Students Staff

Privacy notice for staff and employees

Privacy notices explain what personal information or “data” an organisation holds about you, and how that data is stored, used and kept safe. Personal data is any information, held in any form, that relates to you as an identifiable individual.

In this notice “we” means the University of Essex and our wholly owned subsidiaries University of Essex Campus Services (UECS) and WHH Ltd, and “you” means staff and employees of the University, UECS or WHH Ltd.

We have separate privacy notices for staff applicants, (people applying to work with us), student applicants and students. We also have a notice for visitors to our website.

Who we are

The University of Essex is an exempt charity, and our registered address is Wivenhoe Park, Colchester, CO4 3SQ.

University of Essex Campus Services is a wholly-owned subsidiary company of the University. It is a private limited company and its company number is 02534817. Wivenhoe House Hotel is also wholly-owned subsidiary of the University and its registered company number is 07075571.

Our Data Protection Officer is Sara Stock, and she can be contacted at dpo@essex.ac.uk or by calling 01206 74853.

  • Why we use your data – and our legal basis for doing so

    When we collect data we need both a purpose (i.e. a reason) and a legal basis. There are several legal bases allowed, and we rely on four of those when looking after your information.

    Contractual obligations

    Contract is the main reason we use for collecting and using your information. As a staff member you have a contract with us, and in order for that to function we need certain information about you.

    For example, we need your bank account details to pay your salary, and your sickness details to ensure that you get the right sickness pay and support from the University.

    Legal compliance

    As an employer we have various legal obligations relating to our staff and we need data about staff in order to carry out those obligations.

    For example, if you have an accident at work we may need to report the details to the Health and Safety Executive. We are obliged to collect Right to Work information from you. We will also report any illegal activity we believe you are involved in, such as fraud or theft.

    Legitimate interests

    From time to time, we may need to use your data to pursue our legitimate interests. For example, in order to provide our IT services and operate our IT network, we collect your IP address. We might also contact you to seek your views to help us develop University facilities.

    Consent

    Consent and special category data

    Some personal data is considered to require particular care – this is known as “special category data”. We ask your consent to share some special category data with us. You do not need to declare any disability to us, or any health or sexuality issues that may affect your work, but we are unable to support you fully and to comply fully with our obligations under the Equality Act 2010 if you do not share this information with us.

    We use data about individual’s ethnicity, sexual orientation, disability and gender in order to ensure that we are providing a fair and equal environment, and for reporting externally, using de-identified data (that does not identify you as an individual) for initiatives such as the Disability Confident scheme and Athena Swan. We also report to HESA.

    Consent and marketing

    We also ask your consent for some types of communication with you.

    As a member of our community we expect that you will keep abreast of what is happening within the organisation.

    We use a number of email lists to enable us to communicate quickly and easily with staff at all of our campuses. Only a limited number of people are allowed to send messages to these lists.

    There are two main types of lists and as a member of staff you are automatically a member of both of them.

    1. The first type of list is used to send vital information to staff relating to formal aspects of employment, health, safety, security, and some administrative procedures. All staff have to belong to this list type of list.
    2. The second type of list is for more general information about events, opportunities and more general issues of wide interest. You are automatically a member of these lists when you join the University, but you can chose to opt out at any time.

    You can manage your list membership for the relevant lists, including signing up for special interest email lists, through the University webpage

  • What type of information we collect about you

    We will collect information related to your work and use of some of our facilities. In certain circumstances that will include “special category data” where you choose to provide it. “Special category data” includes:

    • Ethnic origin
    • Trade Union membership
    • Health, including mental health
    • Sexual orientation and sex life

    Your identity, including your right to work, your contact details, and those of next of kin in case of emergency.

    Your application, including your CV and references, where required, and any relevant criminal offences, where it is relevant to your role and we are legally allowed to do so.

    Your performance at work, including attendance, probationary periods, training record, appraisal records, and also details of any changes of role, re-grading, promotion, Annual review rewards, etc etc.

    Your health and wellbeing, including sickness absence, occupational health interactions, and health and safety records.

  • Where the data we hold comes from

    We collect data directly from you when you apply to work with us, and at the point of offering you a contract. We continue to collect data from you (such as absence notification or expense claims) while you work for us. We will also ask for references from your previous employers or places of education.

  • Who we share your data with

    Internally, access to information about staff is restricted to those who need it in order to carry out their role. This will include your line manager, the Payroll and Pensions team, HR Employee Relations teams and systems administrators. It may also include other senior managers, staff in Health and Safety, Occupational Health Advisers, and other specialist staff. We may also share with our appointed lawyers where we need to take legal advice.

    We may share your data when an external company provides us with a software system that needs to hold or use your data as part of a business service provided to the University.

    Such sharing will always be carried out under contract, as part of which we will specify that your data must be kept safely, used only under our instructions, and not be used for the contracting company’s own purposes.

    We will share some of your information if we are asked for a reference from a prospective employer or financial company (for example, to support a mortgage application).

    We share de-identified data with HESA.

    We may share some information if required to do so by the police or other law enforcement authorities, including the Home Office.

  • Where we keep your data, and how long we keep it for

    We do not transfer your data outside of the EU. Data is retained primarily within our HR system, but may be held elsewhere on our network, including within the email system.

    We have retention schedules that set out how long we keep information of all types, including personal data of staff.

  • Your personal data and your rights

    The law gives you a right to:

    • ask us to provide you with copies of information we hold about you
    • have your data corrected if it is inaccurate, out of date or incomplete
    • have your personal data deleted, in some circumstances
    • withdraw any consent you have given us to use your data
    • lodge a complaint with the Office of the Information Commissioner

    You can see some of the data we keep about you, including some of your special category data, through HR Organiser.

    If you wish to exercise any of your rights, or have any questions about your rights, please contact the Data Protection Officer at dpo@essex.ac.uk. This is also the contact for any complaints you may have about the way we use your personal data. You do have a right to complain to the Office of the Information Commissioner, but do please talk to us first as it is often the fastest way to fix things for you.

May 2018