Our contact details
Name: Mrs C Flude
Address: 31 Coton Road, Nuneaton, Warwickshire, CV11 5TW
Phone Number: 024 7635 7100
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details, date of birth and gender);
- the terms and conditions of your prospective employment;
- details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
- information about your nationality and entitlement to work in the UK;
- information about your criminal record;
- information about medical or health conditions, including whether or not you have a disability for which the practice would need to make reasonable adjustments;
The practice collects this information in a variety of ways, such as:
- Application forms; CVs or resumes; Copies of your passport other identity documents; Information collected through interviews or other forms of assessment; Forms completed by you at the start of or during employment; From correspondence with you; Through meetings or other assessments.
- The practice will also collect personal data about you from third parties, such as:
- References supplied by former employers;
- Information from employment background check providers and information from criminal records checks;
- The practice may seek information from third parties only once a job offer to you has been made and will inform you that it is doing so.
Data will be stored in a range of different places, including:
- Your application record; HR management systems; IT systems (including email).
Legislation requirements on information processing
- We will only process your personal information where we are able to do so by law, under the legal basis available through the Data Protection Act 2018 and General Data Protection Regulation 2016 (GDPR).
- The legal bases we use most often to collect information are:
- entering into and managing our employment contract
- legal obligations where processing is necessary for compliance, for example, informing HMRC of your tax and National Insurance contributions
- where the Practice may rely on its legitimate interests, where a formal assessment has been made and recorded
Where we process sensitive personal or special categories of data about you, we will ensure this is done only where one of the following conditions applies:
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller, or the data subject, in the field of employment and social security and social protection law
- processing is necessary for the purposes of preventive or occupational medicine, assessment of the working capacity of the employee, or the provision of health or social care
Why does the practice process personal data?
- The practice needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. It needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements.
- In some cases, the practice needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. It is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.
- In other cases, the practice has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the practice to:
- run recruitment and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the practice complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- respond to and defend against legal claims; and
- maintain and promote equality in the workplace.
- Where the practice relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
- Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes). Where the practice processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
Who has access to data?
- Your information will be shared internally. This includes:
- Your manager/supervisor
- IT staff
- The practice shares your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service.
- The practice is obliged to seek information about criminal convictions and offences in line with NHS Employers guidelines on criminal records checks, which you can read at: http://www.nhsemployers.org/your-workforce/recruit/employment-checks/criminal-record-check
- The practice may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
- The practice also shares your data with third parties that process data on its behalf, in connection with payroll, the provision of benefits and the provision of occupational health services.
- The practice will not transfer your data to countries outside the European Economic Area.
How does the practice protect data?
- The practice takes the security of your data seriously. Internal policies and controls are in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
- Where the practice engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and practice measures to ensure the security of data.
For how long does the practice keep data?
- The practice will hold your personal data for the duration of your employment and a reasonable period after employment has ceased.
- As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the practice to change incorrect or incomplete data;
- require the practice to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the practice is relying on its legitimate interests as the legal ground for processing; and
- ask the practice to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the practice’s legitimate grounds for processing data.
- If you would like to exercise any of these rights, please contact the Operations Manager firstname.lastname@example.org. You can make a subject access request by contacting the Operations Manager.
- If you believe that the practice has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
- You have some obligations under your employment contract to provide the practice with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the practice with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
- Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the practice to enter a contract of employment with you. If you do not provide other information, this will hinder the practice’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.
- Employment decisions are not based on automated decision-making.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at: Red Roofs Surgery, 31 Coton Road, Nuneaton, Warwickshire, CV11 5TW.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk