The University of Westminster is the data controller of the personal data collected and held in relation to its employees, unless otherwise indicated below.


The University of Westminster takes its data protection obligations very seriously. Access to any personal information you give us when an employee of the University is subject to a staff confidentiality agreement. Access to your personal information is limited by permissions to only those staff and administrators who need access to manage your employment with us or where otherwise allowed by UK law.

Your personal data

All of the information you provided us with during your successful application to become an employee with the University will form the basis of your employee record, and where required used to facilitate your employment with us.

We do not collect more information in the course of your employment with the University than we require in order to fulfil our employment purposes and will not retain your personal information for any longer than is necessary.

Your information will not be shared with any third parties for marketing purposes.

Your information may be stored outside of the European Economic Area, but when it is, the contractual arrangements governing the legal transfer of your data will be available to you on request.

Use of personal data and legal basis of processing

The personal details you supply us with at the point of employment and subsequently as an employee of the University, will be used for the following purposes related to your contract of employment:

  • Employment matters (including obtaining references, probation period reports, appraisals, attendance, conduct, personal development, internal post applications, interviews, appointments and promotions, leave and sickness absence, grievance issues and complaints, including academic misconduct investigations and employee disciplinary actions)
  • Maintenance of employee records, including your emergency contact details
  • Compliance with employment visa requirements
  • Administering employee payments and salaries (including pensions and other employee benefits)
  • Providing employee support services (including the Employee Assistance Programme and our Occupational Health Service)
  • Provision of access to University sites and facilities, and use of IT services, including the University Library systems, and the IT tools you require for your role

Also, your personal information will be used in relation to our legal obligations, which include:

  • Information required by the Home Office and UKVI, in connection with visa requirements and immigration
  • HMRC in matters relating to pay, benefits and taxation
  • Responding to requests for information from government bodies and their authorised agents in line with current UK Higher Education legislation
  • Monitoring Equal Opportunities, Equal Pay and the Gender Pay Gap at the University
  • Ensuring the safety and security of employees
  • Safeguarding and promoting the welfare and wellbeing of employees
  • Responding to requests related to your rights under UK Data Protection Law
  • As a public authority under the Freedom of Information Act (2000), responding where lawful to requests for information
  • And as otherwise allowed in UK law

Additionally, as a public authority, and in the public interest, your personal information may be used to:

  • Provide information to the Higher Education Statistics Agency (HESA) for their use and purposes.
  • Provide operational information and aggregate statistics to improve University performance and services
  • Conduct authorised research, surveys and analysis, which may involve third-party data processors

Some information you give us for the above purposes, will be collected and processed on the basis of your explicit consent, eg Equal Opportunities information.

In an emergency situation, contact details you have given to us will be used in relation to your or others' vital interests.

Being Safe, Feeling Safe Individual Risk Assessments

During the Covid-19 pandemic some employees may be requested to work on University sites or may wish to work on University sites to meet a critical need. To be authorised to be on University sites, employees need to complete the Being Safe, Feeling Safe Individual Risk Assessment.

Where this information contains special category personal data, your consent for us to process it will be recorded.

Information collected will be processed securely and automatically to produce an overall Risk Assessment Outcome, which will then be forwarded to employees with instructions on what to do next. Employees will be expected to contact their line manager to discuss their Risk Assessment Outcome and agree what actions to take.

If you do not agree with the automated Risk Assessment Outcome you are given and would like to have it reviewed please contact:

No details given at data collection will be shared with or accessed by anyone outside the specialist HR Safety, Health and Wellbeing Team. Your overall Risk Assessment Outcome will be shared with yourself only to discuss further as required.

The University will retain all information given on Individual risk assessment forms and related outcomes for the period of the pandemic or until of no further business use. Some aggregated, anonymous data for statistical purposes will be generated for management use, but no individual will be recognisable from any management reporting.

Further information on your information rights are given below.

Health Management Ltd

Health Management Ltd provide occupational health services for the University. As an employee, you will have completed a questionnaire, which will have helped to determine if you are fit to undertake the work you have been offered and to establish if any reasonable adjustments are needed.

Health Management will hold your sensitive personal health data as both a Data Processor in relation to these services and as a Data Controller, providing the University with a fit to work certificate or a report with recommendations.

You will have been given the opportunity to view any report before it was sent to us and to have consented to any potential occupational health assessment.

For your initial health assessment and any subsequent personal health records held by Health Management Ltd and your rights relating to this information, please see Health Management Ltd's Privacy Notice.

Legal and General

If your contract states that you are eligible for enhanced health assurance (ie assurance which is additional to any to which you are eligible through the appropriate University pension scheme), the University will share the minimal required data with the service provider, Legal and General, in order that they can administer the insurance contract. Please see their privacy policy and GDPR statement.

Staff benefits and rewards

The University offers staff a number of employment-related benefits, and when these involve using a third party, for example our eye care scheme. where all permanent members of staff who habitually use display screen equipment as a significant part of their normal work are entitled to free regular eye tests, you will have access to relevant Privacy Statements.

For details of current staff benefits and rewards, see our SharePoint page (staff log-in required).

Data retention

Your personal details are necessary and used only for the purpose of processing, as given above.

We will not retain much of your personal employment information for any longer than is necessary.

However, there are instances when we are required by law to retain your information for a lengthy period, even after you have left our employ, for example for HMRC and pension purposes.

There is a substantial and complex amount of EU and UK legislation which has an impact upon the retention of HR records.

HR will keep documents for either 6 or 7 years and delete from SAP as follows:-

  • 7 years after leaving date (to ensure 6 tax years) for any documents containing or referring to contractual terms, changes to contract and salary, and to Visa and Immigration regulations;
  • 6 years after event (Limitations Act) or 12 months after leaving date, if this is earlier, for any supporting documents relating to formal HR processes (applications for posts or grades/ references and assessments/ disciplinary, grievance and capability documentation/ redundancy, VS and TUPE documents/ requests for family leave/ appeals).

Changes to your personal data

As an employee, you can use our HR Self Service portal to help keep your personal details up-to-date.

A change to your bank or building society details should first be discussed with our HR services team. Do not put sensitive details in an open email, first contact us to discuss.

Requests to a legal change of name will also need to be submitted in writing to the HR Services Team [email protected].

Data transfers and sharing

None of your personal information is shared by the University with any other third party organisation, other than where this is necessary for the processing as outlined above, or where otherwise allowed by UK law.

Where services involve a third party processing your information, such services will be covered by a contract.

Staff Networks

Staff Networks (BME, LGBT+, and Disability to name a few) are a safe space for colleagues to develop a community, explore opportunities, exchange ideas and share cultures.  Membership is voluntary and you are free to opt out if and when you so desire.  Our membership list is treated with the highest integrity and remains confidential with restricted access as per University guidelines.  Your details will only be used, with your permission, to contact you and provide updates on events and activities.

Further information

Further information and guidance for staff on their responsibilities for personal data protection under UK data law can be found in the University of Westminster Personal Data Protection Policy.

Your rights

If you have any questions relating to your personal information and your information rights, including right of access, rectification and erasure, please see the University’s data protection web pages.

Or contact the University Information Compliance Team [email protected]

You can also contact the Information Commissioners’ Office in relation to any concerns or issue you may have with the processing of your personal information.

Last reviewed and updated to June 2018