Privacy notices

We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers or other background check agencies, and information from criminal records checks permitted by law. We will also collect additional personal information in the course of job-related activities throughout the period of you working for us.

The University may collect a range of information types about you. This includes:

• your name, address and contact details, including email address and telephone number, date of birth and gender;
• the terms and conditions of your employment;
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
• information about your remuneration, including entitlement to benefits such as pensions or insurance

BCU needs to process data to enter into an employment contract with you and to meet our obligations under your employment contract. For example, we need to process your data to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements if applicable. In some cases, we may need to process data to ensure that we are complying with our legal obligations. For specified positions, it may be necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a particular role. Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations. You have some obligations under your employment contract to provide BCU with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the terms of your employment contract, professional regulatory requirements or under the implied duty of good faith.

Your information will be shared internally, including with members of the HR and payroll teams, your line manager, managers in the business area in which you work, and IT staff who will only have access to the data when necessary for the purposes set out in section 3 above, and in line with their job role. BCU may share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers, and obtain necessary criminal records checks from the Disclosure and Barring Service. Data is stored in a range of different places, including in your personal file, in the University’s HR management systems and in other IT systems (including the organisation's email system). Your data may be transferred to countries outside the European Economic Area (EEA) to assist you with country-specific issues such as tax services which could only be dealt with from within that country. The University is also legally required to provide specified data to HESA for regulatory and analytical purposes. Please see the HESA privacy notices. Staff apprentices – We will share your data with training providers and end point assessors (as well as ESFA and potentially OFSTED).

The University takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or wrongly disclosed, and is not accessed except by its employees in the performance of their duties. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the General Data Protection Regulations. For more information about how the University protects and manages your personal data, a copy of BCU’s Data Protection Policy and Information Security Policy  is available on the policies page of the BCU website. Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Your personal data is retained, and securely and permanently destroyed, in accordance with the published BCU retention and destruction policy. In summary, information relating to your employment contract is retained for six years after your employment contract ends. This includes your personnel file held by Human Resources. However, some medical information and/or health and safety records may be kept for longer periods if required by law.

Under the Data Protection laws, you have a number of rights. You can:

• obtain access to, and copies of, the personal data that we hold about you;
• request that we cease processing your personal data if the processing is causing you damage or distress;
• require us not to send you marketing
• request us to correct the personal data we hold about you if it is incorrect;
• request us to erase your personal data;
• request us to restrict our data processing activities;
• withdraw consent for our processing of your data (this does not affect the lawfulness of our processing based on consent before its withdrawal);
• receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
• object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

If you would like to exercise any of your rights, please contact our Data Protection Officer using the following contact details:

By email to: informationmanagement@bcu.ac.uk

By post to: Data Protection Officer
Information Management Team
Birmingham City University
Floor 1, Joseph Priestley Building
6 Cardigan Street
Birmingham B4 7RJ

If you have any questions, comments or concerns about how we use or handle your personal data, please contact the Data Protection Officer using the contact details in section 8 above.

If you are not content with how we handle your information, we would ask you to contact our Data Protection Officer to help you in the first instance. However, you do also have the right to complain directly to the Information Commissioner at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Information about the Information Commissioner is available at www.ico.org.uk.

This privacy notice may be updated from time to time, so you may wish to check it each time you submit personal information to BCU. The date of the most recent versions will appear on this page (see version control). We encourage you to check our privacy notice from time to time to ensure you understand how your data will be used and to see any minor updates. If material changes are made to the privacy notice; for instance, how we would like to use your personal data, we will provide a more prominent notice (including, for certain services, email notification or correspondence of privacy notice changes).