Privacy Notice: Employees
Spectrum Community Health collects and processes personal data relating to its employees to manage the employment relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
This privacy notice explains how we use any personal information that we collect about you when you join our organisation and what your rights as employees are.
What information do we collect about you?
The organisation collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number, date of birth and gender;
- the terms and conditions of your employment;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
- information about your remuneration, including entitlement to benefits such as pensions
- details of your bank account and national insurance number;
- information about your marital status, next of kin, dependants and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record;
- details of your schedule (days of work and working hours) and attendance at work;
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments; and
- equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
The organisation collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.
In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.
How will we use information about you?
The organisation needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer pension entitlements.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.
Who do we share your information with?
Your information will be shared internally, including with [members of the HR and recruitment team (including payroll), your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.
The organisation shares your data with third parties in order to [obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
The organisation also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
The organisation will not transfer your data to countries outside the European Economic Area.
Electronic Staff Record/Health Roster
ESR is the system we use to store and process staff data and to pay you. ESR also provides access to e-expenses and to Mandatory and Statutory Training. Data is compiled and reported on in accordance with the sharing protocol above
Health Roster is a system we use for rota management. Data inputted into Health Roster is then transferred to ESR via an interface and used stored and shared as above.
You have the right to say if we can share your information for certain reasons which include referrals to Occupational Health. This must be noted explicitly within your records. You have the right to change your mind at any point.
Keeping your Information safe
We take our duty to protect your personal information and confidentiality very seriously and take all reasonable steps to keep your information safe. This includes making sure security is in place including the correct level of encryption and managing who can access the information.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
How long we’ll keep your information
The organisation will hold your personal data for the duration of your employment. The periods for which your data is held after the end of employment are set out in our Records Management Policy.
At some of our sites, please be aware that there is CCTV in operation monitoring our entrances and car parks.
You have a number of rights relating to your information, when accessing information about yourself, you have a right:
- to be informed about what personal information we hold about you
- to access this information
- to receive confirmation that your information is being processed
- to know who your information has been shared with
- to know how long we will store your data
- to ask us to update incomplete or inaccurate details
- to be forgotten (and erase your personal information if there is no valid reason why we need to keep it.)
- to restrict your information being processed
- to object to your information being used
- to data portability (so that your information can be transferred from one electronic system to another if that is possible)
A request can be:
- made verbally or in writing
- free of charge
Spectrum Community Health CIC has one month to respond to your request, you will need to have provided identification and supporting information so we can locate your records and confirm your identity.
Although requests are a free of charge, Spectrum has a right to withhold information if we have a justified reason. We can also make charges for where we feel requests have become repetitive.
If you want to request any of your information please contact a member of the HR Team or direct them to
Spectrum Community Health CIC
The HR Team
One Navigation Walk
Raising a concern
If you have a concern about the protection of your information, or about the way your records have been managed please contact the Head of Compliance or Information Governance Officer at One Navigation Walk. Tel: 01924 311400
If you have any concerns about how we handle your information, you have a right to complain to the Information Commissioners Office. (www.ico.org.uk or call the ICO helpline on 0303 123 1113.)
Legal basis for the processing of your data
The new data protection law requires Spectrum Community Health to have a legal basis to process information about you.
Spectrum process data for employment purposes:
- 6(1) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract Health data for the purposes of employment
- 9(2)(b) ‘… is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of employment… social protection law in so far as it is authorised by Union or Member State Law..’
The Data Controller responsible for keeping your information confidential is:
Spectrum Community Health CIC
Data Protection Officer
At Spectrum we have a Data Protection Officer who is responsible for ensuring that we hold information in line with laws and legislation and that the security of this information is protected.
Data Protection Officer: Helen McNae, email: firstname.lastname@example.org