The University will still hold your information even if you have left our employment. The University is committed to being transparent about how we use that data to meet our data protection obligations.
What information does the University collect?
During your employment with the University of Derby, we will collect and hold your personal data. This information may include:
- your name, address and contact details, including email address and telephone number;
- date of birth and age;
- the terms and conditions of your employment;
- details of your qualifications, skills, experience and employment history;
- employment records (including job titles, work history, working hours, training records and professional memberships);
- information about your remuneration, including entitlement to benefits such as pension;
- details of your bank account and national insurance number;
- information about your marital status, next of kin, dependents and emergency contacts;
- information about your nationality and entitlement to work in the UK;
- details of your schedule (days of work and working hours) and attendance at work;
- copy of your driving licence (if applicable for your role);
- photos are required for your University ID, security and to allow site access. Photos will not be put in the public domain (e.g. on the University’s website or intranet) without your permission;
- details of periods of leave taken by you, including holiday, sickness, absence, family leave and sabbaticals, and the reasons for the leave;
- details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- information about your criminal record, if applicable and where required for your role within the University;
- information about medical or health conditions, including whether or not you have a disability for which the University needs to make reasonable adjustments;
- details of trade union membership where applicable;
- information concerning other protected characteristics e.g. disability; gender reassignment; race (including nationality and ethnicity); religion or belief; sex and sexual orientation;
- Outcomes of DBS checks (where applicable / necessary for the position) and
- performance reviews
Why do we collect your data?
The University needs to process your data to enter into an employment contract with you and to meet its obligations under your employment contract. The University needs to process your data to be able to provide you with an employment contract, to pay you in accordance with your contract and to administer pension entitlements.
The University may be required to process data to ensure it is complying with its legal obligations, an example of this being to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take leave.
There are cases where the University has a legitimate interest to process personal data during and after your employment at the University. Processing this data allows the University to:
- maintain accurate and up-to-date employment records and records of employee contractual and statutory rights:
- administer the contract we have entered into with you;
- pay you and deduct tax and national insurance contributions;
- liaise with your pension provider;
- to administer reward and benefit schemes (including third party partners);
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- comply with Health and Safety obligations;
- monitor your use of our information and communication systems to ensure compliance with our Information Systems policies;
- complete statutory returns (for example, HESA, Office for National Statistics, HEFCE);
- share anonymised data for the purpose of benchmarking and equality charters (for example, Stonewall, Athena Swan);
- run promotion processes;
- ensure effective general HR and business administration;
- provide references on request for current or former employees;
- respond to and defend legal claims;
- contact emergency contacts in case of emergency;
- to provide information for research bids and
- to provide evidence required by audits.
We will use your special category data in the following ways:
- we use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
- we use anonymised information about your race or national or ethnic origin, religious, philosophic or moral beliefs, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting;
- we use information relating to family-friendly leave (maternity, paternity, adoption, shared parental leave inter alia) to ensure that the University complies with duties in relation to statutory/occupational entitlements and to ensure that employees are receiving the pay or other benefits to which they are entitled.
Legal basis for holding your data
Our legal basis for collecting/processing your data is ‘contractual’ enabling us to provide you with the services you require throughout your employment with the University.
How your data is held?
Your personal data is held within our University records database and accessed by limited HR staff with authorised roles.
Who has access to data?
Information may be viewed by members of the HR team (including payroll), your line manager, managers in the area in which you work and IT staff – but only where access to the data is necessary for the performance of their roles;
- anonymised aggregated equality information which is used for equality benchmarking will be shared with the Advance HE and Stonewall;
- all employees, casual workers, contractors and affiliated bodies which are integral to the University (for example, the Students Union) have access to the University contacts list on Staff Central and internal contacts directory
Your details will also be provided to the appropriate University’s pension provider, the Local Government Pension Scheme (LGPS) for professional support staff and the Teachers’ Pension Scheme (TPS) for academic staff. You will be contractually enrolled into the relevant pension scheme subject to you meeting its terms and conditions.
We also have an ongoing duty under separate automatic enrolment rules to continually assess your eligibility to be enrolled in to a workplace pension scheme. Details provided will be your name, date of birth, National Insurance Number and salary. We would not pass on your bank details.
Some of the personal data we process about you will be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the EEA or who uses storage facilities outside the EEA.
In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission);
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there exists another situation where the transfer is permitted under applicable law (e.g. where we have your explicit consent).
How does the University protect data?
The University has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
How long we will keep your data?
The information that you provide the University with during the application process and collected during your employment with us, will be retained by us as part of your employee file. Information will be kept for the duration of your employment plus 6 years following the end of your employment.
Your data will be kept according to our Records Retention Policy.
Data subject's rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data via a subject access request
- require the university to change incorrect or incomplete data
- require the university to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data, in certain circumstances, for example, where the University is relying on its legitimate interests as the legal ground for processing; or for direct marketing purposes
- ask the university to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the university's legitimate grounds for processing data
- withdraw your consent at any time, where we have requested and obtained your consent
- where our lawful basis is consent or performance of a contract we will allow portability of your data
If you would like to exercise any of these rights, please
Use of automated decision-making and profiling
The University does not currently undertake any profiling activities or make automated decisions about you.
The right to complain to the Information Commissioners Office
If you are unsatisfied with the way the University has processed your personal data, we ask that you let us know so that we can try and put things right, or if you have any questions or concerns about your data please contact gdpr@derby.ac.uk.
If we are not able to resolve the issue to your satisfaction, you have the right to complain to the Information Commissioner’s Office.
Data Controller
The Data Controller is the University of Derby, Kedleston Road, Derby. If you would like information about how the university uses your personal data please email us at gdpr@derby.ac.uk
Data Protection Officer
The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. Contact our Data Protection Officer at dpo@derby.ac.uk
Other privacy notices
We do our utmost to protect your privacy. Please be aware that other privacy notices exist within the university in respect of data held, including but not limited, to activities in relation to your application, current employment and use of our website.