HR Privacy Notice

DHU Health Care CIC (Registered in England under registration no. 05834163 with its registration address at Johnson Building Locomotive Way, Pride Park, Derby, England, DE24 8PU), its subsidiary and associated companies (hereinafter referred to as DHU) is committed to protecting personal data.

We collect, store and process information about prospective, current and former staff. This notice explains how we use your information, and your right to control how we use it.

Privacy Notice - HR

  1. As your employer, the Company needs to keep and process information about you for normal employment purposes. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
  2. As a company pursuing health and social care activities, we may sometimes need to process your data to pursue our legitimate business interests Article 6(1)(f) of GDPR, for example to prevent fraud, administrative purposes or reporting potential crimes.

We will never process your data where these interests are overridden by your own interests.

  1. As part of the Recruitment & On-Boarding process your data will be collected via external systems authorised and compliance checked by DHU Health Care;

Data submitted to DocuSign & TRAC will be held on servers located either in the UK, EU or US dependent on the location of the applicant; this data is only held for the duration of completion of the relevant documentation and once this has been completed deletion is performed by authorised personnel within DHU Health Care.

The information will include but not limited to;

a) personal Information
b) application form / CV
c) referencing Information and contact details
d) equal opportunities information
e) offer letter and contract of employment
f) next of kin information
g) bank details

  1. Unsuccessful applicant data is retained for a maximum of six months from the date of application. Once this retention period is reached relevant data will be deleted from file servers and any associated documentation will be securely disposed of.

This is in line with national retention schedule guidelines for NHS and Private Businesses.

  1. Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your line manager, or in some cases, external sources, such as referees.
  2. Once hired the information we hold within your personnel file will include but isn’t limited to;
  • your application form and references,
  • your contract of employment and any amendments to it;
  • correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary;
  • information needed for payroll, benefits and expenses purposes; contact and emergency contact details and next of kin contact details;
  • records of holiday, sickness and other absence;
  • information needed for equal opportunities monitoring policy;
  • and records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records
  • Compliance checks i.e. Disclosure and Barring Service (DBS)

Access to the personal data listed above is restricted to the relevant parties where there is a justified and legal basis for that access provision. Access to sensitive data is on a need by need basis and will not be routinely accessed by any other staff

  1. You will, of course, inevitably be referred to in many company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company. You should refer to the Data Protection, Consent & Confidentiality Procedure which is available on the DHU intranet.
  2. Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes including information relating to Occupational Health.

This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.

  1. Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency.
  2. Where we are processing data based on your consent, you have the right to withdraw that consent at any time. However essential information to continue and manage your employment with DHU is required as a minimum.
  3. In addition, we monitor computer, email, telephone and mobile telephone use, as detailed in our Acceptable Use / expenses policy, available on the intranet. We also keep records of your hours of work in our HR/Payroll and Rota systems.
  4. You are also required to adhere to the Confidentiality Code of Conduct when dealing with or coming in to contact with any information that relates to DHU or its business in any way, this includes abiding by and acknowledging the fact that any information placed on public forums, internet media or social media that brings DHU or any of its subsidiaries in to disrepute may be followed with disciplinary action or legal action where appropriate and justified. Information relating to breaches may be shared with relevant authorities without your consent in pursuance of the above.
  5. In line with staff management & HR process we are required to hold details of your mobile number and email address on DHU Staff Management databases for administrative purposes (e.g. for shift vacancies, sickness and emergency cover situations) and will use these methods to communicate with you for item such as, but not limited to, sending organisational updates via email and changes to shift coverage, additional cover requests, emergency notifications by phone, email or SMS.
  6. In order to ensure that you have access to the most up to date information relating to the organisations staff portal (Intranet) it is necessary to upload non-confidential information to Clarity GP Team Net.

Please see Clarity’s Privacy Policy at the following link: https://clarity.co.uk/policies/privacy/

  1. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to pension providers.
  • We may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business.
  • Your personal data will be stored in line with our Records Management Policy and Retention Schedule available on the intranet.
  • If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

DHU Health Care CIC is the controller [and processor] of data for the purposes of the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).  If you have any concerns as to how your data is processed you can contact:

DHU Health Care: Data Protection

dhu-information.governance@nhs.net or you can write using the address below;

Data Protection Officer

DHU Health Care CIC

Johnson Building

Locomotive Way

Derby

DE24 8PU

  • Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.

You have the right to request from us,

  • right of access,
  • right to rectification,
  • right to erasure of your personal data,
  • right to restrict processing,
  • right to object to processing;
  • as well as in certain circumstances the right to data portability.

For full details of your rights please visit the Information Commissioners Office Website at www.ico.org.uk

  • If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
  • You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 2018 with regard to your personal data.

DHU will only use information that you provide consistent with the principles of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR)

Where DHU ask for personal information e.g. your contact details, etc., this is to enable DHU to provide you with information that is important to your role within DHU.

At no time will your personal information be shared with third parties unless you have given permission to do so.

The full Privacy Policy is available on the DHU website www.dhuhealthcare.com.

If any further information is required on the content of this privacy notice or policy please contact either your divisional HR representative or a member of the Information Governance Team.

If you have any concerns as to how your data is processed you can contact:

dhu-information.governance@nhs.net or you can write using the address below;

Data Protection Officer

DHU Health Care CIC
Johnson Building
Locomotive Way
Derby
DE24 8PU