Human Resources (HR)

 

Introduction

SERC (the College) is committed to ensuring we comply with the Data Protection legislation (as supplemented and amended from time to time).

SERC is a “data controller” for the purposes of Data Protection legislation. This means that we are responsible for deciding how we hold and use personal information about you. This privacy notice explains how we hold and use any personal information we collect about you before, during and after your working relationship with us.

 

What personal Information do we collect?

We may collect, store, and use the following categories of personal information:

  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process and any information provided during the selection process).
  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • National Insurance number.
  • Bank account details, Payroll records and tax status information.
  • Salary, annual leave, pension and benefits information (including details about your pension beneficiaries).
  • Start date.
  • Location of employment or workplace.
  • Identification Documentation (copy passport / driving licence etc.)
  • Employment records (including job titles, work history, working hours, training & educational records and professional memberships).
  • Safety and Accident records
  • Compensation history.
  • Performance information.
  • Disciplinary and grievance information.
  • CCTV footage and other information obtained through electronic.
  • Information about your use of our information and communications systems.
  • Photographs.

We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Trade union membership.
  • Information about health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

 

Lawful Basis

The College is permitted to process personal data where there is a lawful basis to do so. In relation to the information provided on this form, the General Data Protection Regulations (GDPR) ‘lawful basis’ for our processing will be the following:

  • Article 6.1 (b) – The processing is necessary for the performance of a contract or with a view to entering into a contract
  • Article 6.1 (c) - processing is necessary for compliance with a legal obligation to which the controller is subject
  • Article 6.1 (e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Special Category Data

We are also required to collect, process and maintain special category data. Our lawful basis for processing this information is mainly:

  • Article 9.2(g) - processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
  • Schedule 1(1) Data Protection Act (2018) - Employment, social security and social protection
  • Schedule 1(8) Data Protection Act (2018) - Equality of opportunity or treatment
  • Schedule 1(16) Data Protection Act (2018) - Support for individuals with a particular disability or medical condition
  • Schedule 1 (18) Data Protection Act (2018) - Safeguarding of children and of individuals at risk
  • Schedule 1 (18) Data Protection Act (2018) – Occupational Pensions

Additional Conditions Relating to Criminal Convictions

  • Extension of conditions in Data Protection Act (2018) Part 2 of Schedule 1 referring to substantial public interest.

Further information is available in the College Appropriate Policy Document.

 

 

How do we collect personal information?

We collect personal information about candidates, employees, workers and contractors through the application and recruitment process, either directly from you or sometimes from former employers, an employment agency or background check provider.

We will also collect additional personal information in the course of job-related activities throughout the period of you working for us.

 

The purpose of our processing of personal information

We will need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are:

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
  • Liaising with your pension provider.
  • Administering the contract we have entered into with you.
  • Business management and planning, including accounting and auditing.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • To prevent fraud.
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • Equal opportunities monitoring.
  • To conduct data analytics studies on employee retention, sickness absence, pay rates etc.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

 

Processing Sensitive Information

We will use your particularly sensitive personal information in the following ways:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • We will use trade membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

 

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

 

Information about Criminal Convictions

Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use the information to make decisions about your engagement or continued employment in line with our Recruitment and Employment of Ex-Offenders and use of Disclosure Information Policy and Safeguarding Policy.

 

Data Sharing

We will share personal information with third parties where required to do so by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

The following third-party service providers may process personal information about you:

  • Occupational Health
  • BHSF
  • NILGOSC
  • Teachers Pensions
  • College Legal Representatives
  • College Insurers

We require third party service providers to respect the security of your data and to treat it in accordance with the law.

We may share your personal information with other third parties, for example during to restructuring of the business, with our legal representatives, our sponsoring government department, governmental regulators (HMRC etc) or to comply with the law.

 

Transfer outside of the EU

We do not currently transfer personal information outside the EU. However, if this changes, you can expect the information to be held and used in a way that is consistent with and which respects the EU and UK laws on data protection.

 

Data Security

We have put in place measures to protect the security of your personal information. Details of these measures can be found Data Protection Policy, Acceptable Use Policy, ICT Systems and Services SOP etc.

 

Data Retention

We will only retain personal data for as long as necessary to fulfil the purpose we collected it for, for the purpose of satisfying any legal, accounting or reporting requirements.

Details of retention periods for different aspects of your personal information are available in our FE Sector Retention and Disposal Schedule.

 

Data Subject Rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information
  • Request correction of your personal information
  • Request erasure of your personal information.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground.
  • Object to processing of your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information.
  • Request the transfer of your personal information to another party.
  • Right to withdraw consent

These rights are not absolute. Further information on data subject rights can be found in our Data Protection Policy.

You also have a right to lodge a complaint with the Information Commissioner’s Office if you believe we have not handled your personal information in accordance with the Data Protection legislation. In the first instance complaint should be made to the Company.

 

Failure to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

 

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

 

Automated Decision Making

We do not use automated decision making to make decision that will have significant impacts on data subjects.

 

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of personal information.

 

Contact details

SERCs Data Protection Officer is Sian Harvey:

Data Protection Officer
SERC, Bangor Campus
Castle Park Road
Bangor
BT204TD

Email: sharvey@serc.ac.uk