Staff data privacy statement
Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats by the University in accordance with the provisions of the Data Protection Act 1998, the University of Westminster Personal Data Protection Policy and related legislation. Access to your personal information is limited to staff who have a legitimate interest in it for the purpose of carrying out their contractual duties. It is used for a range of purposes:
- To administer a range of Human Resources (HR) processes (eg Recruitment)
- To assess an individual's qualifications and suitability, including state of health, for a particular job or task
- For remuneration, payroll and pension administration
- To establish a contact point in the case of an emergency
- To manage an employee's interactions with the various facilities and services offered by the University (eg Employee Helpline)
- To establish an employee's learning and career development requirements
- To administer the Professional Performance and Development Review (PPDR) process
- To support the preparation of statistics for various purposes (including the monitoring of equality and diversity issues; see the ‘Sensitive Personal Data’ and ‘Internal reporting’ sections below)
- Your personal information is disclosed as permitted or required by law and, in particular, to support statutory and other reporting duties (eg Higher Education Statistics Agency (HESA) requirements; see the ‘Higher Education Statistics Agency’ section below)
Sensitive personal data
Sensitive personal data, as defined by the Data Protection Act, includes information relating to:
- The racial or ethnic origin of the individual
- Political opinions
- Religious beliefs or other beliefs of a similar nature
- Membership of a Trade Union
- Physical or mental health condition
- Sexual life or history
- The commission or alleged commission of any offence
- Any proceedings for any offence committed or alleged to have committed, the disposal of such proceedings or the sentence of any court in such proceedings.
The University is obliged to seek the following information from staff but it is not compulsory for staff to provide responses:
- Ethnic origin
- Religious belief
- Sexual orientation
You may have also been asked to provide the above personal sensitive information and details of any unspent criminal convictions via the recruitment process.
Access to, and the sharing of, this sensitive personal data is controlled very carefully (eg departmental administrators and other managers are not able to access sensitive personal data in My Staff Portal).
When reporting on personal sensitive information, only aggregate data is presented so that an individual's data will be protected.
Internal management information reporting is an important management tool for the University to meet statutory reporting requirements, to monitor its policy and performance, to develop equality aims and objectives and provide a better understanding of our diverse University community.
When used for the purposes described, steps are taken to ensure that staff information remains confidential ie only available to authorised persons, or where more widely shared, is aggregated to ensure individual identities are protected.
Higher Education Statistics Agency
Much of the data maintained by the University about staff is required by the Higher Education Statistics Agency (HESA). HESA gathers information from publicly funded higher education institutions at the request of various government bodies, such as the Department for Business, Innovation and Skills and the Higher Education Funding Council for England. For information about how this data is used, please see the HESA Staff Collection Notice page.
Changes to your personal details
Employee Self Service can be accessed for most changes to personal details. Shortly before the monthly pay date, access to edit your data in Self-Service may be restricted for short periods. If this is the case, please return the following day to make the required change. All changes to names should be submitted in writing to the HR Services Team ([email protected]) along with evidence of the change (eg marriage or deed poll certificate).
Queries and further information
If you have any queries about how your data is used or the application of the Data Protection Act in reference to staff data, please contact the HR MI & Systems Team in the first instance ([email protected]). If further advice is required, you will be referred to the University Data Protection Officer (email: [email protected]).
Further information and guidance for staff on their responsibilities for personal data under the Data Protection Act can be found in the University of Westminster Personal Data Protection Policy.
Details of the University's overall data protection notification (registration) with the Information Commissioner are available on the Information Commissioner's website.
This statement is current but under review, and is likely to be updated by the end of 2016 in line with the requirements of the General Data Protection Regulations (GDPR).