Employee Data Privacy Statement
Last Revised: 16th May 2018
University of Exeter Students’ Guild feels the right thing for personal data you share with us, or that we get from other organisations is keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
Whilst facilitating our legal requirements, maintaining organisation policies and services to our employees through using your personal data allows us to make better decisions, communicate more efficiently and ultimately ensure you receive the services required as a Guild employee.
Where we collect information about you from
We collect information in the following ways:
When you apply for a role
When you apply for a role at the Students’ Guild you will complete an application form. This form will contain personal information about you. The Guild has a contractual duty to process this data for the purposes of considering you for that role. We will only share your application form with the interview panel. If your application is unsuccessful then we will keep your records for a maximum of 6 months, by which time they will be securely deleted from our servers.
When you become an employee
When you become an employee of the Students’ Guild you form a contract with us which declares that we will process some personal and sensitive data to comply with our legal obligations and to fulfill our policies and procedures.
When a Third Party provides us with your data
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you are applying for one of our roles we will ask you to provide:
- Email Address
- Telephone Number
- Ethnic Origin
- Employment and volunteering history
- Details of criminal convictions
- Details of training provided
- Relationship status with any Students’ Guild employees
If you are applying for a student staff role we will also ask you for the following details:
- Student Number
- Course of study
- Dates of study
We will use your data to:
- Communicate with you
- Provide anonymous equal opportunities monitoring
- Consider your application for the role
Third Party References
If you are a reference for an applicant, the applicant will provide us with the following information for the purposes of making contact to request a reference if the candidate is successful at application:
- Telephone number
- Email address
When you commence employment with the Students’ Guild we will ask you to provide:
- Email Address
- Telephone number
- Date of Birth
- National Insurance Number
- Photo (for university IT account)
- Bank Account Details
- Third Party Remuneration Sources
- Emergency contact details
- Evidence to the Right to Work
During your employment, the Students’ Guild may collect the following data:
- Health Records & Physician Details
- Performance Records
We will use your data to:
- Administrative functions relating to your employment including the payment of salaries
- Managing sickness, health and workplace performance
Disclosure and Barring Service
Your role may require you to undertake a DBS check. If so then we have a strict process in place that ensures we process your personal data in accordance with the General Data Protection Policy and the DBS’s code of practice. We are required to keep a record of your Name and DBS application reference number for the duration of your employment.
How we keep your data safe and who has access
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.
All our suppliers run their operations inside the European Economic Area (EEA). They are subject to same data protection laws as companies based in the UK. By submitting your personal information to us your personal data will be stored or processing at a location inside the European Economic Area.
We disclose your information to key suppliers with whom we hold contracts to deliver services for the Students’ Guild. These suppliers are named below:
Supplier: University of Exeter
Purpose: For the creation of University Associate accounts and ID badges.
Address: University of Exeter, The Queen's Drive, Exeter, Devon, UK, EX4 4QJ
Purpose: All Office 365 products that could be used for storage purposes. This includes but is not limited to Email, OneDrive, SharePoint.
Purpose: Providers of on-site file storage and Cloud backup into Amazon S3
Address: Bath Innovation Centre, Broad Quay, Bath BA1 1UD, UK
Supplier: Natwest Bank
Purpose: Payment Transfers
Purpose: Fully managed payroll services
Purpose: HR system resource for employee management of leave, sickness and next of kin details
Address: FIELDS COURT STATION ROAD, Epworth, DN9 1JZ, United Kingdom, Company Reg: 8202467
Purpose: Pension Service
Purpose: Pension Service
Supplier: Grass Roots
Purpose: Cycle Scheme
Purpose: Business Services – Employer Law
Supplier: Atkinson HR Consulting
Purpose: Business Services – Human Resources
Address: Hockerley Hall, Hockerley Lane, Whaley Bridge, SK23 7AS
Supplier: Spec Savers
Purpose: DSE assessment free eye test
In addition to these named parties we may be required to disclose data containing limited personal information to auditors and financial advisors. Strict processing conditions shall be in place controlling what these parties can and cannot do with your personal data.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Who you engage with directly to utilise Guild services:
Wi5 – Provider of the site - Order to Table / Click & Collect
Details of Wi5 are here - https://wi5.io/
Checkout.com – Provider of the payment process.
These services allow the Students’ Guild to offer a safe and secure method for purchasing food and beverages from both our Comida and Ram outlets.
Wi5 collect the following information:
First Name, Email, Mobile Number
This data is used to send email receipts and SMS notifications about their transactions to the customer. This data is only stored on Wi5's infrastructure and encrypted in-flight and at-rest.
Checkout.com to process card payments and refunds.
Checkout.com collect your card details to enable the processing of your transaction and refunds.
Keeping your information up to date
Employees are required to inform the Students’ Guild Personnel department in the event of any changes to data or the discovery of any inaccuracies.
Understanding the detail of our data security measures
When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.
The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our permanent staff and Casual Staff. All employees and volunteers handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.
Your right to know what data we hold about you, make changes or ask us to stop using your data
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. Guild policy) we will do so. Contact us at email@example.com if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, you must complete the Subject Access Request Form with a description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter, EX4 4PZ or in person to the Data Controller.
If you have any questions please send these to firstname.lastname@example.org and for further information see the Information Commissioner’s guidance.
Our assurance to data privacy principles
In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data please contact:
Data Protection Officer
Data Privacy Advisory Service
10 Oaktree Place
Changes to this statement
We may change this Privacy Statement from time to time, whether it is a change of or an addition to the processing of personal data. We will also review this statement annually. If we make any significant changes in the way we treat your personal information we will make this clear on our Website or by contacting you directly.
If you have any questions, comments or suggestions, please let us know by contacting