Young Persons Support Worker - Mosscare St Vincent’s Housing Group

Privacy Policy

PRIVACY STATEMENT FOR COLLEAGUES

This privacy notice explains how MSV collects, uses and processes personal data about you during and after your employment with us. This notice should be read together with any other privacy notice we may provide when we are collecting or processing personal information about you.

This notice applies to current and former employees and workers. Some elements also apply to applicants for job vacancies and consultants. Once appointed, all this notice applies. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

As a ‘data controller’, we are responsible for how we hold and use personal data about you. We are committed to protecting the privacy and security of your personal data.

The Data We Collect And Process About You

We may collect, store and use the following types and categories of personal information about you:

Identity data, including name, title, date of birth, gender, photograph and other information contained in identity documents (such as passport
Contact details, including address, email address and telephone numbers
Next of kin details, including next of kin and emergency contact information, information about dependents;
Payroll data, including bank account details, payroll records, National Insurance number, tax status information, salary and salary history, pension and benefits information;
Recruitment data, including copies of right to work documentation, references, qualifications, and other information included in a CV, application form or cover letter or as part of the application process
Employment and HR records, including job titles, work history, start date, working hours, annual leave, educational background and training records, professional memberships, performance information, probationary periods, disciplinary and grievance information; pension records, residency and work permit status, passport information, driving licence information, sick pay, pensions and insurance information, vehicle registration, results of criminal records checks, termination information
Information obtained through electronic means such as swipecard records, CCTV, voicemails, emails and other security and technology systems as permitted by applicable law

We may also collect, store and use the following ‘special categories’ of personal information:

Information about your race or ethnicity, nationality, religion, trade union membership, sexual orientation
Information about your health, including medical conditions, health and sickness records
Information about criminal convictions and offences, for example driving convictions

We collect this personal information either directly from you or from a recruitment agency. We may collect additional information from third parties including former employers. We will collect additional personal information in the course of job-related activities throughout the period of your employment.

How We Use Information About You

We will only use your personal information when the law allows us to. For example, we may use your personal information in the following circumstances:

Where we need to perform the contract we have entered into with you. (Contract)
Where we need to comply with a legal or regulatory obligation. (Legal or Regulatory)
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (Legitimate Interest)

We have set out in the table below the ways in which we may process the personal data and the legal basis for doing so (although some of the grounds for processing may overlap and there may be several grounds which justify our use of your personal data):

Purpose For Which We Use This Data	Categories Of Data		Legal Basis For Processing
To contact you, to make decisions about your recruitment or suitability for appointment (including secondments and acting up arrangements), the terms on which you work for us, the right to work in the UK, consider and make reasonable adjustments if required	Identity data, contact details, application form or CV, interview information, references, pre employment checks, health information, criminal records data		Contract e.g. to agree terms of employment contract Legal obligation e.g. Equality Act Legitimate interest e.g. to ensure suitability of applicant
Maintaining emergency contact details and beneficiary details	Next of kin details		Legitimate interest e.g. to ensure benefits paid to correct individuals
Processing salaries Liaising with pension providers Liaising with third party benefits providers Liaising with childcare voucher providers Monitoring equal pay and gender reporting requirements	Identity data, contact details, payroll data, recruitment data, employment and HR records, bank data, benefits information, gender and marital status, date of birth, beneficiaries data		Contract e.g. to pay your salary Legal obligation e.g. maintain appropriate records Legitimate interest e.g. to pay benefits to beneficiaries
Purpose for which we use this data	Categories of data (as described in further detail above)		Legal basis for processing
Managing sickness absence, ascertaining fitness for work, occupational health, considering reasonable adjustments, complying with health and safety legislation, safeguarding and promoting the wellbeing and welfare of employees, workers and consultants, manage sick pay entitlements, to provide safe place and ways of working	Information about your health, including medical conditions, health and sickness records, attendance records, details of occupational health referrals and reports, results of drug or alcohol testing,		Legal obligation e.g. manage sick pay entitlements, health and safety obligations Legitimate interest e.g. to plan and manage workforce, to manage employees attendance, Contract – to determine remuneration of employees
Conducting performance reviews, managing performance and determining performance requirements. Decisions about remuneration and benefits Reviewing and considering training and development requirements. Dealing with legal disputes involving you or other employees. Managing the employment relationship e.g., grievances, investigating conduct issues, estimating redundancy or termination payments, managing restructures To manage HR processes and answer your questions and deal with any complaints To conduct risk assessments Managing business related driving	Identity data, contact details, payroll data, recruitment data, employment and HR records, benefits data, role and employment history, appraisal content and performance data, attendance records, information about your conduct, vehicle information, insurance documentation, licence checks	Legitimate interest – providing advice to you and your manager, administering HR records, manage conduct and complaints Legal obligations e.g. health and safety obligations and reporting requirements, to ensure drivers are legally permitted to drive
To include information relating to your experience on our website, in tender documents for potential clients or other marketing related material	Identity data Job title, employment history (if applicable/relevant), professional memberships Photographs	Consent Legitimate interest
Purpose for which we use this data	Categories of data (as described in further detail above)		Legal basis for processing
To prevent and detect crime, protect health and safety of employees, workers and consultants, for quality assurance To audit IT applications and systems, to monitor appropriate use	CCTV data Telephone recording data Email and internet monitoring Mystery guest programmes Device location	Legitimate interest e.g. to allow you to contact people internally and externally, to provide a service to customers, to provide audit trails and monitor inappropriate use, to protect and safeguard data Legal obligation e.g. to protect H&S of employees

If you do not provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How We Use More Sensitive Personal Data

We may process special categories of personal information in certain circumstances, such as:

With your explicit consent (in limited circumstances);
Where we need to carry out our legal obligations or exercise rights in connection with employment;
Where the processing is necessary for the purposes of preventive or occupational medicine or for assessing your working capacity;
Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme.

We may also process this type of information where it is needed in relation to legal claims, or less commonly, where you have already made the information public.

We may use sensitive personal information in the following ways:

We will use information relating to leaves of absence, which may include sickness absence or family related leave, to comply with employment and other laws.
We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
We will use information about your race or national or ethnic origin, religious beliefs or your sexual orientation to ensure meaningful equal opportunity monitoring and reporting.

We do not need your consent to process such sensitive personal information if we use your personal information in accordance with our privacy notice to carry out our legal obligations or exercise specific rights in the field of employment law.

In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about criminal convictions

We will only use information relating to criminal convictions where the law allows us to do so. This will be where

The post you have applied for requires disclosure of criminal convictions or is subject to a DBS check
The convictions relate to driving which impact on the organisations insurance and have implications for health and safety at work
Where you are subject to a disciplinary investigation and the criminal conviction is relevant evidence for the case
Where you disclose to us, or to your colleagues, any criminal conviction and this results in an employee relations situation that requires organisational intervention

We will request information about whether you have any criminal convictions, where relevant, and will:

Use such information and disclose it to our insurance brokers in connection with the renewal of our professional indemnity insurance, as such information is required by our insurance company.
Use such information to check that you are not disqualified by reason of such conviction from holding any office that is a requirement of your post, for example whether you would be disqualified from driving, from being a Company Director, from working unaccompanied in a school.

Data Sharing

We may need to share your personal data with third parties, including third party service providers. Where data is shared, we require third parties to respect the security of your data, keep it confidential, and to treat it in accordance with the law.

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. This includes third party service providers.

The following activities are carried out by third party service providers, this do not form an exhaustive list in each category:

Payroll (e.g. Cintra)
Pension administration (First Actuarial, Scottish Widows, Mitchell Charlesworth)
Benefits provision and administration (e.g. Simply Health, Education Support)
Health insurance provision and administration (e.g. Simply Health)
The hosting of our IT systems and provision of IT support (e.g. Cascade)
Occupational Health Services (e.g. Education Support, Healthworks)
Recruitment and Assessment (e.g. Networx)
Attendance at training and conferences, travel and accommodation
E-learning (Ihasco, Litmos)
Colleague surveys or 360 exercises (Survey Monkey)
Host organisations in the case of placements or external secondments.

These third party service providers are only permitted to process personal data for specified purposes and, where they are processing data on our behalf, in accordance with our instructions.

We may also share your personal information with a regulator, HMRC, auditor, or to otherwise comply with the law.

We may share your personal information with other third parties, for example in the context of a possible sale or restructuring of the business or TUPE transfer.

Data Security

We have in place security measures to protect the security of your information. We also limit access to your personal information to those employees and third parties who have a business need to know. They are required to process your personal information on our instructions and subject to a duty of confidentiality.

We have in place a policy to deal with any suspected data security breach and we will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of the retention periods for different aspects of your personal data are set out in the Retention Schedule attached

Rights Of Access, Correction, Erasure, And Restriction

It is important that the personal information we hold about you is accurate and current. It is important that you keep your information accurate and current through the use of self-service access to the Cascade HR system. For those areas where you cannot update via self-service please inform the People & Talent Team.

Under certain circumstances, by law you have the right to:

Request access to your personal data

You have the right to obtain a copy of the personal data we hold about you and certain information relating to our processing of your personal data.

Request correction of your personal data

You are entitled to have your personal data corrected if it is inaccurate or incomplete.

Request erasure of your personal data

You have the right to request that we delete your personal data, where it is established that there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Request restriction of processing of your personal data

You have a right to ask us to suspend the processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.

Request the transfer of your personal data

You have the right to request the transfer of your personal data to a third party. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.

Object to processing of your personal data

You have the right to object to the processing of your personal data where we believe we have a legitimate interest in processing it (as explained above). In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.

We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contacting Us

If you have any questions about this privacy notice, how to exercise any of your rights or how we handle your personal information, please contact Sian Leighton, Head of People and Culture.

You also have the right to make a complaint to the Information Commissioner’s Office:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: www.ico.co.uk

Changes To This Privacy Notice

We reserve the right to update this privacy notice at any time and will publish the revised notice to the intranet. We will provide you with a new privacy notice when we make any updates which are substantial. We may also notify you in other ways from time to time about the processing of your personal information.

PEOPLE AND TALENT RETENTION SCHEDULE

Data Retained	MSV Retention Period	Responsible Person(s)	How and Where Data I Retained
Unsuccessful job application data	6 – 12 months	Head of People & Culture	Electronically Networx or MSV server
Applications from successful candidates	6 years post termination	Head of People & Culture	Electronically Networx or MSV server
Personnel Records: appraisal, training, employee relations, employment contract etc	6 years post termination	Head of People & Culture	Electronically Cascade and MSV server
Sickness and absence records	6 years post termination	Head of People & Culture	Electronically Cascade and MSV server
Health and Safety Training Records	6 years post termination	Head of People & Culture	Electronically Cascade and MSV server
Health and Safety Assessments	Permanently	Head of People & Culture	Electronically MSV server
Health and Safety Statutory Notices	6 years after compliance	Executive Director Asset Management and Property Services / Head of People & Culture	Electronically MSV server
Accident records, reports and books	6 years post date of occurrence	Head of People & Culture	Electronically MSV server
Medical records relating to Asbestos	40 years	Head of People & Culture	Cascade and MSV server
Occupational Health Reports and Assessments	6 years post termination Assessments relating to asbestos or other conditions that may result in claims after 6 years will be retained for up to 40 years	Head of People & Culture	Electronically MSV server
Pension reconciliations and fund contributions	Permanently	Head of People & Culture / Head of Finance	Electronically Cintra and MSV server
Record of taxable payments	6 years	Head of Finance	Electronically Cintra and MSV server
Record of tax deducted or refunded	6 years	Head of Finance	Electronically Cintra and MSV server
Record of earnings on which NI contributions payable	6 years	Head of Finance	Electronically Cintra and MSV server
Data Retained	MSV Retention Period	Responsible Person(s)	How and Where Data I Retained
Record of employer and employee NI contributions	6 years	Head of Finance	Electronically Cintra and MSV server
NIC contracted out arrangements	6 years	Head of Finance	Electronically Cintra and MSV server
Copies of notices to employees e.g. P45, P60	6 years	Head of Finance	Electronically Cintra and MSV server
Inland Revenue notice of code changes, pay and tax details	6 years	Head of Finance	Electronically Cintra and MSV server
Expense claims	6 years after audit	Head of Finance	Electronically Cintra and MSV server
Records of sickness payments	6 years	Head of Finance	Electronically Cintra and MSV server
Record of maternity, paternity, adoption, shared parental payments	6 years	Head of Finance	Electronically Cintra and MSV server
Income tax PAYE and NI returns	6 years	Head of Finance	Electronically Cintra and MSV server
Redundancy records and details	12 years	Head of People & Culture	MSV server
Declaration of Interests	12 months	Head of People & Culture	MSV server
Group Health Policies	12 years after cessation of benefits	Head of People & Culture	MSV server
Employers Liability Insurance Documentation	Minimum 40 years	Executive Director of Finance & Business Excellence	MSV server
Drivers records	2 years	Head of People & Culture	Cascade and MSV server
Trade Union Agreements	10 years	Head of People & Culture	MSV server

By ticking the box, you are agreeing to the terms in this privacy policy.

Privacy Policy

Strictly Necessary

Always Active

Performance / Analytics

Functional Cookies