Privacy Notice for Human Resources and Payroll Service
Our Human Resources (usually referred to as HR) supports and manages our employees and associated processes. It is seen as a core business function essential to our effective operation including managing the relationship between us an employer and you. The payment of salaries, pensions and other employment related benefits referred to in this privacy notice also apply to staff employed by Sevenoaks District Council under the shared services arrangement for Internal Audit and Fraud and Revs and Bens.
Most of the personal information we hold about you is provided by you. The information collected and held will vary depending on the purpose for which you are providing your personal information.
Processing activity - we will process personal information relating, but not limited to:
- employee relations, including resource planning, recruitment, termination, absence monitoring, health management, equal opportunities and succession planning
- HR budgetary and financial planning and administration
- organisational planning and development and workforce management
- compensation, payroll and benefit planning and administration, including salary, tax withholding, tax equalisation, awards, insurance, pensions, attachment of earnings, council tax
- workforce development, education, training and certification
- performance management
- problem resolution, including carrying out internal reviews, grievances, investigations and disciplinary and appeal hearings
- business travel and expense management
- business reporting and analytics
- administration of flexible work arrangements
- administration of employee enrolment and participation in activities and programmes offered to eligible employees, including wellness activities
- work-related injury and illness, including the management of employee health and safety and disabilities
- HR helpdesk support and case management
- to communicate with you and to facilitate communication between you and other people
- compliance and compliance reporting, including conflicts of interest and gifts and hospitality reporting
- risk management
- project management
- authorising, granting, administering, monitoring and terminating access to or use of our or third party facilities, records, property and infrastructure including communications services such as business telephones and email/internet use
- security passes and CCTV
Information requirements - our processing activities may include:
- telephone and email
- date of birth
- marital status
- sexual orientation
- preferred language
- details of any disabilities
- passport and/or driving licence details
- interview notes
- work visas
- next of kin
- records/results of pre- employment checks, including criminal record checks (DBS), credit and fraud checks
- pension information
- CVs, resumes and/or application forms
- references, records of qualifications, skills, training and other compliance requirements
- letters of offer and acceptance of employment, your employment contract, job descriptions
- bank account details, national insurance number, tax code, attachment of earnings, P45/tax declaration
- salary information
- length of service information
- health information/medical conditions/diagnosis/health screening
- covid-19 test results and vaccination status
- absence records
- leave requests
- employee identification number
- computer or facilities access and authentication information, identification codes, passwords, answers to security questions
- risk assessments
- performance ratings, leadership ratings, targets, objectives, records of performance reviews, records and/or notes of 1 to 1s and other meetings, personal development plans, personal improvement plans, correspondence and reports
- interview/meeting notes or recordings, correspondence
Lawful basis1- our lawful basis for processing your personal information is that it is necessary:
- for the performance of a contract between you and us or in order to take steps at your request prior to entering into a contract (Employment Rights Act 1996)
- to comply with a legal obligation(s) eg: court orders, statutory payments etc
- in our legitimate interests
If we use your information for a reason other than to further an employment contract (for example given the importance of staff and property security, CCTV cameras are an effective way to protect our staff against assault and harassment and prevent property related crimes. Business security passes provide an additional defence against intruders), then we generally do this based on our legitimate business interests. Before doing this, though, we will always carefully consider and balance any potential effects on you and your rights, to ensure that we do not infringe your reasonable expectation of privacy. We have a Legitimate Interests Policy that sets out how this information will be handled.
We have a duty of care towards you and your colleagues and obligations under health and safety legislation. We may request staff to undertake lateral flow tests before attending the workplace. Such requests, in consultation with you, will be dealt with on a case by case basis, dictated by fact specific circumstances, such as the nature of your work and any evidence on the necessity of testing in the particular environment.
Reasons for processing - some of the information that is collected and shared is classified as:
- special category personal data (as defined by Article 9 UK GDPR & section 10(1)(a) DPA 2018);
- criminal convictions and offences (including alleged offences) (Article 10 UK GDPR & section 10(5) and Schedule 1, Part 1, para.(1)(a) DPA 2018).
This is processed where it is necessary for the purposes of carrying out our obligations and exercising our specific rights in the field of employment. We have a Data Protection Policy that sets out how this information will be handled.
Data processor - we have a shared service arrangement with Mid Kent Services (hosted by Maidstone Borough Council) to provide our payroll service. Mid Kent Services is our data processor. It is only permitted to process your personal information in accordance with our written instructions.
Data sharing - your personal information may be shared with and/or obtained from:
- Kent Pension Fund (the administrators of the Local Government Pension Scheme (LGPS)– where you are a member of the LGPS
- Health Management - our occupational health service
- Health Assured - our employee assistance programme
- JELF - our insurance broker
- BUPA - our private healthcare provider – where you are a member of BUPA
- Sodexo - our childcare voucher provider
- PM and M - our employee benefits provider
- uCheck - our DBS check provider
- Unison - where you have requested your membership be paid through payroll
- any other union that you may be a member of
- council department(s)
- training and development providers
- HM Revenue and Customs
- ACAS (employment tribunal related activities)
- Cabinet Office (as part of the National Fraud Initiative)
- Office of National Statistics
- service providers
We may rely on a number of exemptions, which allow us to share information, having identified a lawful basis. Please refer to the Kent and Medway Information Agreement for further details on our sharing arrangements.
Retention period - we keep your personal information for the minimum period necessary. The information outlined in this Privacy Notice will be kept for six years from the date of file closure although certain information may need to be kept for a longer period to comply with legislative requirements. All information will be held securely and disposed of confidentially.
Data portability - you have the right to obtain from us and reuse personal information you have provided to us (in automated form) for your own purposes by asking us to move, copy or transfer your personal information from one IT environment to another, in a safe and secure way without hindrance to user ability. However, we can only offer data portability where we are able to as we may be subject to system restrictions.
Anonymisation - your personal information may be converted ('anonymised') into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Aggregated data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.
Right to object – where we are relying on the ‘legitimate interests’ lawful basis for the processing of your personal information, you have the right to object on ‘grounds relating to your particular situation’. We will have to demonstrate why it is appropriate for us to continue to process your personal data.
Changes to this Privacy Notice - we review this Privacy Notice regularly and will place updates on our website.
1 Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information
GDPR/Privacy Notices/Human Resources and Payroll Services Privacy Notice