HR Privacy Notice
DHU Health Care CIC (Registered in England under registration no. 05834163 with its registration address at Johnson Building Locomotive Way, Pride Park, Derby, England, DE24 8PU), its subsidiary and associated companies (hereinafter referred to as DHU) is committed to protecting personal data.
During the course of our activities we, DHU Health Care, will process personal data (which may be held on paper, electronically, or otherwise) about our staff and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UKGDPR). The purpose of this notice is to make you aware of how we will collect and use your personal information both during and after your working relationship with DHU Health Care.
a) This notice applies to all current and former employees, workers, contractors, consultants, apprentices, volunteers and others. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
b) The Data Controller is DHU Health Care.
c) DHU have appointed a data protection officer and this is Affinity Resolutions who can be contacted at DPO@affinityresolutions.co.uk
a) We will comply with the six data protection principles in the DPA and UK GDPR, which say that personal data must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and where necessary kept up to date.
- Not kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed.
- Processed in a manner which ensures appropriate security of the data.
b) “Personal data” means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
c) Fair and lawful processing
1. We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the UK GDPR.
2. We will only process “special category data” also called “sensitive personal data” about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data and personal data relating to criminal proceedings or convictions, where a further condition is also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes. The full list of conditions is set out in the UK GDPR.
We collect personal data in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party, such as an employment agency, former employer, background check providers, credit reference agencies and from the DBS. We also collect information throughout the period of your working relationship with us. This may be collected during your work-related activities. Some of the information you provide will be a statutory requirement and others contractual. We will inform you whether you are required to provide certain personal information statutory or contractually or whether you have a choice.
- We will process data about staff for legal, contractual, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to pay you, monitor your performance and to confer benefits in connection with your employment. We will also process data where it is necessary for our legitimate interest such as training, profiling staff and advising staff of benefits from third parties. We may also use your data where it is necessary to protect your vital interests. This processing may include;
a) To maintain accurate records and contact details.
b) Assessing suitability for employment, promotion, conferring benefits and pay reviews.
c) Complying with statutory and contractual requirements.
d) Maintaining records of employment, grievance, complaints, disciplinary, performance, appraisal, training, career and professional development and needs.
e) Operating staff schedules, leave, sickness absences, workforce management, maternity leave, paternity leave, adoption leave and any other unpaid leave.
f) Payment to you of any entitlements and payment to any third party such as HMRC or a pension provider.
g) Reviewing sick leave or fitness to work.
h) Preventing fraud.
i) To provide access to key systems and application as required as part of your employment with DHU
j) Monitoring use of IT & telephony systems including;
a. Computer usage
b. Mobile phone usage
c. Recording all incoming and outgoing telephone calls on DHU telephony system
Information relating to this is detailed in our Acceptable Use / expenses procedures
k) Video recordings in our buildings and in our vehicles.
l) Ensuring effectiveness of HR polices, data protection polices, business administration and other business policies and procedures.
m) Establishing or defending complaints and legal claims.
n) To fulfil laws which apply to us and any third parties we work with.
o) For statistical research and analysis and to enable us to we can monitor and improve services.
p) To monitor how we are meeting our clinical and non-clinical performance.
q) Managing our relationships with you and third parties who assist us to provide the services or information to you. We will never process your data where these interests are overridden by your own interests.
r) To maintain staff management & HR process
s) To update DHU Staff Management databases for administrative purposes (e.g. for shift vacancies, sickness and emergency cover situations) and will use these methods to communicate with you for item such as, but not limited to,
a. sending organisational updates via email and
b. changes to shift coverage
c. additional cover requests
d. emergency notifications by phone, email or SMS.
Your personal data may be shared internally within DHU including members of HR, payroll department, management and IT where your personal data is necessary for the performance of their roles. It may also be shared with the wider work force where this is necessary for our legitimate interest.
DHU may also share your personal data with third parties which may include: -
a) External organisations for conducting pre-employment reference and background checks.
b) Payroll providers.
c) Benefits providers such as insurance and pensions.
d) Occupational health providers.
e) External IT supports.
f) Auditors, accountants, lawyers and other professional providers.
g) HMRC and other government bodies.
h) NHS Trusts and other health care bodies.
i) DBS checking agencies.
j) If we merge or restructure
k) With regulators or to comply with any legal obligation.
l) To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
m) When you request we supply personal data to another party you wish to supply services or products to you.
n) Where we use other companies to provide services on our behalf for training, processing, mailing, delivering, answering questions about products or services, sending mail and emails, data analysis, assessment and profiling or processing credit/debit card payments.
o) with our subsidiaries, affiliates or associated organisations companies
p) When you join or take part in any social media platforms managed by us.
q) When we have a contract with another organisation to provide our services jointly with them
a) We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data
b) We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
c) Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
a) We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed including satisfying any legal, tax, health and safety, reporting or accounting requirements.
b) We will generally retain your data for the duration of your employment or contract with us and for a period of time after termination of your employment or contract.This is subject to any minimum statutory or other legal requirement.
c) Personal data which is no longer retained will be securely and effectively destroyed.
a) You have the right to:
I. Request access to any personal data we hold about you.
II. Ask to have inaccurate data held about you amended.
III. Request the erasure of your personal data – this enable you to ask us to delete or remove your personal data where there is no compelling reason for its continued processing.
IV. Request us to restrict the processing of your personal data.
V. Object to the processing of your personal data.
VI. Request data portability – this is a request to transfer personal data to a third party so it can be reused. VII. Request a review of automatic decision making – we do not envisage that any employment decisions will be taken solely on automated decision making. However, we will notify you if this position changes.
b) If you wish to know what personal data we hold about you, you must make the request in writing to the Human Resources Team, this will then be recorded, reviewed and approved in line with relevant procedures.
c) If you are not satisfied with the way in which we deal with your request you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk.
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the European Economic Area (EEA).
DHU reserves the right to update or amend this privacy notice at any time, including where DHU intends to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data.
We will issue you with a new privacy notice when we make significant updates or amendments.
a) If you have any questions about this privacy notice or how we handle your personal data please contact the Information Governance & Data Protection Team at information.governance@dhuhealthcare.nhs.uk
b) If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with your line manager or contact information.governance@dhuhealthcare.nhs.uk.
Any breach of the DPA will be taken seriously and may result in disciplinary action.
The full Privacy Policy is available on the DHU website www.dhuhealthcare.com.
If any further information is required on the content of this privacy notice or policy please contact either your divisional HR represent In line with staff management & HR process we are required to hold details of your mobile number and email address on DHU Staff Management databases for administrative purposes (e.g. for shift vacancies, sickness and emergency cover situations) and will use these methods to communicate with you for item such as, but not limited to, sending organisational updates via email and changes to shift coverage, additional cover requests, emergency notifications by phone, email or SMS.