This notice specifically covers how data is used by our human resources department.
The purpose of processing
Leonard Cheshire collects and processes personal data of both job applicants and workers for the following purposes:
- To manage our workforce we need to maintain information for the general purposes of the ongoing employment relationship including performing the employment contract and maintaining the health and safety of individuals on our premises.
- To consider individuals for a recruitment vacancy and manage that process.
Special note for candidates
To interview and consider an offer we will collect a subset of workforce information to facilitate that process - e.g. identity, CV, contact details, interview notes. Your rights are unaffected and unsuccessful candidates will have records erased according to the retention schedule (PDF), typically around 6 months.
The legal basis we use for processing
We process data to enter into an employment contract with you and to meet our obligations under your contract and employment law. For example. we need to provide you with an employment contract, to pay you in accordance with your contract and to administer employee benefits, tax and pensions.
We need to comply with our legal obligations. For example, we are required to check entitlement to work in the UK, to deduct tax, manage health and safety issues and to enable employees to take periods of leave they are entitled to.
In other cases, we have a legitimate interest in processing personal data before, during and after the end of the employment relationship. This helps us:
- Keep our staff informed of various initiatives using newsletters and email.
- Manage organisational design and operation.
- Other staff surveys for feedback on change.
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities). Information about trade union membership may also be used to comply with employment law obligations.
Where the organisation processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. Data that the organisation uses for these purposes is anonymised. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
What data we need
We collect and process a range of information. Mostly this will be in the performance of your employment contract or preparing for it. This includes:
- Contacts - name, address and contact details, including email address and telephone numbers, date of birth and gender.
- Family - marital status, next of kin, dependants and emergency contacts.
- Qualifications and employment history - skills, experience and previous employment, including start and end dates with previous employers, references and your employment history with Leonard Cheshire.
- Payroll - bank account and national insurance number.
- Tax and pensions, benefits - remuneration, entitlement to benefits and schemes such as pensions or insurance cover.
- Identity and right to work - nationality and entitlement to work in the UK; information about any criminal records you may hold.
- The terms and conditions of your employment.
- Work schedule (days of work and working hours) and attendance.
- Leave and absence - periods of leave taken, including holiday, sickness absence, family leave and sabbaticals, and the reasons for that leave.
- Performance - appraisals, reviews and ratings, performance improvement plans and related correspondence; disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
- Health and medical - assessments of your performance, medical or health conditions, Occupational Health referrals and reports, whether you have a disability and agreed reasonable adjustments.
- Equal opportunities - monitoring/survey including information about ethnic origin, sexual orientation, religion or belief, and community background (NI only) for statutory reporting and organisational development.
Why we need the data and what we do with it
Leonard Cheshire may collect this information in a variety of ways. For example, data might be collected through application forms, CVs, obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of our during your employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments. It may be collected through telephone contact or CCTV.
In some cases, we may collect personal data about you from third parties such as references from former employers, background check providers to confirm your identity, and criminal record checks as permitted by law.
Data will be stored in your HR file, HR management systems and other IT systems (including email system).
Your information may be shared internally, including with members of the HR and Recruitment team, Employee Administration team, Payroll team, your line manager, managers in the business area in which you work, IT staff where access to the data is necessary for the performance of their roles and auditors.
The organisation may share your data with third parties to manage your employment contract such as to obtain pre-employment references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal record checks from the relevant Disclosure body (DBS, Access NI or Disclosure Scotland). The organisation may also share your data with third parties in the context of a transfer of its operations. In those circumstances the data will be subject to confidentiality arrangements.
The charity shares with third parties that process data on its behalf such as payroll and pension providers, provision of benefits, and occupational health services.
We only share with other parties where it is fair and lawful to do so, or where we may be obliged to. In the course of role duties there may be an expectation of this sharing taking place to facilitate a service or function. Examples include HMRC (tax law), social care regulators and inspection, the NHS, audit, and local authorities. Data breach and safeguarding alert investigations may require disclosure.
For UK based posts, we will not transfer your data outside the European Economic Area, unless your role clearly needs this and is agreed.
For non-UK based posts, we will transfer data to the country you work in and for payroll purposes, donor compliance and legal representation, your data may be processed in another country. We endeavour to maintain robust privacy standards.
Payroll and workplace incidents and disputes in care
Where workplace disputes arise, or safeguarding incidents need investigation, personal information and witness statements will be taken. The charity is subject to a number of regulators and laws, The Health and Social Care Act 2008 Regulations 2014(pt3), the Care Quality Commission and registration (noting Reg. 13 Safeguarding, and Reg. 19 Employing Fit and Proper Persons), the Independent Safeguarding Authority and others. These disputes follow internal guidance and applicable law and your rights and the process will be explained. Your privacy and subject rights remain, however you may wish to take external advice.
How long we keep the data
We will only retain your data for as long as is necessary or in accordance with legal requirements. How long we need to keep your personal data will depend on the purpose it was collected for, including to providing you with agreed services and to meet our legal and regulatory obligations.
When we no longer have a requirement to keep your data, the information will be securely deleted or anonymised. For information on how long your data is stored please email IG@leonardcheshire.org.
What are your rights?
You have rights in respect of the processing of your information which is explained in the main section of the privacy notice.
Do we use any data processors?
We use data processors to carry out DBS checks on our behalf, where relevant and to securely store and manage our HR management system. These arrangements are governed by GDPR compliant data processing contracts or agreements.
Do we many any overseas transfers?
We do not transfer personal data overseas.
Do we use any automated decision-making including profiling?
We do not use any automated decision-making or profiling.