Privacy Notice - Staff

A bit about us

The University of Salford is the “Data Controller” of your personal data and is subject to the UK General Data Protection Regulation 2016 (“GDPR”). We are registered with the Information Commissioner’s Office (“ICO”) Z469563X and our Data Protection Officer is Andrew Hartley. We are committed to ensuring that your personal data is handled in accordance with the regulations.

Why do we collect your Data?

Under the GDPR we have to have justification (“legal basis”) for obtaining your information and for Staff we believe this is:

1. Contract

The legal basis for this is your contract of employment.

2. Employment, social security and social protection

In order to meet our legal obligations in connection with employment, social security or social protection the university processes special category data.

When Do We Collect Data?

We collect data about you at various stages in your relationship with us. This may be:

• When you first applied to us for a job, then thereafter when we require additional information from you based on your role at the university;.
• When we obtained a reference or details of your previous employment history.
• Throughout your time as an employee, e.g. performance, health etc.

What sort of data do we collect?

Under the GDPR we will only collect the minimum amount of information needed to carry out a specific purpose. We may collect the following type of personal data about you:

1. Information that helps identify you, e.g. your name, date of birth, passport number and personal email address
2. Information relating to your education and employment history, e.g. qualification and exam results, previous places of work etc.:
3. Information about your family or personal circumstances, where this is relevant to the assessment of your suitability to your job or your wellbeing (e.g. emergency contact details).
4. Financial and tax information such as bank account details, NI numbers, payroll records and tax status information;
5. Work related data, for example, salary, length of service, right to work status, course and learning completion;
6. Information about your activity in the university, for example:
   • Library loan history;
   • Use of electronic resources;
   • Access and use of university systems and spaces;
   • Authorship of research outputs and data
7. Sensitive personal data, including, for example, information about medical conditions, criminal convictions, gender, race and personal identity
   • Information about your racial or ethnic origin, religion, preferred gender, trade union membership, marital status, age, gender at birth and sexual orientation,
   • Criminal convictions on staff who work with young and/or vulnerable people.This data is collected to satisfy our legal obligation under Schedule 1 of the Data Protection Act 2018.

This data is collected to satisfy our legal obligation under Schedule 1 of the Data Protection Act 2018.

Updating your contact details?

The accuracy of your personal information is important to us. You can let us know about any changes in home address and emergency contact details at any time by filling out the Change of Address ticket on the Payroll Portal accessible from the staff hub Homepage. Other changes of personal information can be changed by emailing hradvice@salford.ac.uk.

How Do We Use Your Information?

We will process your personal information and data for a range of purposes associated with your employment here. The primary purposes are:

• HR administration, including training and development
• Providing facilities and services such as IT, and car parking provision,
• Preventing and detecting crime, such as using CCTV and ID photographs,
• Meeting legislative requirements, such as right to work in the UK
• Provision of wellbeing and support and health and safety services,
• Financial management, including salary payment and pensions administration,
• Complying with statutory requirements, such as monitoring equal opportunities
• Assessment of performance and to support organisational development
• Provision of employee benefits such as lifestyle discounts and recognition schemes

We will also process sensitive personal information for some purposes, including:

• Equal opportunities monitoring,
• Managing certain HR processes as sick pay, maternity leave, managing absence,
• Provision of occupational health and wellbeing services,
• Providing a safe environment and supporting fitness for work

How Long Do We Keep Your Data For?

Data is retained for as long as it is required to perform its purpose, or for as long as is required by law. At the end of that retention period, your data will either be deleted completely or anonymised.

• View our Records Retention Schedule.

Who do we share your information with?

Sometimes we share your personal data between colleagues, managers and leaders to enable them to undertake their university role. We also share data with trusted third parties, who are contracted to work for us and to deliver certain services. Note that:

• We provide only the information they need to perform their specific services,
• They may only use your data for the purposes we specify in our contract with them,
• We work closely with them to ensure that your privacy is respected and protected at all times,
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

1. Suppliers and contractors where there is a valid reason for their receiving the information, for example, pension providers, employee benefits providers, insurers, auditors, e-learning and development providers as 3rd party IT support:
2. Employment with a prospective employers or secondments, e.g. providing references
3. Professional and regulatory bodies, in relation to the confirmation of qualification, professional registration, conduct and the accreditation of courses,
4. Government departments and agencies where we have a statutory obligation to provide information, for example the Home Office and Higher Education Statistical Agency
5. Crime prevention or detection agencies, e.g. the police

We will only share information with parents, guardians and next-of-kin when there is a legitimate reason for disclosure.

International data transfers

Some of the personal information we process about you may be transferred to, and stored at, a destination outside the UK, for example where it is processed by staff operating outside the UK who work for us or for one of our suppliers, or where the personal data is processed by one of our suppliers who is based outside the UK or uses a storage facilities outside of the UK. 

Sharing sensitive personal data

Sometimes we may need to share your sensitive personal data with colleagues or outside the university. We will try to do so only with your explicit consent but there may be occasions when obtaining your consent is impossible or inappropriate, e.g:

• To protect your or another person’s vital interests,
• Where the provision of confidential counselling, support or similar would be prejudiced,
• To meet statutory obligations for equality and diversity monitoring,
• For the purpose of prevention or detection of crime, pursuant to a court order or for the university to obtain legal advice.

How can you find out what information we hold on you?

You have certain rights in respect of the personal information the university holds about you. For more information about Individual rights under GDPR and how you exercise them please return to our privacy homepage.

This statement

From time to time we may make changes to this statement because the way we are processing your personal information changes.  All alterations will be posted on this page and will apply from the time we post them. Where we have a valid email address for you we will periodically email you to inform you what changes have been made and to send you a link to our current privacy statement.

This statement was last updated on 10 February 2021.