Staff Privacy

The Privacy Policy for Students' Guild Staff

The Privacy Policy for Students' Guild Staff

Employee Data Privacy Statement

Last Revised: 11th October 2019

 

Introduction

University of Exeter Students’ Guild feels the right thing for personal data you share with us, or that we get from other organisations is keep it safe.  We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.

Whilst facilitating our legal requirements, maintaining organisation policies and services to our employees through using your personal data allows us to make better decisions, communicate more efficiently and ultimately ensure you receive the services required as a Guild employee.

Where we collect information about you from

We collect information in the following ways:

When you apply for a role

When you apply for a role at the Students’ Guild you will complete an application form. This form will contain personal information about you. The Guild has a contractual duty to process this data for the purposes of considering you for that role. We will only share your application form with the interview panel. If your application is unsuccessful then we will keep your records for a maximum of 6 months, by which time they will be securely deleted from our servers.

When you become an employee

When you become an employee of the Students’ Guild you form a contract with us which declares that we will process some personal and sensitive data to comply with our legal obligations and to fulfill our policies and procedures.

When a Third Party provides us with your data

Your information may be shared with us by independent organisations such as Her Majesty's Revenue and Customs or external references. These independent third parties will only do so when you have indicated that you have given consent or there is a legal obligation to share this data with us. You should check their Privacy Policy when you provide your information to understand fully how they will process your data.

 

What personal data we collect and how we use it

The type and quantity of information we collect and how we use it depends on why you are providing it.

Candidates

If you are applying for one of our roles we will ask you to provide:

  • Name
  • Address
  • Email Address
  • Telephone Number
  • Ethnic Origin
  • Disability
  • Employment and volunteering history
  • Details of criminal convictions
  • Details of training provided
  • Relationship status with any Students’ Guild employees

If you are applying for a student staff role we will also ask you for the following details:

  • Student Number
  • Course of study
  • Dates of study

We will use your data to:

  • Communicate with you
  • Provide anonymous equal opportunities monitoring
  • Consider your application for the role

Third Party References

If you are a reference for an applicant, the applicant will provide us with the following information for the purposes of making contact to request a reference if the candidate is successful at application:

  • Name
  • Profession
  • Address
  • Telephone number
  • Email address

Employees

When you commence employment with the Students’ Guild we will ask you to provide:

  • Name
  • Address
  • Email Address
  • Telephone number
  • Date of Birth
  • National Insurance Number
  • Photo (for our internal systems and university IT account)
  • Bank Account Details
  • Third Party Remuneration Sources
  • Emergency contact details
  • Evidence to the Right to Work

During your employment, the Students’ Guild may collect the following data:

  • Health Records & Physician Details
  • Performance Records

We will use your data to:

  • Administrative functions relating to your employment including the payment of salaries
  • Managing sickness, health and workplace performance

How we keep your data safe and who has access

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.

All our suppliers run their operations inside the European Economic Area (EEA).  They are subject to same data protection laws as companies based in the UK. By submitting your personal information to us your personal data will be stored or processing at a location inside the European Economic Area.

We disclose your information to key suppliers with whom we hold contracts to deliver services for the Students’ Guild. These suppliers are named below:

Supplier:              Microsoft
Purpose:              All Office 365 products

Microsoft Privacy Statement https://go.microsoft.com/fwlink/?LinkId=521839

 

Supplier:              Zynstra

Purpose:              Providers of on-site file storage and Cloud backup into Azure AD

Address:              Bath Innovation Centre, Broad Quay, Bath BA1 1UD

Privacy Policy:    https://www.zynstra.com/privacy-policy/

 

Supplier:                Natwest Bank
Purpose:                Payment Transfers

Supplier:                Cowgills
Purpose:                Payroll Services

 

Supplier:                Orange HR

Purpose:                HR database

Address/Location: University of Exeter Data Centre

 

Supplier:                Nest
Purpose:                Pension Service

Supplier:                Eagon
Purpose:                Pension Service

Supplier:                Grass Roots
Purpose:                Cycle Scheme

Supplier:                Peninsular
Purpose:                Business Services – Employer Law

Supplier:                Spec Savers
Purpose:                DSE assessment free eye test

 

In addition to these named parties we may be required to disclose data containing limited personal information to auditors and financial advisors. Strict processing conditions shall be in place controlling what these parties can and cannot do with your personal data.

 

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

Keeping your information up to date

Employees are required to inform the Students’ Guild Personnel department in the event of any changes to data or the discovery of any inaccuracies.

Understanding the detail of our data security measures

When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.

The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our permanent staff and Casual Staff. All employees and volunteers handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.

 

Your right to know what data we hold about you, make changes or ask us to stop using your data

You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. Guild policy) we will do so. Contact us at data-protection@exeterguild.com if you have any concerns.

You have a right to ask for a copy of the information we hold about you.  If there are any discrepancies in the information we provide, please let us know and we will correct them.

If you want to access your information, you must complete the Subject Access Request Form with a description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter, EX4 4PZ,in person to the Data Protection Guardian or to data-protection@exeterguild.com.

If you have any questions please send these to data-protection@exeterguild.com and for further information see the Information Commissioner’s guidance.

Our assurance to data privacy principles

In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data please contact:

Data Protection officer
Data Privacy Advisory Service
10 Oaktree Place
Exeter
EX2 8WA
dpas-dpo@protonmail.com
 

Changes to this statement

We may change this Privacy Statement from time to time, whether it is a change of or an addition to the processing of personal data. We will also review this statement annually. If we make any significant changes in the way we treat your personal information we will make this clear on our Website or by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting

data-protection@exeterguild.com.


University of Exeter Students' Guild is a Charity and Company Limited by Guarantee. Registered Charity Number: 1136468 Company Number: 07217324; registered in England and Wales Registered office: Devonshire House, Stocker Road, Exeter, EX4 4PZ