During the course of its employment activities, Luton and Dunstable University Hospital collects, stores and processes personal information about prospective, current and former staff.
The scope of this staff privacy notice includes applicants, employees (incl8uding former employees), other workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience, clinical placements, observerships and honorary contract holders.
We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.
What type of personal data do we handle?
In order to carry out our activities and obligations as an employer we handle data in relation to:
- personal demographics (including age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, sex, sexual orientation, religion or belief)
- Disability (for any additional support or adjustments to assist you).
- Contact details such as name, address, telephone number and emergency contact(s)
- Employment records (including qualifications, education, employment history, professional membership, references and proof of eligibility to work in the UK)
- Bank and pension details
- Medical information including physical and mental health condition
- Information relating to health and safety at work, and any incidents or accidents
- Trade union membership
- Offences, criminal proceedings, outcomes and sentences
- Employee relations files (such as grievance, disciplinary, performance, sickness/absence)
- Employment Tribunal applications, complaints, accidents and incident details
Our staffs are trained to handle your information correctly and protect your confidentiality and privacy.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes.
Your information will not be processed overseas unless we inform you otherwise.
What are the purposes for processing staff data?
- Staff administration, management and engagement
- Payroll and pensions administration
- Business management and planning
- Accounting and Auditing, including to HMRC
- Accounts and records
- Crime prevention and prosecution of offenders
- Education, learning and development
- Health administration and services
- Local/National databases and data warehouse administration
- Sharing and matching of personal information for national fraud initiative
We have a legal basis to process this as part of your contract of employment or as part of our recruitment processes following data protection and employment legislation.
Sharing your information
We will share your information due to our obligations to comply with legislation or our duty to comply any Court Orders which may be imposed.
Any disclosures of personal data are always made on a case-by-case basis, using the minimal personal data necessary for the specific purpose or circumstances and with the appropriate security controls in place.
Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal 08data to such persons.
Use of Third Party Companies
To enable effective staff administration Luton and Dunstable University Hospital NHSFT may share your information with external companies to process your data on our behalf. This is in order to comply with our obligations as an employer.
Employee Records; Contracts Administration (NHS Business Services Authority)
The information which you provide during the course of your employment; including the recruitment process, will be shared with the NHS Business Services Authority for maintaining your employment records held on the national NHS Electronic Staff Record (ESR) system.
Prevention and Detection of Crime and Fraud
We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
In order to comply with statutory requirements, we may be required to supply information about you and/or your employment/relationship with the Trust to central Government Agencies, departments or agents acting on their behalf (e.g. HMRC, DH, Home Office, DWP).
Payroll and Pensions Administration
Information will be shared with University Hospitals Birmingham NHS Foundation Trust (UHB) in pursuit of administering your pay and any associated pensions, under/overpayments.
Details may be transferred from this Trust to other NHS trusts to support the safe, efficient and effective transfer of staff information when a member of the workforce transfers from one NHS organisation to another. The personal data shared includes: name, address, date of birth, national insurance number and registration details.
The Trust is required to retain your employment record in order to carry out activities and obligations as an employer and therefore cannot delete the record until it reaches the required DH retention period.
We will retain your information in line with the Department of Health Retention Schedule.