Petlab Group Limited
Employee Privacy Notice

What does this Privacy Notice Cover?

The purpose of this Privacy Notice is to provide Petlab Group Limited (“PetLab”, “we”, “us”, “our”) employees with information about how and why we process their Personal Data and to tell them about their privacy rights and how the law protects them.
With that in mind, this Privacy Notice is designed to describe:

Important notes:

  • It is important you read this Privacy Notice so that you are aware of how and why we are using your Personal Data, your rights and how the law protects you.
  • This Privacy Notice does not form an operative part of your employment contract (even if it is referred to in that contract).
  • You should be aware that if you fail to provide certain Personal Data when requested, we may not be able to perform your employment contract (e.g., by paying you or providing a benefit) (if applicable) or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
We may update this Privacy Notice from time to time. If we do so, we will provide you with and/or make available, a revised Privacy Notice.

Who we are and how to contact us

Who we are.

Petlab Group Limited is the Controller (as defined in the UK’s implementation of the General Data Protection Regulation (the “UK GDPR”)) for the purposes of the processing of your Personal Data described in this Privacy Notice.
Our address is: Dixon House, 1 Lloyd's Avenue, London, England, EC3N 3DQ.

How to contact us.

To contact us, you can either:

Your rights relating to your Personal Data

Your rights in connection with your Personal Data

Under certain circumstances, by law you may have the right to:

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data which you have provided to us, in a structured, commonly used, machine-readable format. Note that this right only applies to Personal Data we process by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to exercise your rights

If you want to exercise any of the rights described above, please contact us using the contact details shown in the “Who We Are and How to Contact Us” section above.
We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure designed to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to assist us in responding to your request.
Please also note that in certain circumstances the rights above will not apply and/or in certain circumstances some categories of Personal Data will be exempt from the scope of those rights. We will notify you where this is the case.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to make a complaint regarding this Privacy Notice, you can contact us using the contact details shown in the “Who We Are and How to Contact Us” section above. We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that the UK GDPR also gives you the right to make a complaint directly to the UK Information Commissioner’s Office:

Information Commissioner’s Office

Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Telephone: +44 303 123 1113 Website: https://ico.org.uk/make-a-complaint/

What Personal Data we collect

All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.
Category of Personal Data collected What this means
Identity Data Name and contact information (including home address, home and mobile telephone numbers and personal email address); pronouns; date of birth, social security/national insurance number and passport information (if required due to work related travel); photograph; driver’s licence number and type (to the extent necessary for compliance with local laws); emergency contact information; social media information.
Professional Data Education and other background information (including education qualifications, prior job history, professional qualifications and membership in professional associations).
Financial Data Credit checks; financial and bank account information (for administration of payments).
Equity Plan Data Information on any actual or prospective participation in a PetLab equity plan.
Dependents Data Information related to your dependants, which may include their name and contact information (including home address, home and mobile telephone numbers and personal email address).
Role Data Information related to your actual or prospective role, which may include: role title, status, location, employee payroll identification number, work address, work telephone numbers (including fax and mobile numbers) and work email address; time and attendance information; user authentication information for company networks; terms of employment; all application and vetting information; non-disclosure, confidentiality or intellectual property agreements; information about previous and current assignments and responsibilities; earnings, benefits and bonus history and information; start date and termination date (if applicable) and promotion/demotion information; training records; and performance evaluations, disciplinary records and details of any disciplinary action, grievance or investigation.
Usage Data Information relating to your use and any suspected misuse of company assets, facilities and systems, which may include (to the extent permitted by the applicable law): use of computer and communication systems and the logs generated by such use; and files, documents or communications created, sent, received, accessed or stored by you.

Personal Data from Third-Party Sources

In addition to the Personal Data that we collect from you directly, in certain circumstances, we may also collect Personal Data from third-party sources. Please see below for a list of the types of third-party sources from which we may collect your Personal Data (including whether the source of that Personal Data is publicly available):

  • Employment agencies or recruiters.
  • Job board websites you may use to apply for a job with us.
  • Providers of services that we make available to our employees as part of our benefits program.
  • Prior employers, when they provide us with employment references.
  • Professional references that you identify on your CV or authorise us to contact.
  • Providers of background check, credit check, or other screening services (where required and permitted by law).
  • Your social media profiles or other publicly-available sources (information gathered from these sources is publicly-available).
  • Your dependents and related persons who communicate with us directly.
We may also collect additional Personal Data in the course of your employment-related activities throughout the period of your employment and otherwise in relation to your employment at PetLab.

How we use your Personal Data and why

Most commonly, we will rely on one of the following legal bases:

  • Where we need to perform a contract we are about to enter into with you or have entered into with you (“Contractual Necessity”) – e.g., this applies where the use of your Personal Data is necessary for us to perform your employment contract, any share option agreement etc.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.
The table below shows at a very high-level how we may use your Personal Data and the relevant legal bases we rely upon for that use.
Purpose Legal basis
Contractual performance. We may process your Personal Data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment contract or share option agreement (if applicable) we have with you. Contractual Necessity.
Talent management. We may process your Personal Data (including sharing it with third parties, where appropriate) for talent management purposes. Legitimate Interests.
Business operation and improvement. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business more generally. Legitimate Interests.
Systems and premises management. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities. Legitimate Interests.
Protection of health and vital interests. We may process your Personal Data to protect your vital interests or those of a third party. Vital Interests.
Compliance and protection. We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise or defence of legal claims). Depending on the circumstances: Compliance with Law or Legitimate Interest.
Data sharing in the context of corporate transactions. We may process and disclose Personal Data in the context of actual or prospective corporate transactions. Legitimate Interest.
Privacy Protective Steps. We may create aggregated, de-identified and/or anonymised data from your Personal Data. Legitimate Interest.
Further uses. In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to such use of your Personal Data for those further purposes in so far as they are not compatible with the initial purpose for which information was collected. Consent or the original legal basis where the relevant further use is compatible with the initial purpose.

Where we use any ‘special categories’ of Personal Data (e.g., your Health Data), we rely on the following conditions:

  • We may need to process that data to carry out our legal obligations or exercise rights in connection with employment and our role as an employer (e.g., dealing with your sickness, sick-pay, accidents at work etc).
  • We may need to process that data because it is necessary for reasons of substantial public interest (e.g., for equal opportunities monitoring, preventing or detecting unlawful acts etc).
  • We may need to process that data because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

Who we share your Personal Data with

As part of our business and in relation to your employment, we may share your Personal Data with certain third parties – please see the list below for information about the categories of such third-party recipients:

Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent. For example, this may occur:

  • to enable our group to operate shared infrastructure, systems and technology,
  • as part of our reporting activities on performance of the group and its members,
  • in the context of a business reorganisation or restructuring exercise,
  • to enable participation in any share plans, pension arrangements or benefits operated or procured by particular group members for the benefit of our employees, so as to enable us to administer those plans, schemes and benefits.

Service Providers. Providers of services to PetLab or our group. For example, this may involve sharing of Personal Data with such providers for the purposes of:

  • payroll administration, benefits and wellness,
  • human resources, occupational health, performance management, training,
  • expense management, travel, transportation and accommodation,
  • IT systems and support, information and physical security,
  • background checks and other screenings,
  • equity award administration,
  • corporate banking and credit cards,
  • insurance brokers, claims handlers and loss adjusters, and any necessary third party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs.
Employee Benefits Providers. Providers of services to eligible employees as part of our employee benefits program, who need your information to verify your eligibility and provide you with services. For example, this may include: financial advisors and institutions, pensions providers, insurance providers and intermediaries (such as health insurance providers), and providers of health, fitness, wellness, childcare and concierge services.
Professional advisers. Accountants, auditors, lawyers, insurers, bankers, and other professional advisors.
Our Marketing Audience, Current and prospective customers and other business contacts with whom we share your PetLab bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities.
Customers and Business Partners. Customers, other companies and individuals with whom PetLab does business or is exploring a business relationship.
Parties involved in corporate transactions. We may disclose Personal Data in the context of actual or prospective business transactions (e.g., investments in PetLab, financing of PetLab, public share/stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose your Personal Data to an acquirer, successor, or assignee of PetLab as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets. Please note, we would always look to take steps to minimise the amount and sensitivity of any Personal Data shared in these contexts where possible and appropriate.
Compliance and protection related sharing. We may need to or may have a legitimate interest in, sharing your Personal Data with entities that regulate or have jurisdiction over us (such as regulatory authorities, public bodies and judicial bodies). We may also share your Personal Data in the context of protecting our, your or others' rights, privacy, safety or property (including by establishing, making and defending legal claims).
Future Employers and their Vendors. Future employers and their vendors where you ask that we provide references or where we are otherwise required to provide such references by law.
Other third parties where requested. For example providing services to you (e.g. your mortgage provider) where you ask us to do so.

Data transfers

We may share your Personal Data with third parties who are based outside the UK (including with certain of our Affiliates) in connection with the processing of Personal Data described in this Privacy Notice.

In such circumstances, their processing of your Personal Data will involve a transfer of your Personal Data to countries based outside the UK. Whenever we transfer your Personal Data outside the UK, we try to ensure a similar degree of protection is afforded to it by making sure that at least one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Government from time to time.

  • Transfers to territories without an adequacy decision. We may transfer your Personal Data to countries that have not been deemed to provide an adequate level of protection for Personal Data by the UK Government – provided that, in these cases:

    • we may use specific appropriate safeguards, which are designed to give Personal Data effectively the same protection it has in the UK (e.g., the UK’s International Data Transfer Agreement); or
    • in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – e.g., reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).
You can contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK. You may have the right to receive a copy of the appropriate safeguards under which your Personal Data is transferred – you can make a request by contacting us using the contact details shown in the “Who We Are and How to Contact Us” section above.

How we keep your Personal Data secure

We have put in place security measures designed to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

How long we store your Personal Data

PetLab’s retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which it was collected, as set out in this Privacy Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.
When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the Personal Data.

No automated decisions

PetLab does not envisage that you will be subject to decisions or profiling that will have a significant impact on you based solely on automated decision-making.