Fair processing notices - Human resources: business management

How we use your data

HR business management may operate as either a data controller or data processor (or both) under data protection legislation. We comply with the General Data Protection Regulations (GDPR) principles when gathering and using personal information as set out in policies and procedures.  

Your personal data may be stored in a range of different locations. The council holds information related to you and your employment in an electronic format in the following (but not limited to) electronic systems:

  • PSe (HR/payroll system)
  • Resourcelink (HR/payroll system)
  • Datastore/DSX (electronic storage of personal files that is restricted access)
  • email
  • managers' records
  • shared corporate data drive (electronic storage with restricted access)

We also keep information, in some instances, in a paper-based (manual) format both on and off site. 

HR business management needs to process personal data because it is in our legitimate interests to do so and you have entered into an employment contract with us, or with your employer, which we can’t fulfil without processing your data in this way.

Processing and recording personal data allows us, or your employer on whose behalf we process your data, to:

  • manage the employment relationship with you or your employer in line with the terms and conditions of employment and policies and procedures 
  • maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency as provided by you), and details of your occupational and statutory benefits and rights
  • manage employee relations matters, for example disciplinary and grievance cases in line with relevant procedures and ensure acceptable conduct within the workplace.
  • manage performance in line with relevant procedures, develop improvement plans, identify training needs, plan for career development and succession plan
  • manage absence and other leave in line with procedures so you are appropriately supported and receive pay (if applicable) and or any other benefits to which you are entitled
  • manage resources and workforce planning activities
  • make referrals and obtain occupational health advice, operate in line with equality legislation and meet our obligations under health and safety legislation
  • ensure the workforce is managed effectively and appropriately
  • carry out HR activities including all associated administration
  • respond to reference requests
  • respond to and defend against legal and other claims
  • meet a statutory or legal requirement (such as gender pay gap reporting)
  • provide high level reports for senior management

We may also collect information from you in the course of your employment for:

  • management in line with policies and procedures
  • general enquiries about your terms and conditions of employment
  • ensuring we are compliant with new government legislation such as confirming all care workers are vaccinated against COVID 19 (in line with the Health and Social Care Act 2008 (Regulated Activities) (Amendment) (Coronavirus) Regulations 2021 ('the Regulations')

Data might be collected from employment documentation completed by either you, your manager or your employer (where the council is not the employer) at the start of or during employment, from identity documents, medical evidence, payroll and pension requirements or from correspondence with you.

We may also collect personal data about you from third parties, such as the pension authorities, government agencies, or any other external organisation to enable the council to provide a service to you or to your employer.

Some special categories of personal data (sensitive) such as information about health or medical conditions are processed for the purposes of carrying out our obligations and exercising specific rights in the field of employment law.

Your employment information including personal and or special category data will only ever be accessed by those who have an authorised, justified and or legal basis to do so.

Your information may be shared internally with authorised officers of the council. 

Information may be accessed for:

  • employment
  • management
  • education
  • pensions
  • union membership
  • health and social care such as occupational health

We may also share your personal data, as required, with third parties in order to:

  • fulfil the requirements of a contract
  • fulfill the requirements of our contracts as data processor
  • comply with HR policies and procedures
  • where the third party is contracted to provide services to us
  • meet a statutory or legislative requirement
  • provide occupational health support and make referrals  
  • provide access to external IT systems
  • deal with reference requests
  • respond to legal claims

We have a duty to protect public funds so may use the information we have for the prevention and detection of fraud. We may share this information with other bodies for these purposes.

We may share data with our internal audit team to evaluate the effectiveness of the organisation’s risk management, control and governance processes.  We may also share your data with the council's fraud team to help to prevent and detect fraud.

Certain information, such as details in relation to HR policies and procedures, have to be provided to enable us to enter a contract of employment with you, or your employer. If you do not provide this, and other information, as required, this will hinder our ability to administer the rights and obligations arising as a result of our employment relationship with you or your employer efficiently.

We take the security of your personal data seriously. The council has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by council staff in the performance of their duties. 

Some of the ways in which we protect your personal data include:

  • implementing appropriate technical and organisational measures to protect the confidentiality, integrity and availability of personal data and information
  • continuous review of security 
  • regular review of information assurance and security policies and procedures
  • ongoing training and awareness for staff on information assurance and security
  • alignment with codes of conduct, certification schemes and government guidance, including the HMG Security Policy Framework, Government baseline security standards, and the National Cyber Security Centre (NCSC) 
  • ensuring all suppliers and third-party organisations undertaking work for or on behalf of the council are able to prove full compliance with the GDPR and the council's data security protocols and that these considerations are made when procuring new services
  • regular review of security and cyber risks

Where we engage third parties to process personal data on our behalf, they do so under contract and on the basis of written instructions. 

Third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data and comply with data protection legislation.

The periods for which your data is held is specifically set out in the council’s retention schedule.

As a data subject, you can:

  • access and obtain a copy of your data on request
  • ask us to change incorrect or incomplete data
  • ask us to delete or stop processing your data, for example, where the data is no longer necessary for the purposes of processing
  • object to the processing of your data (in certain circumstances)

You have the right to know:

  • what information we intend to collect 
  • why we need your information
  • the lawful basis under which we can process your information
  • how we will process your information
  • whether we share your information
  • who we might share your information with
  • your rights under the law
  • how long we will keep your information and how you can contact us

If you would like to exercise any of these rights, email HRBusinessManagement@stoke.gov.uk 

Data protection law provides you with certain rights, but not all of these rights will be available to you in all situations. Where we are under a legal duty to use data for a particular purpose you will not have the right to prevent it being used in that way.

you can ask to see the information we hold about you

  • you can ask what is being done with the information we hold about you
  • you can ask to have some of the data we hold about you deleted
  • you can ask us to review a decision made about you by a computer, and ask for a new decision to be made by a person
  • you can ask us to stop processing the data we hold about you
  • you can ask us to make changes to data about you that you believe is inaccurate
  • in some circumstances you can ask us to help you move your information to another organisation
  • you can ask us to restrict or limit what we do with your data, for example if you believe the data we hold is inaccurate, or if you believe the processing is unlawful
Who to contact if you have questions

If you wish to have access to your personal data, this should be requested through the information rights team, which handles subject access requests made by current and past employees.

If you wish to contact us in relation to any of your information rights, email foi@stoke.gov.uk or write to the Information Rights Team, Floor 2, Civic Centre, Glebe Street, Stoke-on-Trent ST4 1HH

Complete the online form

If you wish to complain about how your personal information has been handled by Stoke-on-Trent City Council, please contact the Information Rights Team in the first instance using the details above. If you are not satisfied you can complain to the Information Commissioner’s Office at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Tel: 0303 123 1113 or you can visit their website at ico.org.uk.

 

If you are not satisfied you can complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or call 0303 123 1113

Information Commissioner's Office website