Human Resources Privacy Notice

 

< Back to Privacy Notices

This Privacy Notice describes how Whitstable Medical Practice collect and use personal information about you during and after your working relationship with us.

We are required by law to provide you with the following information about how we handle your information.

Our full list of Privacy Notices can be found here

Data Controller contact details

Whitstable Medical Practice, Estuary View Medical Centre, 25 Boorman Way, Whitstable, Kent, CT5 3SE

Purpose of the processing

Reasons for processing your personal data include:

  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Education
  • Health administration and services
  • Information and databank administration
  • Crime prevention and prosecution of offenders
  • Sharing and matching of personal information for national fraud initiative

A list of Practice processing activities can be found on our website.

Information we collect and use

Personal Information

  • your name, photograph, contact details including address, email address and telephone number, date of birth, National Insurance (NI) Number and driving licence (if relevant to the role), information about your nationality and entitlement to work in the UK

Job Information

  • the terms and conditions of your employment
  • details of your working arrangements (days of work and working hours) and attendance at work
  • details of your qualifications, skills, experience, and employment history, including start and end dates, and dates of continuous service
  • information about your remuneration, including entitlement to benefits such as pensions or insurance cover
  • details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave
  • details of vaccinations if relevant to your post
  • details of your bank account for pay and expenses purposes

Performance Information

  • details of any disciplinary, performance, absence, or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
  • assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence

Information about your family

  • information about your spouse, partner or civil partner or other individuals when names as an emergency contact
  • information on dependants where required for pension purposes or childcare vouchers or benefits

Special Category Data

  • information about medical or health conditions, including whether you have a disability for which the Practice needs to make reasonable adjustments
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
  • Trade union affiliations, where applicable
  • Information about past criminal convictions (Disclosure and Barring Service), and or your fitness to practise in certain regulated professions

Lawful basis for processing

Article 6(1)(b)…‘necessary for the performance of a contract with employee’

Article 6(1)(c)…’necessary for compliance with a legal obligation’

Article 6(1)(f)…’in the Practice’s legitimate interests, which are not outweighed by the fundamental rights and freedoms of the data subject’

Article 9(2)(b) Employment, social security, and social protection

Article 9(2)(g) Reasons of substantial public interest 

Schedule 1, Part 1(1) Data Protection Act 2018 - Necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the Data Subject in connection with employment, social security, or social protection.

Schedule 1, Part 2(8) Data Protection Act 2018 - necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained

Schedule 1, Part 2(14) Data Protection Act - is necessary for the purposes of preventing fraud or a particular kind of fraud

Recipient or categories of recipients of the processed data

  • Professional Bodies (ie GMC, RCN, etc.)
  • Payroll Provider Medic Accounts
  • Pension Provider NHS Pension
  • Occupational Health Provider All Health Matters
  • HM Revenue and Customs
  • Education Establishments
  • Police & Judicial Services
  • CQC 
  • NHS jobs and Indeed
  • TeamNet
  • CWJ Solicitors
  • Disclosure and Barring Service (DBS)
  • Your previous or prospective employer

The Practice may also receive information about you from these organisations.

Right of access

Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”).

Rights in relation to inaccurate personal or incomplete data

You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable.

Rights to object to or restrict our data processing

Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.

This right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.

Right to erasure

Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.

We may not be able to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.

How to exercise your rights

To exercise your rights, please contact us

Retention period

Your personnel records are kept in compliance with law and national guidance. Details on how long records are kept are set out in the NHS England, Record Management Code of Practice 2021.

Right to complain

If you are unhappy with how your personal data is processed, you have the right to complain to the Information Commissioners Office (ICO). Their helpline number is 0303 123 1113.

We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please do contact us in the first instance.

Data Protection Officer contact details

A. Ervine
GP Data Protection Officer
NHS Kent and Medway
Kmicb.gpdpoteam@nhs.net

Veteran Friendly Armed Forces veteran
friendly accredited
GP practice
QiC Dermatology - Quality in Care Programme 2024
Proud to be a Parkrun Practice

Estuary View Medical Centre
Boorman Way
Whitstable
Kent
CT5 3SE

Telephone: 01227 284300

Chestfield Medical Centre
Reeves Way
Chestfield
Kent
CT5 3QU

Telephone: 01227 284300

Whitstable Health Centre
Harbour Street
Whitstable
Kent
CT5 1BZ

Telephone: 01227 284300