- Who are we and what services do we provide?
-
Runnymede Borough Council collects and processes personal and sensitive data relating to its employees and applicants to manage the employment relationship.
The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
- What personal information do we collect?
-
We collect and process the following information to manage our employment relationship and responsibilities.
- Identity data [name, address and contact details, date of birth, gender]
- Vehicle information [car details including registration and driving licence]
- Contractual information [terms and conditions of your employment, working pattern and working hours, remuneration, including entitlement to benefits]
- Skills and experience [qualifications, skills, experience and employment history]
- Financial and payment information [bank account and national insurance number]
- Relationship information [marital status, next of kin and their emergency contact information, child's details (if claiming childcare vouchers)]
- Entitlement to work [nationality, entitlement to work in the UK, criminal record check
- Employee management information [leave dates and reasons, sickness absence and investigations, performance and improvement plans, disciplinary and grievance investigations]
- Health Information [medical or health conditions, including whether or not you have a disability]
- Trade union membership [the trade union you have a membership with]
This data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms and new starter detail forms); from correspondence with you; or through interviews, meetings or
other assessments.In some cases, personal data about you is collected from third parties, such as references supplied by former employers, the Council’s Occupational Health provider and information from criminal records checks permitted by law.
We collect and process the following information to monitor equal opportunities.
- Ethnic origin
- Sexual orientation
- Disability
- Religion or belief
Data collected for the purposes of equal opportunities monitoring is anonymised or collected with the express consent of employees, which can be withdrawn at any time. Employees are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.
- What lawful basis is engaged?
-
Our lawful basis for the above purposes is as follows:
Contract - We need to process data to enter into an employment contract with our employees and to meet our obligations under this employment contract.
Legal obligation – We have legal obligations we need to comply with for example under employment law and other linked legislation such as health and safety and equalities legislation which requires us to process personal data to fulfil our responsibilities.
Legitimate interests - a legitimate interest in processing personal data before, during and after the end of the employment relationship to assist with the following;
- Run recruitment processes
- Maintain accurate records
- Manage employees' performance, career development, absence and ensure appropriate conduct and effective workforce management
- Effective general HR and business administration
- Provide and request references
Respond and defend against legal and insurance claims
- Who has access to your personal data?
-
Your information will be accessed or shared internally with members of the HR team and payroll, your line manager, managers in the business area in which you work and IT staff where access to the data is necessary for performance of their roles.
Our processors use your data to provide us with services necessary to meet our objectives. We ensure that there are appropriate agreements in place to protect your data and it is only processed under our instruction.
- ResourceLink (Zellis Ltd.) (integrated HR/Payroll system)
- Eploy (applicant recruitment site)
- Surrey Learn Partnership (Training Provider)
- Learning pool (Online Training Provider)
We will not transfer your data to countries outside the European Economic Area.
- Who do we share data with?
-
Where necessary for the purposes stated, your information will be shared with the following organisations:
- HMRC
- DWP/Pension Services
- Disclosure and Barring Service
- Surrey Pension Fund
- Mortgage Companies (if requested by Employee)
- Estate Agents (if requested by Employee)
- Prudential (if employee is signed up for AVC)
- National Fraud Initiative
- Medigold (Occupational Health Service Provider)
- Health Assured (EAP provided via Medigold, shared if requested by Employee)
- UKHealthcare Ltd. (if requested by Employee)
- Sodexo (childcare voucher provider, if requested by Employee)
- Surrey Save (if requested by Employee)
- Specsavers Optical Group Ltd (if requested by Employee)
- Apprenticeship DAS portal on government website
- Other organisations where consent was given by the employee
- Insurance companies
- Other statutory bodies
- How do we protect personal data?
-
Please see the ‘How we take care of your personal data’ section of our main Privacy Policy.
- How long do we keep your personal data?
-
Runnymede Borough Council will hold your personal data for the duration of your employment. The periods for which your data is held after the end of employment are set out in the relevant Record Retention and Disposal Schedule.
- Your rights
-
As a data subject, you have a number of rights, including access to your data. A request for access can be made via our website or by sending an email to foi@runnymede.gov.uk
To find out more about your rights please see the ‘Your Rights’ section of our main Privacy Statement
If you believe that Runnymede Borough Council has not complied with your data protection rights, you should initially try to resolve it with the relevant department.
If you are unable to resolve the issue to your satisfaction contact our Data Protection Officer (DPO) who will investigate. If you remain dissatisfied with the outcome of the DPO’s review you can make a complaint to the Information Commissioner. You can find out further information on making a complaint to the Information Commissioner.
You can find out further information on making a complaint to the Information Commissioner on their website Information Commissioner's Office (ICO) (Opens in new tab)