Go Back Up

Privacy notice
for employees

Last updated February 2026

Privacy notice for employees

WHO CONTROLS YOUR DATA

  • This notice applies to all employees (and past employees and those who apply to become employees) of a Giant company. When this notice refers to ‘Giant’, in the context of controlling your personal data, we mean the Giant company that is your employer. The best way to identify the company is to look at your employment contract or your payslips or, if you are an applicant, the company named in the recruitment process.

WHAT IS THE PURPOSE OF THIS DOCUMENT?

  • Giant is committed to protecting the privacy and security of your personal information.
  • This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).
  • It applies to all employees (and prospective employees).
  • Giant is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
  • This notice applies to current and former employees. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.

DATA PROTECTION PRINCIPLES

  • We will comply with data protection law. This says that the personal information we hold about you must be: 
    • Used lawfully, fairly and in a transparent way.
    • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    • Relevant to the purposes we have told you about and limited only to those purposes.
    • Accurate and kept up to date.
    • Kept only as long as necessary for the purposes we have told you about.
    • Kept securely.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

  • Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
  • There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.
  • We may collect, store, and use some or all of the following categories of personal information about you:
    • Name, address and contact details
    • Date of birth
    • Marital status
    • Employment application
    • Curriculum vitae
    • History with the company
    • Job title
    • Areas of expertise
    • Details of salary (including your payslips and tax forms) and benefits
    • National Insurance number
    • Bank details
    • Performance appraisals
    • Disciplinary records
    • Salary reviews
    • Records relating to holiday and other leave
    • Working time records
    • Next of kin details
    • Logs of our communications with you

  • We may also collect, store and use the following more sensitive types of personal information:
    • Trade union membership.
    • Information about your health, including any medical condition, health and sickness records, including:
    • Where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision;
    • Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and
    • Where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.
    • Information about criminal convictions and offences.
    • Trade union membership.
    • Information about your health, including any medical condition, health and sickness records, including:
    • Where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision;
    • Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and
    • Where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.
      Information about criminal convictions and offences.

HOW IS YOUR PERSONAL INFORMATION COLLECTED?

  • We collect personal information about employees through the application and recruitment process when we communicate with you or background check provider. We may sometimes collect additional information from third parties including: 
    • Companies that introduce you to us (such as employment agencies, corporates, public bodies)
    • Recruitment consultants
    • Agents, suppliers, sub-contractors and advisers
    • Our existing employees and clients
  • We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

HOW WE WILL USE INFORMATION ABOUT YOU

  • We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances: 
    • Where we need to perform the contract we have entered into with you.
    • Where we need to comply with a legal obligation.
    • Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.
  • We may also use your personal information in the following situations, which are likely to be rare:
    • Where we need to protect your interests (or someone else’s interests).
    • Where it is needed in the public interest or for official purposes.

Situations in which we will use your personal information

  • We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases, we may process your personal information based on our legitimate interests, provided that these interests do not override your rights, for instance, to send you marketing communications and updates about our services that may be relevant to you, both during and after your employment. The situations in which we will process your personal information are listed below. 
    • Making a decision about your recruitment or appointment. We use the information you provide in your application
    • Checking you are legally entitled to work in the UK.
    • Paying you and deducting tax and National Insurance contributions (nics).
    • Providing the employee benefits which the company offers from time to time, if you opt for them.
    • Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties or in accordance with the preferences you express when you join.
    • Administering the contract we have entered into with you and related contracts with organisations that use your services.
    • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
    • Complying with health and safety obligations.
    • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
    • Equal opportunities monitoring.
  • Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide personal information

  • If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Change of purpose

  • We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  • Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

  • ”special categories” of particularly sensitive personal information, such as information about your health, racial or ethnic origin, sexual orientation or trade union membership, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances: 
    • In limited circumstances, with your explicit written consent.
    • Where we need to carry out our legal obligations or exercise rights in connection with employment.
    • Where it is needed in the public interest, such as for equal opportunities monitoring.
  • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Do we need your consent?

  • We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

INFORMATION ABOUT CRIMINAL CONVICTIONS

  • We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our privacy standard.
  • We will hold information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.
  • Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.  We will use information about criminal convictions and offences in the following ways:
    • We may disclose criminal convictions if you are assigned to a project for another organisation that requires criminal background checks (for example, you are assigned to work for a bank that requires such checks because the role requires access to secure banking data);
    • If you have disclosed criminal convictions, we may not put you forward for projects that your convictions would disqualify you for the project;
    • We may share the information with another organisation if you consent (for example, if you consent to disclosure in connection with your services being made available to an agency).

AUTOMATED DECISION-MAKING

  • Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
  • We use third party databases to verify your identity and proof of address.

DATA SHARING

  • We may have to share your data with third parties, including third-party service providers and other entities in the group. For example, we share your information with other Giant companies who provide shared services that allow us to perform the functions outlined in this notice.
  • We require third parties to respect the security of your data and to treat it in accordance with the law.
  • We may transfer your personal information outside the UK and outside the European Union. Some overseas countries do not have data protection legislation equivalent to GDPR. However, your data will be treated at all times in line with GDPR requirements and will only be transferred internationally on an accepted lawful basis such as the standard contractual clauses or international data transfer agreement mandated by GDPR, UK GDPR, and Data Protection Act 2018. For specific details about your specific data, please contact your Support Team/Manager. To be employed by Giant, you agree to a general authorisation to process your data outside the United Kingdom or outside the European Union. We will notify you of any intended changes or the addition of other processors and provide you with an opportunity to object.
  • We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. For example, we will share payroll information with HMRC, with pension providers and payslip software providers. And we may also share, upon request, your payroll and employment information, including payslips, with your agency and end hirer (if applicable).
  • We will share your personal information with managed service providers (MSPs), vendor management programmes (VMS operators) and other programme/compliance assurance providers operating within the labour supply chain (including where Giant does not contract with them directly), where they are authorised by the client/end-hirer or relevant agency and where access is necessary for assignment administration or to meet contractual, regulatory or client compliance obligations. Where we share payroll or employment information (including, where necessary, payslips) with parties in the labour supply chain (such as agencies, end-hirers and MSP/VMS programme operators):
    • the lawful bases we rely on will typically be performance of contract, compliance with legal obligations, and/or legitimate interests (for example, ensuring compliant supply chain operation, preventing fraud, and meeting client assurance requirements), depending on the circumstances; and
    • access and disclosures will be restricted to what is necessary for the relevant purpose and will be subject to appropriate safeguards, including role-based access controls, audit logging, confidentiality and data protection obligations, and restrictions on onward disclosure/transfer.
    • where practicable, we will limit the information shared (for example, by providing confirmation outputs or redacted views rather than full payslip details).

  • When we ask other Giant entities to process your data outside the United Kingdom and outside the European Union, we will:
    • Ensure that such Giant companies process personal data using the same systems, procedures and policies as those used by Giant and all other Giant companies based in the United Kingdom. Your personal data will be protected by the same technical and organisational measures as we use in the United Kingdom;
    • Manage, control and oversee the work done by such Giant companies to ensure compliance with these safeguards;
    • Ensure that processing of personal data by such Giant companies is performed subject to a contract with Giant, or any other UK based Giant company, that includes the provisions required by Article 28(3) of the General Data Protection Regulation.

DATA SECURITY

  • We have put in place measures to protect the security of your information. Details of these measures are available upon request.
  • Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
  • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

How long will you use my information for?

  • We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

Your duty to inform us of changes

  • It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

  • Under certain circumstances, by law, and subject always to our statutory obligations, you have the right to:
    • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes at any time. If you wish to opt out, please contact your Support Team/Manager in writing. .
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your personal information to another party.
  • If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact your Support Team/Manager in writing.

No fee usually required

  • You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

  • We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

RIGHT TO WITHDRAW CONSENT

  • In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact your Support Team/Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

CHANGES TO THIS PRIVACY NOTICE

  • We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact your Support Team/Manager.

UNITED STATES SUPPLEMENT

UNITED STATES SUPPLEMENT (US EMPLOYEES, WORKERS/CONTRACTORS AND APPLICANTS)

This United States (‘US’) supplement applies where you are based in the United States, where you are a US resident and US law applies to your personal information, or where we process your personal information in connection with US recruitment, employment, payroll, benefits, assignment administration or compliance.

WHO CONTROLS YOUR DATA

In many cases, Giant acts as your legal employer (including as an Employer of Record (EOR)). You may perform services for an end-hirer/client (including remotely or at the end-hirer’s premises) and may be subject to the end-hirer’s systems, policies and workplace controls. In those circumstances:

  • Giant is typically the data controller for personal information we process for employment administration (for example: onboarding, payroll, tax, benefits, employment records, HR case management, statutory compliance and workforce administration).
  • The end-hirer/client is typically the data controller for personal information it processes through its workplace, systems and tools (for example: access badges, CCTV, building security, email/chat accounts, device management, monitoring, internal directories, timekeeping and productivity tools, and security investigations), and for business purposes connected to your day-to-day work.
  • Certain activities may involve shared or separate responsibility depending on the facts (for example: timesheets, performance feedback, incident management). Where applicable, we and the end-hirer will each be responsible for our own compliance.

WHAT IS THE PURPOSE OF THIS US SUPPLEMENT

This supplement explains additional US-specific disclosures and practices and is intended to be read together with the main notice. US privacy requirements can vary by state. Where state privacy rights apply to employment-related information, we will honour those rights in accordance with applicable law and subject to verification and lawful exceptions.

The kind of information we hold about you (US additions)

In addition to the categories described elsewhere in this notice, we may collect and use the following US-specific information (as applicable to your role, location and engagement):

  • Identifiers: Social Security Number (SSN), tax identifiers, driver’s licence/state ID (where used for identity checks), employee/worker IDs.
  • Payroll and tax: wage and payment information, time and attendance, payroll deductions, federal/state/local withholding information, year-end tax reporting information.
  • Benefits: benefits enrolment and administration information, beneficiaries/dependants (where applicable), leave and accommodation information required to administer benefits/leave.
  • Work authorisation / identity verification: documents and information required to verify identity and work authorisation (including Form I-9 information) and, where applicable, E-Verify case information.
  • Background screening: where permitted and relevant, background screening results and associated notices/authorisations.
  • IT/security: device identifiers and logs, authentication information, access and security event logs required to protect systems and data.
  • Biometrics (only if used): biometric identifiers/data (e.g., fingerprint/hand/face geometry templates) used for timekeeping or secure access.

HOW IS YOUR PERSONAL INFROMATION COLLECTED

In the US we may collect information:

  • directly from you during recruitment, onboarding and ongoing employment administration;
  • from third parties that support onboarding and compliance (for example payroll/benefits vendors, identity verification services, or background check providers where used and permitted);
  • from end-hirers/clients where necessary for assignment administration (for example approved hours, assignment details, start/end confirmations, compliance confirmations).

HOW WILL WE USE INFORMATION ABOUT YOU

We use personal information to:

  • recruit and onboard you (including verifying identity/work authorisation where required);
  • administer your employment/engagement, including HR support and recordkeeping;
  • administer payroll, taxes, statutory reporting and benefits/leave (as applicable);
  • manage assignment administration with end-hirers (e.g., onboarding status, access requirements, timesheet approval/verification, assignment changes, compliance confirmations);
  • operate compliance and risk processes (including audits, internal controls, and responding to legal/regulatory requests);
  • protect our systems and prevent fraud or misuse; and
  • handle disputes, claims, investigations and litigation.

How we use particularly sensitive personal information

Where we process sensitive information in the US (for example, certain health/leave information required to administer leave or benefits), we do so only as permit by law and with appropriate safeguards. We process personal information as necessary to administer your employment/engagement, to meet our contractual obligations to you and our clients/end-hirers, and to comply with applicable laws. Where a specific consent or written authorisation is required by law for a particular activity (for example, certain background checks or biometric processing), we will obtain it separately.

Biometrics (only if used): If biometric identifiers/data are used (for example for timekeeping or secure access), we will provide any additional notices and obtain any consents/authorisations required by applicable law and will apply appropriate retention and security safeguards. If biometrics are collected via an end-hirer’s systems, the end-hirer will generally be responsible for its own notices and consents.

Information about criminal convictions / background checks (US – FCRA note)

Where permitted and relevant, we may conduct background checks. If a background check is performed through a consumer reporting agency for employment purposes, we will follow applicable requirements (including providing required notices and authorisations and any required pre-adverse/adverse action notices).

Automated decision-making

We may use third-party tools to support identity verification, onboarding workflows, or security processes. Where automated decision-making produces legal or similarly significant effects and applicable law requires additional information or safeguards, we will provide them.

DATA SHARING

In the US, we may share your personal information with:

  • payroll providers, benefits providers, HR/workforce platforms, and other service providers that support your employment administration;
  • background screening providers (where used and permitted);
  • professional advisers (legal, audit, insurers);
  • tax, employment, immigration and other authorities/regulators where required; and
  • end-hirers/clients and agencies where necessary for assignment administration and employment support (for example: assignment details, start/end confirmations, onboarding completion, approved hours confirmations, compliance confirmations, and information relevant to workplace issues or investigations).

We require third parties to respect the security of your data and to treat it in accordance with law and applicable contractual requirements.

INTERNATIONAL TRANSFERS

Where your information is transferred outside the US (or where US-based processing involves transfers from the UK/EEA), we apply appropriate safeguards as described in the main notice (for example recognised contractual protections where required).

DATA SECURITY

The data security measures described in the main notice apply equally to US processing. Where we provide access to Giant systems, access is restricted on a need-to-know basis and protected by appropriate security controls.

DATA RETENTION

We retain personal information for as long as necessary for the purposes set out in the main notice and to meet legal, accounting and reporting requirements.

Form I-9: Where applicable, Form I-9 records are retained in accordance with US federal requirements (generally three years after the date of hire or one year after employment ends, whichever is later).

YOUR RIGHTS IN CONNECTION WITH PERSONAL INFORMATION

Depending on your US state of residence and the nature of the personal information, you may have certain rights (such as access, correction, or deletion), subject to lawful exceptions and verification requirements. Where rights apply, we will respond in accordance with applicable law.

How to submit a request to Giant: Please contact your Support Team/Manager in writing. We may request information to verify your identity.

End-hirer data: If your request relates to information controlled by an end-hirer’s workplace systems (such as end-hirer monitoring, building access records, CCTV, end-hirer email/chat tools, device management), you should contact the end-hirer directly.

Right to withdraw consent

Where we rely on consent for a specific processing activity, you may withdraw that consent at any time by contacting your Support Team/Manager. Withdrawal will not affect processing already carried out, and we may continue processing where another lawful basis applies.

Changes to this US supplement

We may update this US supplement from time to time. Where we make substantial changes, we will provide an updated copy as soon as reasonably practical.

APPENDIX A – CALIFORNIA NOTICE AT COLLECTION (EMPLOYEES, APPLICANTS, WORKERS/CONTRACTORS)

This Appendix applies to individuals who are California residents whose personal information we collect in the context of recruitment, employment, or engagement as a worker/contractor (including where Giant acts as EOR and you provide services to an end-hirer/client). This Appendix is intended to meet California “notice at collection” requirements by describing (i) the categories of personal information we collect, (ii) the purposes for which we use it, (iii) whether we sell/share it, and (iv) retention criteria/timeframes.

Important note about end-hirer systems

Where you provide services to an end-hirer/client (whether remote or on-site), the end-hirer/client may collect and use personal information through its workplace and systems, such as building access/badges, CCTV, end-hirer email and collaboration tools, ticketing systems, device management, monitoring, security tooling, and timekeeping/productivity tools. The end-hirer/client is generally responsible for providing notices and policies for those systems and activities. Giant typically receives only limited information from the end-hirer/client that is necessary to administer your employment/engagement (for example approved hours/timesheet confirmations, assignment start/end confirmations, or onboarding/compliance confirmations).

Categories of personal information we collect

Depending on your relationship with us and your role/assignment, we may collect the following categories:

  • Identifiers: Name, alias (if used), postal address, email address, telephone number, unique personal identifiers (e.g., employee/worker ID), online identifiers (e.g., account username for Giant systems), and, where applicable, Social Security Number (SSN), driver’s licence/state ID, passport information, and other government-issued identifiers used for onboarding and compliance.
  • Personal records/employment related records: Recruitment records (application, CV/resume, interview notes, assessment results), offer and contract/assignment documents, role and assignment details, work location (including remote status), reporting lines (where applicable), employment/engagement history with Giant, training and compliance completion records, performance records, disciplinary/grievance/investigation records (where applicable), and professional qualifications/licences (where relevant).
  • Payroll/financial information: Compensation and payment history, wage/fee rate, payroll deductions, bank details, tax withholding information, year-end tax reporting information, benefits eligibility/enrolment details, beneficiaries/dependants (where applicable), leave/absence administration information (where applicable), and expense reimbursements (if applicable). Where you work with an end-hirer, we may receive approved hours/timesheet confirmations or similar approvals.
  • Protected classification characteristics (where collected and permitted)
    Characteristics such as race/ethnicity, sex/gender, disability status, veteran status, age, and similar information only where collected (typically for equal opportunity monitoring, reporting, or compliance) and subject to appropriate safeguards.
  • Internet/network activity (Giant systems only): Access logs, authentication records, account activity logs, audit logs, and security event logs generated when you use Giant systems (e.g., onboarding portals, HR/workforce platforms we operate, or security tooling), to maintain system security and operational integrity.
  • Geolocation data (limited, only if collected): Approximate location data or device location information only where collected (for example, to support security controls, fraud prevention, or device management, if Giant issues and manages devices). If not collected, this category may not apply.
  • Audio/visual information (limited): only where applicable (for example where Giant records calls for training/compliance, or uses CCTV at Giant premises). Education history and qualifications where relevant to recruitment or the role.
  • Sensitive personal information: Depending on the circumstances, this may include: SSN and government identifiers; account log-in credentials for Giant systems; information revealing racial/ethnic origin (where collected for equal opportunity monitoring); union membership (where applicable); and health/medical information where needed to administer leave, accommodations or benefits.
  • Background screening information (if used and permitted): Screening status, results, and related records/authorisations where legally permitted and relevant to a role or assignment.

Note: We do not intentionally collect personal information for cross-context behavioural advertising in the workforce context.

Purposes for which we collect and use personal information

We collect and use the categories above for the following purposes:

  • Recruitment and hiring
    Processing applications, evaluating suitability, communicating with candidates, verifying information, issuing offers, and onboarding.
  • Employment/engagement administration
    Entering into and administering employment/engagement arrangements; maintaining HR records; managing scheduling and attendance processes; administering training and compliance requirements; managing performance, conduct, grievances, investigations and workplace issues (where applicable). 
  • Payroll, tax and payments
    Paying wages/fees, administering payroll and deductions, processing payments, handling expenses (if applicable), and completing required federal/state/local tax withholding and reporting. 
  • Benefits and leave administration (where applicable) Administering benefits enrolment and eligibility; administering leave and absence processes; managing accommodations, occupational health processes, or fitness-to-work (where applicable and permitted).
  • Work authorisation / identity verification and compliance
    Verifying identity and right to work/authorisation to work; meeting legal compliance requirements related to employment, immigration/work authorisation, and recordkeeping. 
  • Assignment administration with end-hirers/clients
    Administering onboarding/offboarding requirements; confirming assignment details and changes; confirming compliance/training completion where required; receiving and processing approved hours/timesheet confirmations (or similar approvals) for payroll and assignment administration; and addressing assignment-related issues.
  • Security, fraud prevention, and safeguarding (Giant systems)
    Protecting the security and integrity of our systems and data; preventing fraud, misuse, and unauthorised access; maintaining audit trails and investigating security incidents.
  • Legal, regulatory, and business operations
    Complying with applicable laws and lawful requests; responding to audits and regulatory enquiries; establishing, exercising or defending legal claims; and maintaining business records and internal reporting.

Categories of third parties to whom we disclose personal information

We may disclose personal information on a need-to-know basis to the following categories of third parties for the purposes described above:

  • Service providers supporting our workforce operations (e.g., payroll processors, benefits providers, HR and workforce management platforms, time/attendance tools where used, identity verification providers, IT/security providers, and professional advisers such as auditors, insurers and legal counsel).
  • Giant group companies providing shared services (e.g., HR, payroll, IT, finance, compliance, legal, and security support).
  • Government authorities/regulators and other parties where required by law (e.g., tax authorities, courts, law enforcement, and regulators), or to protect legal rights.
  • End-hirers/clients and agencies involved in your assignment, where necessary for assignment administration and employment support (e.g., onboarding confirmations, assignment details, approved hours confirmations, compliance confirmations, and responding to workplace issues or investigations as appropriate).

Sale/sharing

We do not sell personal information. We do not share personal information for cross-context behavioural advertising in the employment context.

Retention

We retain personal information for as long as reasonably necessary for the purposes described above, including to comply with legal obligations, resolve disputes, enforce agreements, and maintain business records. Retention periods vary by category and by legal requirements.

California rights and how to submit a request

Subject to applicable exceptions and verification requirements, California residents may have rights to request:

  • access to certain personal information;
  • correction of inaccurate personal information;
  • deletion of certain personal information; and
  • information about categories of personal information disclosed for business purposes.

To submit a request to Giant, please contact global@giantgroup.com. We may need to verify your identity and, where applicable, verify authority for an authorised agent request.

Sensitive personal information and how we use it

Where we collect and process sensitive personal information in the workforce context, we do so only for purposes related to managing the recruitment/employment/engagement relationship, administering payroll/benefits/leave where applicable, meeting legal obligations, maintaining security, and other purposes permitted by law. Access to sensitive personal information is restricted and safeguarded.