Privacy Notice for Staff

By issuing this privacy notice, we demonstrate our commitment to openness and accountability.

During the course of its employment activities, Doncaster & Bassetlaw Teaching Hospitals NHS Foundation Trust collects, stores and processes personal information about prospective, current and former staff.

This Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees, other 3rd party staff, students, secondees and those carrying out work experience.

We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

Skip to content

What types of personal data do we hold?

In order to carry out our activities and obligations as an employer we handle data in relation to:

• Name, address, telephone, email, date of birth and next of kin/emergency contacts
• Recruitment and employment checks (i.e. professional membership, references, proof of identification and right to work in the UK, etc)
• Bank account and salary/wages, as well as pension, tax and national insurance details
• Trade union membership
• Personal demographics, including gender, race, ethnic origin, sexual orientation, religious or other beliefs, and whether you have a disability or require any additional support or adjustments for your employment
• Medical information relevant to your employment, including physical health, mental health and absence history
• Information relating to your health and safety at work, and any incidents or accidents
• Professional registration and qualifications, education and training history
• Information relating to employee relations (i.e. disciplinary proceedings, grievances and complaints, tribunal claims, etc)
• Depending on the position you hold with us, we may also collect information in relation to any current or previous criminal offences.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes. Your information is not processed overseas.

Back to top

Why do we hold/process your data?

We will only process your personal data where the processing can be legally justified under UK law or where we have obtained your consent. These include circumstances where the processing is necessary for the performance of staff contracts with us or for compliance with any legal obligations which applies to us as your employer.

  • Staff administration and management (including payroll and performance)
  • Recruitment
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Crime prevention and prosecution of offenders
  • Education, training and development
  • Health administration and services
  • Personal information for national fraud initiative
  • Emergency alerts in connection with maintaining the Trusts Essential Services via Colleagues registered mobile phone numbers

By signing your contract with the Trust, you consent to us holding and processing any information about you which you provide to us, or which we may acquire as a result of employment.
We have a legal basis to process this as part of your contract of employment (either permanent or temporary) or as part of our recruitment processes following Data Protection and Employment legislation.

Back to top

Sharing your information

To support you in your employment and to enable us to meet our legal responsibilities as an employer, sometimes we will need to share your information with others. Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons. Sometimes we are required by law to disclose or report certain information, which may include details which identify you. For example, sending statutory information to government organisations such as HM Revenue and Customs, Pensions Agencies, BACS to transfer your salary or releasing information to the Police or Counter Fraud. Where mandatory disclosure is necessary only the minimum amount of information is released.

Use of third-party companies

To enable effective staff administration Doncaster & Bassetlaw Teaching Hospitals NHS Foundation Trust may share your information with external companies to process your data on our behalf in order to comply with our obligations as an employer.

NHS Shared Business Services

The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Shared Business Services can be found at Privacy – ESR Hub – NHS Electronic Staff Record

NHS Jobs

NHS Jobs has an interface to the Electronic Staff Record System (ESR) which is a payroll and human resources system used by the Trust. The data you submit to NHS Jobs may be transferred to ESR for the purposes of establishing the human resources and payroll record; completing the recruitment process or parts of the process on ESR; or for reporting purposes such as equal opportunity monitoring.

NHS Jobs have revised the following:

  • Privacy notice for candidates and employers
  • The candidate acceptable use policy

The first time you log into your account you will need to agree and accept the revised terms and conditions before you can continue. The monitoring and safeguarding sections of the application form have also been revised to make it clearer who within the recruitment team has access to these sections of the form.

You can find their privacy notice here.

TravelPerks

For fulfilling travel and accommodation needs of Trust colleagues.  Privacy Notice.

Occupational Health

The Trust‘s Occupational Health provision is provided by the trust on-site at the DRI and at Bassetlaw Hospital.

Prevention and detection of Crime and Fraud

We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds. We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

Back to top

Individual rights

Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:

1. To be informed why, where and how we use your information.
2. To ask for access to your information.
3. To ask for your information to be corrected if it is inaccurate or incomplete.
4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.
5. To ask us to restrict the use of your information.
6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
7. To object to how your information is used.
8. To challenge any decisions made without human intervention (automated decision making)

Back to top

How do we keep your information safe and maintain confidentiality?

Under the General Data Protection Regulation/Data Protection Act 2018, strict principles govern our use of information and our duty to ensure it is kept safe and secure. Your information may be stored within electronic or paper records, or a combination of both. All our records are restricted so that only those individuals who have a need to know the information can get access. This might be through the use of technology or other environmental safeguards.

Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. This means that any information that you provide to us in confidence will only be used in connection with the purpose for which it was provided, unless we have specific consent from you or there are other special circumstances covered by law.

The government – through NHSE – may also issue a Notice under the COPI (Control of Patient Information) Regulation 2002 whereby personal rights may to some extent be overridden, as happened during the COVID_19 pandemic of 2020 onwards. NHSE have received guidance from the Information Commissioners Office that under a COPI notice, staff personal data where it is also required for unique circumstances such as relating to pandemics or similar, may also be processed under this Notice.

Under the NHS Confidentiality Code of Conduct, all of our staff are required to protect information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

Back to top

How long do we retain your records?

All our records are destroyed in accordance with the IGA (Information Governance Alliance) Records Management Code of Practice for Health and Social Care 2016, which sets out the appropriate length of time each type of NHS record is retained.

We do not keep your records for longer than necessary. All records are appropriately reviewed once their retention period has been met, and the Trust will decide whether the record still requires retention or should be confidentially destroyed. All decisions and destructions will be documented.

Back to top

How can I access information about me?

Under the Current Data Protection Legislation a person may request access to information (with some exemptions) that is held about them by an organisation. Please contact Employee Services (People and Organisational Development – P&OD) for further details of how to access information which the Trust holds on you.

Should you have any further queries or should you wish to lodge a complaint on the uses of your information, please speak to the Trusts Data Protection Officer (DPO) – Roy Underwood: dbth.dpo@nhs.net

If you after accessing these options, and you are unhappy with the outcome of your enquiry you can write to: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Telephone: 01625 545700

Back to top

Doncaster & Bassetlaw Teaching Hospitals NHS Foundation Trust is registered with the Information Commissioners Office (ICO).  Details of our registration can be found on: Doncaster & Bassetlaw Teaching Hospital NHS Foundation Trust | ICO You can contact our Data Protection Officer by emailing: dbth.dpo@nhs.net 

Content out of date? Information wrong or not clear enough? Report this page.