People Services - Human Resources and Organisational Development and Culture privacy notice

People Services comprises customer experience. There is a separate privacy statement in respect of Customer Experience (Customer Service)

Human Resources and Organisational Development and Culture services will collect and process your personal information using fair and transparent information practices that comply with the General Data Protection Regulation (2016/679 EU) and the Data Protection Act 2018.

This notice explains how the Human Resources and Organisational Development and Culture services will manage this personal data. 

What personal information is being processed and what for

The Human Resources and Organisational Development and Culture services collects and processes a range of information about you on behalf of Cheshire East Council. This includes:

• your personal details, name, address, email, gender, date of birth etc
• the terms and conditions of your employment
• your qualifications, skills, experience and employment history
• your remuneration, including entitlement to benefits such as pensions
• bank details and NINO
• marital status, next of kin, dependants and emergency contacts
• nationality and entitlement to work in the UK
• work patterns
• absence and leave periods
• grievance procedures or warnings
• performance and training
• medical or health conditions that require workplace adjustments
• if provided, ethnic origin, sexual orientation, health, and religion or belief

Why the organisation processes personal data

The Council needs to process data to:

• create your contract
• pay you the right amount and any benefits
• check entitlement to work in the UK
• comply with Health and Safety

Processing employee data allows the organisation to:

• run an efficient recruitment selection process
• plan its resources
• process payroll
• manage workplace issues or risks
• maintain accurate employment records
• manage conduct of staff
• record employee performance
• record employee absence and leave
• deliver occupational health advice
• administer flexible working arrangements
• control access to data
• deliver effective general HR and business administration
• provide references
• respond to and defend against legal claims
• maintain and promote equality in the workplace

These examples are illustrative and non-exhaustive. 

Why we are allowed to use your information

To deliver an efficient and cost-effective service, whilst considering the legitimate reason for the use of this data. Reasons for use of your data is set out in your employment contract.

We are legally obliged to carry out checks relating to employment of staff delivery services to vulnerable adults and children This is processed through the DBS service.

To ensure we deliver equal opportunities.

Some services such as Employee Assistance Programme or certain benefit schemes, will require your explicit consent when you access these.    

Who we will share your information with

Your information will be shared with the Human Resources team, your line manager and other relevant officers for a legitimate reason.

It may also be shared with third parties to:

• obtain pre-employment checks
• undertake Disclosure and Barring Service checks (DBS)
• pay you and to deliver pension and occupational health services
• determine eligibility to training programmes, courses and apprenticeships
• HMRC, pensions agencies, Student Loans, government agencies, Health and Safety Executive or as instructed by the Court system, to fulfil the Council’s legal obligations where applicable
• where applicable Skills for Care National Minimum Dataset Statutory Return, Children’s Social Work Workforce Return

We may disclose your personal information for legitimate purposes to:

• agencies who perform services on behalf of the Council
• a newly formed or acquiring organisation if it is involved in a merger, sale or a transfer of some or all of its business
• any recipient, if we are required to do so, such as by applicable court order or law
• any recipient, with your consent, such as for employment verification or bank loans
• any recipient when reasonably necessary such as in the event of a life-threatening emergency

Where we get your information from

The organisation collects your information in a variety of ways, such as;

• application forms and CVs
• identity documents such as Passports or driving licence
• qualification certificates
• correspondence from training providers and you
• interviews, meetings or other assessments
• third parties, as permitted by law e.g. former employers or DBS checks

How long we will keep your personal information

The organisation will hold your personal data for the duration of your employment.

Any period longer than your employment, which data is retained for will comply with the law, this is set out in the Information Asset Register.

If we intend to process your personal data for a purpose other than that for which it was collected, we will let you know what this is for and why.

How your information is stored

• personnel file on SharePoint (HR Docs)
• case files in HR electronic storage systems
• the Council’s HR management system
• line manager’s storage systems
• archived secure storage at Northwich Salt Mine
• IT systems, such as email, the Council’s recruitment processing system, the training and development recording system and the Occupational Health Provider’s system 

How we protect your personal information

We use secure password protected systems to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information. 

You must help us achieve this by keeping your own personal information and that of your colleagues, and third parties secure. You should not share your (or anybody else’s) personal information unless there is a genuine business reason for doing so.

We take appropriate organisational and technical security measures to ensure personal information held is not accessed by anyone it shouldn’t be.

When we use third party organisations to process information on our behalf, we ask them to demonstrate they comply with

• our own security requirements
• instructions we give them to ensure compliance with data protection legislation.

We take reasonable steps to ensure that personal information is accurate, complete, and current.

Help us to maintain this accuracy by notifying Human Resources of any changes to your personal information or that of your beneficiaries or dependents. 

What happens if you don't provide us with your information

As certain data is used to enter into a contract with you, failing to provide this data may mean that you are unable to exercise your statutory rights and will hinder the ability of this organisation to efficiently manage an employer-employee relationship.

Will your information be used to make automated decisions

No, employment decisions are not based on automated decision-making.

Will this information be transferred abroad

The information supplied in your job application maybe stored on servers that are owned and maintained outside of the UK.   

Any data processor working on behalf of Cheshire East will be covered by GDPR.

Your rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have the right to

• be informed about the processing of your personal data 
• rectification if your personal data is inaccurate or incomplete
• access to your personal data and supplementary information, and the right to confirmation that your personal data is being processed
• the right to object to the processing of your personal data for direct marketing, scientific or historical research, or statistical purposes.
• the right to be forgotten by having your personal data deleted or removed on request where there is no compelling reason for Cheshire East Council to continue to process it (requests to amend data will normally be processed within one month)
• the right to restrict processing of your personal data, for example, if you consider that processing is unlawful or the data is inaccurate. You can ask the organisation to stop processing data for a period if the data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing the data.
• the right to data portability of your personal data for your own purposes (for example, you will be allowed to obtain and reuse your data 

If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing before your consent was withdrawn.

If you believe that the organisation has not complied with your data protection rights, you should discuss the issue with your supervisor, manager, or contact the Human Resources and Organisational Development and Culture services at humanresources@cheshireeast.gov.uk.  

If you would like to exercise any of these rights, please contact Cheshire East Council’s Data Protection Officer, Julie Gibbs on 01270 686606 or Julie.gibbs@cheshireeast.gov.uk.  

You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that Cheshire East Council has not complied with the requirements of the GDPR or DPA 18.