Staff Privacy Notice
About this document
This privacy notice explains how Aquinas College ("we", "our", "us") collects, uses and shares your personal data, and your rights in relation to the personal data we hold. This privacy notice concerns our processing of personal data of past, present and prospective employees of Aquinas College ("you", "your").
In light of the regulations that came into force 25th May 2018, this Privacy notice is subject to change.
Aquinas College is the data controller of your personal data and is subject to the Data Protection Act 1998 ("DPA") (and, once in force, to the General Data Protection Regulation (the "GDPR")).
How we collect your information
We may collect your personal data in a number of ways, for example:
The types of information we collect
The information we hold about you is primarily information you provided when applying for your job, supplemented by information generated in the course of your employment.
We may collect the following types of personal data about you:
How we use information about our staff
The data that is collected and the purposes for which it is processed include:
Contractual responsibilities
The College’s contractual responsibilities include those arising from the contract of employment. The data required to meet contractual responsibilities includes, but is not limited to, payroll this is a product not data shouldn’t it be their contractual pay ,pension, bank account, postal address, emergency contacts, sick pay, leave; maternity/paternity/adoption/shared parental pay and leave.
Statutory responsibilities
The College’s statutory responsibilities are those imposed on the College by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity/paternity pay; family leave; work permits; and equal opportunities monitoring.
Management responsibilities
The College’s management responsibilities are those necessary for the organisational functioning of the College. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; health and safety; security, including College-operated CCTV; e-mail address and telephone number; staff ID cards; and criminal convictions.
Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual orientation; and criminal allegations, proceedings or convictions. In certain limited circumstances, the Act permits the College to collect and process sensitive personal data without requiring the explicit consent of the employee.
Sharing information with others
For the performance of the employment contract, the College is required to transfer an employee’s personal data to third parties, for example, to external payroll and pension providers and HM Revenue & Customs.
In order to fulfil its statutory responsibilities, the College is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs and SFCA.
We may process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
We may also process your personal data where:
International data transfers
We do not use any agency outside the UK to process any of our data.
Changes to your personal data
Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this through the Human Resources department. We will undertake an annual data gathering process to ensure that the data we hold on you is up to date and relevant.
How long your information is kept
Subject to any other notices that we may provide to you, we may retain your personal data for a period of six years after your association with us has come to an end. However, some information may be retained indefinitely by us in order to maintain your employment record for archiving. A copy of our retention policy can be made available.
Protecting your personal information
The College has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our Data Protection Officer.
Your rights
Under the DPA you have the following rights:
Since the GDPR came into force in May 2018, you also have the following additional rights:
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have given your consent, where that is the legal basis of our processing, and you wish to withdraw it, please contact our Data Protection Officer using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
Contact us
If you have any queries about this privacy notice or how we process your personal data, or to request access to the personal data that we hold about you, you can contact our Data Protection Officer by email: dpo@aquinas.ac.uk; by telephone:0161 483 3237; or by post: Data Protection Officer, Aquinas College Nangreave Road Stockport SK2 6TH
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk.