At The Barnet Group, we are committed to protecting and respecting your privacy.

The Barnet Group itself does not process any personal data. All subsidiaries of the Group are registered with the Information Commissioner’s Office and are data controllers and/or data processors.

Customers can read the privacy policies on each subsidiary’s website:

Board and committee members of The Barnet Group and its subsidiaries can read the Board and Committee Member Privacy Policy.

This privacy policy explains when and why we collect personal information of our staff, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. This policy applies to staff employed by Barnet Homes, Your Choice (Barnet), and TBG Flex – collectively referred to within this policy as ‘The Barnet Group’.

This policy applies to prospective, current, and former employees, workers, and contractors, including consultants, temporary and agency staff, and volunteers, collectively referred to in this notice as ‘staff’. This notice does not form part of any contract of employment or other contract to provide services.

We may change this policy from time to time to reflect changes to legislation and ways of working. We recommend checking this page occasionally to ensure that you’re happy with any changes.

Things you can do to help us:

  • tell us when any of your details change; and
  • tell us if any of the information we hold on you is wrong

Any questions regarding this policy and our privacy practices should be sent by email to, or by writing to The Data Protection Officer, The Barnet Group, 3rd Floor, 2 Bristol Avenue, London, NW9 4EW. Alternatively, you can telephone 020 8080 6587 and ask to speak to the Data Protection Officer.

Our Data Protection Officer is Neil Topping, working on behalf of ParaDPO.

Who are we?

When we use your personal data, TBG Flex, Barnet Homes, and Your Choice (Barnet) are what we call the data controller.

As the data controller, we must:

  • only keep your data that we need to provide services, and do what the law says we must;
  • keep your records safe and accurate;
  • only keep your data for as long as we have to;
  • collect, store, and use your data in a way that does not break any data protection laws.

TBG Flex is a company for the recruitment and employment of staff that is incorporated in England (09842642). The registered address is 3rd Floor, 2 Bristol Avenue, London, NW9 4EW.

Barnet Homes is an Arms-Length Management Organisation (ALMO) that is wholly owned by the London Borough of Barnet and is incorporated in England (04948659). The registered address is 3rd Floor, 2 Bristol Avenue, London, NW9 4EW.

Your Choice (Barnet) is a provider of adult social care services that is incorporated in England (07873969). The registered address is 3rd Floor, 2 Bristol Avenue, London, NW9 4EW.

They are all members of Thebarnetgroup Limited. The Barnet Group includes Barnet Homes, Your Choice (Barnet) Limited, TBG Open Door Limited (‘Opendoor Homes’), Bumblebee Lettings Limited, and TBG Flex Limited.

What is personal data?

Personal data is information about a living person that we can use to work out who they are, such as name, address, telephone number, date of birth, bank details, etc. This can include written letters, emails, photographs, audio recordings, and video recordings.

Some data is called ‘special category data’. This is more sensitive information, and we have to look after it more carefully. This includes details of ethnic origin, religious beliefs, sexual orientation, physical and mental health, trade union membership, and biometric (e.g. fingerprints, facial recognition) and genetic (e.g. DNA) data.

Why we collect and store personal data

We use your personal data so we can get in touch, or provide employment and related services to you, where there is a law that says we must or we can process your data, and we can do so without your consent or permission.

We use your data for the following reasons:

  • To employ staff
  • Service delivery and communications
  • Statutory requirements – e.g. reporting to the government
  • Service improvement and planning
  • Regulatory, licensing and enforcement functions
  • Prevention and detection of crime
  • Financial transactions
  • Research, including consultations
  • Promote access to work
  • Equality monitoring
  • To answer data protection requests

We will only collect, use and share your personal information where we are satisfied that one or more of the following legal bases apply:

  • The processing is necessary for compliance with a legal obligation to which The Barnet Group is subject, for example, disclosing information to local tax authorities, making statutory payments, avoiding unlawful termination, avoiding unlawful discrimination, meeting statutory record keeping requirements, or health and safety obligations;
  • The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, prior to entering into such a contract, for example collecting bank details to pay your salary or processing information to provide you with the contractual benefits to which you are entitled;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • The processing is necessary for the legitimate interests pursued by The Barnet Group or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. The Barnet Group considers that it has a legitimate interest in processing personal information for the purposes set out above, and to support the achievement of its immediate and long-term business goals and outcomes.

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest (or for official purposes).
  • In exceptional circumstances with your consent.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.  Where we rely on legitimate interests, our legitimate interests are to ensure the smooth running of and protect our business.

We may process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations in the field of employment and social security and social protection law, where it is authorised by UK legislation.
  • Where it is needed in the public interest, such as for equal opportunities monitoring.
  • Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
  • Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations.

Please see our Appropriate Policy Document for more information about how and why we process this special category data.

We are allowed to use your data due to a legal obligation or public task under various UK laws including, but not limited to:

  • The Employment Rights Act 1996
  • The National Minimum Wage Act, 1998
  • The Working Time Directive, 1999
  • The Employment Relations Act, 1999
  • The Health and Safety at Work, etc. Act 1974
  • The Equality Act 2010
  • The Public Sector Equality Duty – Equality Act 2010
  • The Localism Act 2011
  • The Safeguarding Vulnerable Groups Act 2006
  • The Rehabilitation of Offenders Act 1974
  • The Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021

How do we collect information from you?

We will only collect personal information when we need this. Personal information means information which can identify you as an individual. When we ask you for information we will make it clear why we need it. We will also make it clear when you do not have to provide us with information, and any consequences of not providing this.

Most information we hold will be collected from you, and you will usually provide this information directly to your manager or HR contact, or enter it onto our systems, for example through iTrent, your participation in HR processes, emails, and instant messages. In addition, further information about you will come from your managers, HR or occasionally from your colleagues.

We may also obtain information from third parties such as references from a previous employer, medical reports from external professionals, and information from tax authorities, benefit providers, or where we employ a third party to carry out a background check (where authorised by applicable law).

In some circumstances, personal information may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, CCTV, telephone logs and recordings, and email and Internet access logs), if and to the extent authorised by applicable laws.

Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated. The failure to provide mandatory information will mean that we cannot carry out certain HR processes. For example, if you do not provide us with your bank details, we will not be able to pay you.

Apart from personal information relating to you, you may also provide us with personal information of third parties, notably your dependants and other family members, for purposes of HR administration and management, including the administration of benefits and someone to contact in an emergency. Before you provide such third party personal information to us you must first inform these third parties of any such information that you intend to provide and of the processing to be carried out by The Barnet Group, as detailed in this notice.

We may take photographs at events organised and hosted by The Barnet Group. The images may be used on our websites, in brochures, and in other publicity materials such as newsletters, and may be provided to the media for publication in local or national newspapers or magazines. You will always be given the option not to be included in photographs.

What type of information is collected from you?

We may collect the following personal information about you for the purposes described in this notice:

  • Personal details: your title, name, previous or maiden name, gender, nationality, civil/marital status, date of birth, age, personal contact details, national ID number, eligibility to work information, passport, driving licence, languages spoken, emergency contact information*, and details of any disability and any reasonable adjustments required as a result.
  • Recruitment and selection information: skills and experience, qualifications, references, CV and application, interview and assessment data, background and verification information related to the outcome of your application, and details of any offer made to you.
  • Information related to your engagement: contract of employment or engagement, work contact details, employee or payroll number, photograph, work location, your worker ID and various system IDs, your work biography, your assigned business unit or group, your reporting line, your employee/contingent worker type, your termination/contract end date, the reason for termination, your last day of work, and exit interviews.
  • Regulatory information: records of your registration with any applicable regulatory authority, your regulated status, including any criminal record or credit background checks which may be necessary, and any regulatory certificates and references.
  • Remuneration and benefits information: your remuneration information (including salary/contract pay/fees information as applicable, allowances, overtime, bonus plans), payments for leave, bank account details, grade, tax information, details of any benefits you receive or are eligible for, benefit coverage start date, expense claims and payments, and information and agreements.
  • Leave and absence management information: attendance records, absence records, holiday dates, requests and approvals and information related to family leave or other special or statutory leave, absence history, fit notes, details of incapacity, details of work impact and adjustments, manager and Human Resources (HR) communications, and return to work interviews.
  • Performance management information: colleague and manager feedback, your appraisals and performance review information, outcomes and objectives, talent programme assessments and records, succession plans, and formal and informal performance management process records.
  • Training and development information: data relating to training and development needs or training received or assessments completed.
  • Monitoring information (to the extent authorised by applicable laws): closed circuit television footage, system and building log-in and access records, photo on access card, download and print records, call or meeting recordings, and information captured by IT security programmes and filters.
  • Staff claims, complaints, and disclosures information: subject matter of employment or contract based litigation and complaints, pre-claim conciliation, communications, settlement discussions, claim proceeding records, staff involvement in incident reporting and disclosures.
  • Equality and diversity information (where authorised by law): information regarding gender, age, nationality, religious belief, sexuality, and race, so that we can use this information anonymously to monitor our services and performance, including measuring change and the impact on different groups, identifying issues that affect our staff, and improving services and employee experience and inclusion.

*When you provide information about your emergency contact, we assume that you do so with their full knowledge and consent.

We may also record meetings held in Microsoft Teams that you attend, with your consent (see our additional Microsoft Teams Meeting Recording Privacy Policy here)

We will also collect any information required by relevant legislation.

The information we collect, store, and use may include the following special categories of more sensitive personal information:

  • Information about your nationality, race, or ethnicity.
  • Information about your religious beliefs, sexual orientation, and political opinions.
  • Trade union membership.
  • Information about your health, including any medical condition, health, and sickness records. This may include COVID-19 immunity status checks as required by law or to protect vulnerable residents.
  • Information about criminal convictions and offences.

How is your information used?

Subject to applicable law, your personal data may be stored and processed by us for the following purposes:

Recruitment and selection

  • To evaluate applications for employment and make decisions in relation to selection of staff;
  • Pre-employment screening including, where relevant and appropriate, identity check, right to work verification, reference check, credit check, financial sanction check, and criminal record (Disclosure and Barring Service – DBS) checks;
  • To make job offers, providing contracts of employment or engagement and preparing to commence your employment or engagement where you accept an offer from us;
  • To contact you should another potentially suitable vacancy arise;
  • To deal with any query, challenge, or request for feedback received in relation to our recruitment decisions; and
  • To monitor programmes to ensure equality of opportunity and diversity.

Ongoing management of all aspects of staff relationships with The Barnet Group

  • To manage and maintain HR hard copy records, files and systems, including technical support and maintenance of HR systems and managing electronic and hard copy records in line with The Barnet Group’s records retention schedules;
  • Providing and administering remuneration, benefits, pensions, and incentive schemes;
  • To make appropriate tax and national insurance deductions and contributions;
  • To set and change building and system access permissions;
  • Identifying and communicating effectively with staff;
  • Where appropriate, publishing appropriate internal or external communications or publicity material, including via social media;
  • Managing and operating performance reviews, capability, attendance, and talent programmes;
  • Managing grievances, allegations (e.g. whistleblowing, harassment), complaints, investigations and disciplinary processes, and making related management decisions;
  • Training, development, promotion, career and succession planning, and business contingency planning;
  • Processing details with staff consent of membership of trade unions, and other staff representative bodies and to administer any associated subscriptions paid direct from salaries;
  • Processing Disclosure and Barring Service (DBS) checks where these are required due to the nature of your role;
  • Monitoring fairness, outcomes, and inclusion, and identifying areas for improvement based on employee experience.

Absence management and health and safety

  • Processing information about absence;
  • Processing medical information regarding physical or mental health or condition to assess eligibility for incapacity or permanent disability related remuneration or benefits:
    • determine fitness for work;
    • facilitate a return to work;
    • make adjustments or accommodations to duties or the workplace;
    • make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and/or
    • conduct-related management processes.
  • Monitoring fairness, outcomes, and inclusion, and identifying areas for improvement based on employee experience.

Compliance monitoring, security and systems use

  • Measuring the performance of The Barnet Group’s IT systems by monitoring staff usage of systems; this includes analysing times, locations, and activities whilst users are logged into the network;
  • Auditing, monitoring, investigation, and compliance monitoring activities in relation to The Barnet Group policies, Code of Conduct, applicable law, the prevention and detection of criminal activity, and to protect The Barnet Group’s and the London Borough of Barnet’s assets and premises.

Responding to legal and regulatory requests

  • Comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorised by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment);
  • Termination of employment and managing post-employment relationships;
  • Complying with reference requests where The Barnet Group or one of its subsidiaries is named by the individual as a referee;
  • Administering termination and post-termination matters, e.g. outplacement services, liaison with staff legal representatives, enforcing restrictive covenants, loan repayments, overpayments, expense reimbursements, employee benefits, conduct termination, and post-termination litigation.

We do not routinely monitor the content of your private communications made using our IT and communication systems. However, we have the technology to do so and we may do so from time to time for specific purposes. If we discover that you are in breach of our Acceptable Use policies, we may use the content of private communications on our systems in any disciplinary proceedings.

We do not use computers to make automated decisions about you; however, should this position change we will notify you in writing.

To the extent authorised by local laws, The Barnet Group may collect and process a limited amount of personal information falling into special categories, sometimes called ‘sensitive personal information’. This term means information relating to:

  • health-related details, including any special dietary requirements and any reasonable adjustments that the company may be required by law to make to your working arrangements, as well as COVID-19 immunity status;
  • information revealing racial or ethnic origin;
  • judicial information, including the results of criminal or police records checks which can include details of offences, alleged offences and sentences, and information from other intelligence sources (subject to relevant local laws and record retention periods);
  • marital status and next of kin; and
  • political opinions or contributions, religious beliefs or other similar beliefs, and sexual orientation, should you choose to provide any such information.

Please see our Appropriate Policy Document for more information about how and why we process this special category data.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

What are legitimate interests?

The law also allows your information to be collected and used if it is necessary for a legitimate business interest of ours – as long as its use is fair and balanced and does not unduly impact on your rights.

A wide range of interests may be legitimate interests. They can be YCB’s interests, or the interests of customers, third parties, or commercial interests, as well as wider societal benefits. When we rely on any legitimate interest, we will ensure that we take a balanced approach and have appropriate safeguards.

Our legitimate interests include:

  • Recording and monitoring telephone calls made into our contact centres (see our additional Call Recording Privacy Policy here);
  • Having appropriate security for our offices and on our sites. This includes CCTV and identification photographs;
  • Official communications;
  • Working out which of our services may interest you and telling you about them to help meet our business objectives, encourage social inclusion, and help build communities;
  • Understanding our customers’ experiences and views so that we can effectively influence and contribute to debates on future housing strategies;
  • Working with the authorities and the police to support safer communities;
  • Making sure that our services / properties meet the needs of our customers;
  • Understanding how we are performing so we can meet our priorities and objectives; and
  • Demonstrating to our regulator that we are fulfilling our obligations, for example with respect to anti-discrimination laws.

Please speak to us if you have any concerns.

Who has access to your information?

For the above purposes, personal information may be transferred within or outside of the jurisdiction where you are employed or perform work, either within The Barnet Group or to third parties, including, but not limited to:

  • any holding company, subsidiary, affiliate of The Barnet Group; and/or
  • certain third party including suppliers and service providers including; payroll, pension providers to whom The Barnet Group may disclose personal information when required by law or court order, or as requested by any government or regulator or law enforcement authority or agency.

When sharing information, we will comply with all aspects of data protection law.

Where sharing is in our legitimate business interests (ensuring this is proportionate and limited to that information which is strictly necessary in the circumstances) or where we are required to share information by law, we may do so without seeking your consent first.  This may include, but not be limited to, disclosure to a party with whom The Barnet Group is in negotiation for the sale or transfer of a business, assets, or services. The Barnet Group will take appropriate steps to ensure that the recipient of personal information in such circumstances puts in place an adequate level of protection for such personal information in accordance with applicable legal requirements.

Information may be shared with:

  • Judicial agencies – e.g. Courts
  • Police
  • Children’s Social Care
  • Adults Social Care
  • Probation
  • Health Agencies including occupational health providers
  • Government Departments – e.g. DWP, HRMC
  • Immigration Services
  • Disclosure & Barring Service
  • Regulatory Bodies
  • Pension Providers
  • Trade Unions
  • Commissioned partners e.g. staff benefit scheme
  • Other businesses / organisation (references, market pay organisations)
  • Employment Agencies
  • Contractors providing IT services

If you leave, or are thinking of leaving, we may be asked by your new or prospective employers to provide a reference. For example, we may be asked to confirm the dates of your employment or your job role. If you are still employed by us at the time the request for a reference is received we will discuss this with you before providing this.

As a Local Authority Trading Company (Thebarnetgroup Ltd) and an Arms-Length Management Organisation (ALMO) (Barnet Homes) for a public authority, we may receive information requests under the Freedom of Information Act (2000) about our staff. In this event, we must consider whether to disclose staff information (including agency and temporary staff) in response to these requests. We will normally disclose work-related information about staff in a public-facing role. We may also disclose information about staff members whose work is purely administrative if their names are routinely sent out externally. It is less likely that information about those who do not deal directly with the public in an operational capacity will be disclosed. Freedom of Information requests are handled by our Complaints and Information Team.

When your data is sent to other countries

We may sometimes make use of cloud-based systems to support the management of our business. Where this happens, we will ensure that there are appropriate safeguards in place to protect your rights. Our services use platforms such as Microsoft Office 365, Google, and Amazon Web Services, which host data in the USA and EU under contract.

There may be occasions where we need to process your information outside of the UK; for example, where we use a third party computer system supported by employees in the USA. Where we do this we will take all necessary steps to ensure that your information remains secure.

Your rights, and how you can access and update your information

We are committed to upholding your rights in respect of your personal data.

If you’d like to talk to us about your rights, you can contact us at or speak directly to the HR team.

Further information on raising data protection concerns can be found on the Information Commissioner’s Website or you can contact the ICO to seek an independent view.

The right to be informed

Through the provision of our suite of privacy notices, we will be open and transparent about how and why we use your personal information.

The right of access

You have the right to request a copy of the personal information we hold about you. This is known as a Subject Access request. In order for us to process a Subject Access Request we need this to be made in writing (we have a Subject Access Request form you can use for this purpose, to make it easier to include all the details we might need to locate the information you want), and we ask that your written request is accompanied by proof of your identity and address.

If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both yours and theirs).

If you are seeking to obtain specific information (for example, about a particular matter or from a particular time period), it helps if you clarify the details of what you would like to receive in your written request.

Once your request has been received, along with your proof of identity and address, we will provide your information within one month.

In response to Subject Access Requests we will provide you with a copy of the information we hold that relates to you.

The right to rectification

You can ask us to rectify your personal data if it is inaccurate or incomplete. Please help us to keep our records accurate by keeping us informed if your details change.

The right to erasure

The right to erasure is also known as ‘the right to be forgotten’. In some circumstances, you can ask us to delete or remove personal data where there is no compelling reason for its continued processing. This is not an absolute right, and we will need to consider the circumstances of any such request and balance this against our need to continue processing the data. Our response will also be guided by the provisions of our Records Retention Schedule.

The right to restrict processing

In some circumstances you can ask us to restrict processing, for example

  • If you disagree with the accuracy of personal data.
  • If we’re processing your data on the grounds of legitimate interests (as detailed earlier), and whilst we consider whether our legitimate grounds override those of yours.

We will assess your request and seek to comply with it; however, there will be some situations where we will be unable to comply – for example due to a legal requirement or where processing of personal information is necessary in relation to providing a service. Where this is the case we will inform you of the reason for this.

The right to data portability

If the situation arises where it would be helpful for you to move, copy, or transfer personal data we hold about you, across different services, you may be able to ask us to do this.  Please contact us to discuss.

The right to object

You can tell us if you object to our processing of your personal data:

  • Based on legitimate interests.
  • For the purpose of direct marketing (including profiling);

Security precautions in place to protect the loss, misuse, or alteration of your information

We take our responsibilities to under data protection legislation very seriously, and we will apply appropriate technical and organisational measures to ensure your personal information is secure. For example, we have a number of policies, procedures, and templates in place in relation to protecting personal data, in addition to systems to ensure that access to personal information is restricted to authorised individuals on a strictly need-to-know basis. We also ensure all staff complete new starter training and annual refresher training on data protection.

When we need to share personal data with third party suppliers, our relationships are governed by our contracts with them which include strict data sharing and confidentiality protocols.

We only hold records during the period of our relationship and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us. We have a Records Retention Schedule, which can be found on The Barnet Group’s intranet site, which sets out how long we keep different types of information for. We review our retention periods for personal information on a regular basis.

Use of cookies

Like many other websites, The Barnet Group’s website uses cookies. You can read our cookie policy here.

Links to other websites

Our website may contain links to other websites run by other organisations. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. When you are transferred to another site by following an external link we recommend that you read their privacy statement on their use of your personal data.