify someone, including digitally such as their IP address.

“Special categories” is information that relates to someone’s religious or political beliefs, racial or ethnic origin, sexual orientation, sexual health and biometric data.

Our Principles

We process all personal data lawfully, fairly and transparently,

We will only collect personal data to carry out our obligations as your employer. This includes for administration purposes (such as your bank details to pay salary) or during your job role (such as your home IP address to allow access to our systems).  

We will only process personal data where it is necessary, and any data we do process will be adequate, relevant and limited to only what’s required.

We take protective measures to ensure your personal data is secure and protected against unauthorised or unlawful processing and from accidental loss or damage.

We ensure everyone in the organisation knows their obligations to protect personal data

Data We May Collect

We may collect the following types of personal data over the course of your employment. This is not meant to be an exhaustive list.

  • Recruitment information such as your application and CV
  • Your contact details, gender, marital status and date of birth
  • Contact details for your emergency contacts
  • Your contract of employment including salary, pension, benefits and holiday entitlement
  • Your bank details, tax status and national insurance number
  • Your passport and/or driving license in addition to your immigration status and right to work for us
  • Information relating to disciplinary or grievance investigations along with your performance and behaviour at work
  • All electronic data stored on company devices or connected with your company account.

Your Rights

You have the right to be informed what personal data we hold on you and the right to access it at any time. You have the right to amend your personal data if it changes.

You must always keep your personal data up to date and inform us if it changes, such as your address.

Additionally, you have the right to delete any data we have about you, restrict processing of such data, use the data for your own purposes, object to us processing the data and withdraw your consent at any time.

Please note if you choose to withhold your consent to personal data we need to collect to fulfil your employment contract this would be seen as a failure to follow a reasonable management instruction and subject to disciplinary action.

We may not always be in a position to delete your data. Our standard retention time is six years from the end of your employment. We will inform you what data we retain and the legal grounds for doing so.

How We Use Personal Data

We only use your personal data when we have a legitimate interest to. We may process your personal data for any of the following:

  • To decide whether to employ you
  • To check you have the legal right to work for us
  • To carry out our contract, including paying you, promoting you, and dealing with disciplinary measures.
  • To comply with health and safety
  • To report on diversity and inclusion across the company
  • To protect our company, including our personal and data security and the health and safety of yourself and other employees.
  • To make reasonable adjustments and support you in our role as an employer such as moving to part-time hours for a disability or providing you maternity pay.

This is not an exhaustive list

Special Categories

Waterdown Media is committed to diversity and inclusion, and as part of our obligations, we monitor diversity across the company. Specifically, we collect the following data.

  • If you have a disability
  • Gender
  • Sexuality
  • Ethnicity
  • Age

These statistics will be aggregated, and any diversity and inclusion data we report will not be linked to your personal identity in any way.

We will not use special categories of personal data at any point during our decision-making process. This includes our hiring process, disciplinary action or pay rises.

We will publish and update the diversity statistics on our website annually to ensure we continue to meet our commitments to creating a diverse workforce and opening up opportunities to historically underrepresented groups.

We hope this explains why we ask for sensitive categories of data, though if you have any questions, please contact our Data Protection Officer.

You do not have to participate in this data. You will have a chance to renew your consent every year. Once all the data has been collected, we do not attach anything that identifies you, so we’re unable to remove your data once published.

Sharing Your Data

We will only share your personal data where we have a legitimate interest to do so. Examples of where we might do this include:

  • To law enforcement, if we believe you have acted illegally
  • To third-party offices so you can gain entry to the building
  • To taxi providers to arrange transport

We use companies that claim to keep your personal data confidential and secure and protect it in accordance with the law.

Your Obligations

You must not access personal data unless you have been authorised to do so. In the event you have been authorised you must only access it for the specified work you need it for.

You must not access any personal data outside working hours. 

You must inform us if your personal data needs updating, such as if you have a name and address.

You should not make any unnecessary copies of personal data. You must delete any copies you have made of personal data as soon as possible, and ensure you do not share a device that contains personal data that doesn’t belong to you, with another person.

You must secure personal data using strong passwords and locking your device when you’re away from it.

You must not attempt to conceal, amend or destroy personal data which doesn’t belong to you

Data Breaches

We have robust measures in place to minimise and prevent data breaches from taking place. If a data breach occurs, we must keep evidence of that breach and possibly involve the Internet Commissioner’s Office.

If you are aware of a data breach, you must contact our Data Protection Officer immediately and keep any evidence you have in relation to the breach.

Data Protection Officer

The Company’s Data Protection Officer is currently Jake Symons, who you can email regarding this policy on [email protected] or his business line +4407939670980 (WhatsApp, Signal, SMS).