Bryson Charitable Group
Corporate Privacy Notice
Privacy Notice for Bryson Corporate
We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
Data Controller
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is 2 Rivers Edge, 13-15 Ravenhill Road, Belfast, BT6 8DN, our registration number is NI 611592, and our Data Protection Officer/Lead (DPO/DPL) is Gail Wright. Our Data Protection Officer/Lead can be contacted at gail.wright@brysongroup.org or 07717772376.
Data Collection
The vast majority of the information that we hold about you is provided to us by yourself in the course of your employment or under contract. We will tell you why we need the information and how we will use it.
Our Lawful Basis for processing your information
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:
- Consent of the data subject
- Performance of a contract with the data subject or to take steps to enter into a contract
- Compliance with a legal obligation
- To protect the vital interests of a data subject or another person
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
- Where the data subject is a client or in the service of the controller;
- Transmission within a group of undertakings for internal administrative purposes;
- Processing necessary to ensure network and information security, including preventing unauthorised access;
- Processing for direct marketing purposes, or to prevent fraud; and
- Reporting possible criminal acts or threats to public security.
We rely on the following lawful bases to process your personal data:
- The performance of your contract of employment or to enter into a contract of employment;
- Compliance with our legal obligations, for example where we are required to make statutory returns or disclosures;
- In accordance with our legitimate interests, including for administrative or management purposes.
We use your information to:
HR
- Process employment applications, contracts, and payroll administration.
- Manage employee benefits, pensions, and leave entitlements.
- Conduct performance management, training, and career development.
- Maintain employee records and ensure compliance with employment laws.
- Investigate and manage disciplinary, grievance, and capability procedures.
- Support workforce planning, equality monitoring, and diversity initiatives.
Finance
- Process payroll, expenses, and reimbursements.
- Administer and manage financial transactions, including invoices and payments.
- Conduct financial audits and ensure compliance with tax and accounting regulations.
- Maintain financial records for statutory reporting.
- Assess financial risks and ensure fraud prevention measures.
IT
- Provide and maintain access to IT systems, email, and company networks.
- Monitor and protect system security, including cybersecurity measures.
- Conduct system maintenance, troubleshooting, and support services.
- Ensure data protection compliance and manage access controls.
- Investigate and respond to IT security incidents or breaches.
We do not use automated decision-making in the processing of your personal data.
Employee Data
- Name;
- Email;
- Phone number;
- Address;
- Payment or bank details;
- Date of birth;
- Family & next-of-kin details
- National Insurance number / tax identification number
- Employment history and references
- Job title, department, and reporting structure
- Performance appraisals and training records
- Sickness and absence records
- Health and medical information (if required for occupational health purposes)
- Pension and benefits information
- Disciplinary and grievance records
- CCTV footage (if applicable on company premises)
- IT system usage, login details, and security access logs
- Any other data required for employment-related purposes
IT & Systems Data
We may collect and process the following personal data related to IT and system use:
- Device information (e.g., company-issued laptops, mobile phones)
- Login credentials and access records
- System activity logs, including website and application usage
- Network and security monitoring data (e.g., firewall logs, antivirus reports)
- Email correspondence and company communication records
- Multi-factor authentication (MFA) records
- Any other data necessary for IT security, system administration, and compliance
We may share your personal data with:
- HR, Finance, and IT service providers (e.g., payroll providers, benefits administrators, IT security services)
- Delivery partners and business partners for service provision or contractual obligations
- Our subsidiaries for internal administrative purposes
- The public when contributing to a public forum or company publications
- Our legal advisors in the event of a dispute or other legal matter
- Law enforcement officials, government authorities, or other third parties to comply with legal obligations
- In connection with corporate transactions such as mergers, acquisitions, restructuring, or refinancing
- Regulatory bodies (e.g., HMRC, pension regulators, tax authorities)
- Any other party where we obtain your consent to share
Transfers to third countries and international organisations
Bryson does not currently transfer personal data outside of the UK/EEA. Limited personal data may be held in servers located in within the Republic of Ireland, for the ICO has made an adequacy decision recognising that sufficient protections are in place for personal data processed there under in accordance with EU GDPR.
We retain your personal data while you remain an employee, unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
- There is an unresolved issue, such as claim or dispute;
- We are legally required to; or
- There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.
Your Rights
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details. Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website https://ico.org.uk/your-data-matters/ and this is the organisation that you can complain to if you are unhappy with how we deal with you.
Accessing and Correcting Your Information
You may request access to, correction of, or a copy of your information by contacting us at – would this be my email address as DPO ?
Marketing Opt-Outs
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
We will occasionally update our Privacy Notice. When we make significant changes, we will notify you of these through either internal communication or email.