STAFF PRIVACY NOTICE
Queen’s University Belfast (“we”, “us” and “our”) is committed to protecting your personal data. The notice is addressed to all staff, including non-statutory persons, fixed term contracts, and temporary research (“you” and “your”). This Privacy Notice tells you why we need to collect personal information about you, what we will do with it, and how we will look after it. It also tells you about your legal rights in relation to your Personal Data. If you have any questions about this privacy notice, please contact us. Contact details are provided below.
WHO WE ARE
- We are Queen’s University Belfast, a university with a reputation for excellence in education and research and a member of the Russell Group. Founded in 1845 as Queen's College Belfast, we became an independent university in 1908.
HOW YOUR PERSONAL DATA IS COLLECTED
2. Information you provide: When working for us, we will ask for information about you, such as your name, address, date of birth and bank details etc. This is known as your “Personal Data”. We may also ask you for some special categories of information (for example criminal convictions, health including maternity or paternity details, disability information, ethnic origin and religion). This is known as your “Sensitive Personal Data”.
3. Data from other sources: We also collect information about you from other sources and this also forms part of “Personal Data”. This includes information from:
- We also collect data about you from past employers, local public services and the Police – for use in Access NI checks or similar background checks – local and national government agencies, occupational health, training and accrediting bodies and persons listed in your applications as personal references.
HOW WE USE YOUR PERSONAL DATA
4. We use your Personal Data and Sensitive Personal Data in the following ways:
- To provide the required level of IT systems access and access to parts of University property relevant to your line of work;
- For salary and pension payments, processing and claims;
- To process health related information in accordance with health and safety standards and use with occupational health services;
- For the purposes of criminal background checks, where necessary;
- For publications and communications related to the business or your areas of work;
- To process your data for use in employment processes, such as appraisals, teaching evaluations, audits, reviews and Transfer of Undertaking Protection of Employment (TUPE);
- Your data will be used when accessing internal services such as library and room booking as well as for resourcing and planning functions;
- For the purposes of recruitment and selection in connection with employment or placement;
- Legislative monitoring purposes including Fair Employment Return and Article 55 Return, as well as equal pay audits, equality screening and workforce profile dashboards;
- For use in UKVI right to work checks, as well as for national and local employment reporting and statutory returns and;
- When processing certification, accreditation and awards;
- For use in the review of staff performance;
- Assess suitability for promotion;
- Monitor sickness and absence in accordance with HR policy;
- Provide administration for the staff mentoring scheme (operated by SUMAC)
- Enable staff to undertake their roles in teaching, research and administration including the booking of travel;
- Publish the online and print staff directories of basic contact details (publicly available);
- For use in PURE, when recording academic research activities and creating a publicly available staff profile;
- For use in Athena SWAN applications and evaluations;
- For use in the administration of First Aid training, with St John's Ambulance service;
- For the use in annual QS surveys for academic staff and for the ORC Staff Survey;
- Reporting requirements to funders e.g. disclosures in relation to bullying and harrassment;
- We use your image for the production of staff identification cards, it may also be captured on CCTV for security purposes and on occasion captured as part of a recording on Canvas and/or MS Teams.
LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA
5. We will only use your Personal Data if we have valid reasons for doing so. These reasons are known as our “legal basis for processing”. In certain circumstances we may ask for your consent to process your information. At other times we may be required to process your information to enable us to fulfil our part of the contract we have with you. There are circumstances where we have a legitimate interest to process your personal data, for example to provide you with a service which you have requested. The legal bases for processing your Personal Data are:
- Contractual obligations, owing to the staff/student contract;
- Legal obligations, where we are required to process it under law;
- Legitimate interests of the data controller, where we are required to process data for business related tasks and;
- To protect your vital interest where there is a threat to life.
When processing your ‘sensitive data’, we will do so in line with Article 9 of the GDPR and will use the appropriate exemption for each instance of sharing and/or processing, which are:
- Processing is necessary for carrying out obligations to employment, social security and social protection law;
- Processing is necessary to protect the vital interests of the data subject;
- Processing is carried out in the course of the legitimate activities with appropriate safeguards;
- For the purposes of public interest in the area of public health, such as cross-border threats and ensuring high standards of quality and health and safety;
- Processing is necessary for occupational health or workplace assessment and diagnosis and;
- Processing is necessary for archiving purposes in the public interest, scientific or historical research or statistical purposes.
WHO WE SHARE YOUR DATA WITH
6. In line with our Data Protection Policy and Procedures we can share your information, including Personal Data and Sensitive Personal Data, with the following parties for the purposes set out above:
- Banks and/or building societies, other employers and higher education institutions, the Home Office and UKVI, HMRC, Access NI, HEFCE, mortgage and lending providers, HSC organisations, UKRI, funding bodies, the University’s occupational health provider, Google Analytics, individuals making Freedom of Information Requests, professional and accrediting bodies, travel booking providers (i.e. Corporate Travel Management (CTM) Ltd) when making travel arrangements, ORC (Staff Survey), SUMAC for mentoring scheme, the Police and other agencies with duties relating to the prevention of crime, other libraries, Advance HE, Athena SWAN, Retirement Benefit Plan, research and project funders (e.g. Cancer Research) where we have a contractual obligation to do so, the Universities Superannuation Scheme and St John's Ambulance Service.
DATA PROCESSING OUTSIDE EUROPE
7. We use third party software providers, such as Mail Chimp, for the provision of IT services that we offer. Some of these services are based in the United States of America. These services will only be used outside of the EEA when there is an Adequacy Decision in place and/or appropriate safeguards to protect any personal or sensitive data.
HOW LONG YOUR INFORMATION WILL BE KEPT
8. We will keep your Personal Data and Sensitive Personal Data in line with the University’s records and retention schedule, which is available at http://www.qub.ac.uk/about/Leadership-and-structure/Registrars-Office/Information-Compliance-Unit/Records-Management/. We will only keep your information if we need it for one of the reasons described above. We place great importance on the security of the Personal Data that we hold, including the use of physical, technological and organisational measures to ensure your information is protected from unauthorised access and against unlawful processing, accidental loss, alteration, disclosure, destruction and damage.
9. The Data Protection Act 2018 provides you with a number of legal rights in relation to your Personal Data, including the right:
- to request access to your Personal Data;
- to request correction of your Personal Data that is wrong or incomplete;
- to request erasure or the restriction of processing of your Personal Data;
- to request the transfer of your Personal Data in a structured; commonly used machine-readable format;
- not to be subject to automated decision making; and
- to withdraw your consent.
10. If you wish to exercise any of the rights set out above, or require further information about any of the rights, please contact us.
11. Where we need to collect your Personal Data, whether for the purposes of providing a service you have requested or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to provide the service or perform the contract. We may, therefore, have to cancel the contract or the service we provide to you but we will notify you if this is the case at the time.
12. There may also be times where we cannot stop using your Personal Data when you ask us to, but we will tell you about this if you make a request.
13. If you have any questions or comments about this privacy notice, the University’s Data Protection Officer can be contacted at:
Data Protection Officer
Queen’s University Belfast
14. You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s Office (ICO). The ICO can be contacted at:
Information Commissioner's Office
CHANGES TO THIS NOTICE
15. We may update this Privacy Notice from time to time. We will notify you of the changes where we are required by law to do so.
Updated: 13 February 2023