Employees and apprentices privacy notice

This privacy notice applies to employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees, apprentices and those carrying out work experience.

It does not apply to partnership roles, where the employer is someone other than Brighton & Hove City Council. That recruiting council will be able to let you know what privacy arrangements they have in place.

The data controller for your data

Brighton & Hove City Council is the data controller for purposes of the Data Protection Act (2018) and The General Data Protection Regulation (EU) 2016/679 ("GDPR") and is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z5840053.

Brighton & Hove City Council are committed to protecting your personal information. As a data controller, we have a responsibility to make sure you know why and how your personal information is being collected in accordance with relevant data protection law.

Why we’re collecting your data

We are collecting your data to enter into a contract with you and to meet our obligations under your contract. For example, we need to process your data to provide you with a contract, to pay you in accordance with your contract and to administer benefit, pension and insurance entitlements.

In addition to this, we collect and process your data to carry out our obligations and exercise specific rights in relation to employment:

  • Run recruitment and promotion processes
  • Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights
  • Operate and keep a record of disciplinary, grievance and capability processes, to ensure acceptable performance and conduct within the workplace
  • Operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes
  • Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled
  • Obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled
  • Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the council complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled
  • Ensure effective general HR/Pensions/Payroll and business administration including accounting and auditing
  • Provide references on request for current or former employees
  • Statutory reporting
  • Crime prevention and prosecution of offenders
  • Share and match personal information for the National Fraud Initiative
  • Respond to and defend against legal claims
  • Maintain and promote equality in the workplace
  • Health information to make reasonable adjustments where applicable in the workplace

We process elective data about ethnic origin, sexual orientation, health, religion or belief, age, gender and marital status to generate statistical equal opportunities information about our workforce. This information is anonymous and aids us to:

  • fulfil a statutory duty to assist in ensuring fairness of treatment in appointment decisions, as statistical monitoring shows whether we are treating minority groups equitably.
  • plan our workforce and respond to Freedom of Information requests from the public.

What is the legal basis for collecting your data

We have a legal basis for processing this data to:

  • successfully carry out the performance of a contract
  • comply with legal obligations and exercise specific rights in relation to employment
  • it is considered necessary to enable us to carry out our tasks, functions, duties or powers or to perform a task carried out in the public interest
  • elective special category data is collected for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes which shall be proportionate to the aim pursued

The data we may collect

We collect the following information from application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We also collect personal data and special category data from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The type of information collected from you is as follows:

Personal data

  • Your full name and title.
  • Contact details including email address, phone number, and home address.
  • Date of birth
  • Gender
  • National Insurance number
  • Bank account details
  • Details of your employment and training history.
  • Education history, qualifications and professional memberships
  • Any information you supply about how you meet the essential/desirable criteria for a role or apprenticeship.
  • Declarations about any disciplinary action, resignation in the face of dismissal, disqualifications or unspent convictions.
  • Health declarations
  • Marital status, next of kin and emergency contacts.
  • Nationality and eligibility to work in the UK
  • Equal opportunities monitoring data.
  • Details of your referees
  • References
  • Terms and conditions of your employment
  • Photo ID for security pass
  • Details on remuneration, including entitlement to benefits such as pensions, childcare vouchers, cycle to work schemes and tax-free loans.
  • Working pattern and attendance at work
  • Details of leave taken by you, including holiday, sickness absence, family leave, sabbaticals, special discretionary leave and the reasons for the leave
  • Details of expense claims including subsistence, additional hours and mileage
  • Details of relocation expenses
  • Details of any disciplinary, grievance and capability procedures in which you have been involved, including any warnings issued to you and related correspondence
  • Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence
  • Details of your driver’s licence and car insurance policy to confirm you are lawfully able to drive for work purposes
  • Information relating to health and safety including risk assessments and incident reports.

Special category data

We may also collect special category (sensitive data) of personal data that may include:

  • Physical or mental health details
  • Racial or ethnic origin
  • Gender identity
  • Sexual orientation
  • Offences (including alleged offences)
  • Religious views or beliefs
  • Criminal proceedings, outcomes and sentences
  • Trade Union membership

Who we’ll share your data with

We may share your data with the following parties after we offer you a role at Brighton & Hove City Council:

  • Relevant central internal teams or departments including HR*, Recruitment*, Payroll, Pensions, Organisational Development, Finance, Audit and IT.
  • Apprenticeship team
  • Managers in the relevant service area
  • Referees to obtain background checks
  • Disclosure and Barring Service for criminal records checks (if applicable to the role applied for)
  • Pension providers including Local Government Pension Scheme (LGPS) and teachers pensions.
  • HMRC
  • Gemelli Employee Benefit scheme
  • Our mandated managed service provider Guidant Group for shift bookings (care crew only)
  • Team Prevent Occupational Health service, including health assessments
  • Counselling and employee assistance
  • FirstCare sickness absence recording service (including an optional nurse referral service)
  • Training, including the provision of an electronic learning management system
  • Training provider for you to access their apprenticeship programme and data concerning health to ensure they can make any reasonable adjustments to delivering the apprenticeship
  • Apprenticeship service to access the ESFA funding (Apprenticeships only)
  • In exceptional circumstances, we may share your information for the purposes of detection and prevention of crime or fraud. 

*The council operates a shared HR Service with Surrey County Council and East Sussex County Council and therefore we may share your data with relevant HR and Recruitment staff from these partners.

In the event that your job role is transferred to a new employer under the Transfer of Undertakings (Protection of Employment) regulations, your information will be shared with the new employer. You can always expect to be informed of this in advance.

How long we’ll keep data for and why

We will keep your data for at least 7 years after you have left the organisation and this period is inclusive of the Limitation Act 2010.

In some cases we will keep your data for a longer period outlined below:

Fostering service

If you work within this service at any point during your employment at Brighton & Hove City Council, we will hold your data for 15 years after you have left the organisation. The statutory provision: The Fostering Services Regulations 2011, Regulation 22 (Records with respect to fostering services) / Schedule 2.

Children’s residential homes

If you work at any of our Children’s Residential Homes at any point during your employment, we will hold your data for 75 years after you have left the organisation. The statutory provision: The Children's Homes Regulations 2001 No. 3967, Section 29 (2)

Safeguarding allegations (both founded and unfounded)

If you have had an allegation (including where the allegation was unfounded), convictions, disciplinary action, inappropriate behaviour and/or have breached the code of conduct in a way that has harmed or may have harmed a child and/or indicates you are unsuitable to work with children / vulnerable people, we will hold your data for 75 years after you have left the organisation.

Asbestos exposure

If we know or suspect you have been exposed to asbestos whilst at work from a Health & Safety Incident Report, we will hold your data for 40 years after you have left the organisation. The statutory provision: The Control of Asbestos at Work Regulations 2002 (SI 2002/2675). Control of Asbestos Regulations 2006 (SI 2006/2739 ), Regulation 22 (Health records and medical surveillance) & Control of Asbestos Regulations 2012 (SI 2012/632).

Ionising radiation exposure

If we know or suspect you have been exposed to ionising radiation whilst at work from a Health & Safety Incident Report, we will hold your data for 50 years after you have left the organisation. The statutory provision: The Ionising Radiations Regulations 1999 (SI 1999/32320) Regulations: 21 (Dose assessment and recording), 23 (Dosimetry for accidents etc.), 24 (Medical surveillance), 25 (Investigation and notification of overexposure), 30 (Notification of certain occurrences), 32 (Equipment used for medical exposure)

Lead exposure

If we know or suspect you have been exposed to lead from a Health & Safety Incident Report, we will hold your data for 40 years after you have left the organisation. The statutory provision: The Control of Lead at Work Regulations 1998  (SI 1998/543) as amended by The Control of Lead at Work Regulations 2002, (SI 2002/2676) Regulation 10 (Medical surveillance)

Compressed air exposure

If we know or suspect you have been exposed to compressed air whilst at work from a Health & Safety Incident Report, we will hold your data for 40 years after you have left the organisation. The statutory provision: Work in Compressed Air Regulations 1996, Regulation 10 (Medical surveillance)

Hazardous substances exposure

If we know or suspect you have been exposed to hazardous substances whilst at work from a Health & Safety Incident Report, we will hold your data for 40 years after you have left the organisation. The statutory provision: The Control of Substances Hazardous to Health Regulations 1999 & 2002 (SIs 1999/437 & 2002/2677), Regulation 10 (Monitoring exposure in the workplace)

Unless an exemption applies, you have the right to request deletion of your data – visit Data Subject Rights for further details.

How your data will be stored

  • Your information will be stored electronically and/or on paper records, including your application record, in HR management systems and on other IT systems (including email)
  • We will only make your information available to those who have a right to see them. Example of the security measures we used are:
    • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
    • We use encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’.
    • Pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the council could work on your information for us without ever knowing it was yours.
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).

Transferring data outside the European Economic Area

We will not transfer your data outside the European Economic Area.

Your rights

You have the following rights:

  • A right to a copy of data held about you, an explanation for its processing and who it has been shared with
  • A right to rectification (correction) of data which is demonstrably wrong
  • A right to erasure
  • A right to object to automated decision making

Visit our Data Subject Rights page for further details on this. Should you have any further queries on the uses of your information, please speak to the Human Resources team or email data.protection@brighton-hove.gov.uk

How to get advice or make a complaint

Data Protection Contacts

If you wish to discuss any of your data protection rights, you can contact the Data Protection Team on 01273 29 5959 or by email at data.protection@brighton-hove.gov.uk

The council has also appointed a Data Protection Officer. Contact the Data Protection Officer.

Whilst we would prefer that you contact us first with any concerns that you might have, you can also contact the Information Commissioner’s Office. The ICO is the national regulator with responsibility for ensuring compliance with data protection.

Information Commissioner’s Office

You also have the right to lodge a complaint with a supervisory authority.

Contact details for ICO are stated below:

The ICO can be contacted:

  • on their website
  • by phone: 0303 123 1113
  • by post: Wycliffe House, Water Ln, Wilmslow SK9 5AF

This privacy notice will be subject to review when there is a change.

  • Date: April 2019
  • Date for review: April 2020