Privacy Policy
Privacy Policy
1. What is the purpose of this document
1.1 Park Holidays UK Limited ("we", "our", "us", "Park Holidays UK Ltd.") is the data controller responsible for processing your personal data.
1.2 We are committed to protecting the privacy and security of your personal data. This privacy notice explains how we collect, use, and protect your personal data during the recruitment process, as well as throughout and after your working relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR).
1.3 This notice applies to applicants and all current and former employees, workers, and contractors.
1.4 This notice does not form part of any contract of employment, casual worker agreement, consultancy agreement, or any other contract for services. We may update this notice at any time, and if we do, we will provide you with an updated version as soon as reasonably practicable.
1.5 It is important that you read and retain this notice, along with any other privacy notices we may provide on specific occasions, to ensure you understand how and why we process your personal data and what your rights are under data protection law.
1.6 Compliance with this privacy notice is overseen by our Data Protection Officer (DPO). If you have any questions about this notice or how we handle your personal data, please contact the DPO using the details provided below.
2. Data controller details
2.1 Park Holidays UK Limited is part of the Sun Communities Inc. group of companies and acts as the data controller for both Park Holidays UK Ltd. and Park Leisure Group Ltd.
2.2 Contact details are as follows:
Data Protection Officer
Park Holidays UK Limited
Glovers House
Glovers End
Bexhill on Sea
TN39 5ES
Email: dpo@parkholidays.com
Tel: 01424 234 234
2.3 Park Holidays UK Limited is registered with the Information Commissioner’s Office (the ICO) with registration number Z7420595.
3. Data protection principles
3.1 We are committed to complying with data protection laws and will follow these principles when handling your personal data:
(a) Lawfulness, fairness, and transparency – We will process your personal data lawfully, fairly, and in a transparent manner.
(b) Purpose limitation – We will collect and use your personal data only for valid purposes, which we will clearly explain to you, and will not process it in a way that is incompatible with those purposes.
(c) Data minimisation – We will process only the personal data necessary for the purposes we have specified.
(d) Accuracy – We will keep your personal data accurate and up to date.
(e) Storage limitation – We will retain your personal data only for as long as necessary for the purposes we have informed you about.
(f) Security and confidentiality – We will implement appropriate security measures to protect your personal data from unauthorised access, loss, destruction, or disclosure.
4. Types of personal data we collect about you
4.1 Personal data refers to any information relating to an individual who can be identified from that data. It does not include information where individual’s identity has been removed (anonymous data).
4.2 We collect, store, and use personal data only to the extent necessary to manage the terms of your employment or engagement and to comply with legal obligations. This includes the following categories of personal data:
(a) Recruitment information – Details provided during the recruitment process, including your CV (curriculum vitae), application form, cover letter, interview notes, work history, education, degrees, academic records, language skills, qualifications, and any professional licenses, memberships, or certifications.
(b) Background check data – Information obtained during pre-employment screening, which may include employment verification, criminal record checks (where required for the role – please refer to clause 4.4), credit history checks (if relevant to the position), right-to-work documentation, and sanctions screening (if applicable).
(c) Basic contact information – Name, address, telephone numbers (home, mobile, work), email address, citizenship/nationality, date and place of birth, gender, and right-to-work or work permit information (if applicable)
(d) Disciplinary and grievance records – Documentation related to disciplinary actions, grievances, and capability assessments, including investigation reports, collated evidence, minutes of hearings and appeal hearings, warning letters, performance improvement plans, and related correspondence.
(e) Government-issued identifiers – Subject to applicable legal conditions, this may include your National Insurance number, passport number, and, where required for your job, your driver’s licence number.
(f) Bank and financial information – Bank account details required for salary and payroll processing, name of your bank and account number, your salary details and other remuneration.
(g) Employment and contractual information – Terms and conditions of your employment or engagement, as outlined in job offer letters, employment contracts, written statements of employment particulars, seasonal employment contracts, worker agreements, pay review and bonus letters, and related correspondence. This includes information such as job title and working hours, employee identification number, job description, department, and manager details, reporting lines, work location and cost centre, employment status (full-time, part-time) and probation period (if applicable).
(h) Company IT and network access – Information necessary for using company networks and devices, including username, password, work telephone/mobile number, and device data (computer, telephone, device ID number). A company photo may be included, if provided.
(i) IT system usage data – Information regarding your use of company IT systems, including telephone, email, social networks, and internet usage.
(j) Electronic access records – Data collected through electronic means, such as swipe cards, fobs, or clocking-in records.
(k) Personal and family information – Marital status, dependents, beneficiaries, partner/spouse details, and emergency contact information.
(l) Attendance and leave records – Information related to working hours, attendance, leave entitlements (holiday, sick leave, parental leave etc.), travel, and mobility.
(m) Compensation and benefits Information – Economic and financial data related to salary, banking details, bonuses, benefits packages, pension schemes, and insurance programs provided as part of employment.
(n) Performance and development data – Information related to work performance, including evaluation details, reviews, and feedback, performance improvement plans (where necessary), training records (internal and external), courses, seminars and conferences, succession planning details (where applicable).
(o) Travel and expense information – Details related to work-related travel, including credit card details, bank details, booking and itinerary records, passport and visa information, travel preferences (seat preferences, dietary restrictions), and frequent flyer or corporate memberships (if provided).
(p) Termination records – Documentation related to the termination of employment or engagement, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements, and any related correspondence.
(q) CCTV and vehicle information – CCTV footage and Automatic Number Plate Recognition (ANPR) data, where applicable.
(r) Company vehicle usage – Information about you and your vehicle if used for business purposes (Grey Fleet Management).
4.3 Sensitive personal data (Special category data) – in certain circumstances, we may collect, store and use special category personal data, which requires a higher level of protection under data protection law. This includes:
(a) Health and disability information – we may process information about your physical and mental health or disability status to ensure health and safety in the workplace, assess fitness to work, provide appropriate workplace adjustments, monitor and manage sickness absence, administer benefits (e.g. statutory sick pay, disability-related accommodations), comply with employment laws, including those relating to sickness absence.
(b) Family-related leave information – We may process data related to family-related leave (e.g., maternity, paternity, shared parental leave, adoption leave) where required to comply with employment law and statutory entitlements.
(c) Equality and diversity data – we may process information about your race, nationality, or ethnic origin, political opinions, religious or other beliefs, sexual life or sexual orientation. This data is processed to support equal opportunity monitoring and reporting, in compliance with applicable laws.
4.4 Criminal Records Data (Article 10, UK GDPR) – For certain roles, we may process information about criminal convictions and offences, including checks conducted through the Disclosure and Barring Service (DBS). Processing of this data will only occur where required by law (e.g. safeguarding regulations, regulated professions), to comply with statutory employment obligations and with your explicit consent, where appropriate.
4.5 In some circumstances, we may request your explicit written consent to process certain types of sensitive data. If we do so, we will provide you full details of why the data is needed and allow you to carefully consider whether you wish to give consent.
5. How we collect your personal data
5.1 We collect personal data about employees, workers and contractors in various ways. Initially, we gather this information during the application and recruitment process, either directly from you, as a candidate, or from third parties, such as employment agencies or background check providers.
5.2 Additionally, we may collect relevant information from other external sources, including former employers (e.g. reference checks), credit reference agencies, and the Disclosure and Barring Service (DBS), where a criminal record check is required.
5.3 Throughout your working relationship with us, we may continue to collect additional personal data as part of your work-related activities. Some personal data is mandatory, as it is required by law, your contract, or statutory obligations. Other information may be voluntary, and in such cases, we will inform you whether providing it is a requirement or a choice.
5.4 We securely store your personal data in locations such as your personnel file, HR information system MyHub, payroll and financial systems, and IT systems (such as company email accounts).
6. Why and how we use your personal data
6.1 We will only use your personal data when permitted by law. In most cases, we rely on the following lawful bases for processing:
(a) Contractual necessity – where processing is required to perform the contract we have entered into with you.
(b) Legal obligation – where processing is necessary to comply with a legal requirement.
(c) Legitimate interests – where processing is necessary for our legitimate business interests or those of a third party, provided that your interests and fundamental rights do not override those interests.
6.2 In rare circumstances, we may also process your personal data under the following lawful bases:
(a) Vital interests – where processing is necessary to protect your interests or the interests of another person.
(b) Public interest – where processing is required to carry out a task in the public interest.
6.3 In limited circumstances, where you have provided your consent for the processing of your personal data for a specific purpose, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted before consent was withdrawn. To withdraw your consent, please contact our Data Protection Team at dpo@parkholidays.com. Once we receive your request, we will cease processing your personal data for the original purpose, unless another lawful basis allows us to continue.
7. If you do not provide your personal data
7.1 We process your personal data to fulfil our obligations under your contract of employment or engagement. If you do not provide the necessary information, we may be unable to carry out our duties (e.g. ensuring you receive the correct salary and benefits).
7.2 Additionally, failure to provide certain information may prevent us from confirming or continuing your employment or engagement, particularly where legal obligations apply. For example, we may be unable to: verify your right to work in the UK, or complete necessary background checks, such as a criminal records check (where applicable).
8. Change of purpose
8.1 We will only use your personal data for the purposes for which it was collected, unless we determine that it is necessary to use it for another reason that is compatible with the original purpose. If we need to use your personal data for a different reason, we will inform you and explain the legal basis for doing so.
8.2 In certain circumstances, we may process your personal data without your knowledge or consent, where this is required or permitted by law, in compliance with the above rules.
9. Data sharing – who has access to your personal data
9.1 Your personal data may be shared within Park Holidays UK Limited, including with members of the People Team, payroll staff, relevant accounts staff, your line manager, other managers within your department, and IT staff, where access to your personal data is necessary for them to perform their roles.
9.2 Your personal data may also be accessed by or shared with authorised individuals in our parent company, Sun Communities Inc., in the United States.
9.3 We rely on third-party service providers and vendors to support our operations. As a result, your personal data may be shared with these third parties, but only where necessary to fulfil the purposes outlined in this policy. Examples of third-party service providers (and their designated agents) include:
(a) External organisations conducting pre-employment reference and background checks
(b) Payroll providers
(c) Benefits providers and benefits administration
(d) Insurers
(e) Pension scheme providers and pension administration
(f) Occupational health providers
(g) External IT service providers
(h) External auditors
(i) Relocation companies
(j) Professional advisers, such as lawyers, accountants and insurance companies
(k) External employee engagement and survey providers who assist us in conducting employee feedback surveys, engagement assessments, pulse surveys, and other feedback tools.
9.4 We may share your personal data with other third parties in the event of a potential sale, merger, or restructuring of some or all of our business. In such cases, your personal data will remain subject to strict confidentiality obligations.
9.5 We may also disclose your personal where required to comply with legal obligations, regulatory requirements, or law enforcement requests.
10. Data security – how we protect your personal data
10.1 We have implemented measures to safeguard the security of your personal data. Our internal policies, procedures, and controls are designed to prevent your personal data from being accidentally lost, destroyed, altered, disclosed, accessed, or used in an unauthorised manner. Additionally, we restrict access to your personal data to employees, workers, agents, contractors, and other third parties who require it for legitimate business purposes in order to carry out their job duties and responsibilities.
10.2 When your personal data is shared with third-party service providers, we require them to implement appropriate technical and organisational security measures to protect it. They must also handle your personal data with a duty of confidentiality and in compliance with applicable data protection legislation. We only permit third parties to process your personal data for specified purposes in accordance with our written instructions, and they are not allowed to use it for their own purposes.
10.3 We have established procedures to address any suspected data security breaches. Where legally required, we will notify you and the relevant regulatory authorities of any such breach.
11. Data retention – how long we keep your personal data
11.1 We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, tax, health and safety, reporting or accounting requirements. Details of retention periods for different categories of personal data are available in our Data Retention Policy.
11.2 Generally, we retain your personal data for the duration of your employment or engagement. Specific exceptions include:
(a) Recruitment information: Personal data provided during recruitment that is not pertinent to the ongoing working relationship will not be retained.
(b) Criminal records data: Information on criminal convictions and offences obtained during recruitment will be deleted once verified through a Disclosure and Barring Service (DBS) check, unless deemed relevant to your ongoing employment.
(c) DBS check outcomes: We will record only whether a DBS check was satisfactory or unsatisfactory, unless specific details are assessed as relevant to your role.
(d) Retention of relevant criminal records: If criminal record information is relevant to your position, it will be retained for up to one year or until the conviction is considered "spent," whichever is sooner, unless the role is exempt under the Rehabilitation of Offenders Act 1974.
(e) Disciplinary and grievance records: These records will be retained for the duration of your employment and for six years after your employment ends. However, expired warnings will not influence employment decisions.
11.3 Upon termination of your employment or engagement with us, we will generally retain your personal data for 6 years. This period accounts for:
(a) Statutory requirements: Compliance with legal obligations concerning tax, health and safety, reporting, or accounting may necessitate specific retention periods.
(b) Legal claims: To address potential legal claims under the Limitation Act 1980, certain information may be retained for up to 6 years.
(c) Payroll and tax records: Information such as salary details, bonuses, overtime, expenses, benefits, pension contributions, National Insurance numbers, PAYE records, tax codes, and statuses will be retained for six years following the end of employment, in line with HM Revenue & Customs (HMRC) requirements.
11.4 Personal data that is no longer necessary will be securely destroyed in accordance with our Data Retention Policy and Schedule. We also require third parties handling your data to adhere to these standards.
11.5 In certain circumstances, we may anonymize your personal data, rendering it non-identifiable. In such cases, anonymized data may be retained for longer periods for research, statistical analysis, or business planning purposes.
12. Your rights in connection with your personal data
12.1 It is important that the personal data we hold about you is accurate and up to date. Please inform us promptly if your personal data changes (e.g. if you change your home address) during your working relationship with us so that our records are up to date. You can update your personal data directly in MyHub, or you can contact the People Team via Zendesk for assistance. We cannot be held responsible for any inaccuracies unless you have notified us of the relevant change.
12.2 As a data subject, you have several statutory rights under data protection laws. Subject to certain conditions and in specific circumstances, you have the right to:
(a) Request access to your personal data – also known as making a data subject access request (DSAR). This allows you to receive a copy of the personal data we hold about you and verify that we are processing it lawfully.
(b) Request rectification of your personal data – if any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
(c) Request erasure of your personal data – you can ask us to delete or remove your personal data where there is no compelling reason for its continued processing (e.g. if it is no longer necessary for the purpose for which it was collected).
(d) Request restriction of processing – you can ask us to suspend the processing of your personal data, for example, if you contest its accuracy and require verification.
(e) Object to processing – you have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, and there is something about your particular situation that makes you object to the processing on this ground.
(f) Request data portability – this allows you to request the transfer of your personal data to another party in a structured, commonly used, and machine-readable format, so you can reuse it across different services for your own purposes.
12.3 If you wish to exercise any of these rights, please contact our Data Protection Team at dpo@parkholidays.com. We may need to request specific information from you to verify your identity and confirm your right to access the requested data or exercise any of your other rights. This security measure ensures that personal data is not disclosed to anyone who does not have a legitimate right to receive it.
12.4 If you believe that we have not complied with your data protection rights, please contact our Data Protection Team at dpo@parkholidays.com. The Information Commissioner’s Office (ICO) is the UK’s supervisory authority for data protection issues, and you have the right to lodge a complaint with them at any time. Their contact details can be found at: https://ico.org.uk/global/contact-us.
13. International transfers of personal data
13.1 As part of our business operations and as a subsidiary of our parent company, Sun Communities Inc., in the United States (US), we may transfer and store personal data outside the United Kingdom (UK) and the European Economic Area (EEA), specifically in the US. Personal data is entered into the HR information system MyHub within the UK as part of the onboarding process. However, as MyHub’s data warehouse is located in the US, this means that your personal data is stored and accessible outside the UK/EEA. Additionally, we may occasionally share personal data with authorised individuals within our parent company, Sub Communities Inc., in the US for business operations and internal reporting. Any data shared is kept to minimum and shared securely.
13.2 The US does not currently benefit from an adequacy decision under UK data protection laws. To ensure that your personal data remains secure and protected, we have implemented appropriate safeguards in accordance with UK GDPR, including International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) with the UK Addendum. These safeguards ensure that your personal data is processed in accordance with UK data protection laws, protecting your privacy, security, and rights.
13.3 If you require further details about these protective measures, you may contact the Data Protection Team at dpo@parkholidays.com.
14. Automated decision making
14.1 Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.
14.2 Currently, we do not make employment decisions based solely on automated processing. If this changes, we will inform you and provide details of your rights.
15. Changes to this privacy notice
15.1 This privacy notice is reviewed annually. However, we reserve the right to update it at any time, taking into account changes to legal, regulatory and contractual requirements, as well as changes in working practices or structure of our business.
15.2 Changes to this policy may also result directly from the inputs such as audits, security incidents, risk assessments, improvement actions, and new objectives set by Company management.
16. Questions about this privacy notice
16.1 If you have any questions about this privacy notice or how we handle your personal data, please contact our Data Protection Team at dpo@parkholidays.com.
16.2 If your query is of a sensitive nature, you may also contact the People Team for further assistance.
