Employee Privacy Notice

We collect personal information about employees, workers and contactors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers or other background check agencies, and information from criminal records checks permitted by law. We will also collect additional personal information in the course of job-related activities throughout the period of you working for us.

The University may collect a range of information types about you. This includes:

• your name, address and contact details, including email address and telephone number, date of birth and gender;
• the terms and conditions of your employment;
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
• information about your remuneration, including entitlement to benefits such as pensions or insurance

BCU needs to process data to enter into an employment contract with you and to meet our obligations under your employment contract. For example, we need to process your data to pay you in accordance with your employment contract and to administer benefit, pension and insurance entitlements if applicable. In some cases, we may need to process data to ensure that we are complying with our legal obligations. For specified positions, it may be necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a particular role. Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations. You have some obligations under your employment contract to provide BCU with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the terms of your employment contract, professional regulatory requirements or under the implied duty of good faith.

Your information will be shared internally, including with members of the HR and payroll teams, your line manager, managers in the business area in which you work, and IT staff who will only have access to the data when necessary for the purposes set out in section 3 above, and in line with their job role. BCU may share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third-party providers, and obtain necessary criminal records checks from the Disclosure and Barring Service. Data is stored in a range of different places, including in your personal file, in the University’s HR management systems and in other IT systems (including the organisation's email system). Your data may be transferred to countries outside the European Economic Area (EEA) to assist you with country-specific issues such as tax services which could only be dealt with from within that country. The University is also legally required to provide specified data to HESA for regulatory and analytical purposes. Please see the HESA privacy notices. Staff apprentices – We will share your data with training providers and end point assessors (as well as ESFA and potentially OFSTED).

BCU publishes information about researchers and research on its website, available to the general public. The Research Office can be contacted for more information about this.

The University takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or wrongly disclosed, and is not accessed except by its employees in the performance of their duties. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the General Data Protection Regulations. For more information about how the University protects and manages your personal data, a copy of BCU’s Data Protection Policy and Information Security Policy  is available on the policies page of the BCU website. Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality, and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Your personal data is retained, and securely and permanently destroyed, in accordance with the published BCU retention and destruction policy. In summary, information relating to your employment contract is retained for six years after your employment contract ends. This includes your personnel file held by Human Resources. However, some medical information and/or health and safety records may be kept for longer periods if required by law.

Research related information is exempt from the data protection principle of purpose and storage limitation and will be processed in accordance with Article 5(b) and 5(e) of UK GDPR.

Employees have some obligations under their employment contract to provide the University with data. In particular, they are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. They may also have to provide the University with data in order to exercise their statutory rights, such as in relation to 8  statutory leave entitlements. Failing to provide the data may mean that employees are unable to exercise their statutory rights.

Certain information, such as contact details,  right to work in the UK and payment details, have to be provided to enable the University to enter a contract of employment with an individual employee. If employees do not provide other information, this will hinder the University's ability to administer the rights and obligations arising because of the employment relationship.