Staff Privacy Notice
- Why do we collect your information?
- When do we collect Data?
- What sort of data do we collect?
- Updating your Details
- How do we use your information?
- How long do we keep your data for?
- Who do we share your information with?
- How can you find out what information we hold on you?
- Reporting a Data Breach
Here at the University of Salford we work hard to ensure that you get the very best experience without having to worry if your information is safe.
Outlined below is how & why we collect, use, & share your personal information, & your rights in relation to that data.
There’s lots of information here but it’s important that you’re fully informed – we hope the following sections will answer any questions you have but if not, please do get in touch with us via HRAdvice@salford.ac.uk
A bit about us.
The University of Salford is the “Data Controller” of your personal data & is subject to the General Data Protection Regulation 2016 (“GDPR”). We are registered with the Information Commissioner’s Office (“ICO”) Z469563X and our Data Protection Officer is Andrew Hartley.We are committed to ensuring that your personal data is handled in accordance with the regulation.
Why do we collect your Data?
Under the GDPR we have to have justification (“legal basis”) for obtaining your information and for Staff we believe this is:
The legal basis for this is your contract of employment.
When Do We Collect Data?
We collect data about you at various stages in your relationship with us. This may be:
- When you first applied to us for a job.
- When we obtained a reference or details of your previous employment history.
- Throughout your time as an employee, e.g. performance, health, etc.
What Sort of Data Do We Collect?
Under the GDPR we will only collect the minimum amount of information needed to carry out a specific purpose. We may collect the following type of personal data about you:
1: Information that helps identify you, e.g. your name, date of birth, passport number
2: Information relating to your education & employment history, e.g. qualification and exam results, previous places of work etc.:
3: Information about your family or personal circumstances, where this is relevant to the assessment of your suitability to your job or your wellbeing (e.g. Emergency contact details).
4: Sensitive personal data, including, for example, information about medical conditions, criminal convictions, gender, race and personal identity
- Information about your racial or ethnic origin, religion, preferred gender, trade union membership, marital status, age, gender at birth & sexual orientation,
- Criminal convictions on staff who work with young and/or vulnerable people.
5: Work related data, for example, salary, length of service, right to work status.
Updating Your Contact Details
The accuracy of your personal information is important to us. You can let us know about any changes in home address and emergency contact details at any time by filling in the Change to details form on our Management Information page. Other changes of personal information can be changed or emailing HRAdvice@salford.ac.uk
How Do We Use Your Information?
We will process your personal information and data for a range of purposes associated with your employment here. The primary purposes are:
- HR administration, including training and development
- Providing facilities and services such as IT, and car parking provision,
- Preventing and detecting crime, such as using CCTV and ID photographs,
- Meeting legislative requirements, such as right to work in the UK
- Provision of wellbeing and support and health and safety services,
- Financial management, including salary payment and pensions administration,
- Complying with statutory requirements, such as monitoring equal opportunities
- Assessment of performance and to support organisational development
We will also process sensitive personal information for some purposes, including:
- Equal opportunities monitoring,
- Managing certain HR processes as sick pay, maternity leave, managing absence,
- Provision of occupational health and wellbeing services,
- Providing a safe environment and supporting fitness for work
How Long Do We Keep Your Data For?
Data is retained for as long as it is required to perform its purpose, or for as long as is required by law (see the link below). At the end of that retention period, your data will either be deleted completely or anonymised.
Who Do We Share Your Information With?
Sometimes we share your personal data between colleagues, managers and leaders to enable them to undertake their University role. We also share data with trusted third parties, who are contracted to work for us and to deliver certain services. Note that:
- We provide only the information they need to perform their specific services,
- They may only use your data for the purposes we specify in our contract with them,
- We work closely with them to ensure that your privacy is respected & protected at all times,
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
1: Suppliers and contractors where there is a valid reason for their receiving the information, for example, pension providers, insurers, auditors and 3rd party IT support:
2: Employment with a prospective employers or secondments, e.g. providing references
3. Professional & regulatory bodies, in relation to the confirmation of qualification, professional registration & conduct & the accreditation of courses,
4: Government departments & agencies where we have a statutory obligation to provide information, for example the Home Office and Higher Education Statistical Agency
5. Crime prevention or detection agencies, e.g. The Police
We will only share information with parents, guardians & next-of-kin when there is a legitimate reason for disclosure.
International Data Transfers
Some of the personal information we process about you may be transferred to, and stored at, a destination outside the European Economic Areas (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where the personal data is processed by one of our suppliers who is based outside the EEA or uses a storage facilities outside of the EEA
Sharing Sensitive Personal Data
Sometimes we may need to share your sensitive personal date with colleagues or outside the University. We will try to do so only with your explicit consent but there may be occasions when obtaining your consent is impossible or inappropriate, e.g.
- To protect your or another person’s vital interests,
- Where the provision of confidential counselling, support or similar would be prejudiced,
- To meet statutory obligations for equality and diversity monitoring,
- For the purpose of prevention or detection of crime, pursuant to a court order or for the University to obtain legal advice.
How Can You Find Out What Information We Hold On You?
You have certain rights in respect of the personal information the University holds about you. For more information about Individual Rights under GDPR and how you exercise them please return to our website www.salford.ac.uk/privacy
Reporting a data breach
If you suspect a data breach has occurred at the University the organisation has a duty to report this to the Information Commissioners Office (ICO) within 72 hours. Please report suspected data breaches as soon as you can
From time to time we may make changes to this statement because the way we are processing your personal information changes. All alterations will be posted on this page and will apply from the time we post them. Where we have a valid email address for you we will periodically email you to inform you what changes have been made and to send you a link to our current privacy statement.
This statement was last updated on 25 May 2018.