Coleg Cymraeg Cenedlaethol is committed to protecting the rights of staff in line with data
protection law and this document explains how your information is used, who it can be shared
with, and your rights and responsibilities. The Coleg has registered with the Information
Commissioner’s Office (ICO) to process personal data and you can see the registration on the
ICO website under Data Protection Register.
This notice is relevant to current and former employees, workers and contractors. This notice
is not part of any employment contract or other service delivery contract. We reserve the right
to update this notice at any time. It is important that you read this notice so that you are aware
of how and why we use such data.
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This means that any personal information about you
in our domain is treated in line with the following rules:
1. The information is used lawfully, fairly and transparently.
2. Information is only gathered for legitimate purposes that are clearly explained to you. The information is not used in any way that is incompatible with these purposes.
3. The information gathered will be relevant to the purposes that we have outlined to you and limited to those purposes only.
4. Information is checked to ensure it is accurate and up to date.
5. Kept only whilst it is needed by us.
6. Stored securely.
THE KIND OF INFORMATION KEPT BY US
Personal data, or personal information, means any information about an individual that the person can be identified from. It does not include data where the identity of the individual has been deleted (anonymous data).
There are “special categories” of more sensitive personal data which need a higher level of security.
We will collect, store and use the following categories of personal information about you:
1. Personal contact details such as name, date of birth, title, education and qualifications, addresses, bank details, car insurance details, image/photograph, equal opportunities monitoring data, sickness absence, start and end dates of your employment at the Coleg.
2. Details of your next of kin in case of emergency.
PURPOSESDuring the recruitment process and throughout your employment or work with us, Y Coleg
Cymraeg Cenedlaethol will collect, use and store (i.e. process) your personal data. Elements
of your personal data will be stored securely by the Coleg in line with the Coleg’s Records
Retention Schedule (stored on the JISC system (for a specific time after your employment
comes to an end.
Here are the ends that Coleg Cymraeg Cenedlaethol could meet by processing your personal
data:
staff administration (including recruitment, appointment, training, promotion,performance assessment, disciplinary matters, health, pensions and other matters relating to employment)
access to, and safety of the Coleg’s facilities (including computer services, conferencing
and welfare services)- accounting and financial purposes including salary, workforce planning and other strategic planning activities
- internal and external audit purposes
- meeting health and safety obligations and equal opportunities monitoring obligations
- promoting the academic specialism profile of the Coleg and promoting the Coleg’s
- development programme, as appropriate
- fulfilling statutory duties to provide information to external agencies (see ‘Disclosures’ for further details)
- and other activities that form part of the legal business direction of the Coleg that does not breach your rights and freedom.
We collect personal information about staff through the application and recruitment process,
either directly from applicants or sometimes from employment agencies or background check
providers. We may collect additional information from third parties including former employers,
credit checking agencies or other background checking agencies.
DISCLOSURES
Where necessary, the Coleg will disclose, outside of the Coleg, relevant items of your personal
data as noted below.
| Government Departments and other UK agencies with responsibilities relating to preventing and identifying crime, holding and prosecuting criminals, collecting taxes or duties, or protecting national security |
In order to meet statutory requirements and otherwise as necessary for the wellbeing of the public, and regarding your rights and freedom. (Including Her Majesty’s Revenue and Customs, the Department of Work and Pensions, the Home Office’s UK Border Agency, Passports and Immigration and the Police) |
| USS | For the administration of the Coleg’s pension fund |
| Edenred | For the administration of the Coleg's childcare voucher scheme |
| The Coleg’s Landlords | For the purpose of allowing entry into the Coleg’s offices |
| BrightHR | For the purpose of keeping records of the Coleg’s personnel, as well as administrating the Coleg’s leave and sickness monitoring arrangements |
| Employers or potential education providers you have contacted | For the purpose of confirming your employment with Y Coleg Cymraeg Cenedlaethol |
| The public | As necessary under the conditions of the Freedom of Information Act 2000 and when it does not disclose or breach any of the Data Protection Principles |
| BCCIT | For the purpose of creating backup copies of the Coleg’s data |
| The Coleg’s Bank | In order to process salary and subsistence payments |
| Sage | For the purpose of user support for the Coleg’s payroll software |
| Micross | For the purpose of user support for the Coleg’s finance software |
| Enterprise | Personal details for car hire purposes |
| Hotels | For arranging accommodation for staff if necessary |
| External Health Check Providers | The name of a staff member registered for the service in order to arrange an appointment. Any further information is stored confidentially between the provider and the individual. |
| Occupational Health Services | If it is necessary to refer a staff member to the occupational health service, the Coleg will share the information necessary for the service with the consent of the staff member. |
| Training Providers | The Coleg will share the necessary information so that the training providers can provide an effective service to the Coleg. |
| Financial Advisor | The name of a staff member registered for the service in order to arrange an appointment. Any further information is kept confidentially between the provider and the individual. |
The Coleg can from time to time make other disclosures without your permission. However, these will always follow a legal basis. We will always insist that any third party respects the protection of your data and processes it in line with the law.
HOW WE USE DATA WE HOLD ABOUT YOU
There are specific categories of sensitive personal data that require a higher level of protection. We need further justification for collecting, storing and using this kind of personal information. We have an appropriate policy document and safeguarding measure that is required by law to be maintained when processing such data. We can process specific categories of personal information under the following circumstances:
1. Under limited circumstances, with your specific written permission.
2. Where needed to fulfil our legal obligations or our practical implications in relation to employment.
3. Where it is necessary for the welfare of the public, such as for equal opportunities monitoring or in relation to our vocational pension scheme.
Less commonly, we are able to process this type of information where needed in relation to legal claims or where it is needed in order to protect your interests (or those of others) and that you are unable to give your permission, or where you have already made the information public.
Automatic decision making occurs when an electronic system uses personal information to make a decision without human intervention. We have the right to make automatic decisions in the following circumstances:
1. Where we have informed you of the decision and have given you 21 days to note any objection.
2. Where it is necessary to fulfil the contract with you and that appropriate measures are in place to protect your rights.
3. In limited circumstances, with your specific written consent and where appropriate measures are in place to protect your rights.
HOW LONG WILL YOU USE THE DATA ABOUT ME?
We will only keep your personal information for as long as necessary to fulfil the purpose for which we collected it, including for the purpose of satisfying any legal, accounting or reporting requirements. In order to determine the appropriate retention period for personal data, we consider the sum, nature and sensitivity of the personal data, the potential risk of harm that may arise from using or disclosing your personal data without your authorisation, the purposes for which we process your personal data and if there is a way of achieving that purpose by other means, and the relevant legal requirements.
In some circumstances, we may anonymise your personal data so that it is no longer linked to you, and if so, we may use such information without further notice to you.
When you leave the Coleg, we will retain and then destroy your personal information safely in line with relevant laws and legislation.
ACCESS RIGHTS, AMENDMENTS, CANCELLATION AND RESTRICTION
Data Protection legislation means that we have to keep your information safe. This means that your confidentiality will be respected, and that appropriate measures will be taken to avoid unauthorised access and disclosure. The only staff that will have permission to access your personal data are those that need your data. Other passwords and safety restrictions will be placed on electronic information about you, and white paper files are stored in safe areas with restricted access.
It is possible that some processing on behalf of the Coleg is done under contract to this end. Organisations processing personal data on behalf of the Coleg will be required to process data in line with Data Protection legislation.
If you have any questions regarding how we process your personal information, contact the Coleg’s Human Resources officers. You are entitled to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters.
YOUR RESPONSIBILITIES
You have a responsibility to keep your personal information accurate and up to date. You can do this by updating your details by informing Human Resources officers at the Coleg.
You also have responsibilities under the General Data Protection Regulations for any personal data relating to others you may have access to whilst you are at the Coleg. This responsibility is in addition to any liability that arises from professional ethics or codes of conduct.
It is a criminal offence for staff to disclose personal details intentionally and recklessly to anyone that is not entitled to receive it or attempting to obtain data without permission. If any one of our staff members breach any of the conditions of the General Data Protection Regulations, the Coleg will consider this a very serious matter, and could include consideration of disciplinary measures.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice at any time, and we will give you a new Privacy Notice when we make any significant changes to it. We may also inform you in different ways from time to time regarding processing your personal information.
If you have any questions regarding this privacy notice, please contact Human Resources officers at the Coleg.
Further information is available on these websites or on the Information Commissioner’s Office website.