What happens to my information?

Employees' privacy notice

We are committed to safeguarding the privacy and security of information concerning our prospective, current and former employees. The term ‘employees’ for these purposes covers whether they are on permanent, fixed term or temporary contracts, contractors, students and volunteers.

  What information do we collect about you?

In the main, personal information about you will be collected directly from you during your recruitment and employment lifecycle (e.g. Through your application form pre-employment start, starter form for payroll processing, etc). Personal information may also be collected from healthcare professionals in certain circumstances, through national checks such as the Disclosure and Barring Service (DBS), professional bodies, etc.

In order to carry out our activities and obligations as an employer we handle data in relation to:
  • Contact details such as names, addresses, telephone numbers and emergency contact(s)
  • Recruitment information and employment records (professional membership, references and proof of eligibility to work in the UK and security checks)
  • Training and revalidation information
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion, criminal matters)
  • Bank details
  • Pension details
  • Occupational health information (medical information including physical or mental health conditions)
  • Details of any absences (other than holidays) including statutory parental leave and sick leave
  • Information relating to health and safety
  • Trade union membership
  • Employment tribunal applications
  • Complaints
  • Accidents
  • Incident details
  • Security information including, CCTV recordings, ID badge information, ANPR, etc.
  • Email communications

This personal information can be held in a variety of formats, including paper records, electronically on computer systems and audio files (e.g. Recordings in meetings, investigation interviews etc).

  How do we use this and what is the legal basis?

We are committed to safeguarding the privacy and security of information concerning our prospective, current and former employees. The term ‘employees’ for these purposes covers whether they are on permanent, fixed term or temporary contracts, contractors, students and volunteers.

Your personal information is processed for the purposes of:
  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Equal opportunities monitoring
  • Workforce and resource planning
  • Education, training and development requirements
  • Health administration and services
  • Information and databank administration
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining performance requirements
  • Complying with health and safety obligations
The personal information we collect about you may also be used:
  • For the processing of HR Casework and investigations (e.g. disciplinary, dispute resolution process, appeals, flexible working, sickness, capability etc.)
  • To monitor your use of information and communication systems to ensure compliance with IT policies
  • For crime prevention and prosecution of offenders (including use of CCTV recording)
  • Sharing and matching of personal information for national fraud initiatives
  • When dealing with legal disputes involving you or other employees, workers and contractors, including accidents at work
As your employer, we are required to keep and process information about you for employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the service and manage our relationship with you effectively, lawfully and appropriately:
  • During the recruitment process
  • While you are working for us
  • At the time when your employment ends
  • After you have left
This includes using information to enable us to:
  • Comply with the employment contract
  • Comply with any legal requirements
  • Pursue the legitimate interests of the Trust
  • Protect our legal position in the event of legal proceedings

If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.

The Trust does not require explicit consent of employees to process their personal data if the purpose falls within the legal basis detailed above.

  Who do we share your information with?

There are a number of circumstances where we must or can share information about you to comply with or manage (this list is not exhaustive and will be updated as appropriate):
  • Disciplinary/investigation processes, including referrals to professional bodies, e.g. the Nursing and Midwifery Council and the General Medical Council
  • Legislative and/or statutory requirements
  • Court orders which may have been imposed on us
  • NHS counter-fraud requirements
  • Requests for information from the police and other law enforcement agencies for the prevention and detection of crime, and/or fraud if the crime is of a serious nature
  • NHS Pensions Scheme - NHS Business Services Authority
  • HMRC
  • Department of Work and Pensions (DWP)
  • Courts and Child Maintenance Service
  • Local Councils
  • TRAC Recruitment Management System
  • Cohort - Occupational Health System
  • Allocate - Health Roster
  • Rota Cloud and e-Rota systems
  • NHS National Staff Survey Provider (currently Quality Health)
  • Teletracking (as hosts of SafeHands)
  • Salary Sacrifice Scheme providers: Fidelity (Childcare Vouchers), Liaison One Call (Technology Benefits Programme)
  • Think Learning Ltd (My Academy system owners)

  Who and where do we obtain your information from?

In the main, personal information about you will be collected directly from you during your recruitment to and your employment lifecycle with the Trust. Personal information may also be collected from healthcare professionals in certain circumstances, through national checks such as the Disclosure and Barring Service (DBS) etc.

The Trust will collect data about you in a number of ways. The main method of collection is from you directly.

Face to face:
Most of the information we hold about you will be collected from you at the time you join the Trust, including details from your pre-recruitment application form. Any data provided will be used for the reasons listed in this notice and only relevant data be requested and recorded.

Telephone calls:
The information you disclose over a telephone call may be recorded in writing by the Trust as a record of the conversation in relation to employment matters.

If you email us we may keep a record of your contact and your email address for our record keeping

Other organisation:
We may receive information from other organisations that are also required by law to share information with us about you in relation to your employment with the Trust.

The main system we use to record personal and employment information about you is the Electronic Staff Record System (ESR). Data is also recorded and obtained from the Health Roster system, as applicable. We also obtain information about you from NHS Jobs for recruitment and equalities monitoring purposes (Note: The Trust is currently implementing the TRAC recruitment management system which will be the primary job applications and recruitment system/database.

  What rights do I have in relation to my information?

If we need to use your information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:
  • Request to access the personal data we hold about you, e.g. Personnel records (see “How to access your personal data” below)
  • Request the correction of inaccurate or incomplete information recorded in our records, subject to certain safeguards
  • Request that your information be deleted or removed where there is no need for us to continue processing it and where the retention time has passed
  • Ask us to restrict the use of your information where appropriate
  • In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, to withdraw your consent for that specific processing at any time
  • Challenge any decisions made without human intervention (automated decision making)

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

The Right of Access
You have the right to request a copy of any information held by the Trust as well as any supplementary information. See How do I request my information? for details on how to request your information.

  How do I request my information?

You have a right to see or have copies of any information held by the Trust that relates to you, free of charge. We have the right to charge an administration fee in situations where repeated requests are received for the same information or the request is excessive. You will be required to prove your identity when making requests.

Subject Access Requests under GDPR rules will be processed within 30 days. However, once our teams have established the volume of records requested there may be a requirement to extend this up to a further 2 months. We will contact you within 30 days should this be the case. To request access to the data we hold about you, please contact the HR Department. Email: rwh-tr.hrgovernance@nhs.net. Please note, to request access to your personal file, please request this through your line manager, in line with HR09 - Personal Files Policy.

Please remember to include details of the information you require and your contact details. If you are a current member of staff, you will be required to provide your Trust identification badge number. If you are an ex-member of staff or external requestor, we will require sight of your passport or photo driving licence together with a document showing your name and address (e.g. utility bill).

  How long is my information kept for?

Your personal information is held in paper and electronic formats, for specified periods of time as set out in the Record Management Code for Practice for Health and Social Care 2016, retention schedules.

We hold and process your information in accordance with the General Data Protection Regulation (GDPR) in conjunction with the Data Protection Act 2018. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:
  • Maintain records about you in accordance with retention guidelines
  • Keep records about you confidential and secure
  • Provide information in a format that is accessible to you

Your personal information will only be kept for as long as is necessary and will be destroyed in accordance with the retention schedule and relevant Trust policies.

   How to make a complaint

Email: rwh-tr.hrgovernance@nhs.net or Tel: 01902 307999 Ext. 84162

You also have a right to complain directly to the Information Commissioner’s Office if you feel the Trust has not responded effectively to any of the above.

Information Commissioners Office
Wycliffe House
Water Lane

Telephone: 0303 123 1113
Website: https://ico.org.uk