Protecting Your Personal Information: a guide for staff...
Personal information describes anything which can be used to identify a person as an individual. A name by itself is not considered as such, but where, for example, that name appears alongside an address, telephone number or a photograph, then this is something that, as a business, we are obliged to handle in a responsible way. Examples of personal information we hold about you on a permanent basis include: contact details; standard employment records & financial information. Examples of personal information we hold about you on a temporary basis include: records relating to the use of our IT networks & CCTV records and telephone voice messages.
As part of your employment record, we may well have personal information that is considered ‘sensitive’. Where this information is held, it is only done so in order to fulfill the contractual and legal obligations of the business and will be treated with the strictest confidence. A very limited number of staff have access to the sensitive personal information of other employees and access to such information has additional control measures in place. Examples of sensitive personal information we hold about you on a permanent basis include: health records; DBS records, accident records & sensitive employment records.
You will come into contact with your colleagues’ personal information on a frequent basis and we all have a responsibility to ensure that we do not abuse our privileges. In order to manage this risk, all staff are given training in the principles of data protection and the Company has published an Information Governance Handbook which includes policies relating to the safeguarding of all personal information, whether such data belongs to our residents, visitors or staff themselves. Where we hold personal information about you, it is done so to the same standard as that of our residents. Where third-party service providers and other businesses are contracted to work with us, their contractual terms require the same standards of confidentiality as your own.
Your personal information, as standard, will be held by us for a period of 6 years following the end of your employment 6 years following the end of your employment after which it will be securely destroyed or rendered non-identifiable. Any remaining information is held beyond this date for the historical record of the Company. Further details of our Document Retention Schedule is available as part of the Information Governance Handbook.
You are legally entitled to see copies of all personal information that we hold about you and to ask for any errors to be be corrected. In certain circumstances you may be able to have your personal information permanently erased, or its’ processing restricted. This would be done through a process known as a Subject Access Request, details of which are explained in a separate Advice Notice – Subject Access Requests.
If you have any reason to believe that Birtley House has not dealt correctly with your information, please contact Tim Whalley. If you are still not satisfied, you should contact the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.