Groundswell collects and processes personal data relating to employees. We use the information to:
- Check you are legally entitled to work in the UK.
- Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency).
- Pay you and deducting tax and National Insurance contributions.
- Administer benefits such as pensions.
- Operate and keeping a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled.
- Obtain occupational health advice, to ensure that we comply with duties in relation to individuals with disabilities, meet our obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled.
- Operate and keeping a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled.
- Comply with health and safety obligations.
- Ensure effective general HR and business administration.
- Provide references on request for current or former employees.
Where is data stored?
Data will be stored in HR management systems and on other IT systems (including email). Some paper-based records, such as signed contracts, are kept in a locked filing cabinet.
What information does the organisation collect?
We collect a range of information about you when you apply for a job with us which is transferred to your employment file when you start work with us. This includes:
- your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
- information about your entitlement to work in the UK
- date of birth and gender.
- details of your bank account and national insurance number.
- information about your marital status, next of kin, dependants and emergency contacts.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- information about your criminal record.
- details of periods of sickness absence taken by you, and the reasons for the leave.
- details of attendance and sickness procedures in which you have been involved, including any stages of the process you have reached and correspondence.
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
Why does the organisation process personal data?
The lawful basis for all data processing activity relating to employees is Legal.
Who has access to data?
Your information will be shared internally, including with members of the HR and recruitment team (including payroll), your line manager, managers in the department in which you work and senior managers and IT staff if access to the data is necessary for performance of their roles.
We share your data with third parties who manage our databases and administrative systems and in order to obtain pre-employment references from other employers, obtain assessments as part of a recruitment process, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
The organisation may also share your data with third parties in the context of a potential TUPE transfer or when running a staff survey.
We also share your data with third parties that process data on its behalf, in connection with insurances and legal advice, employee relations matters, payroll, the provision of benefits and the provision of occupational health services.
For how long does the organisation keep data?
6 years after employment has finished.
What are your rights?
As a data subject, you have a number of rights which are outlined below.
- Right of access – Individuals can request to access and obtain a copy of all data we hold on them. This request is commonly referred to as a subject access request.
- Right to rectification – Individuals can require us to change incorrect or incomplete data.
- Right to erasure – Individuals can require us to delete all their data under certain conditions.
- Right to object – In certain circumstances, individuals can object to us processing their data.
- Right to restrict processing – Individuals have the right to restrict the processing of their personal data where they have a particular reason. In most cases we would need to have the restriction in place for a certain period of time not indefinitely.
- Right to portability – This gives individuals the right to receive personal data they have provided to us. They can also request that we give it directly to another controller.
If you would like to exercise any of these rights, please contact Groundswell’s Data Protection Lead on the details at the beginning of the General Privacy Notice. You can make any request in any form you choose – writing, email, phone, face to face or through a third party such as a solicitor.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner’s Office (ICO). The details are in the General Privacy Notice.