Information Security Policy

Pluto Labs Ltd (hereafter referred to as Pluto Labs)

Pluto Labs LTD (hereafter known as Pluto Labs) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with data protection regulations, including the UK General Data Protection Regulation (UK GDPR) and EU GDPR. It applies to all employees, workers, and contractors.

Data Controller.

Pluto Labs is a "data controller." This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. This notice applies to current and former employees, workers, and contractors.

Updates and Importance

This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practicable. It is essential to read and retain this notice, together with any other privacy notice we may provide on specific occasions when we collect or process personal information about you.

Data Protection Principles

Pluto Labs will comply with data protection law.

Personal information must be:

• Used lawfully, fairly, and transparently.
• Collected only for valid purposes, clearly explained, and not used in any way incompatible with those purposes.
• Relevant to the purposes explained and limited to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes explained.
• Kept securely.

Information We Hold About You

Personal data means any information about an individual from which that person can be identified. It includes sensitive personal data requiring higher protection levels. We collect, store, and use various categories of personal information, including but not limited to:

• Personal contact details.
• Date of birth.
• Gender.
• Marital status and dependants.
• National Insurance number.
• Bank account details, payroll records, and tax status information.
• Recruitment information.
• Employment records.
• CCTV footage and electronic records.
• Health, race, ethnicity, religious beliefs, sexual orientation, political opinions.
• Trade union membership.
• Criminal convictions information.
• Work visa.

How Your Personal Information Is Collected

We collect personal information through the application process, from third parties, and during your employment. Additional information may be collected during job-related activities.

How We Use Information About You

We will only use your personal information when legally allowed, including situations such as:

• Performing the employment contract.
• Complying with legal obligations.
• Pursuing legitimate interests where they do not override your rights and interests.
• Protecting your interests or someone else's interests.
• For public interest or official purposes.
• Purposes of Processing Your Personal Information

We process your personal information for various purposes, such as:

• Recruitment and appointment decisions.
• Determining terms of employment.
• Checking legal entitlement to work in the UK.
• Payroll and tax deductions.
• Providing benefits and share plans.
• Administering pensions and share plans.
• Ensuring equal opportunities.
• Business management, planning, and performance reviews.
• Managing sickness absence and health and safety obligations.
• Preventing fraud and ensuring information system compliance.

If You Fail to Provide Personal Information

Failure to provide necessary information may impact our ability to fulfil the employment contract or comply with legal obligations, such as ensuring health and safety.

Change of Purpose

We will only use your personal information for the purposes we collected it for unless there is a compatible legal reason. If a change occurs, we will notify you and explain the legal basis.

Processing Sensitive Personal Information

Special categories of data (e.g., health, racial origin) require higher protection levels. We may process such data in specific circumstances, such as legal obligations, public interest, protecting from harm, or with explicit consent.

Rights of Access, Correction, Erasure, and Restriction

Under data protection law, you have the right to access, correct, or request erasure of your personal information. You also have the right to restrict processing.

Withdrawal of Consent

If we process personal information based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

Information About Criminal Convictions

We may only process criminal convictions information where permitted by law and in line with our Data Protection Policy.

Automated Decision-Making

We do not envisage automated decisions affecting you significantly. If this changes, you will be notified.

Data Sharing

We may share your data with third parties, ensuring they respect data security. Data transfers outside the UK are subject to protective measures.

Data Security

We have security measures to protect your information. Third parties process your data under our instructions and confidentiality obligations.

Data Retention

We retain your data as necessary for legal, accounting, or reporting requirements. Retention periods vary based on factors such as data sensitivity and legal obligations.

Rights and Chief Information Security Officer (CISO)

You have rights regarding your personal information. For inquiries or complaints, contact our Chief Information Security Officer. You can lodge complaints with the Information Commissioner's Office.

Changes to this Privacy Notice

We reserve the right to update this notice. We will provide an updated copy and may notify you through other means.

Contact Information

For any questions about this privacy notice, contact our Chief Information Security Officer.