To fulfil our role as your employer, we must hold certain information about you.
We need to obtain this information fairly and lawfully, so you will probably already be aware of what we hold.
We process your information for a number of reasons.
To comply with the law
The law requires us to process your information so we can:
- pay you
- make sure you work in a safe environment
- check you are fit to work
- monitor the diversity of our staff
- administer the NHS Pension Scheme.
Your employment contract
We process information in line with your contract, and our policies and procedures. This is so we can:
- assess your job applications
- provide you with employee benefits
- identify learning and development opportunities as part of managing your work performance
- detect and prevent any possible mistakes or fraud
- check you are complying with the terms of your employment
Our legitimate interests
We will use certain information to promote our values and interests, including:
- images and videos of you, for example, your photo for security purposes
- your comments, for use in publications
Where we process your information
Your information will not be transferred outside the UK or European Economic Area (link is external) (EEA), unless the EU has approved the country as having comparable data protection laws (link is external).
Sharing your personal information
We may share your information with:
- medical professionals, to assess your fitness to work and any reasonable adjustments that you need
- organisations you choose to make payments to through our payroll service, such as Give as You Earn
- your next of kin in an emergency situation
- the National Fraud Initiative (link is external), to help prevent and detect fraud
- people who request it, in circumstances detailed in our Information Governance (link is external) policies
- providers of business travel and accommodation when we book and pay for these
- organisations you have asked us to provide references to, such as a prospective employer, landlord or mortgage provider
- external shared service providers, eg, for HR and Payroll services, who are contracted to act as our data processor
- any other organisation who has a legal right to it
Keeping your personal information
Your information will be deleted from our systems as detailed in our Document Control and Records Management policy (link is external).
When you leave the HRA, we need to retain summary information to allow us to:
- provide previous employer references
- ensure the correct financial benefits and allowances have been calculated
- ensure you are paid the correct pension benefits when you retire
- assess any future Health and Safety claims you may have.
Your rights
The information you provide will be managed as required by Data Protection law.
You have the right to:
- receive a copy of the information we hold about you via a Subject Access Request (SAR)
- request your information be changed if you believe it was not correct at the time you provided it – you can update your information through the ESR self-service facility or by contacting your line manager
You can access your:
- annual pension benefits information, through Total Rewards Statement (link is external) (TRS)
- employment details, through ESR self service (link is external)
- performance information, in meetings with your manager
- object to your image or comments being used
From 25 May 2018, you have the right to:
- request that your information be deleted if you believe we are keeping it for longer than necessary.
Electronic Staff Record (ESR)
Electronic Staff Record (ESR) is a national HR & Payroll system for NHS Organisations. The terms and conditions can be found here
If you have any queries about this privacy statement, please send an email to the data protection officer using hra.data@nhs.net