Data controller: Newman University
Newman University has a legitimate reason to collect and process personal data relating to its employees so that it can effectively administer and manage the employment relationship. The University is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the University collect?
The University collects and processes a range of information about its employees. This includes the following information:
- Name, address and contact details, including email address and telephone number, date of birth and gender;
- Terms and conditions of employment;
- Details of qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the University;
- Information about remuneration, including entitlement to benefits such as pensions;
- Bank account and national insurance number details;
- Information about marital status and emergency contacts;
- Information about nationality and entitlement to work in the UK;
- Information about criminal records (if applicable);
- Details of working patterns and attendance at work, including employee requests for flexible working;
- Details of all periods of leave taken, including (but not limited to) holiday, sickness absence, unpaid leave and sabbaticals, maternity/paternity/adoption/shared parental leave, dependent leave, compassionate leave, and the reasons for the leave;
- Details of any informal or formal disciplinary or grievance procedures in which employees have been involved, including any warnings issued and related correspondence;
- Assessments of employee performance, including appraisals, performance reviews and ratings, probation reviews; performance improvement plans and related correspondence;
- Information about medical or health conditions, including whether or not employees have a disability for which the University needs to make reasonable adjustments;
- Information relating to employees’ health and safety at work;
- Equal opportunities monitoring information including information about employees’ ethnic origin, sexual orientation, and religion or belief.
- Digital footprint data made in the context of the use of computers and other electronic devices use for work purposes including the access of work software and systems and internet access. Further information available in the General Conditions of Use of Computer and Network Facilities, Information Security Policy and Bring Your Own Device (BYOD) Policy.
The University may collect this information in a variety of ways. For example, data might be collected through application forms, CVs; obtained from passports or other identity documents such as driving licences; from forms completed by employees at the start of or during employment; from correspondence with employees; or through interviews, meetings or other assessments.
In some cases, the University may collect personal data about its employees from third parties, such as references supplied by former employers, information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law. Where necessary, the University will seek information from third parties with the prior consent of the employee(s) in question.
Data will be stored in a range of different places, including employee personnel files, in the University’s HR management systems and in other IT systems (including the University’s email system).
Why does the University process personal data?
The University needs to process personal data to enter into an employment contract with its employees and to carry out its rights and meet its obligations under employee employment contracts. For example, the University needs to process employee personal data to provide an employment contract, to pay an employee in accordance with their employment contract, administer entitlements such as pension benefits or to enable occupational health assessment and support.
In some cases, the University needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.
The University also has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the University to:
- Run recruitment and promotion processes;
- Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- Operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- Operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- Obtain occupational health advice, to ensure that the University complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensures that employees are receiving the pay or other benefits to which they are entitled;
- Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the University complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- Ensure effective general HR and business administration;
- Provide references on request for current or former employees; and
- Respond to and defend against legal claims.
- Fulfill its statutory reporting obligations, for example, the HESA Record.
- Produce minutes of meetings for business purposes.
- To make audio or video recordings of meetings, events and teaching sessions which employees may attend and participate in. The purposes include: minute taking, sharing the event with those invited but unable to attend, continued professional development, making reasonable adjustments for people with disabilities in compliance with the Equality Act 2010, assessment and moderation, marketing and historical archiving. Recording will not be covert unless specially authorised through the Covert Recording Policy.
- To analyse results of questionnaire data for a variety of purposes. The purpose will be stated when someone is given the option of responding to a questionnaire.
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities) for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law or for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or in accordance with a contract with a health professional and subject to the conditions and safeguards of professional confidentiality. Where the University processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is for the purposes of equal opportunities monitoring. Data that the University uses for these purposes is anonymised or is collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether to provide such data and there are no consequences of failing to do so.
The University may commission photography / videography on campus or at specific events, such as award ceremonies, careers fairs, celebratory events etc. for use in its internal and external promotional material or university archive material. Staff may appear on the resulting images, and the resulting images may be published.
Your staff photo will be displayed:
- on your staff ID card
- on the University email system
- on the staff directory on the Newman website
- in publications such as, but not limited to, Faculty newsletters or the staff newsletter, which may be accessible on the intranet and internet.
IT Services maintain an Opt-Out List of staff who do not want their photo to be displayed on the University email system. Contact email@example.com to opt-out.
IT Services maintain an Opt-Out List of staff who do not want their photo to be displayed on the staff directory on the website and in publications as mentioned above. Contact firstname.lastname@example.org to opt-out. There is no option to opt-out of one but not the other as the staff directory is the means by which photos are accessed for use in such publications.
Relevant staff photos will be displayed as avatars on the virtual learning environments Moodle and Mahara. Staff are able to amend their own avatars.
Who has access to employee data?
Employee information may be shared internally, including with members of the HR team, Learning & Development, Health & Safety, Payroll, employee line managers, managers in the business area in which employees work, University Management and specific IT staff but only if access to the data is necessary for performance of their roles. In certain departments, such as Catering, personal phone numbers will be shared within the team in order to facilitate shift rotas or for other similar purposes. Staff will be made aware if they are in a department that does this.
The University shares employee data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
The University will also share your data if necessary with third parties that process data on its behalf, for example:
- in connection with its statutory reporting obligations such as to the Higher Education Statistics Agency (HESA)
- UKRI (for example as part of the REF)
- UKVI (in circumstances where any employee requires a visa / sponsorship)
- for the provision of benefits;
- the provision of occupational health services; and
- other services including but not limited to library system suppliers.
We also share your personal data if we believe someone’s life is in danger or we believe we are compelled to by law.
We must share the names, dates of birth and home addresses of University Council members with our chosen banking services provider to comply with anti-money laundering policies. Additionally some of the University areas have departmental staff contact lists of personal contact details in order to facilitate contact between those staff for work-related purposes, e.g. for short-notice shift swaps etc. Staff are informed at local level if this is the case in their department. They should speak with their line manager if they do not want to provide this information or be part of the list.
How does the University protect your data?
The University takes the security of your data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties, for example, the University Information Security Policy, Data Protection Policy, Bring Your Own Device Policy, and email procedures regarding data protection. Where the University engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical measures to ensure the security of data. Hard copies of personal information are kept in secure storage and personal data stored electronically is on our secure IT network whose servers are located within the EU.
For how long does the University keep data?
The University will hold employees personal data for the duration of their employment. The period for which detailed employee data is held after the end of employment is six years, and limited employment data is retained indefinitely for historical purposes.
What happens if an employee does not provide personal data?
Employees have some obligations under their employment contract to provide the University with data. In particular, they are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. They may also have to provide the University with data in order to exercise their statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that employees are unable to exercise their statutory rights.
Certain information, such as contact details, right to work in the UK and payment details, have to be provided to enable the University to enter a contract of employment with an individual employee. If employees do not provide other information, this will hinder the University’s ability to administer the rights and obligations arising because of the employment relationship.
Employment decisions are not based solely on automated decision-making.
As a data subject, individual employees have a number of rights. They can:
- Access and obtain a copy of their data on request;
- Require the University to change incorrect or incomplete data;
- Require the University to delete or stop processing their data, for example where the data is no longer necessary for the purposes of processing; and
- Object to the processing of their data where the University is relying on its legitimate interests as the legal ground for processing;
- Request the University provide a portable copy of the personal data they have provided about themselves for the performance of contract.
If you would like to exercise any of these rights, please contact the University Data Protection Officer using the following contact details:
By email: email@example.com
By telephone: (0121) 476 1181 ext. 2500
By post: Data Protection Officer, Newman University, Genners Lane, Bartley Green, Birmingham, B32 3NT
If you are not content with the how we handle your information we ask you to contact our Data Protection Officer to help you. However, you do also have the right to complain directly to the Information Commissioner at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Information about the Information Commissioner is available at: https://ico.org.uk/concerns/handling/
Changes to this privacy notice
This privacy notice may be updated from time to time so you may wish to check it each time you submit personal information to the University. We encourage you to check this privacy notice from time to time to ensure you understand how your data will be used and to see any minor updates. If material changes are made to the privacy notice, for example, how we would like to use your personal data, we will provide a more prominent notice (for example, email notification or correspondence of privacy notice changes).