As a Data Controller, Newham College is legally responsible for processing your personal data in accordance with data protection legislation.
The College is registered as a Data Controller (registration number: Z1573620) with the Information Commissioner’s Office (ICO) to process data in accordance with the General Data Protection Regulation (EU) 2016/679 and Data Protection Act 2018.
The College is committed to protecting your personal information and being transparent about what information we hold about you, how we use it and who we share it with.
Personal and sensitive personal information about current, past and prospective staff provided initially on an application form and added to a personnel file over the course of employment.
When you apply to work for the College, information collected will include your: name and contact details, employment details, employment history, education history, references, special arrangement details for interview, criminal record details, DBS check including EEA check, prohibition from teaching check, pre-employment health questionnaire/medical check.
We will collect personal information from you when you are a new starter and become an employee of the College. This will include your name, marital status, contact details, job title, department, NI number, next of kin details, bank details, pension details, student loan details, employment terms and conditions, qualifications, disciplinary information, grievance, capability, job descriptions, sickness absence, annual leave, recruitment information, staff photo, payroll details, flexible working, exit interviews, return to work information, parental leave details, appraisal/performance reviews, medical and occupational health reports.
The College will process your information in accordance with the General Data Protection Regulation and its own Data Protection Policy. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely, be adequate, relevant and not excessive, be kept accurate and up to date, held only as long as necessary and not disclosed to any third party unlawfully.
The College collects and processes personal data relating to its staff to effectively manage a number of administrative functions and to comply with statutory and legal requirements:
The College processes sensitive personal data for a number of administrative purposes:
We collect and use your personal information on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into the contract with you. We also collect and use your personal information on the basis that we need to do so in order to comply with our legal obligations.
Where we collect your special category personal information, we do this on the basis that it is necessary for the purposes of carrying out our obligations in the field of employment law. Special categories of personal data is personal data that reveal a person’s racial or ethnic origin, political opinions, religions or philosophical beliefs, trade union membership, genetic data (i.e. information about their inherited or acquired genetic characteristics, information about their physical, physiological or behavioural characteristics (such as facial images and fingerprints), physical or mental health, sexual life or sexual orientation and criminal records).
The amount of personal information shared within the College will be no more than is reasonably necessary.
Circumstances may also arise where sensitive personal data is shared with work colleagues within the College without first obtaining your explicit consent. This will only occur if the processing is necessary:
The College may need to share your personal and sensitive personal data with third parties outside of the College who are contracted to work on its behalf, for example to pension providers, insurers and suppliers of services to the College.
The College will often confirm dates and nature of an individual’s employment to a prospective employer in a reference. In certain circumstances the College may pass the data of staff debtors to an external debt collection agency if it has been unable to recover the debt by normal internal financial or HR processes.
The College may also have to share your personal data with third parties outside the College for other purposes with your consent. However, there may be circumstances where information is shared without consent as listed in the section above.
Personal information will be retained in line with the College Information Retention Schedule and in accordance with regulatory and statutory legal requirements.
We have robust technical and organisational systems and policies in place to manage and protect your information. These measures include data encryption, restricted access rights to personal information and up to date security software to ensure confidentiality and to guard against unauthorised access, unlawful processing, accidental loss, damage and destruction.
We do make use of suppliers who will store and process personal data outside of Europe. However, we have a third party processing agreement in place with each of these suppliers compliant with current data protection regulations.
We do not make automated decisions using this personal data.
Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this by contacting a member of the Human Resources Team or alternatively use the HR Self Service Portal to amend your personal details.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services to you.
If you have any questions about this privacy notice or are unhappy with how we have used your personal information, details of how you can contact the data protection officer or the Information Commissioner’s Office are available on our data protection page.
We review this privacy notice on a regular basis to ensure continued compliance with current legislation and to reflect best practice. We reserve the right to make changes without prior notice.
Updated: 16 May 2018