Privacy notice for staff

Personal and sensitive personal information about current, past and prospective staff provided initially on an application form and added to a personnel file over the course of employment.

When you apply to work for the College, information collected will include your: name and contact details, employment details, employment history, education history, references, special arrangement details for interview, criminal record details, DBS check including EEA check, prohibition from teaching check, pre-employment health questionnaire/medical check.

We will collect personal information from you when you are a new starter and become an employee of the College. This will include your name, marital status, contact details, job title, department, NI number, next of kin details, bank details, pension details, student loan details, employment terms and conditions, qualifications, disciplinary information, grievance, capability, job descriptions, sickness absence, annual leave, recruitment information, staff photo, payroll details, flexible working, exit interviews, return to work information, parental leave details, appraisal/performance reviews, medical and occupational health reports.

The College will process your information in accordance with the General Data Protection Regulation and its own Data Protection Policy. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely, be adequate, relevant and not excessive, be kept accurate and up to date, held only as long as necessary and not disclosed to any third party unlawfully.

The College collects and processes personal data relating to its staff to effectively manage a number of administrative functions and to comply with statutory and legal requirements:

• Managing Human Resources processes such as recruitment, payment of salaries and pensions, performance management, and training and development
• Safeguarding students
• Checking identity and the right to work in the UK
• Checking qualifications
• Providing facilities such as access control, IT user accounts and access to software systems for the purposes of College business
• Preventing and detecting crime, such as using CCTV and using photographs on ID cards
• Providing communications about College news and events, such as through the Staff Intranet
• Maintaining contact with past employees
• Fundraising and Marketing
• Provision of wellbeing and support services

The College processes sensitive personal data for a number of administrative purposes:

• Equal opportunities monitoring
• Administering Sick Pay and Sick Leave schemes, managing absence, administering Maternity Leave and related pay schemes
• Managing a safe environment and ensuring fitness for work
• Managing obligations under Equal Opportunities legislation
• Provision of occupational health and wellbeing services to individuals

We collect and use your personal information on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into the contract with you.  We also collect and use your personal information on the basis that we need to do so in order to comply with our legal obligations.

Where we collect your special category personal information, we do this on the basis that it is necessary for the purposes of carrying out our obligations in the field of employment law.  Special categories of personal data is personal data that reveal a person’s racial or ethnic origin, political opinions, religions or philosophical beliefs, trade union membership, genetic data (i.e. information about their inherited or acquired genetic characteristics, information about their physical, physiological or behavioural characteristics (such as facial images and fingerprints), physical or mental health, sexual life or sexual orientation and criminal records).

• Personal data may be shared between colleagues who legitimately need the information to carry out their duties
• Registration with IT Services means that a member of staff’s name, department, email address and telephone number will appear in the College internal email and telephone directory
• Staff photographs are used on the College ID Card, staff intranet and internal email platform for the purposes of identification, security and to aid cross college communication
• Monitoring of IT systems to ensure adherence to the College Acceptable Use Policy for statistical reporting (all reporting remains anonymised at the user information level)
• Obtaining information about past criminal convictions as a condition of employment including mandatory DBS checks on all staff

The amount of personal information shared within the College will be no more than is reasonably necessary.

Circumstances may also arise where sensitive personal data is shared with work colleagues within the College without first obtaining your explicit consent. This will only occur if the processing is necessary:

• To protect your vital interests and you cannot give your consent or your consent cannot be reasonably obtained
• To protect another person’s vital interest and you have unreasonably withheld your consent 
• For the discharge of any function which is designed for the provision of confidential counselling, advice, support or any other service and
• Requiring your explicit consent would prejudice the provision of that counselling, advice, support or other service
• To meet our statutory obligations in relation to equality and diversity monitoring
• The disclosure is made for the purpose of prevention or detection of crime, the apprehension or prosecution of offenders and we have received a notice from the police confirming that the disclosure is required for these purposes
• Pursuant to a Court Order requiring disclosure

The College may need to share your personal and sensitive personal data with third parties outside of the College who are contracted to work on its behalf, for example to pension providers, insurers and suppliers of services to the College.

The College will often confirm dates and nature of an individual’s employment to a prospective employer in a reference. In certain circumstances the College may pass the data of staff debtors to an external debt collection agency if it has been unable to recover the debt by normal internal financial or HR processes.

The College may also have to share your personal data with third parties outside the College for other purposes with your consent. However, there may be circumstances where information is shared without consent as listed in the section above.

Personal information will be retained in line with the College Information Retention Schedule and in accordance with regulatory and statutory legal requirements.

We have robust technical and organisational systems and policies in place to manage and protect your information. These measures include data encryption, restricted access rights to personal information and up to date security software to ensure confidentiality and to guard against unauthorised access, unlawful processing, accidental loss, damage and destruction.

We do make use of suppliers who will store and process personal data outside of Europe. However, we have a third party processing agreement in place with each of these suppliers compliant with current data protection regulations.

We do not make automated decisions using this personal data.

Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this by contacting a member of the Human Resources Team or alternatively use the HR Self Service Portal to amend your personal details.

• To require us to correct the personal data we hold about you if it is incorrect;
• To require us to erase your personal data;
• To require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
• To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
• To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services to you.