Privacy notices

Human Resources and Organisational Development Privacy Notice

Who we are

South Derbyshire District Council is registered as a data controller with the Information Commissioner's Office.

Our address is Civic Offices, Civic Way, Swadlincote, Derbyshire, DE11 0AH.

How do we collect information from you?

We collect personal information about you through a variety of sources and methods. This includes information you provide directly during the recruitment process, onboarding, and throughout your employment (e.g. through forms, correspondence, or meetings).

We also collect data generated in the course of your work, such as attendance records, performance appraisals, and use of IT systems. In some cases, we may receive information from third parties, such as previous employers, occupational health providers, or government bodies, where this is necessary and lawful.

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

What types of information do we collect from you?

We collect information from you when you visit www.southderbyshire.gov.uk. Also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.

We collect different categories of information about you, depending on the service you want from us and/or the reason why we need to process information relating to you. This could be personal information (for example your name and address), or other more sensitive data that we would only collect and use in very particular circumstances that are set out in law.

What is the lawful basis?

The legal basis for data processing we are relying on comes from Article 6 of the UK General Data Protection Regulation (UK GDPR). The following sections apply;

Article 6(1)(b) Contract - which relates to processing necessary to perform a contract in place with you such as an employment contract, or to take steps at your request, before entering a contract.
Article 6(1)(c) Legal Obligation -Processing is necessary for compliance with a legal obligation to which the controller is subject;
Article 6(1)(d) Vital interest -the processing is necessary to protect someone’s life;
Article 6(1)(e) Public task -the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Article 6(1)(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

Special category data:

It is necessary to share sensitive information for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (Article 9(2)(b) UK GDPR)
It is necessary for reasons of substantial public interest (9(2)(g) UK GDPR). The additional DPA 2018 processing conditions we rely on are Schedule 1 part 1(1) which again relates to processing for employment purposes and Schedule 1, part 2 paragraph 6 – statutory etc and government purposes.
It is necessary to share sensitive information for the purposes of carrying out the obligations and exercising specific rights in the field of social protection law, for the provision of health or social care treatment or the management of health or social care systems. (Article 9 (2)(h) UK GDPR).
Public health processing-it is necessary for reasons of public interest in the area of public health (Article 9 (2) (i) UK GDPR)
Some special category data is available on sight, and therefore is already in the public domain. As such the primary justification for processing this information is; personal data which are manifestly made public by the data subject, in accordance in Article 9 (e).
We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

We process all information in accordance with our legal obligations and public tasks arising from the following provisions:

The Employee Rights Act 1996
The National Minimum Wage Act 1998
The Employee Relations Act 1999
The Maternity and Parental Leave etc. Regulations 1999
The Transfer of Undertakings (Protection of Employment) Regulations 2006
The Agency Workers Regulations 2010:
The Equality Act 2010
The Working Time Regulations 1998
The Data Protection Act 2018
The Coronavirus Act 2020
The Health Protection (Notification) Regulations 2010
The Public Health (Control of Disease) Act 1984 and associated Regulations
The Care Act 2014
The Safeguarding Vulnerable Groups Act 2006
The Health and Safety at Work Act 1974

Details of information obtained from third parties

Tax codes, student loan notifications and such like from HM Revenue and Customs
Court orders from HM Court Service and other courts
Details of voluntary deduction information from pension providers, union bodies, benefit providers and such like

How is your information used?

Whilst this HR privacy notice primarily relates to employees, agency workers, volunteers, and prospective employees, please note that we may be required to process your information in accordance with employment legislation and/or prospective and actual legal claims if:

you make a complaint that specifically relates to a member of staff or;
your personal information it is linked to an employment matter, for example an issue with the quality of service you receive

We may use your information, in accordance with the Council’s public tasks, legitimate interests, legal obligations and where applicable consent, in order to:

pay you accurately
produce pay statements
manage your employment under our relevant employment policies
provide you with access to your information through self-service portals
respond to statutory returns including equality returns
process your employee benefits
process any voluntary deductions you request
process statutory deductions
allow the administration of your personal pension
allow for the transfer of budget information
allow independent auditors to ensure that we are complying with our internal policies and processes
support the administration of our processes in relation to mail merges, printing and mailing services
allow you to access the relevant external training linked to your personal development or apprenticeship
undertake pre-employment checks should your employment application be successful (for job applicants)
transfer data into payroll for successful applicants (for job applicants)
complete anonymised equalities statutory returns and to target future recruitment campaigns
support employment claims
manage employee performance and skills
promote collaboration and ensure you are identifiable to colleagues, service users and citizens
promote and adhere to equality and diversity obligations and practices
manage training and development
authenticate access to IT systems and Council information assets (please see further details within the digital services privacy notice.)
carry out relevant checks, where applicable, in relation to HMG Baseline Personnel Security Standards
enable colleagues to access health services
ensure effective response to the COVID-19 pandemic to ensure the safety, wellbeing and care of colleagues
ensure that health & safety risks are addressed
manage complaints related to employment matters
investigate and manage grievances and complaints
manage quality of service provision
comply with official investigations. These include but are not limited to Local Government Ombudsman, Information Commissioner, Care Quality Commission, and Ofsted.
to comply with the requirements of statutory bodies such as the Care Quality Commission, Public Health England and Social Work England and so on
your name and employee number is used to provide you with access to the Council’s Employee Benefits platforms. If you wish to opt out of this please contact HR@southderbyshire.gov.uk.

We may share your information with other authorities or statutory agencies, to prevent or detect fraud or protect public funds.

Where consent has been requested, you can opt out by emailing HR@southderbyshire.gov.uk.

Employee monitoring

In accordance with the schedule 1 (1), (2) & schedule 2 of the Data Protection Act 2018, & Article 6 (b), (c) & (f) of the UK General Data Protection Regulation; we may monitor the use of council assets, staff conduct & records of time keeping for purposes such as preventing and detecting criminal acts, investigating unauthorised use, making sure that policies are being followed and for training and quality control.

Examples of such monitoring may include but is not limited to: CCTV, surveillance, swipe card data, system audits, remote working, IT usage, conduct, performance and the use & management of financial assets.

Please note that all staff are not routinely monitored in a blanket manner – all monitoring will be proportionate and justified.

Research and statistics

Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.

What are your rights?

Access – you can request copies of any of your personal information that is held by the Council.
Rectification – you can ask us to correct any incorrect information.
Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
Portability – you can ask us to transfer your personal data to different services or to you.
Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.

Who has access to your information?

We may share your information with:

Other Council Departments, Managers, Time Administrators, Internal Audit, Business Support and Parking Services to ensure we meet our statutory and contractual duties
Both internal & external customers, and services users, will have access to information relating to you acting in your professional capacity and your personal contact details. We will of course balance disclosures with our duty of confidence to you and your expectation of privacy
External organisations such as; H M Revenue and Customs, Disclosure and Barring Service, H M Court Service, Police Authority, Department for Education, Department of Work and Pensions, Pensions Administrators (Derbyshire Pension Fund for Local Government Pension Scheme, Teachers Pension, Prudential, Standard Life, NHS Pension and NEST), voluntary payroll deductions, external auditors, Payroll/HR software providers, external organisation linked to TUPE legislation. This is for the purposes allowed by law as well as provision of information to pension administrators and other third parties’ payroll deduction where you are a member. These third parties include Government Departments, other local authorities and private sector companies, as allowed by law. This would include sharing relevant information with external training providers supporting your personal development or apprenticeship
Health and social care partners to ensure that care is accessible and where applicable administered to colleagues such as Occupational Health.
Organisation such as the Local Government Ombudsman, Information Commissioner, Care Quality Commission, Public Health England, Department of Health and Social Care and Ofsted (this is not an exhaustive list).
We will share your name and employee number with our Employee Benefits provider (this includes Childcare Voucher access, shared cost AVC, car leasing, cycle to work, voluntary pension management company and annual leave purchase schemes) to allow you to gain access to the platform. You will then be asked to sign up directly with them if you wish to partake in this benefit. If you do not wish for your information to be shared with the Employee benefits provider please contact HR@southderbyshire.gov.uk.
We will share your name and employee number with our E learning and training provider to allow you to facilitate development and system access.

We may share information in accordance with the National Fraud Initiative. For more information please refer to:

GOV.UK - National Fraud Initiative

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

How long will we keep your information for?

We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.

What security precautions are in place to protect the loss, misuse or alteration of your information?

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.

Keeping your data up to date

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.

Cookies

Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.

IP addresses

Internet Protocol (IP) addresses are collected when our site is used:

for statistical/analytical purposes
to identify any malicious activity.

Where can I get advice and more information?

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to information we hold about you. If you have any worries or questions about how your personal information is handled, please contact our Data Protection Officer by emailing dataprotection@southderbyshire.gov.uk or by telephoning 01283 595795.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate number).

Email: casework@ico.org.uk.

Further guidance on the use of personal information can be found at www.ico.org.uk.

Previous Housing Privacy Notice Next Licensing Privacy Notice

Name	Cookie purpose description	Provider	Expiry
CookieNotice	Used to hold the selections you make as to which cookies you allow from the site.	southderbyshire.gov.uk	6 months
ASP.NET_SessionId	used to hold session information	southderbyshire.gov.uk	Session
ProcessDisplayOptionsActionFilter.Pref	This cookie is used to remember display settings for colour contrast and font sizes set by the user in the accessibility options panel.	southderbyshire.gov.uk	30 days

Name	Cookie purpose description	Provider	Expiry
_ga	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	google-analytics.com	2 years
_gid	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	google-analytics.com	1 day
_dc_gtm_UA-#	Used by Google Tag Manager to control the loading of a Google Analytics script tag.	google-analytics.com	1 day
_gat	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager,	google-analytics.com	1 minute