Information for Staff
As an employer, we need to process personal data about our staff and about applicants for job vacancies. Examples of the types of personal data that we may collect and process about you either as an applicant or a member of staff include:
|Stage||Purpose of processing your personal data||Personal data to be processed|
|Application||You have applied for a job vacancy||Name, contact details (email address, home address, telephone number), references.|
|Start of employment||Your application to work at the University needs to be recorded, evaluated and responded to||Name, contact details (including emergency contact details), date of birth, academic qualifications, employment history, your photograph, contact details for references, details of any disability or other medical information that we need to be aware of, financial information for payment of your salary, details of any criminal convictions and where necessary evidence of right to work in the UK documentation which may include passport and VISA details|
Throughout your employment
|In addition to maintaining your employment record, we will record information about your career development, training and performance||Personal data contained in appraisal forms, details of courses attended, career progression|
We provide staff, on commencement of their employment, with a fair processing statement, which will provide you with specific information regarding the purposes for which your personal data will be processed, the legal basis for that processing, and any disclosures that will be made of your personal data. A copy of the University’s current fair processing statement for staff can be found via these PDF documents:
Some of the information that we hold on your employment record is classified as special categories of personal data under the GDPR). This may include information about your physical or mental health, or your nationality. Where we hold sensitive personal data about you, we are subject to even more strict obligations to ensure that this data is kept confidential and used only for specific purposes.
The processing of staff personal data is necessary for the performance of our agreements with you. Personal data may also be processed where this is necessary for the compliance with a legal obligation (for example, reporting incidents of crime to the police), vital interests or where it is in our legitimate interests to do so.
Where we are required to report statistics about our staff, including for example in relation to equality and diversity monitoring, the required information will be anonymised to ensure that no member of staff can be personally identified. If, however, the numbers reported are of a number which could result in the identification of an individual member of staff, the figures will not be made available publically.
Where your personal details change, for example if you move house, it is your responsibility to inform us so that we can correct your employment record. You are also responsible for ensuring that your staff ID, access card, and any passwords that we issue to you are kept confidential and not given to anybody else.
Where you access personal data as part of your role
Depending on your role within the University, it is likely that you will have access to personal data either about students or other members of staff.
Where you access personal data as part of your role, you must comply with our Data Protection Policy and all other relevant policy documents issued by us. You may also be provided with data protection training to assist you in understanding your obligations as a data processor.
Any member of staff who intends using personal data for purposes additional to those specifically set out in our fair processing statements, or who intend using personal data of individuals who are neither staff nor students, should contact the Information Protection Unit for advice on whether a lawful basis for such processing exists, the production of a suitable fair processing statement which reflects those additional uses (provided that they are lawful), and on ensuring that they have met the other conditions for processing as defined in the GDPR.