Doxuno
Browse All Free Templates
Doxuno
GDPR & PrivacyUnited Kingdom

Free Employee Privacy Notice Template

An employee privacy notice informs your staff about how their personal data is collected, used, stored and protected during and after employment. Use our free UK template to meet your UK GDPR transparency obligations towards employees.

Create Your Employee Privacy Notice
Free to useInstant PDFNo account required

PDF (free) + editable Word (.docx) with Expert

EMPLOYEE PRIVACY NOTICE
Apex Solutions Ltd  ·  UK GDPR  ·  Effective: 2026-04-01
Data Controller: Apex Solutions Ltd
DPO: dpo@apex-solutions.co.uk
This Employee Privacy Notice explains how Apex Solutions Ltd ("the Company", "we", "us", or "our") collects, uses, stores, and shares your personal data as your employer. This Notice is provided to you in accordance with Articles 13 and 14 of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.
WHO WE ARE (DATA CONTROLLER)
Apex Solutions Ltd is the data controller responsible for your personal data. Company Registration Number: 12345678.

Registered address: 100 Enterprise Way
London
EC2A 4NE

Data Protection Officer / Privacy Contact: Sarah Johnson
Contact email: dpo@apex-solutions.co.uk

If you have any questions about how we use your personal data, please contact us using the details above.
2.
PERSONAL DATA WE COLLECT AND USE
We collect and process the following categories of personal data about you:

  • Personal identity (name, date of birth, photograph)
  • Contact details (address, phone number, email address)
  • Financial and payroll data (salary, tax information)
  • Bank account details
  • National Insurance number
  • Employment history and references
3.
PURPOSES AND LEGAL BASIS FOR PROCESSING
We process your personal data for the following purposes:

  • Recruitment and selection
  • Administration of the employment contract
  • Payroll, benefits and expense management
  • Performance management and appraisals
  • Health and safety compliance
  • Legal compliance and regulatory obligations


Legal bases for processing: We rely on the following lawful bases under UK GDPR Article 6(1) to process your personal data:

  • Contractual necessity (Article 6(1)(b) UK GDPR)
  • Legal obligation (Article 6(1)(c) UK GDPR)
  • Legitimate interests (Article 6(1)(f) UK GDPR)
4.
HOW LONG WE KEEP YOUR DATA AND WHO WE SHARE IT WITH
How long we keep your data: For the duration of employment and for 7 years after the employment relationship ends, in accordance with the Limitation Act 1980.

Who we share your data with: We may share your personal data with the following categories of third parties, who are subject to appropriate data protection obligations:

  • HM Revenue and Customs (HMRC)
  • Pension providers
  • Legal advisers


We may also share your data with: External payroll provider.

International transfers: Your personal data is not transferred outside the United Kingdom.
5.
YOUR DATA PROTECTION RIGHTS
Under UK GDPR, you have the following rights in relation to your personal data:

Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.
Right to rectification (Article 16): You have the right to ask us to correct inaccurate or incomplete personal data.
Right to erasure (Article 17): In certain circumstances, you have the right to request deletion of your personal data.
Right to restriction of processing (Article 18): In certain circumstances, you have the right to request that we restrict how we use your personal data.
Right to data portability (Article 20): Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
Right to object (Article 21): Where processing is based on legitimate interests, you have the right to object to such processing.
Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

How to exercise your rights: Employees may exercise any of the rights described in this Notice by contacting the Data Protection Officer at dpo@apex-solutions.co.uk or in writing to the registered address above.

We will respond to your request within 1 calendar month of receipt of the request (extendable by a further 2 months for complex or numerous requests).

Right to complain: If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
6.
CHANGES TO THIS NOTICE
We may update this Privacy Notice from time to time to reflect changes in our data processing practices, legal requirements, or organisational structure. We will notify you of any significant changes in an appropriate manner. We recommend that you check this Notice periodically.

This Notice was last updated on: 2026-04-01.

Available as a print-ready PDF or an editable Microsoft Word (.docx) file.

What Is an Employee Privacy Notice?

An employee privacy notice is a document provided to employees that explains how their employer processes their personal data. It covers what data is collected, why it is needed, the legal basis for processing, who it may be shared with and how long it is kept.

Under Articles 13 and 14 of the UK GDPR, data controllers must provide data subjects with specific information about data processing in a concise, transparent and easily accessible form. Employers are data controllers in respect of their employees’ personal data.

A UK employee privacy notice should be provided to all British staff at the start of their employment and updated whenever processing practices change. It covers employees, workers, contractors and job applicants whose data the British organisation processes in England and Wales.

What's Covered in This Template

Our employee privacy notice template covers all information required under UK GDPR transparency obligations.

Data Controller Identity

Name, address and contact details of the employer, including the Data Protection Officer where applicable.

Categories of Data Collected

Types of personal data processed, including contact details, bank details, performance data and health information.

Purposes of Processing

Clear explanation of why each category of data is collected and how it is used in the employment context.

Lawful Basis

The legal basis for each processing activity, including contract, legal obligation, legitimate interest and consent.

Special Category Data

How sensitive data such as health records, diversity monitoring and trade union membership is handled and protected.

Data Sharing

Who employee data may be shared with, including HMRC, pension providers, insurers and regulatory bodies.

International Transfers

Whether employee data is transferred outside the UK and the safeguards in place for such transfers.

Retention Periods

How long different categories of employee data are retained and the criteria for determining retention periods.

Employee Rights

Explanation of data subject rights including access, rectification, erasure, restriction, portability and objection.

Monitoring and Surveillance

Information about any workplace monitoring including email, internet, CCTV and GPS tracking.

How to Create an Employee Privacy Notice

Follow these steps to produce a comprehensive and compliant privacy notice for your workforce.

  1. 1

    Map Your Employee Data

    Identify all categories of personal data you collect from employees, where it comes from, how it is used and where it is stored.

  2. 2

    Identify Lawful Bases

    Determine the appropriate lawful basis for each processing activity, whether contract performance, legal obligation, legitimate interest or consent.

  3. 3

    Document Data Sharing

    List all third parties with whom employee data is shared and the purpose and legal basis for each sharing arrangement.

  4. 4

    Set Retention Periods

    Define how long each category of employee data will be retained, referencing statutory requirements and business necessity.

  5. 5

    Distribute to Employees

    Provide the notice to all current employees and include it in the onboarding process for new starters. Review and update it annually.

Why Doxuno documents are different

Four things that make our templates more thorough than AI-generated drafts and more current than static template libraries.

Accurate

Country-specific legal content

Drafted with legal expertise for each jurisdiction, far more thorough than AI-generated drafts that copy generic clauses across borders.

Always current

Always current with the law

Templates carrying statute references are continuously updated as the law changes. Your document always reflects the current legal framework.

Free PDF

Print-ready PDF

Free to download. Vector text, embedded fonts, statute citations baked in. Print, sign, file. Ready for any signing flow including electronic signature.

Word · .docx

Editable Word (.docx)

Continue editing in Word after download. Add custom clauses, reuse the template for similar agreements, or share with a colleague for collaborative review.

Requires Expert one-time unlock or any paid Doxuno subscription.

Legal Considerations

Employee data processing involves specific legal requirements beyond standard UK GDPR obligations.

This template is for informational purposes only and does not constitute legal advice. Consult a qualified solicitor for advice specific to your situation.

Reviewed for England & Wales law

Lawful Basis for Employment Processing

Most UK employment data processing relies on contractual necessity (Article 6(1)(b)), legal obligation (Article 6(1)(c)) or legitimate interests (Article 6(1)(f)) under the UK GDPR. Consent is generally inappropriate as the basis for British employment processing because of the power imbalance between employer and employee in England and Wales.

Special Category Data

Processing health data, diversity information or trade union membership in the UK requires a condition under both Article 9 of the UK GDPR and Schedule 1 of the UK Data Protection Act 2018. Common conditions for British employers include employment obligations, health and safety and equality monitoring under English law.

Workplace Monitoring

The UK ICO Employment Practices Code provides guidance on monitoring British employees. UK employers must carry out an impact assessment before introducing monitoring in England and Wales, inform employees of the nature and extent of monitoring and ensure it is proportionate to the aim pursued under English law.

Subject Access Requests

British employees have the right to make subject access requests under Article 15 of the UK GDPR. UK employers must respond within one calendar month and provide a copy of all personal data being processed. Exemptions under the UK Data Protection Act 2018 may apply for legal professional privilege and management forecasting in England and Wales.

Frequently Asked Questions

Create Your Employee Privacy Notice Now

Meet your transparency obligations and build employee trust. Fill in the details, preview your notice and download it as a PDF in minutes.

Create Your Employee Privacy NoticeBrowse All Templates

Free PDF · Editable Word with Expert · No account required