During the course of our activities we, FCMS NW Ltd and PDS Medical Ltd, will process personal data (which may be held on paper, electronically, or otherwise) about our staff and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR). The purpose of this notice is to make you aware of how we will collect and use your personal information both during and after your working relationship with FCMS NW Ltd and PDS Medical Ltd.
This notice applies to all prospective, current and former employees, workers, contractors, consultants, apprentices, work experience and others. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
The Controller is FCMS NW Ltd and/or PDS Medical Ltd of Newfield House, Vicarage Lane, FY4 4EW.
FCMS NW Ltd and PDS Medical Ltd have an appointed a data protection officer.
2. DATA PROTECTION PRINCIPLES
We will comply with the six data protection principles in the DPA and GDPR, which say that personal data must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and where necessary kept up to date.
- Not kept in a form which permits your identification for no longer than is necessary for the purposes for which the data is processed.
- Processed in a manner which ensures appropriate security of the data.
Personal data” means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you, made by you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3. FAIR AND LAWFUL PROCESSING
We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others. The full list of conditions is set out in the GDPR.
We will only process “special category data” also called “sensitive personal data” about racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data and personal data relating to criminal proceedings or convictions, where a further condition is also met. Usually this will mean that you have given your explicit consent, or that the processing is legally required for employment purposes. The full list of conditions is set out in the GDPR.
4. WHAT TYPES OF PERSONAL DATA DO WE COLLECT ABOUT YOU.
FCMS NW Ltd and PDS Medical Ltd collects and processes a range of personal information about you. This may include: –
- Your contact details including name, address, telephone number and email address.
- Emergency contact details and next of kin.
- Date of birth and national insurance number.
- Your gender, marital status and dependants.
- Right to work in the UK and passport.
- Recruitment records, application form and covering letter, CV, interview notes, references, qualification certificates, any professional memberships, any background checks, termination letters and interview notes including exit interviews.
- Details of skills, qualifications, experience and work history.
- Salary, entitlement to any benefits, pension information, HMRC information and bank account details.
- Any disciplinary, complaints, grievance and capability records.
- Any information relating to appraisals including information at meetings.
- Information about your use of IT systems, including use of telephone and email and any recording we make.
- Health including medical conditions, disabilities, sickness absence records, medical reports and related records.
- Racial or ethnic origin, religious or similar beliefs and sexual orientation.
- Criminal proceedings or convictions.
- Bank account details.
- Driving licence and car insurance details.
- Professional indemnity insurance cover.
- CCTV images
- Details of Professional Registration
- Voice recordings from telephone calls
- Image and audio recordings from dashcam devices
- Information recorded by a tracker on a vehicle
5. HOW DO WE COLLECT YOUR PERSONAL DATA
We collect personal data in a variety of ways. It is collected during the recruitment process, either directly from you or sometimes from a third party, such as an employment agency, former employer, background check providers, credit reference agencies and from the DBS. We also collect information throughout the period of your working relationship with us. This may be collected during your work-related activities. Some of the information you provide will be a statutory requirement and others contractual. We will inform you whether you are required to provide certain personal information statutory or contractually or whether you have a choice.
6. HOW DO WE USE YOUR PERSONAL DATA
We will process data about staff for legal, contractual, personnel, administrative and management purposes and to enable us to meet our legal obligations as an employer, for example to pay you, monitor your performance and to confer benefits in connection with your employment. We will also process data where it is necessary for our legitimate interest such as training, profiling staff and advising staff of benefits from third parties. We may also use your data where it is necessary to protect your vital interests. This processing may include:
- To maintain accurate records and contact details.
- Assessing suitability for employment, promotion, conferring benefits and pay reviews.
- Complying with statutory and contractual requirements.
- Maintaining records of employment, grievance, complaints, disciplinary, performance, appraisal, training, career and professional development and needs.
- Operating staff schedules, leave, sickness absences, workforce management, maternity leave, paternity leave, adoption leave and any other unpaid leave.
- Payment to you of any entitlements and payment to any third party such as HMRC or a pension provider.
- Reviewing sick leave or fitness to work.
- Preventing fraud.
- Monitoring use of IT systems.
- Ensuring effectiveness of HR polices, data protection polices, business administration and other business policies and procedures.
- Establishing or defending complaints and legal claims.
- To fulfil laws which apply to us and any third parties we work with.
- For statistical research and analysis and to enable us to we can monitor and improve services.
- To monitor how we are meeting our clinical and non-clinical performance.
- Managing our relationships with you and third parties who assist us to provide the services or information to you.
We may process special category data relating to staff including, as appropriate:
- information about an employee’s physical or mental health or condition to monitor sick leave and take decisions as to the employee’s fitness for work;
- the employee’s racial or ethnic origin or religious or similar information to monitor compliance with equal opportunities legislation;
- to comply with legal requirements and obligations to third parties.
- The above is not a restrictive list and we may process all the special category data set out in clause 3.2 above.
7. WHO WILL SEE YOUR PERSONAL DATA
Your personal data may be shared internally within FCMS NW Ltd and PDS Medical Ltd including members of HR, payroll department, management and IT where your personal data is necessary for the performance of their roles. It may also be shared with the wider work force where this is necessary for our legitimate interest.
FCMS NW Ltd and PDS Medical Ltd may also share your personal data with third parties which may include:
- External organisations for conducting pre-employment reference and background checks.
- To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
- Payroll providers.
- Benefits providers such as insurance and pensions.
- Occupational health providers.
- External IT support.
- Auditors, accountants, lawyers and other professional providers.
- HMRC and other government bodies.
- DBS checking agencies.
- If we merge or restructure or sell the organisation
- With regulators or to comply with any legal obligation.
- When you request that we supply personal data to another party you wish to supply services or products to you.
- Where we use other companies to provide services on our behalf for training, processing, mailing, delivering, answering questions about products or services, sending mail and emails, data analysis, assessment and profiling or processing credit/debit card payments.
- with our subsidiaries, affiliates or associated organisations or companies.
- When you join or take part in any social media platforms managed by us.
- When you feature in any promotional video for such purposes for example recruitment, or advertising
8. PROTECTING YOUR PERSONAL DATA
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
9. DATA RETENTION
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed including satisfying any legal, tax, health and safety, reporting or accounting requirements.
We will generally retain your data for the duration of your employment or contract with us and for a period of 7 years after termination of your employment or contract. This is subject to any minimum statutory or other legal requirement.
Personal data which is no longer retained will be securely and effectively destroyed.
10. PROCESSING IN LINE WITH YOUR RIGHTS
You have the right to:
- Request access to any personal data we hold about you.
- Ask to have inaccurate data held about you amended.
- Request the erasure of your personal data – this enable you to ask us to delete or remove your personal data where there is no compelling reason for its continued processing.
- Request us to restrict the processing of your personal data.
- Object to the processing of your personal data.
- Request data portability – this is a request to transfer personal data to a third party so it can be reused.
- Request a review of automatic decision making – we do not envisage that any employment decisions will be taken solely on automated decision making. However, we will notify you is this position changes.
If you wish to know what personal data we hold about you, you must make the request in writing to Sam Marsh, Head of Quality and Risk. All such written requests should be forwarded to Head of Quality and Risk.
If you are not satisfied with the way in which we deal with your request you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk.
11. TRANSFERRING DATA OUTSIDE THE EEA
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the European Economic Area (EEA)
12. CHANGES TO THIS PRIVACY NOTICE
FCMS NW Ltd and PDS Medical Ltd reserves the right to update or amend this privacy notice at any time, including where FCMS NW Ltd and PDS Medical Ltd intends to further process your personal data for a purpose other than that for which the personal data was collected or where we intend to process new types of personal data. We will issue you with a new privacy notice when we make significant updates or amendments.
If you have any questions about this privacy notice or how we handle your personal data please contact Samantha Marsh, Head of Quality and Risk, Newfield House, Vicarage Lane, Blackpool, FY4 4EW
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with your line manager or contact Sam Marsh. Any breach of the DPA will be taken seriously and may result in disciplinary action.
This policy was last updated on 23/12/2019