Privacy Notice for Employees Taking a Daily Health Check

The safety of our employees is of paramount importance to us. In order to help us do everything we reasonably can to protect their health and safety and to prevent the spread of coronavirus (COVID-19) in our workplace, we have put in place a firm-wide procedure for screening all employees for risk of COVID-19 before allowing them to enter our facilities.

Screening involves providing employees with an App that asks them a series of health-related questions to ascertain whether they may pose a risk to their colleagues and then asking them to certify that they will abide by certain health and safety measures in the office. If any answers suggest that they may have COVID-19, have recently been in close touch with someone who has had COVID-10, or are quarantining, or they refuse to certify that they will abide by the firm's health and safety measures while in the office, they will not be permitted to enter our offices. We realise that there is a risk that persons who are not in fact harbouring the virus may be turned away, but we believe that is a risk we have to take in the interest of our colleagues and the public at large.

What data are we collecting and processing?

We are collecting your answers to our short health questionnaire and your responses to questions designed to ascertain if you are willing to abide by our health and safety measures.

For what purposes are we collecting this data?

We are collecting this data to try and assess whether you may be a potential carrier of the virus and whether your attendance at our premises could pose an avoidable risk to others working at, or visiting our offices. Your data will therefore be used to decide whether or not to allow you entry to our offices.

What will happen to your personal data?

Your responses will be stored within the App and will be accessible to a small number of people from our HR, Administrative and IT teams based in the UK and the US. A decision notified to you through the App that you may not enter the office is not however a final one. If you wish to challenge it, you should contact the UK Director of Administration (details below) who will consider your responses to the questions in the light of the risks identified above and provide a final decision. In the event of a challenge, your answers to the medical questionnaire may be disclosed to other members of the firm's management both in the UK and the US and in exceptional cases to the firm's external legal and medical advisers.

How long will we retain your data?

In most cases your personal data will be retained for a period of 30 days. We believe that this provides sufficient time to address a challenge to being refused access to the office. Thereafter, your personal data will be safely and securely destroyed. However if you do challenge a decision to deny you entry, your personal data may be retained until the challenge has been resolved after which it will again be securely destroyed.

How do we keep your data secure?

Your personal data will be retained securely within the App., where it is password protected and access is only permitted to the team identified above. Only those individuals will have authorisation to destroy the data and each such person will have signed a Non-Disclosure Agreement.

What is the legal basis for processing your data?

It is necessary for the firm to process your personal data in order to carry out our employment law obligations and specifically our duties to protect the health and safety of our staff. The processing is also necessary for reasons of substantial public interest, namely preventing the spread of the COVID-19 virus. To the extent that your personal data is transferred to employees in the US, the UK partnership has entered into a Data Transfer Agreement with the wider US partnership, in the form of model clauses approved by the European Commission.

Your rights in relation to your personal data.

You have a number of rights in relation to the personal data we collect about you, namely:

(a) the right to correct any inaccuracies in the data;
(b) the right to request that we erase the data where we are not entitled under law to process it, or it is no longer necessary to process it for the purposes for which it was collected;
(c) the right, whilst you are requesting that your data is corrected or erased, or you are contesting the lawfulness of our processing, to apply for its use to be restricted;
(d) the right to object to our processing of your personal data; and
(e) the right to access and receive a copy of your personal data.

If you wish to exercise these rights, or have any questions or concerns relating to the processing of your personal data, please contact the Director of Administration, whose details appear below.

Ruth Ling
Email: Ruth.Ling@arnoldporter.com
Phone: +44 (0)20 7786 6222

Other Useful Information

For the purposes of this notice, Arnold & Porter (UK) LLP of Tower 42, 25 Old Broad Street, London EC2N 1HQ is a data controller, insofar as we determine the purposes for which your personal data is processed and how it is processed. In addition you have the right to raise concerns about our processing of your personal data with the Information Commissioner's Office (the ICO), the regulator responsible for data protection enforcement in the UK. The ICO's details are:

The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. 0303 123 1113 / https://ico.org.uk/Global/contact-us