The information below describes how Cambridge City Council collects and processes personal data relating to its employees to manage the employment relationship.

The Council is committed to being transparent about how it collects and uses your data and to meeting its data protection obligations.

This Privacy Notice reflects the requirements of the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 and sets out the types of data we hold on you as an employee of the Council, how we use that information and how long we keep it for.

• Data controller: Cambridge City Council, PO Box 700, Cambridge, CB1 0JH
• Data protection officer: Information Governance Manager & Data Protection Officer, infogov@3csharedservices.org

What information does Cambridge City Council collect and process?

The Council collects and processes a range of information about you. This includes:

• personal details including your name, address and contact details, including email address and telephone number, date of birth
• your photograph
• gender
• information about your marital status, next of kin, dependants and emergency contacts
• information about medical or health conditions, including whether or not you have a disability for which the Council needs to make reasonable adjustments.
• information used for equal opportunities monitoring, including your ethnic origin, sexual orientation, religion or belief.
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the Council and continuous service dates
• information about your nationality and entitlement to work in the UK.
• details of your bank account, tax codes and national insurance number.
• details of your driving licence, including any endorsements, details vehicle insurance and vehicle MOT (if applicable),
• current and previous job titles, job descriptions, pay grades, pension entitlement, hours/days of work, including attendance and other terms and conditions relating to your employment/engagement with us.
• information about your entitlement to benefits related to your employment and/or insurance cover.
• information about your criminal record (DBS) (if appropriate)
• details of periods of leave taken by you, including holiday, sickness absence, dependency leave, career breaks, maternity, paternity, adoption, parental and shared parental leave and the reasons for the leave.
• details of any concerns e.g., disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
• assessments of your performance, including appraisals, performance reviews and ratings (Band 10 and above) apprenticeships, training you have participated in, performance development plans and related documentation.
• information from the interviewing process i.e., Interview notes and assessments
• details of trade union membership; and where you consent to give information for the payment of trade union subscriptions via payroll.
• information linking you to a post(s) within the Council.
• personal data about you from third parties, such as references supplied by former employers.
• CCTV footage
• building entry records

How we collect your data

The Council collects this information in a variety of ways. For example, data is collected through application forms, or CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

In some cases, the Council collects information from employment background check providers, information from credit reference agencies and information from criminal records checks permitted by law.

Data is stored in a range of different places, including in your personnel file, in the organisation's HR management systems and in other IT systems (including the organisation's email system).

Why does Cambridge City Council process personal data?

The Council needs to process data to enter into an employment contract with you and to meet its obligations under your employment contract. For example, it needs to process your data to provide you with an employment contract, to pay you in accordance with your employment contract and to administer benefits, pension and insurance entitlements.

In some cases, the Council needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee's entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.

In other cases, the Council has a legitimate interest in processing personal data before, during and after the end of the employment relationship. Processing employee data allows the organisation to:

• run recruitment and promotion processes
• maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights
• operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace and undertake procedures with regard to both of these if the need arises
• ensure employees are compliant with relevant Council policies and procedures
• operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes
• operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled
• gain occupational health advice when making decisions about an employee’s fitness to work; ensures the Council complies with duties in relation to individuals with disabilities and to meet its obligations under health and safety law
• operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled
• ensure effective general Human Resources and Corporate business administration e.g., business planning, restructuring, and maintenance of IT systems/security to avoid unauthorised access
• undertake organisational change and transfer of undertakings (TUPE)
• maintain training and apprenticeship records
• provide references on request for current or former employees
• respond to and defend against legal claims
• maintain and promote equality in the workplace
• conduct employee engagement surveys

What are the special categories of data?

Special categories of data are data which relates to the following:

• Health
• Sex life
• Sexual orientation
• Race
• Ethnic origin
• Political opinion
• Religion
• Trade union membership
• Genetic and biometric data

We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:

• You have given explicit consent to the processing.
• We must process the data to carry out our legal obligations.
• We must process data for reasons of substantial public interest.
• You have already made the data public.

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, we may ask for your consent to allow us to process certain particularly sensitive data.

If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

Where the Council relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not. The reasons for processing are recorded on the Council’s Asset Register.

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes).

Special category personal data on criminal records is processed as part of recruitment procedures and where necessary, in the course of employment to verify suitability for continued employment and to comply with legal and regulatory obligations to which Cambridge City Council is subject.

Data related to nationality is processed to ensure the Council is complying with its legal obligations to check that individuals have the right to live and work in the UK.

Information about trade union membership is processed to allow the Council to operate check-off for union subscriptions.

Where the Council processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring as permitted by the Data Protection Act 2018. It should be noted that you can ask us to stop processing this data at any time.

Who has access to data?

Your information will be shared internally, including with members of the Human Resources and Recruitment teams, Payroll, Health and Safety, your line manager, managers in the business area in which you work, Executive Support and IT staff, if access to the data is necessary for performance of their roles.

The Council shares your data with third parties in order to obtain pre-employment references or checks from other employers or organisations, and obtains necessary criminal records checks from the Disclosure and Barring Service.

The Council may also share data with third parties in the context of our shared services i.e. System Administrators of HR/Payroll Services, including the external system provider. In those circumstances, the data will be subject to confidentiality arrangements.

The Council may also share your data with third parties in the context of a transfer of some or all of its services. In those circumstances the data will be subject to confidentiality arrangements.

The Council also shares your data with third parties that process data on its behalf, in connection with the provision of benefits, Health and Safety matters, training providers and the provision of occupational health services.

The Council will not transfer your data to countries outside the European Economic Area.

Your data may be transferred to countries outside the European Economic Area (EEA) for pre-employment checks where this is relevant in processing an application or offer of employment.

How does Cambridge City Council protect data?

The Council takes the security of your data seriously and has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the Council engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

For how long does Cambridge City Council keep data?

The Council will hold your personal data during your employment and after the end of employment.

The periods of retention of data are set out in the Corporate Policy – Record Retention and Management.

In relation to CCTV footage and building entry records, the Council will only hold the data for 28 days, whereby it is automatically deleted.

Does the Council use Automated decision making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

Your rights in relation to your data

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your data on request
• require the Council to change incorrect or incomplete data
• require the Council to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
• object to the processing of your data where the Council is relying on its legitimate interests or public task as the legal basis for processing
• ask the Council to stop processing data for a period if data is inaccurate or there is a dispute about whether your interests override the Council’s legitimate grounds for processing data
• if you would like to exercise any of these rights, please contact Human Resources by email at hrbusinesspartners@cambridge.gov.uk or telephone 01223 458119 or the Information Governance Manager & Data Protection Officer, by email at infogov@3csharedservices.org or telephone 01480 388850/01954 713318
• you can make a subject access request by writing to the data protection officer or by completing the Council’s form for making a subject access request
• if you believe that the Council has not complied with your data protection rights, you can complain to Cambridge City Council’s Data Protection Officer or the Information Commissioner

What if you do not provide personal data?

You have some obligations under your employment contract to provide Cambridge City Council with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith.

You may also have to provide Cambridge City Council with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to live and work in the UK and payment details, have to be provided to enable the Council to enter a contract of employment with you. If you do not provide other information, this will hinder Cambridge City Council's ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

Further Information

For further information about this Employment Privacy Notice please contact Human Resources by email at hrbusinesspartners@cambridge.gov.uk or telephone 01223 458119.