Staff Privacy Notice

Our privacy statement explains what types of personal information will be gathered and how this information will be used. In this statement “Albion”, “us”, “our” and “we” means Albion.

The Albion is committed to protecting your personal and sensitive personal data, working in accordance with current data protection legislation. We are registered as a data controller with the Information Commissioner’s Office under registration number ZB141007 for the Albion Business School. Albion will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and this privacy notice is issued in accordance with the GDPR articles 13 and 14.

The Data Protection Officer

The Albion has appointed a Data Protection officer.

This privacy notice outlines how the Albion collects, processes, and uses your information. This notice is applicable to all current employees and other colleagues who have a temporary or ongoing association with the Albion, including visiting faculty, honorary appointees, and Emeritus Professors.

Why do we collect your data?

The Albion collects information in order to fulfil its obligations as an employer. There is always a lawful basis for processing of your information including, but not limited to, the performance of an employment contract and compliance with the Albion’s legal obligations, which are outlined below. Where information is not provided by employees, the actions below will not be able to be undertaken. The Albion will not process personal data for marketing purposes or transfer personal data outside of the EU framework and data is not subject to automated data processing.

It is important that the information held about you is accurate and current.

What type of data do we collect?

The following are examples of personal data (not exhaustive) which may be collected, stored and used:

Personal contact details such as name, date of birth title, addresses, telephone numbers, and personal email addresses.
Marital status and dependants.
Gender.
Next of kin and nominated emergency contact information.
National Insurance number, bank account details, payroll records and tax status information.
Salary, annual leave, pension, and benefits information.
Copy of driving licence where your employment involves driving for the Albion.
Recruitment information (including copies of right to work documentation, references and other information included in an application form, CV, or cover letter or as part of the application process).
Employment records (including job titles, conflicts of interests, work history, working hours, training records and professional memberships).
Compensation history, including allowances and bonus payments.
Salary benchmarking and pay modelling.
Personal development information (including PDR, training, and progression).
Disciplinary, grievance, sickness absence and performance management information.
Information relating to maternity, paternity, shared parental, or adoption leave.
CCTV footage and other information obtained through electronic means such as swipe/identity card records.
Information about your use of our information and communications systems.
Photographs.
Passport and UKVI information.
We may also collect, store, and use the following types of special category personal data.
Information related to protected characteristics as defined within the Equality Act for monitoring and institutional reporting, for example, our Annual Equality Report, Equal Pay and Athena SWAN submissions.
Trade union membership.
Information about your health, including any medical condition, health and sickness records, and disability information.
Information about criminal convictions and offences.

When and how do we collect your data?

Albion will collect your information in different ways prior to and during its relationship with you.

These will include:

Information you provide directly to us such as through the application or recruitment process or during your period of employment.
Information provided by other sources such as employment agencies, referees, or former employers (some of which may be post- employment e.g., in relation to tax and/or pension).

How do we use your data?

Albion requires this information to manage the employment relationship with staff and the obligations and responsibilities, which arise from this. For example, the Albion may use your information to:

recruit and select new and existing employees, temporary workers and consultants including matching to future vacancies.
carry out any necessary checks to ensure that staff have the right to work in the UK and are eligible to work with children, patients or other vulnerable individuals and have suitable references in relation to previous employment etc.
administer contracts of employment and other contractual arrangements related to temporary and casual workers, consultant and voluntary or honorary appointees.
maintain accurate information for current members of staff in the HR databases.
pay staff and ensure they are receiving the pay or other benefits (including pensions and reimbursement of travel and subsistence expenses) to which they are entitled and that the necessary deductions are being made i.e., tax, student loans etc.
provide staff benefits and administer salary exchange arrangements i.e., childcare vouchers, cycle to work etc.
manage the health and wellbeing of staff through maintenance of emergency contact details, pre-employment medical details, health screening for relevant roles, information related to disability, incident records, Personal Emergency Evacuation Plans, personal risk assessments and staff survey monitoring etc.
record staff absence including sickness, parental leave, jury service etc. and maintain absence management procedures for effective workforce management and employee wellbeing i.e., fitness to work and reasonable adjustments
record and monitor staff performance, training, development, and career progression.
operate and keep a record of disciplinary, grievance and other employee relations processes including employment tribunals to report on internal performance metrics and identify patterns or concerns in specific areas.
report and monitor data relating to protected characteristics to inform and develop action plans that promote equality, diversity, and inclusion at the recruitment stages and within the workplace.
process specific reports and returns and participate in general statistical surveys for Governmental or regulatory bodies such as relevant Pension Providers, HMRC, HESA or the Office for Students.
facilitate internal day to day communications relevant to your employment with the Albion and promotion of your work, details on the staff directory which also covers managing the security and car parking through photographic staff ID cards.
fulfil and monitor legal responsibilities and obligations, for example, within the Equality Act, immigration and health and safety legislation.
provide references on request for current and former employees.
provide relevant management information to support the Albion with its effective financial forecasting, workforce management and business planning.
support staff with making applications for research or other funding and regulatory approvals.
support teaching and learning and staff development with audio or video recording of lectures, presentations or training events.
manage joint contracts of employment / secondments which require information to be shared with the honorary / host employer (usually NHS partners for clinical academic appointments).

What is the lawful basis for processing personal data?

The Albion processes staff data for the above purposes under the following conditions:

Where consent has been provided.
In order for the Albion to fulfil its obligations under the contract of employment.
Where the Albion needs to comply with a legal obligation (for example, the detection or prevention of crime and financial regulations).
Where it is necessary for the Albion’s legitimate interests (or those of a third party) and the interests and fundamental rights of the member of staff do not override those interests.
To protect the vital interests of the member of staff or of another person (for example, in the case of a medical emergency).
In order to perform a task carried out in the public interest.
The Albion will only process special category data with the member of staff’s explicit consent or under the following conditions.
For the purposes of the member of staff and/or the Albion carrying out its obligations in the field of employment providing appropriate safeguards are in place to protect the individual’s fundamental rights and interests.
For the establishment, exercise, or defence of legal claims.
When it is needed to protect the member of staff or another person’s vital interests and the member of staff is not capable of giving your consent (for example, in an emergency).
For reasons of substantial public interest.
Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
If your consent is required for any specific use of your personal data, it will be collected at the appropriate time.

Who internally has access to your data?

Information is held by Albion and is carefully controlled with access being granted only if it is needed for a legitimate business requirement i.e., related to one of the activities listed in the section on how we use your data.

For operational and business continuity purposes, your personal data may be shared with other relevant members of the Albion including Senior Managers

Your personal data is also shared across relevant IT systems and databases to facilitate the management and delivery of Albion services, legal requirements, and equality reports

Finance have access to certain information they require for effective forecasting and to process BACS payments

Reporting Managers have access to certain information to fulfil their obligations and manage your employment

Managers have access to certain information following incident reports in order to fully investigate those incidents and ensure appropriate control measures are in place

We take your privacy and the security of your data seriously and requests for access to your data are only approved if there is a legitimate reason, which is covered by the relevant lawful basis. If your consent is required that would be collected in advance of your information being shared.

Who do we share your data with outside of the Albion?

The Albion will disclose certain personal detail to external bodies for the legitimate interests of the Albion or of third parties as detailed below.

Disclosure to	Details and legitimate grounds for processing data
UK Visas and Immigration	To meet obligations as a sponsor licence holder.
Disclosure and Barring Service and First Advantage Group acting as an umbrella body on behalf of the Albion	To ensure applicants’ suitability for particular positions of trust where clearance is required.
HESA (Higher Education Statistics Agency)	For statistical analysis purposes and for government agencies to carry out statistical functions. For more information on HESA’s privacy statements please visit https://www.hesa.ac.uk/about/website/ Or for specific information on the most up to date staff data collection for HESA visit the HR Community under H for HESA on the A to Z
REF (Research Excellence Framework)	REF is the UK’s system for assessing the quality of research in UK higher education institutions. For more information on REF’s data privacy please visit: https://www.ref.ac.uk/media/1192/dpia_ref2021_submissions.pdf
Other Statistical agencies and professional bodies	For returns and benchmarking purposes e.g. DLA Piper and UCEA for salary surveys, DSC and MSC surveys etc.
Funding bodies e.g. OfS / ERDF	To support the requirement for statistical returns and funding applications and to demonstrate compliance within funding regulations
Mortgage companies and letting agencies	For mortgage and letting verification purposes. Information will only be disclosed with written consent of the employee.
HM Revenue and Customs (HMRC)	For the collection of income tax and national insurance contributions from employees.
Pension providers: Teachers’ Pension Scheme, Local Government Pension Scheme, NHS Pension Scheme, Universities’ Superannuation Scheme, Aviva, Legal and General	To allow provision of pensions by these providers.
UK government and other agencies e.g. Police, DWP, UKVI, FCO, Unions, ONS	Relating to detection of crime, safeguarding national security, benefits, union membership, collection of tax or other payments, and government reporting activities.
UK Enforcement Organisations e.g. The HSE, Home Office, LA and Devon and Somerset Fire and Rescue Service	Relating to investigation and enforcement of UK Health and Safety, Fire and other statutory legislation.
Third party software suppliers	Where external computer systems are used, for example, the iTrent HR/Payroll system, there may be occasions where access is granted to ensure operational management. A formal agreement will be entered into by third parties and the Albion to protect employee data.
Occupational health: Medigold, Sodexo (employee assistance programme)	To support health surveillance and provide specialist occupational health support and assessments.
Audit companies	To enable internal / external audit / investigation
Publicly available on website	To enable effective communication certain information is included on the Albion website i.e. name, work contact details, biographies, committee membership etc.
Transfer of Undertakings Protection of Employment (TUPE)	Where your employment has transferred to another employer, your details will be passed to your new employer under the TUPE regulations.

How long do we keep your data?

Albion will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it. Details of retention periods for the different aspects of your personal information are available via the Albion’s retention schedule.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What rights do I have?

As a data subject you have a number of rights in relation to your personal data. You can:

access and obtain a copy of your data on request.
require the Albion to amend incorrect or incomplete data.
require the Albion to stop processing your data, for example where the data is no longer necessary for the purposes of processing.
object to the processing of your data where the Albion is relying on its legitimate interests as the legal ground for processing.
require us to erase your personal data.
require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal).
receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller.

Please note that the above rights are not absolute, and Albion may be entitled to refuse requests where exceptions apply.

If you wish to exercise any of these rights or if you have a complaint about the way you believe your data is being processed, in the first instance, please contact Albion’s data controller.

If you have a complaint and you remain dissatisfied with how your complaint has been dealt with you can take your complaint to the Information Commissioner’s Office (ICO) for a review.

Reminder of individual’s responsibility

Individuals also have a responsibility for the security of their data.

Changes to this notice

This privacy notice is reviewed annually or when required to ensure compliance with data protection legislation. If significant changes are made to this notice and the way we treat your personal information we will make this clear and may seek to communicate this directly to you

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.