Leicestershire Partnership NHS Trust Employees
During the course of its employment activities, Leicestershire Partnership NHS Trust collects, stores and processes personal information about prospective, current and former staff.
The scope of this Privacy Notice includes applicants, employees, former employees, workers (including agency, bank, honorary contract holders and contracted staff), volunteers, trainees and those carrying out work experience and clinical placements.
We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.
The types of personal/sensitive data we hold
In order to carry out our activities and obligations as an employer we handle data in relation to:
- Personal demographics (including age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, sex, sexual orientation, religion or belief)
- Contact details such as names, addresses, telephone numbers, emergency contact details and personal email addresses (where provided)
- Employment records (including professional body registration/membership, references, proof of eligibility to work in the UK and security checks)
- Bank details
- Pension details
- Medical information including physical health or mental condition (occupational health information)
- Information relating to health and safety
- Trade union / professional organisation membership
- Offences (including alleged offences), criminal proceedings, outcomes and sentences
- Employee relations files (grievance, disciplinary, performance, sickness absence/ill-health cases)Employment Tribunal applications, complaints, accidents, and incident details
Our staff are trained to handle your information correctly and protect your confidentiality and privacy.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes.
Purpose of processing data
- Staff administration, management (including payroll and performance) and engagement
- Payroll and pensions administration
- Business management and planning
- Accounting and auditing, including to HMRC
- Accounts and records
- Crime prevention and prosecution of offenders
- Education, learning and organisational development
- Health administration and services
- Information and local and national databases and data warehouse administration
- Sharing and matching of personal information for national fraud initiative
We have a legal basis to process this as part of your contract of employment (either permanent, temporary or other working arrangements) or as part of our recruitment processes (see scope above) following data protection and employment legislation.
Sharing your information
There are a number of reasons why we share information. This can be due to:
- Our obligations to comply with legislation
- Our duty to comply with any Court Orders which may be imposed
Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.
Use of Third Party Companies
To enable effective staff administration, Leicestershire Partnership NHS Trust will share your information with external companies to process your data on our behalf in order to comply with our obligations as an employer.
Employee Records; Contracts Administration
The information which you provide during the course of your employment (including the recruitment process) will be shared with NHS Shared Business Services (SBS) for maintaining your employment records held on the national NHS Electronic Staff Record (ESR) system.
NHS Streamlining
Details may be transferred from this Trust to other NHS Trusts to support the safe, efficient and effective transfer of staff information when a member of the workforce transfers from one NHS Organisation to another NHS Organisation. The personal data that is shared includes: name, address, date of birth, national insurance number, completed training and registration details.
Prevention and Detection of Crime and Fraud
We are required to use the information we hold about you to detect and prevent crime or fraud. We are also required to share this information with other bodies that inspect and manage public funds.
We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you, owing to a legal/statutory obligation.
The Trust is participating in the National Fraud Initiative (NFI) 2018 exercise. The NFI matches electronic data within and between public and private sector bodies for the purpose of assisting with the prevention and detection of fraud. Some of your personal data will be collected and used by the Cabinet Office to support this exercise. The data required from participants will be the minimum needed to undertake the matching exercise including name, gender, NI number, bank account and passport number. All data will be stored electronically by the Cabinet Office or by another organisation under contract with the Cabinet Office. It will be held on a secure encrypted, password protected computer system maintained in a secure environment. For processing to be lawful under the General Data Protection Regulation (EU) 2016/679 and Data Protection Act 2018, we need to identify a legal basis before this data can be processed. The identified legal basis for this activity is:
- GDPR Article 6 (1) (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The Trust has a legal obligation under the ‘Right to Work’ – Home Office Regulations
- DPA 2018 Schedule 1 Part 2 Section 10 Preventing or detecting unlawful acts
Government agencies
In order to comply with statutory requirements, we are required to supply information about you and/or your employment relationship with the Trust to central government agencies, departments or agents acting on their behalf (e.g. HMRC, Department of Health and Social Care, Home Office, DWP).
Payroll and pensions administration
The Trusts payroll provider is Equiniti who are based in Belfast. Only information to support the payroll function is provided to them. Information will be shared with Equiniti in pursuit of administering your pay and any associated pensions, under or overpayments
The Trust uses a system called EASY for the submission and management of expenses related to your contracted work and for which claims can be made. As part of this system Google Maps is launched to review and update distances, which is defined as ‘automated decision making’ through its linkage to your personal details held within the system, including home postcode. The Trust has a legitimate basis for using this automated decision making, in its obligation to support your rights under your contract of employment. There are systems in place to allow employees to amend any distances that are presented and also to challenge any decisions made about the claim and relevant expenses paid.
Your information rights under General Data Protection Regulations (GDPR)/UK Data Protection Law
- The right to be informed – you have the right to know what information we hold about you, what we use it for and if the information is shared, who it will be shared with, which we do through this privacy notice..
- The right of access – for details about how to access your personal data, please click here
- The right to rectification – this is your right to have your personal data rectified if it is inaccurate or incomplete. If you believe that the information recorded about you is incorrect, you will need to tell us so that we are able to contact the person who entered the information. We will correct factual mistakes and provide you with a copy of the corrected information.
- The right to erasure – this is also known as your ‘right to be forgotten’, where there is no compelling reason to continue processing your data in relation to the purpose for which it was originally collected or processed.
The Trust is required to retain your employment record in order to carry out activities and obligations as an employer and therefore cannot delete the record until it reaches the required Department of Health and Social Care retention period.
- The right to restrict processing – this is your right to block or suppress the processing of your personal data. If you raise an issue that requires us to restrict processing, we will investigate your concerns.
- The right to data portability – this is your right to obtain and re-use any information you have provided to us as part of an automated process. At present we do not process any personal data that meets this requirement.
- The right to object – this is your right to object the processing of your data because of your particular situation. Because of our obligation as an employer it is extremely rare that we would stop processing your data whilst you are still employed by this Trust. If you believe you have compelling grounds for us to stop processing your data you should contact our Data Protection Officer.
- Rights in relation to automated decision making and profiling – GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Through the use of EASY for the submission and management of work claims and expenses, limited automated decision making is used through the launching of Google Maps to review and update distances. The Trust has a legitimate basis for this in its ability to support your employment rights through the contract of employment.
Retention of your data
We will retain your information in line with the Retention Schedule within the Information Governance Alliance Records Management Code of Practice for Health and Social Care (2016). Click here for more information.
If you have cause to complain, please contact the Human Resources Department in the first instance on 0116 2957530 or via email to hrinputting@leicspart.nhs.uk
Further Information
If you require further information, please contact the Trusts Data Privacy Team or Data Protection Officer:
Data Privacy Team
Suite P1, Bridge Park Plaza, Bridge Park Road, Thurmaston, LE4 8BL
Tel: 0116 2294051
If you have any concerns or complaints about the way that we use or handle your information, and you are dissatisfied with any response to concerns or complaints you have made, you can contact the Regulator – The Information Commissioners Office via the following means:
The Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF.
Phone: 0303 123 1113.
Website: www.ico.gov.uk .
The Trust reserves the right to make changes to this privacy notice at any time and will advise where these changes are made