Current Staff privacy notice
Privacy Notice for Employees
- The University of Chester is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with data protection legislation. It applies to all current and former employees, workers and contractors and does not form part of any contract of employment or other contract to provide services.
- The University of Chester is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
- It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data Protection Principles
- We will comply with data protection legislation, which says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
What information does the University collect?
- Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are special categories of more sensitive personal data which require a higher level of protection.
- The types of information we hold about you include:
-
- personal contact details such as your name, title, address, telephone numbers and email address;
- date of birth and gender;
- details of your qualifications, skills, experience and employment history;
- evidence of your nationality and eligibility to work in the UK;
- information about your terms and conditions of employment as detailed in your appointment letter and contract of employment;
- correspondence with or about you, for example letters to you about any changes to your terms and conditions, or with your permission, a letter to your mortgage company confirming your salary;
- your bank account details, payroll records, national insurance number and tax status;
- emergency contact details;
- records of holidays, sickness and other absence;
- records of working hours, such as timesheets or flexitime records, and allocated workload for academic staff;
- records relating to your career history such as job titles and pay history, probationary reviews, training records, personal development plans and applications for promotion;
- CCTV footage and other information obtained through electronic means such as swipecard records;
- information about your use of our information and communications systems;
- photographs;
- records relating to your external business or consultancy activities, declared by academic staff as required by the contract of employment;
- records relating to any disciplinary, grievance or capability processes involving you (whether or not you were the subject of those proceedings).
- We may also hold the following categories of more sensitive personal information:
-
- equality monitoring information such as information about your marital status, ethnic origin, sexual orientation, religion or belief;
- information about your health such as reasons for absence, Occupational Health reports or records of any meetings held as part of the sickness absence policy;
- information about your criminal record;
- trade union membership and records of participation in industrial action.
- Most of the information we hold about you will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.
- Data will be stored in a range of different places, including your personal file, the University HR information system and in other IT systems, such as the University’s email system.
Why does the University process personal data?
- We will only use your personal information when the law allows us to. The University needs to process data to enter into an employment contract with you and to comply with our contractual obligations, for example, processing your salary payments, liaising with your pension provider or undertaking many of the activities listed in the following paragraph. It also needs to process your data in order to comply with legal obligations, for example, health and safety obligations, reporting salary and tax data to HMRC or payment of maternity pay.
- The University also needs to process personal data to pursue its legitimate business interests. Processing personal data allows the University to:
-
- operate recruitment and promotion processes;
- determine terms and conditions of employment;
- maintain accurate and up-to-date employment records and contact details, including who to contact in an emergency;
- operate and keep a record of disciplinary and grievance processes to manage any conduct issues in the workplace;
- operate and keep a record of performance processes, to plan for career development and workforce management;
- operate and keep a record of absence procedures, to ensure effective absence management and to ensure employees received the benefits to which they are entitled;
- obtain Occupational Health advice, to ensure that the University complies with its duties in relation to individuals with disabilities and health and safety law;
- operate and keep a record of other types of leave, to ensure effective management and to ensure that the University meets its statutory and contractual obligations;
- provide references on request for current and former employees;
- maintain and promote equality in the workplace;
- undertake business management and planning, including accounting and auditing;
- ensure network and information security and compliance with information and communication policies.
- Where the University relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees and has concluded that they are not.
- Where we process special categories of personal information, such as those relating to your ethnicity, religious beliefs, sexual orientation, disability or gender identity, this is done for the purposes of equal opportunities monitoring.
- Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).
- We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions through a Disclosure and Barring Service check or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences in order to ascertain your suitability for a specific role or task.
- Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
- We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- We do not envisage that any decisions will be taken about you using automated means, however we will notify you if this position changes.
Who has access to data?
- Your information may be shared internally, including with members of HR, Payroll and Finance, your line manager, senior managers, and LIS staff, if access to the data is necessary for performing their roles.
- Depending on your role, you may be referred to on the University intranet, website or other University documents produced by you and your colleagues in the course of carrying out your duties, for example, programme/module handbooks or departmental webpages.
- We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual obligations, for instance we may need to pass on certain information about you to the relevant pension scheme. The University also shares data with third parties that process data on its behalf, for example the provision of occupational health services. The University shares personal data with Higher Education Statistics Agency (HESA) to comply with its statutory reporting obligations.
- We do not send your personal data outside the European Economic Area. If this changes in the future, you will be notified of this and the safeguards in place to protect the security of your data.
How does the University protect data?
- The University takes the security of your data very seriously, and has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. For more information, please see the University’s Data Protection Policy.
- Where the University asks third parties to process data on its behalf, for example Occupational Health or pension providers, they do so on the basis of written instructions, are under a duty of confidentiality and must ensure that they have appropriate technical and organisational measures in place to keep the data secure.
- We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
For how long does the University keep data?
- We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Your personal data will be stored throughout your employment at the University, and for a period after you have left the University’s employment, which is currently seven years. Some types of data, such as pensions and records relating to health and safety and similar matters, will need to be retained indefinitely.
- In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the University we will retain and securely destroy your personal information in accordance with our data retention policy.
What if you choose not to provide personal data?
- Certain information, such as contact details, your eligibility to work in the UK and bank details are required to allow the University to enter into an employment relationship with you.
- You have certain obligations under your employment contract to provide the University with data. For example, you must report absences from work and you may also have to provide the University with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide that data may mean that you are unable to exercise your statutory rights.
Your duty to inform us of changes
- It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights
- As a data subject, under data protection legislation, you have various rights in relation to your personal data. You can:
-
- request access your own data by making an access request – this enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it;
- request that we correct any inaccuracies in the data that we hold about you;
- request that we erase your personal data where we are not entitled by law to process it or it is no longer needed for the purpose it was collected;
- request that processing of your data is restricted – this enables you to ask us to suspend the processing of personal information about you, for example if you want to establish its accuracy or the reason for processing it;
- object to processing of your personal information where we are relying on our legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground;
- request the transfer of your personal information to another party.
- In most situations we will not rely on your consent as a lawful basis for processing your data. If we do request your consent to process your data for a specific purpose, you are under no obligation to provide it and you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before your consent was withdrawn.
- If you wish to make an access request or assert any of the rights detailed above, please contact the Data Protection Officer using the contact details below.
- You have the right to make a complaint to the Information Commissioner if you believe we have not complied with the requirements of data protection legislation with regard to your personal data. You can do this by contacting the Information Commissioners’ Office directly. Further details on your rights and contact details are available at www.ico.org.uk.
Data Protection Officer
- The University’s Data Protection Officer can be contacted at dataprotection@chester.ac.uk.
Changes to this privacy notice
- We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.