Data Protection Privacy Notice for Staff

Our personal records include information about our employees. This privacy notice describes the type of personal information that we hold, why we hold it, and what we do with it. Please read this notice carefully and make sure that you understand it.

Information that we collect

We may collect the following information about you:

• Personal details such as your name, date of birth, national insurance number, passport details or information about your right to live and work in the UK, address, telephone number and email address. If you are registered with the GDC, we will also ask for details of your registration
• Financial information including your salary or rate of pay, the amounts we have paid you and your bank details
• Your attendance history and time-keeping, annual leave, illness and/or injury-related absences, fit notes, and medical opinions and occupational health reports
• Your performance as an employee, including references, appraisals and disciplinary or capability procedures
• Other work-related information such as grievances raised by you
• Relevant information about your health, including immunisations against hepatitis B and other blood-borne viruses, conditions that might affect your ability to work or that require us to provide support or assistance
• The results of criminal-record checks obtained from the Protecting Vulnerable Groups Scheme

Morven Gordon-Duff is responsible for keeping secure the information about you that we hold.

Our data protection officer, Adam Gordon-Duff, ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.

Those who have access to your personal information include the practice owner and the payroll administrators.

How we use your information

We need up-to-date and accurate personal information to:

• Ensure that your contract of employment properly reflects your role and that you and the practice understand and can meet our respective contractual obligations
• Allow us to carry out appropriate risk assessments and assess your capacity to undertake your work responsibilities
• Comply with the legal obligations required by HMRC, the GDC, the NHS and other regulators or government bodies.

We will use the contact details provided by you contact you by telephone, email or letter in relation to matters relating to or arising from your employment with us.

We process the following payroll information electronically: details of your pay, deductions, tax contributions, attendance and leave entitlements.

Sharing information

Your information is normally used only by the practice [and the payroll administrator] but there may be instances where we are asked to share it – for example, by

• HMRC
• With a new or prospective practice owner, if the practice is sold (in accordance with the TUPE regulations)
• NHS bodies, the GDC, the NHS or the Ombudsman.

We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.

In certain circumstances or if required by law, we may need to disclose your information to a law enforcement or other government agency, our insurers, indemnity provider, professional association or legal advisers.

Keeping your information safe

We store your personal information securely on our practice computer system [and/or] in a manual filing system. Your information cannot be accessed by those who do not work at the practice. Only authorised team members have access to your information (on a need-to-know basis). They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers

We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.

We use cloud computing facilities for storing some of your information. The practice has a rigorous agreement with our provider to ensure that we meet the obligations described in this policy and that we keep your information securely.

We keep your employment records for 6 years after the end of your employment, or after the conclusion of any proceedings relating to your employment, whichever is the longer.

Information on your dates of service, pay and other financial matters may be kept for longer to allow us to provide references, for tax purposes and for calculating pension entitlements

Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. You should submit your request in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

You can also request us to

• Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
• Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase information (for example, concerning your contract of employment with us, equality monitoring, or in relation to legal claims).

If you do not agree

If you do not wish us to use your personal information as described, please discuss the matter with us. If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).