College staff privacy notice
This notice sets out how we use your personal information as your employer or when you apply for a job with us and in particular:
- the information that you give us;
- the uses made of your personal information;
- the legal basis on which we collect and use your personal information;
- how long we keep your personal information:
- how we share your personal information;
- how we transfer your personal information outside of Europe; and
- your rights over your personal information.
The information that you give us
We will collect personal information from you when you apply for a job with us. This will include your: name; address; phone number; email; date of birth; DofE number; NI number; current employment details including job title, start and end dates, current salary, notice period, reason for leaving; all past employment details; education details; interests; whether you are related to any personnel of the college or Governing Body; references; special arrangement details for interview; criminal record details; Disclosure Barring Service check; Prohibition from Management check; Prohibition from Teaching check; Check of Barred List/List 99; Pre employment Health Questionnaire/Medical Report, Gender, Gender reassignment, sexual orientation, disability status & description, ethnic origin, marital status and religion.
We will collect personal information from you when you are a new starter and become an employee of the college. In addition to the above this will be your name; marital status; previous surname(s); address; date of birth; occupation/department; type of employment; phone number; email addresses; NI number; start date; next of kin and contact details; bank details; pension details; statement about employment; student loan details; offer letters; employment terms and conditions; changes to your terms and conditions; certifications/qualifications/training records, disciplinary, grievance, capability, job descriptions, sickness absences, maternity/paternity/adoption information; accidents and injuries at work; working time information; annual leave records; recruitment information; photo; payroll details; gender; flexible working; exit interviews; return to work notifications; parental leave request forms; appraisal/performance; bank account number; sort code; disqualification information; criminal record details, sickness absences; medical information.
-
The uses made of your personal information
We will use your personal information set out above as follows:
- for the recruitment process and for carrying out pre employment checks;
- for safeguarding students;
- for checking your identity and right to work in UK;
- for checking your qualifications;
- to keep an audit trail of the checks we have made and our relationship with you in case of employment claims;
- to set up payroll and pension and to reimburse expenses;
- for dealing with HMRC;
- for communicating with you, including for marketing purposes;
- To determine your general (not specific) postcode as part of our ride sharing scheme e.g. NG18
- To offer an employee rewards scheme;
- for carrying out our role as your employer or potential employer;
- To support your health and wellbeing (occupational health services)
We treat your personal information with confidentiality and we do not use it for any other purposes.
-
The legal basis on which we collect and use your personal information
We collect and use your personal information on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into the contract with you. We also collect and use your personal information on the basis that we need to do so in order to comply with our legal obligations.
Where we collect your special category personal information, we do this on the basis that it is necessary for the purposes of carrying out our obligations in the field of employment law. Special categories of personal data are personal data that reveal a person’s racial or ethnic origin, political opinions, religions or philosophical beliefs, trade union membership, genetic data (i.e. information about their inherited or acquired genetic characteristics, information about their physical, physiological or behavioural characteristics (such as facial images and fingerprints), physical or mental health, sexual life or sexual orientation and criminal records).
-
How long we keep your personal information
We will not keep your personal information for longer than we need it for the purposes we have explained above.
When you apply for a job with us, but your application is unsuccessful, we will keep your personal information for 6 months.
When you are an employee, we will keep your personal information for as long as you work with us and then after you leave, we will keep your personal information for 7 years.
-
How we share your personal information
We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.
Organisation / type of organisation:
Government agencies
Pension providers
Referees
Occupational Health
Purpose:
Taxation/pension/statistical information
To obtain references
To support your health and wellbeing
THIRD-PARTIES
West Nottinghamshire College relies on third-party service providers and vendors that provide products and services. Your Personal Data will be disclosed to these third parties only where necessary for the purpose of achieving the objectives outlined in this policy. These include accountants, law firms and legal service providers, tax or financial professionals, payroll and benefits providers, pension and insurance companies, human resources specialists, staff development and training platforms, consultants, contractors, IT support and storage providers.
Your data may also be transferred to other, third-party organisations in certain scenarios:
- (a) if we discuss merging with or working with another education provider. The information may be transferred during initial discussions prior to contracts being signed, under suitable terms as to confidentiality.
- (b) if we are reorganised, information may be transferred to a third-party who can continue to provide employment to you.
- (c) if we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police or Employment Tribunal.
- (d) if we are defending a legal claim, your information may be transferred as required in connection with defending such claim.
Our third-party service providers may have access to your personal information to perform certain functions or may host your personal information as part of a “cloud based” solution used by employees.
West Nottinghamshire College uses third-party service providers that ensure sufficient guarantees for the protection of your Personal Data. All suppliers undergo a supplier risk assessment and West Nottinghamshire College requires third-party service providers, by contract, to implement appropriate data security and confidentiality measures, in accordance with applicable law. If you would like to find out more, please email us at dataprotection@wnc.ac.uk
-
How we transfer your personal information outside of the UK and the EEA
We may transfer the personal information we collect about you outside the UK and the EEA (e.g. USA), in order to perform our contract with you. Some countries are deemed to have adequacy as they provide an adequate level of protection for your personal information and other countries, like the US, require additional measures.
When a country is not deemed as having an adequate level of protection, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK Data Protection Laws; for example we mainly rely on the EU Standard Contractual Clauses (SCCs) with the UK Addendum or the UK International Data Transfer Agreement (IDTA). If you require further information about these protective measures, please email us at dataprotection@wnc.ac.uk
-
Your rights over your personal information
You have a number of rights over your personal information, which are:
- 1.1.1 The right to be informed about our collection and use of personal data;
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
- 1.1.2 Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
- 1.1.3 Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
- 1.1.4 Right to restrict processing
You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
- 1.1.5 Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
- 1.1.6 Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
If you would like to exercise this right, please contact us as set out below.
- 1.1.7 Right to object
You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation.
- 1.1.8 For more information about your privacy rights
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
-
Giving your reviews and sharing your thoughts
When using our website or other online presence, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.
-
Security
Data security is of great importance to West Notts College and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology;
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores;
- Never asking you for your passwords;
- Advising you never to enter your College ID number or password into an email or after following a link from an email.
-
Changes to our privacy notice
We keep our privacy notice under regular review. Any changes we make to our privacy policy in the future will be notified to you by email or via the college STAFFnet.
Last reviewed Mar 2024