Staff Data

Staff Privacy Notice

About this document

This privacy notice explains how Aquinas College ("we", "our", "us") collects, uses and shares your personal data, and your rights in relation to the personal data we hold. This privacy notice concerns our processing of personal data of past, present and prospective employees of Aquinas College ("you", "your").

In light of the regulations that came into force 25^th May 2018, this Privacy notice is subject to change.

Aquinas College is the data controller of your personal data and is subject to the Data Protection Act 1998 ("DPA") (and, once in force, to the General Data Protection Regulation (the "GDPR")).

How we collect your information

We may collect your personal data in a number of ways, for example:

• from the information you provide to us when you interact with us before joining, for example when you express an interest in a job vacancy;
• when you apply to work at Aquinas College and complete our application form, or your details are provided by an employment agency;
• from third parties, for example from your previous employer, who may provide a reference about you;
• from the information you provide to us when we carry out pre-employment checks, such as the right to work in the UK, DBS clearance and medical clearance;
• when you communicate with us by telephone, email or via our website, for example in order to make enquiries or raise concerns;
• in various other ways as you interact with us during your time as an employee of Aquinas College, for the various purposes set out below; (see How we use information about our staff or prospective staff)

The types of information we collect

The information we hold about you is primarily information you provided when applying for your job, supplemented by information generated in the course of your employment.

We may collect the following types of personal data about you:

• personal information contained on your application form or CV, including your name, date of birth, national insurance number, and contact information such as address, email address and telephone number; references; information about your right to work in the UK and copies of proof of right to work documentation; vehicle details and copy of your driving licence; copies of qualification certificates
• sensitive personal data and information, including:
  • information concerning your health and medical conditions (e.g. disabilities);
  • information about your racial or ethnic origin; religion or similar beliefs;
  • criminal convictions.

How we use information about our staff

The data that is collected and the purposes for which it is processed include:

Contractual responsibilities

The College’s contractual responsibilities include those arising from the contract of employment. The data required to meet contractual responsibilities includes, but is not limited to, payroll this is a product not data shouldn’t it be their contractual pay ,pension, bank account, postal address, emergency contacts, sick pay, leave; maternity/paternity/adoption/shared parental pay and leave.

Statutory responsibilities

The College’s statutory responsibilities are those imposed on the College by legislation. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; statutory sick pay; statutory maternity/paternity pay; family leave; work permits; and equal opportunities monitoring.

Management responsibilities

The College’s management responsibilities are those necessary for the organisational functioning of the College. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; health and safety; security, including College-operated CCTV; e-mail address and telephone number; staff ID cards; and criminal convictions.

Sensitive personal data

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious beliefs or other similar beliefs; trade union membership; physical or mental health; sexual orientation; and criminal allegations, proceedings or convictions. In certain limited circumstances, the Act permits the College to collect and process sensitive personal data without requiring the explicit consent of the employee.

• The College will process data about an employee’s health where it is necessary, for example, to ascertain fitness to work, record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace/role in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.
• Save in exceptional circumstances, the College will process data about an employee’s racial and ethnic origin or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and promoting equality and diversity throughout the College and to our associated bodies eg the funding council, LA and Sixth Form Colleges Association (SFCA).
• Data about an employee’s criminal convictions will be held as necessary.

Sharing information with others

For the performance of the employment contract, the College is required to transfer an employee’s personal data to third parties, for example, to external payroll and pension providers and HM Revenue & Customs.

In order to fulfil its statutory responsibilities, the College is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs and SFCA.

We may process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

• to meet our compliance and regulatory obligations such as safeguarding requirements;
• for the prevention and detection of crime;
• in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.

We may also process your personal data where:

• it is necessary to protect your or another person’s vital interests;
• we are required to provide information to internal or external auditors.
• we are required to provide information in coded and anonymised form to third parties conducting surveys, eg. SFCA.
• We are required to do this in order to satisfy our funding.

International data transfers

We do not use any agency outside the UK to process any of our data.

Changes to your personal data

Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this through the Human Resources department. We will undertake an annual data gathering process to ensure that the data we hold on you is up to date and relevant.

How long your information is kept

Subject to any other notices that we may provide to you, we may retain your personal data for a period of six years after your association with us has come to an end. However, some information may be retained indefinitely by us in order to maintain your employment record for archiving. A copy of our retention policy can be made available.

Protecting your personal information

The College has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our Data Protection Officer.

Your rights

Under the DPA you have the following rights:

• to obtain access to, and copies of, the personal data that we hold about you;
• to require that we cease processing your personal data if the processing is causing you damage or distress;
• to require us not to send you marketing communications.

Since the GDPR came into force in May 2018, you also have the following additional rights:

• to require us to correct the personal data we hold about you if it is incorrect;
• to require us to erase your personal data;
• to require us to restrict our data processing activities
• to receive from us the personal data we hold about you which you have provided to us
• to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

If you have given your consent, where that is the legal basis of our processing, and you wish to withdraw it, please contact our Data Protection Officer using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.

Contact us

If you have any queries about this privacy notice or how we process your personal data, or to request access to the personal data that we hold about you, you can contact our Data Protection Officer by email: dpo@aquinas.ac.uk; by telephone:0161 483 3237; or by post: Data Protection Officer, Aquinas College Nangreave Road Stockport SK2 6TH

If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk.