How we use your personal information​

This statement explains how St Edmund’s College (“we” and “our”) handles and uses information we collect about our staff (“you” and “your”). For these purposes, “staff” is intended to include employees, workers and casual workers and contractors (e.g. ad-hoc or temporary maintenance, kitchen or catering staff etc.) In broad terms, we use your data to manage your with the College, including your role and the performance of it, how we support you as an employer, and how you are paid, as well as other statutory requirements.

The controller for your personal information is St Edmund’s College, Mount Pleasant, Cambridge CB3 0BN. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College with overall responsibility for the protection of information is the Senior Information Risk Owner who at at the time of issue is the Bursar (bursar@st-edmunds.cam.ac.uk). The person who is responsible for day-to-day monitoring of compliance with relevant legislation and dealing with any concerns relating to the College’s data protection arrangements is the College Data Protection Lead, who at the time of issue is the Governance, Risk & Compliance Manager (grcm@st-edmunds.cam.ac.uk).

Unless otherwise stated, the legal basis for processing your personal data is that it is necessary for the performance of the employment contract we hold with you, or for statutory purposes (e.g. processing your monthly salary, tax and pension contributions).

How your data is used by the College

Your data is used by us for a number of purposes, including:

(a)        supporting your employment and your performance in your role. Such personal data includes:

·       *personal details, including name, contact details (phone, email, postal, both work and personal) and photograph;

·       your current and any previous role descriptions;

·       your current and any previous contracts of employment and related correspondence;

·       any occupational health assessments and medical information you have provided, and related work requirements; and

·       *your training and development qualifications, requests and requirements.

(b)        ensuring that you have the right to work for the College. Such personal data includes:

·       *your recruitment information (including your original application form and associated information submitted at that time);

·       other data relating to your recruitment (including your offer of employment and related correspondence, references we took up on your appointment, and any pre-employment assessment of you); and

·       *evidence of your right to work in the UK (e.g. copies of your passport).

(c)        paying and rewarding you for your work. Such personal data includes:

·       *your bank details;

·       *details of your preferred pension scheme;

·       your current and previous salary and other earnings (e.g. maternity pay, overtime), and the amounts you have paid in statutory taxes; and

·       correspondence between you and the College, and between members and staff of the College, relating to your pay, pension, benefits and other remuneration.

In addition, we maintain records of your use or take-up of any benefit schemes provided by us, which we collate and monitor to review the effectiveness of these staff benefits. The legal basis for this processing is that it is in our legitimate interest to ensure that any staff benefit schemes represent good value for money to both you and us, and to ensure that you do not overuse your entitlements.
(d)        administering HR-related processes, including records of absences and regular appraisals of your performance and, where necessary, investigations or reviews into your conduct or performance. Such personal data includes:

·       *records of your induction programme and its completion;

·       *records of your performance appraisals with your line manager;

·       records, where they exist, of any investigation or review into your conduct or performance;

·       records of absences from work (including but not limited to annual leave entitlement, sickness leave, parental leave and compassionate leave); and

·       correspondence between you and the College, and between members and staff of the College, regarding any matters relating to your employment and any related issues (including but not limited to changes to duties, responsibilities and benefits, your retirement, resignation or exit from the College and personal and professional references provided by the College to you or a third party at your request).

(e)        maintaining an emergency contact point for you. Such personal data includes details of your preferred emergency contact, including their name, relationship to you and their contact details.*
(f)         monitoring equality and diversity within the College. Such personal data includes information relating to your age, nationality, gender, religion or beliefs, sexual orientation and ethnicity.*
(g)        disclosing personal information about you to external organisations, as permitted or required by law.

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.

Data marked with an * above relate to information provided by you, or created in discussion and agreement with you. Other data and information is generated by the College or, where self-evident, provided by a third party.

We would not monitor social media sites for any personal data relating to you, unless we believed there was a legitimate interest for us to do so (e.g. monitoring compliance with an agreed plan, such as a homeworking agreement) and only if we inform you we might do this in advance. Consequently, we do not routinely screen your social media profiles but, if aspects of these are brought to our attention and give rise to concerns about your conduct, we may need to consider them.

We also operate CCTV on our sites, which will capture footage. Our CCTV policy can be viewed at www.st-edmunds.cam.ac.uk/data-protection/cctv.

For certain posts, we may use the Disclosure and Barring Services (DBS) and Disclosure Scotland to help assess your suitability for certain positions of trust. If this is the case, we will make this clear to you in separate correspondence. Certificate and status check information is only used for this specific purpose, and we comply fully with the DBS code of Practice regarding the correct use, handling, storage, retention and destruction of certificates and certificate information. We recognise that it is a criminal offence to pass this information on to anyone who is not entitled to receive it.

Who we share your data with

We would normally publish your name, photograph (if you have provided one) in College on a photoboard, and for certain senior staff your name, photograph, your email and College contact phone number may be published on our website and elsewhere.

We share your personal information where necessary and appropriate across the collegiate University. The University and its partners (including all of the Colleges) have a data sharing protocol to govern the sharing of staff and members of the College. This is necessary because they are distinct legal entities. The parties may share any of the above categories of personal information, and the agreement can be viewed in full at https://www.ois.cam.ac.uk/policies-and-protocols/data-sharing-protocols. Any transmission of information between partners is managed through agreed processes that comply with UK data protection legislation.

We share relevant personal data with our sub-contracting agents (including but not limited to payroll and health and safety) and with relevant government agencies (e.g. HMRC) and your pension provider. Information is not shared with other third parties without your written consent, other than your name, role and employment contact details which are made publicly available. Generally, personal data is not shared outside of the European Economic Area.

We hold all information for the duration of your employment and for no more than twelve monthsafter the end of your employment. After that time, we retain a small subset of personal data for up to seven years after your relationship with the College ends:

·                   *personal details, including name and your preferred personal contact details (if we still have these);

·                   your previous salaries and other earnings, pensions and the amounts you have paid in statutory taxes;

·                   records of your performance appraisals with your line manager;

·                   records, where they exist, of any investigation or review into your conduct or performance;

·                   your reasons for leaving and any related correspondence;

·                   any references we have written subsequent to your employment with us.

 

Those marked with an * relate to information provided by you, or created in discussion and agreement with you.

We reserve the right to retain the personal data longer than the periods stated above, where it becomes apparent that there is a need to do so – for example, in the event of a major health or personal injury incident, records may need to be kept for up to forty years.
We then store in a permanent archive your full name and title, and your job title(s) or College affiliation(s) and the corresponding dates of employment/membership.

Your rights

You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Failure to provide the information reasonably requested of you may result in disciplinary action taken by the College, which could ultimately lead to your dismissal from employment.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at https://ico.org.uk/concerns