Privacy Information for Staff, Job Applicants and Other Working at the University

Return to our central privacy information

This privacy notice applies to current and former employees, workers, contractors, honorary position holders, volunteers and visiting lecturers. It explains how we'll process your personal data. This notice does not form part of any contract of employment or other contract to provide services.

What information do we hold?

We hold a range of personal data about you, some of which you provide to us directly and some of which we receive from third parties.

Here are some examples of types of personal data we hold:

  • Personal details such as name, title, date of birth, gender, martial status and dependents
  • Contact details such as address, telephone number and personal email address
  • Next of kin and emergency contact information
  • National Insurance Number
  • Bank account details, payroll details and tax status information
  • Salary, annual leave, pension and benefits information
  • Location of employment or workplace
  • Recruitment information (including copies of qualifications, right to work documentation, driving license references and other information included in a CV or cover letter or as part of the application process)
  • Employment records (including job titles, work history, working hours, training records and professional memberships)
  • Immigration information (for example passport details and language proficiency)
  • Performance information
  • Disciplinary and grievance information
  • CCTV footage and other information obtained through electronic means such as swipe card records
  • Information about your use of our IT systems
  • ID card image and photographs
  • Location data gathered through logging into University Eduroam WIFI in campus buildings, including teaching and learning spaces and public areas. Location data gathered through the use of logging in via staff cards.
  • Username data gathered through logging into University Eduroam WIFI in campus buildings, including teaching and learning spaces and public areas. This is gathered solely to support the NHS Test and Trace system and is kept for a strictly limited period of time.

We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, disability, age, religious beliefs, gender reassignment, sexual orientation, political opinions, marriage and civil partnership and pregnancy and maternity
  • Trade union membership
  • Information about your health, including any medical condition, health and sickness records
  • Information about any criminal convictions, offences and barred list status
  • Health information where a staff member either self-reports symptoms of infectious illnesses, e.g. Covid 19 or Mumps, or where the University is informed by Public Health or NHS bodies.

How do we use it and why?

We process your personal data to help us to effectively administer the employment relationship between you and the University.

We only process data for specified purposes and if it is justified in accordance with data protection law. The table below lists the various reasons why we process personal data and the justification for it.

Some processing of your personal data is justified on the basis of contractual necessity. In general this applies to personal data you provide to us at when you first start working for us and throughout the duration of your employment with the University. It's to manage the employment relationship and to monitor performance

Without this information we wouldn't be able to employ you and follow the law, assess your application, offer you work with the University or make reasonable adjustments. Some personal data is also required to fulfil our legal obligations (for example, immigration or HMRC)

Why we process your data
 PurposeLegal Basis Justification
To make a decision about your recruitment or appointment Contract Necessary prior to entering into an employment contract and to comply with Employment Law
To determine the terms on which you work for us Contract Necessary for the performance of the employment contract and to comply with Employment Law
To allocate and manage work responsibilities Contract Necessary for the performance of the employment contract and to comply with Employment Law
To pay salary, tax and pension contributions and process associated benefits Contract Necessary for the performance of the employment contract and to comply with Employment Law
To manage performance and conduct Contract Necessary for the performance of the employment contract and to comply with Employment Law
To manage training and development needs and opportunities Contract Necessary for the performance of the employment contract.
To support the administration and application of professional accreditations and chartermarks including Athena Swann, Race Equality and Stonewall. Legitimate Interest & Consent

Professional accreditation demonstrates the organisation's commitment to meet high professional standards

Data will generally be shared in aggregated and anonymised format, but where personally identifiable data is shared (pictures/pen portraits) these will be shared with your consent.

To monitor equality, diversity and inclusion Legal Obligation Necessary for our legal obligation to promote an inclusive work environment and to comply with Employment Law and our other legal obligations including the Equality Act 2010
To provide IT services, building access and library services Contract & Legitimate Interests Necessary for the performance of the employment contract.

Please note that anyone using non-UoN accounts to access Microsoft 365, your email address will become visible to anyone searchng for you within Microsoft Teams. We are unable to enable access to M365 without your data becoming searchable in this way.

Wifi and Bluteooth information may be used to generate anonymised space usage statistics

For non-essential library users, the legal basis for this processing is Legitimate Interest.
To implement and ensure compliance with University policies Contract & Legal Obligation Necessary for the performance of the employment contract, and to comply with University policy, Employment Law and ICO Code of Practice
To carry out surveillance via CCTV including body-worn cameras for the prevention, reduction, detection and investigation of crime and other incidents; to ensure the safety of staff, students and visitors; to assist in the investigation of suspected breaches of University regulations by staff or students; and the monitoring and enforcement of traffic related matters.

Legitimate Interests & Statutory Obligation &
Contract

The University has a legitimate interest in ensuring that its campuses are safe places to work, live and study. It has a statutory duty of care to its staff and students to ensure a safe environment. 

Where individuals use car parking facilities, they have entered into a contract with terms and conditions that require surveillance for monitoring purposes.
To assess, monitor and manage fitness and capability to work and manage sickness absence Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
To manage health and safety incidents including statutory reporting and medical referrals Legal Obligation Compliance with the Health and Safety At Work Act.

To monitor exposure of Estates staff to vibration from University-provided mechanical equipment.

Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
To manage regrading and promotion processes Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
Providing management information and testing functionality of HR system developments Contract & Legal Obligation & Legitimate Interests Necessary for the performance of the employment contract, to comply with Employment Law and our legitimate interests to ensure HR systems operate securely and efficiently and, also, to inform management decisions
To communicate with you as an applicant (including to survey you about your experiences) and during your employment Contract & Legal Obligation & Legitimate Interests Necessary for the performance of the employment contract and to comply with Employment Law and our other legal obligations and our legitimate interest in consulting with staff and raising awareness of initiatives and opportunities
To provide you with employment-related benefits Contract Necessary for the performance of the employment contract
To liaise with your pension provider Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
To sponsor international staff to work in the UK Contract & Legal Obligation & Legitimate Interests Necessary for the performance of the employment contract and to comply with Employment Law and our other legal obligations
To check right-to-work status and support visa applications Contract & Legal Obligation & Legitimate Interests Necessary for the performance of the employment contract and to comply with Employment Law and our other legal obligations
To submit grant funding applications and/or enter into grant funding agreements with funders, including, but not limited to the UKVI, and/or share information with other institutions leading on a funding application. Monitoring information is  shared with the UKRI in aggregated form. Public Task & Contract Necessary to enable the University to access funding resources to allow it to carry out research
Compliance with research funders’ policies on bullying and harassment Legitimate Interests Research grant providers require applicants to demonstrate that they are of good character and not subject to live bullying, harassment, research misconduct or scientific fraud claims/sanctions as part of their due diligence processes before releasing funds and during the lifetime of the project or staff association with the funder (panel member, peer reviewer etc.).

Failure to process the requested data would result in UoN’s ability to access funding sources being restricted.
To gather evidence for possible grievance or disciplinary hearings Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
To make decisions about your continued employment or arrangements for the termination of our working relationship Contract & Legal Obligation Necessary for the performance of the employment contract and to comply with Employment Law
To provide references on request Contract or Consent Necessary for the performance of the employment contract for applicants or where consent has been given
To assess suitability and eligibility to undertake work at the University (including pre-employment checks, for instance, asking for references, pre-screening questions, asking about unspent criminal convictions) Contract & Legal Obligation & Legitimate Interest Necessary for us to engage with your on the process of establishing a contract (contractual necessity), to fulfil the legal duty of an employer to ensure the safety and welfare of its staff and students (compliance with a legal obligation) and in our legitimate interest
Providing services administered by key suppliers including travel, insurance, accommodation and vehicle hire Contract & Legal Obligation Necessary for the performance of the employment contract to comply with Employment Law
Carrying out internal research and analysis for non-academic purposes including monitoring performance and quality at an institutional level and where there is no direct impact on data subjects Legitimate Interest Legitimate interest in ensuring that the University is able to benefit its staff and students through understanding how they are impacted by its practices and enacting continuous improvement to its policies, processes and technologies.
Participation in the Research Excellence Framework (REF) Legal Obligation For more details on how personal data is processed for the REF, please see the dedicated website and privacy notice here.
Purchasing and administering memberships with UoN Sport, and for the arrangement of training and advice, sporting competitions, tournaments, matches and fixtures Contract Contract with UoN Sport
Collection and analysis of publicly accessible records of sporting achievement, such as National Sport Governing Bodies and Power of 10 Legitimate Interest Legitimate interest in enabling the University to recognise sporting achievements of staff
Shared with third party contractors providing services on behalf on the University such as apprenticeships, software solutions Legitimate Interests & Contract Necessary for the purposes of the contract with the third party and the Legitimate Interests of the UoN to provide services to staff and to comply with ICO recommendations where data processing occurs
Basic departmental contact details published internally and externally on staff lookup and/or team websites Legitimate Interest & Contract Necessary for the purposes of contracts and collaboration agreements, in the legitimate interests of UoN to fulfil those obligations within agreements
For the purposes of conducting competitions and recognition schemes, making awards and giving prizes Legitimate Interests There is a clear and established benefit to the University being able to run competitions and award excellence.
For the purposes of measuring aggregated engagement via the use of tracking pixels within newsletters and other circular materials sent via the DotDigital platform. Legitimate Interests The compilation of aggregated statistics to enable the measuring of engagement with materials produced by the University necessitates the collection of data at an individual level in order to prevent multiple clicks from a single user being interpreted as an inflated level of engagement.

For staff living in University-managed accommodation, administering matters relating to that accommodation including fees, health and safety, catering, cleaning and maintenance and disciplinary procedures.

 

Contract  Contractual necessity. The accommodation service may use personal email addresses for the purposes of communicating with students.

To maintain the health of our entire campus population, by monitoring staff movements around campus to enable effective Test and Trace processes during global health events.

To identify those affected through Health Screening and Self Reporting.

The University is under a legal obligation to ensure health and safety of employees, students and visitors and those affected by its undertaking

It is in the University’s legitimate interests (ensuring wellbeing and minimising risk to the public as well as the delivery and continuance of operations)

It is the public interest.

Compliance with relevant national Health & Safety legislation and any national legislation bought in in the event of a Global Health Emergency.

Legitimate interest in ensuring that the University is a safe and healthy environment for all students, staff and visitors.

Clinical Academic staff (where jointly employed by UoN and the NHS) data relating to staff management and accountability including but not limited to strategic planning, joint appraisal and joint job planning.

 Contract Contractual necessity to enable the University to manage Clinical Academic staff where jointly employed by UoN and the NHS.

Call contents and voice when making calls to helpdesk facilities. Content may be recorded for training and monitoring purposes.

Legitimate Interests The University is entitled to record such information to enable it to identify training needs and monitor service level agreements


There may be other processing in addition to the above. This is done on the basis of our policies and we'll inform you  at the time when the data is obtained or as soon as possible afterwards.

Where the basis of processing your personal data is contractual necessity and you don't provide us with the personal data needed, the University may not be able to fulfil its employment contract with you (such as paying you) or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

How we use particularly sensitive personal information
PurposeLegal basis and justification
We use information relating to your health to make decisions regarding reasonable adjustments Processing of health-related data is necessary so that we can meet our obligations in the field of employment law
We use information about your race or ethnicity, religious beliefs, sexual orientation and political opinions to conduct equal opportunities monitoring Necessary for our legal obligation to promote an inclusive work environment and to comply with Employment Law and our other legal obligations
We use trade union membership information to pay trade union premiums, register that status of a protected employee and to comply with employment law obligations Processing is necessary so that we can meet our obligations in the field of employment law
We use information about your criminal convictions, reprimands and cautions to assess your suitability to carry out the work for which you are being engaged

Processing is necessary in order to:

  • meet our obligations in the field of employment law and fulfil our duty of care to staff and students;
  • safeguard children and vulnerable individuals;
  • prevent unlawful acts from occurring.

What information do we get from third parties?

Sometimes we receive your data from third parties. The following table lists what information we may receive from them.

Who we get data from
SourceData we may receive from them
Vacancy Manager (Stonefish) Your application and recruitment record
Home Office (UKVI) Your immigration status
Occupational Health Service, GPs/Medical Practitioners Medical, accessibility related and similar information (we only obtain this information from third parties if you give us consent to do so)
Relevant professional body (for example the GMC or NMC) Your professional registration status
University DBS provider (GBG plc) Your criminal record and barred list status
External Training Providers Training and development information
External Assessment Providers Psychometric testing and assessment outcomes
Other employment agencies Personal and contact details, your application and CV
Former employers Your previous employment record
Sporting achievement records Public records held by National and Regional Sport Governing Bodies, and Power of 10

Who do we share it with?

Sometimes we may need to share your data, including sensitive personal data. The following table gives examples of this kind of data sharing.

Who we share data with
RecipientWhat data we might share with them
Line managers Contact details, employment details, attendance, planned workload, performance, conduct, training and development information for the performance of the employment contract and health information to fulfil our duty of care and where necessary for the implementation of reasonable adjustments and/or the provision of additional health information
Our administrative and support staff Contact details, employment details, planned workload, immigration details, attendance, training, and development and progression information. Health information only where necessary for the implementation of reasonable adjustments and/or the provision of other support
Third-party organisations who host UoN employees as part of a secondment agreement Name, contact and employment details
Trade Unions Information relating to an employment relations matter
Investigation officers, hearing panel chairs and members, external solicitors, employment tribunals and ACAS Personal information relating to conduct, performance and employment
Research funders Staff details, including expertise and salary information for the purposes of auditing staff capabilities in order to secure funding.
Third-party organisations who process personal data on our behalf, such as training providers, assessment providers and employment surveyors Name, contact and employment details
Third-party organisations to whom a potential TUPE transfer is being made Employment contract terms and conditions and associated benefits (full employee liability information)
Official bodies to which the University is obliged to report, for example HESA  and the Office for Students, or their agents Information supplied as necessary to fulfil the University's reporting obligations to these bodies. This may include relevant special category data
Future employers Personal information relating to conduct, performance and employment, where we are asked for a reference
Professional development course tutors Course attendance lists and contact details
Government agencies such as UK Visa and Immigration Office and the Home Office Contact details, passport details, salary and other employment basis details for example fixed term or permanent contract status
University DBS providers (GBG plc) Name and contact details
University pension schemes (such as USS, CRSP, SPAS and the NHS) Personal information including contact details and salary and pension contribution details
HMRC Contact, pay and benefit details
Professional regulatory bodies where you are professionally registered Contact details, attendance and performance and conduct information
Information Systems department All personal data held electronically (for back ups and for the development of new systems)
Internal Audit Service Any personal data necessary for continued operation of internal controls and/or for the prevention, detection and investigation of suspected fraud or irregularities
UNNC (Ningbo campus) and UNMC (Malaysia campus) Contact details and performance details
The police (this will only be shared on request and where there is a legal basis for doing so) Information will be supplied as necessary in order to fulfil the University’s legal obligations with respect to the prevention and detection of crime
Software hosts and cloud providers Information will be shared with IT suppliers and providers in order to provide our services. This data may be subject to transfer outside of the EU, however, we ensure that there are contracts in place and carry out due diligence to ensure the safety of personal information.
NHS Test & Trace and PHE (or its replacement) We may share your contact details and information on your movements around University Campuses in order for them to identify individuals who you may have been in contact with or who may have been in contact with you. This is done in order for them to contact individuals where self-isolation may be required.


When do we transfer data overseas (outside of the European Union)?

As shown in the table above, we will share your data outside of the EU if you are assigned to work at UNNC and or UNMC during your employment, on the grounds that such data transfer is necessary for performing our contract with you. Data Transfers to Malaysia and China campuses are subject to data sharing agreements which contain the EU Model Clauses.

The University of Nottingham also works with suppliers and partners who may make use of Cloud and/or hosted technologies. We undertake data security due diligence on our partners, ensure that suitable contracts are in place and that these partners conform to appropriate accreditations.

Wherever these transfers take place, the University will have an appropriate contract in place and there are strict rules regarding the confidentiality and security of your information in place to safeguard it.

How long do we keep your data?

The University will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it. Details of retention periods for different aspects of your personal information are available in our Retention Schedule.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Usually employment-related personal data will be kept for approximately six years after the end of your employment. This retention period is linked to contract law dispute legislation. Personal data held in connection with health and safety may be retained indefinitely in view of the lifelong potential for Personal Injury (PI) claims to be submitted against the University.

Where can I get more information?

If you have any questions about this policy, please contact the data protection team.

We will keep this privacy notice under regular review and we will place any updates on this web page.

This page was last updated on 27 March 2024 at 17:27 (GMT)

 

Return to our central privacy information

University of Nottingham

University Park
Nottingham, NG7 2RD

telephone: +44 (0) 115 951 5151
fax: +44 (0) 115 951 3666
email: Contact us