Data Protection Policy
This policy addresses the use of personal information that is likely to arise in any employment relationship. It is the policy of BSWA to keep all employment records confidential and secure.
1. Procedure
1. In accordance with the Data Protection Act 2018 all personal employment data held by BSWA will be:-
1.1 Processed fairly, lawfully and in a transparent manner;
1.2 processed for specified, explicit and legitimate purposes and not further processed in any manner incompatible with those purposes;
1.3 adequate, relevant and not excessive;
1.4 accurate and kept-to-date;
1.5 not kept for longer than is necessary;
1.6 processed in accordance with individual’s rights;
1.7 secure; and
1.8 not transferred to countries without adequate protection.
2. Compliance
2.1 BSWA’s Data Protection compliance officer is the Business Infrastructure Manager or their nominated deputy who has overall responsibility for adherence to this policy. Any queries in relation to data protection should be addressed to the compliance officer in the first instance.
2.2 Regular reviews will be made by BSWA to ensure that this policy is being complied with.
2.3 Line Managers who maintain employee records must also comply with this policy. 2
3. Collection of Information
3.1 All staff will be informed about what information will be kept about them and from where it is obtained (refer to Point 14.3). The information will be used by BSWA to manage the employment relationship, to abide by employment law and to provide references (refer to Point 11). It may be disclosed to individual employees’ line managers and in response to external requests (refer to Point 12). It may also be disclosed to the recognised trade union representative.
3.2 You are entitled under this policy to request access to the information kept on you.
4. Maintaining Records
4.1 It is the duty of both BSWA and the individual employee to make sure that the information maintained on the employee is accurate.
4.2 The employee is required to notify BSWA immediately about any changes to his or her personal details including emergency contact details to ensure that the records are kept up to date.
4.3 Sickness records detailing sickness absence and containing sensitive data on the employee concerned will be maintained by BSWA to enable it to comply with the statutory sick pay provisions, BSWA’s discretionary sick pay scheme and to monitor and manage levels of absence due to sickness or injury.
5. Equal Opportunities
5.1 BSWA is committed to being an equal opportunity employer and has an Equal Opportunities Policy. To enable BSWA to promote equality of opportunity, to abide by its Equal Opportunities Policy and with employment law and to monitor its progress in this respect, BSWA will request and collect information about the following:
5.1.1 Age;
5.1.2 Disability;
5.1.3 Ethnic origin;
5.1.4 Sexual orientation;
5.1.5 Transgender status
BSWA may request staff to volunteer other information that may help it to better understand how it is doing as an equal opportunities employer. In all such cases it will be made clear to staff why the information is sought and how it will be used. In such circumstances there will be no compulsion to provide such information and any data collected will be kept anonymous.
6. Fraud Prevention and Detection
6.1 Payroll information [and other information] may be used by BSWA in order to prevent or detect fraud.
6.2 Such information will not be disclosed to other organisations, for example the Department of Society Security, for the prevention or detection of fraud unless:
6.2.1 The employee has given their consent; or
6.2.2 BSWA is required by law to make the disclosure; or
6.2.3 In the circumstances of a particular request from an organisation BSWA is satisfied that if it failed to disclose the data, the prevention or detection of crime is likely to be prejudiced.
7. Financial Control
7.1 BSWA may use data matching processes to identify employees, who are indebted to BSWA, for example, in respect of payment for BSWA’s products or services the employee has used as a customer.
7.2 Pursuant to clause 8.3 in the employee’s contract of employment, BSWA is entitled to check that employees are not accruing significant debts to BSWA.
7.3 If BSWA has a legally enforceable debt against an employee, it may use personal data on the employee to recover the monies owed.
8. International Management
8.1 BSWA appreciates that there may be a risk to an employee if personal data is passed to countries that have either no data protection laws or significantly less protection than that afforded to individuals in the European Union.
8.2 BSWA will not transfer employee data to countries outside the European Union unless:
8.2.1 the destination country has been designated as providing adequate protection by the European Commission; or
8.2.2 the destination country is the USA and the recipient has signed up to the “safe harbour” principles; or 4
Birmingham & Solihull Women’s Aid. Data Protection Policy. Reviewed Jan 2019
8.2.3 the employee concerned has been told about the intended transfer and has agreed to it; or
8.2.4 the transfer is to an organisation that acts only as a processor, the processor is reliable, the country in which it is located is stable and the required controller – processor contract is in place; or
8.2.5 steps have been taken to ensure that taking account of all the circumstances of the transfer and the Data Protection Commissioner’s guidance on international transfers adequate protection is provided in other ways.
8.3 All employees will be notified of any transfer of their personal data outside the European Union.
9. Access and Disclosure
9.1 Employees and former employees have the right to request in writing information kept by BSWA about her. Although every effort will be made to provide the information free on request, we may charge a nominal fee to cover administration costs. BSWA may also require further information from the individual to help it locate the records.
9.2 Information kept for management planning or forecasting can be withheld where, in the opinion of BSWA, supplying it would prejudice the business of BSWA.
9.3 Any information requested under this section will be supplied as soon as it is reasonably practicable to do so and at the latest within 40 days of the request being received by BSWA.
9.4 When responding to a request BSWA will notify the employee whether it keeps any personal information about her and if so, the type of information kept, the purposes it is used for and the types of organisations it is passed on to.
9.5 BSWA will show the employee all the information kept on her. This will be provided in a hard copy. BSWA will also provide the employee with any additional information BSWA keeps on her and an indication of the source of this information.
10. Any references to third parties contained in the information shall be deleted by BSWA. If the information cannot be modified in this way and it will enable the employee to identify the third party BSWA can decide whether it is reasonable to release it.
11. References
11.1 Although there is no obligation under the Data Protection laws for BSWA to provide employees or former employee’s access to a confidential reference provided by BSWA it will be normal practice to endeavour to do so.
11.2 If BSWA is the recipient of a reference the potential employee concerned is entitled to request access to the reference, however, BSWA is entitled to take steps to protect the identity of third parties such as the author of the reference.
12. External Disclosure Requests
12.1 BSWA may be requested by a third party to supply information about an employee. BSWA is cautious in its response to such requests.
12.2 If an employee is on the receiving end of a request for information about employees, a disclosure of the information sought or any other information must not be made. The request should be referred directly to the Business Infrastructure Manager immediately. This is the policy for all external requests even if they purport to be from a Government body, for example, the Inland Revenue. Those seeking information may be using deception to gain access to information to which they are not entitled.
12.3 Employees who have authority to respond to external requests for information must establish the identity of the person making a request for disclosure before responding. Where practicable the request should be obtained in writing. Particular care should be taken with telephone requests, for example, by calling back to a known number.
12.4 Where those requesting information maintain the employer is under a legal duty to respond, the employee must ensure the request is received in writing detailing the basis on which it is asserted there is a legal duty. The employee dealing with the request should then check that this assertion is valid.
12.5 Where there is no duty on BSWA to disclose, BSWA may still respond to a request for information if it is satisfied that in all the circumstances it is fair to do so.
12.6 Employees will be notified by BSWA at the time a non-routine disclosure is to be made unless BSWA is prevented by law from doing so. A copy of the information disclosed will be supplied to the employee concerned.
12.7 A record will be maintained by BSWA of all non-routine disclosures recording the person who made the disclosure, the person who authorised it, the person requesting the disclosure, the reasons, the information disclosed and the date and time. All such disclosures must be reported to the Compliance Officer who will maintain the record.
12.8 It is a criminal offence for an employee to knowingly or recklessly disclose information about employees without BSWA’s consent. It will also be classified as misconduct in accordance with BSWA’s Disciplinary Procedure.
12.9 If to BSWA’s knowledge, the security or confidentiality of an employee’s records have been significantly prejudiced because they have been disclosed knowingly or recklessly without BSWA’s consent and there is a reasonable prospect of obtaining evidence as to who was responsible, the matter may be reported to the Data Protection Commissioner.
13. Dismissal
13.1 When employment is terminated BSWA will record the basis of the termination and ensure that this is accurately recorded.
14. Retention of Records on Current and Former Employees
14.1 BSWA will retain certain categories of information on both current and former employees in accordance with set retention periods.
14.2 The records will be assessed on a yearly basis to ensure records are not kept beyond the set periods. Records may be kept beyond the set periods where doing so is justified for business reasons.
14.3 In the absence of a specific instance of justification for business reasons the following records will be retained as indicated: Application form and interview notes for unsuccessful candidates | 1 year |
Personnel files and training records (including disciplinary records) | 6 years after employment ceases |
Parental leave | 5 years from the birth/adoption of the child or 18 years if the child receives a disability allowance |
Trade union agreements | 10 years after ceasing to be effective |
Consultation and Negotiation Forum minutes | Permanently |
Income tax and NI returns, income tax records and correspondence with the Inland Revenue | Not less than 3 years after the end of the financial year to which they relate |
Statutory Maternity Pay records, calculations, certificates or other medical evidence | 3 years after the end of the tax year in which the |