Staff Privacy Notice

Newham College of Further Education (“the College”) is registered as a Data Controller with the Information Commissioner’s Office for the purposes of the Data Protection Act and from 25 May 2018, the General Data Protection Regulation.

The College is considered a Public Authority under the Freedom of Information Act 2000. Registration is renewed annually.

Data Protection Register
Registration Number: Z1573620
Data Controller: Newham College of Further Education
Address: High Street South, East Ham E6 6ER

Further details regarding registration are available via http://www.ico.org.uk

The College is committed to protecting your personal information and being transparent about what information we hold about you, how we use it and who we share it with.

This privacy notice informs you what to expect when the College collects personal information.

Staff Privacy Notice

What information do we hold?

Personal and sensitive personal information about current, past and prospective staff provided initially on an application form and added to a personnel file over the course of employment.

When you apply to work for the College, information collected will include your: name and contact details, employment details, employment history, education history, references, special arrangement details for interview, criminal record details, DBS check including EEA check, prohibition from teaching check, pre-employment heath questionnaire/medical check.

We will collect personal information from you when you are a new starter and become an employee of the College. This will include your: name, marital status, contact details, job title, department, NI number, next of kin details, bank details, pension details, student loan details, employment terms and conditions, qualifications, disciplinary information, grievance, capability, job descriptions, sickness absence, annual leave, recruitment information, staff photo, payroll details, flexible working, exit interviews, return to work information, parental leave details, appraisal/performance reviews, medical and occupational health reports.

How do we use this personal information?

The College will process your information in accordance with the General Data Protection Regulation and its own Data Protection Policy. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely, be adequate, relevant and not excessive, be kept accurate and up to date, held only as long as necessary and not disclosed to any third party unlawfully.

The College collects and processes personal data relating to its staff to effectively manage a number of administrative functions and to comply with statutory and legal requirements:

  • Managing Human Resources processes such as recruitment, payment of salaries and pensions, performance management, and training and development
  • Safeguarding students
  • Checking identity and the right to work in the UK
  • Checking qualifications
  • Providing facilities such as access control, IT user accounts and access to software systems for the purposes of College business
  • Preventing and detecting crime, such as using CCTV and using photographs on ID cards
  • Providing communications about College news and events, such as through the Staff Intranet
  • Maintaining contact with past employees
  • Fundraising and Marketing
  • Provision of wellbeing and support services

The College processes sensitive personal data for a number of administrative purposes:

  • Equal opportunities monitoring
  • Administering Sick Pay and Sick Leave schemes, managing absence, administering Maternity Leave and related pay schemes
  • Managing a safe environment and ensuring fitness for work
  • Managing obligations under Equal Opportunities legislation
  • Provision of occupational health and wellbeing services to individuals

The legal basis on which we collect and use your personal information

We collect and use your personal information on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into the contract with you.  We also collect and use your personal information on the basis that we need to do so in order to comply with our legal obligations.

Where we collect your special category personal information, we do this on the basis that it is necessary for the purposes of carrying out our obligations in the field of employment law.  Special categories of personal data is personal data that reveal a person’s racial or ethnic origin, political opinions, religions or philosophical beliefs, trade union membership, genetic data (i.e. information about their inherited or acquired genetic characteristics, information about their physical, physiological or behavioural characteristics (such as facial images and fingerprints), physical or mental health, sexual life or sexual orientation and criminal records).

How do we share your information?

  • Personal data may be shared between colleagues who legitimately need the information to carry out their duties
  • Registration with IT Services means that a member of staff’s name, department, email address and telephone number will appear in the College internal email and telephone directory
  • Staff photographs are used on the College ID Card, staff intranet and internal email platform for the purposes of identification, security and to aid cross college communication
  • Monitoring of IT systems to ensure adherence to the College Acceptable Use Policy for statistical reporting (all reporting remains anonymised at the user information level)
  • Obtaining information about past criminal convictions as a condition of employment including mandatory DBS checks on all staff

The amount of personal information shared within the College will be no more than is reasonably necessary.

Circumstances may also arise where sensitive personal data is shared with work colleagues within the College without first obtaining your explicit consent. This will only occur if the processing is necessary:

  • To protect your vital interests and you cannot give your consent or your consent cannot be reasonably obtained
  • To protect another person’s vital interest and you have unreasonably withheld your consent 
  • For the discharge of any function which is designed for the provision of confidential counselling, advice, support or any other service and
  • Requiring your explicit consent would prejudice the provision of that counselling, advice, support or other service
  • To meet our statutory obligations in relation to equality and diversity monitoring
  • The disclosure is made for the purpose of prevention or detection of crime, the apprehension or prosecution of offenders and we have received a notice from the police confirming that the disclosure is required for these purposes
  • Pursuant to a Court Order requiring disclosure

How do we share your information with 3rd Parties?

The College may need to share your personal and sensitive personal data with third parties outside of the College who are contracted to work on its behalf, for example to pension providers, insurers and suppliers of services to the College.

The College will often confirm dates and nature of an individual’s employment to a prospective employer in a reference. In certain circumstances the College may pass the data of staff debtors to an external debt collection agency if it has been unable to recover the debt by normal internal financial or HR processes.

The College may also have to share your personal data with third parties outside the College for other purposes with your consent. However, there may be circumstances where information is shared without consent as listed in the section above.

How long do we keep your information?

Personal information will be retained in line with the College Information Retention Schedule and in accordance with regulatory and statutory legal requirements.

How do we protect your information?

We have robust technical and organisational systems and policies in place to manage and protect your information. These measures include data encryption, restricted access rights to personal information and up to date security software to ensure confidentiality and to guard against unauthorised access, unlawful processing, accidental loss, damage and destruction.

Transferring Personal Information outside of Europe

We do make use of suppliers who will store and process personal data outside of Europe. However, we have a third party processing agreement in place with each of these suppliers compliant with current data protection regulations.

Automated Decisions we make about you

We do not make automated decisions using this personal data.

Changes to your personal information

Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this by contacting a member of the Human Resources Team or alternatively use the HR Self Service Portal to amend your personal details.

Your Rights

  • To require us to correct the personal data we hold about you if it is incorrect;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
  • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Refusal to Provide Personal Information

Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services to you.

 

Contact us

If you have any queries about this privacy notice or how we process your personal data, you can contact our Data Protection Officer by:

Email: dpo@newham.ac.uk
Telephone: +44 (0) 0208 257 4000
Post: The Data Protection Officer, Newham College, High Street South East Ham E6 6ER.

To request access to the personal data that we hold about you, you may contact our Data Protection Officer by using the contact details above or by submitting a Data Subject Request Form which can be supplied by Human Resources.

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk.

Changes to this Privacy Notice

We keep the privacy notice under regular review. Any changes we make to our privacy notice in the future will be communicated to you either via the staff intranet or by email.

This privacy notice was last updated on 16 May 2018.