How we look after your information:

Armagh City, Banbridge and Craigavon Borough Council retains, processes, shares and disposes of information relating to individuals on our Payroll/HR Systems for normal business purposes in compliance with GDPR legislation.

Human Resources and Payroll Privacy Notice

Armagh City, Banbridge and Craigavon Borough Council is committed to protecting your privacy, and the purpose of this Privacy Notice is to explain why and how we collect and use your personal information; your rights regarding this information; and how we comply with data protection law.

What information is needed and how your personal information is used

1. Armagh City, Banbridge and Craigavon Borough Council needs to keep and process information about individuals on the Human Resources and Payroll systems and records for normal business purposes.

2. The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the organisation and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you complete work for us, at the time when you cease to complete work for us and for a period of time after you have ceased to complete work for us.

3. We only request information which is necessary, relevant and adequate for the purpose which you provide it for.

4. Much of the information we hold will have been provided by you, but some may come from other internal sources, eg your manager, or in some cases, external sources, eg referees.

5. The sort of information we hold will depend on your status with regards to the Council eg, applicants for vacancies, employees (current & former), casual workers (current & former), agency workers (current & former), volunteers/placements (current & former) etc and can include some of the following types of information, for example:-

– your application form;
– qualifications;
– references;
– copies of identification documents or other photographic documents eg, your driving
licence etc.

Other information held will include:-

– your terms and conditions of employment and/or conditions of casual work and any
amendments to it;
– correspondence with or about you eg, letters to you about your remuneration or, at your
request, a letter to your mortgage company confirming your salary;
– information needed for payroll, benefits and expenses purposes;
– contact and emergency contact details;
– records of annual leave, sickness and other absence, including reasons for absence;
– other leave including maternity/paternity, parental leave etc;
– information needed for equal opportunities monitoring purposes;
– records relating to your career history, such as training records, appraisals and other
performance measures.

Other types of information which can be held include:-

– disciplinary and grievance records;
– flexi and time off in lieu:
– information relating to career breaks, secondments, severance and exit interviews etc
(where applicable).

We may also hold convictions information and information regarding AccessNI checks which is retained, processed and disposed of in compliance with the policy on storage, handling, use, retention and disposal of disclosure information, a copy of which can be obtained from the Human Resources Department.

6. Data relating to other individuals including Elected Members, Independent Audit Committee members and other individuals as required will also be retained, processed and disposed of for payroll and pension purposes by the Council’s Payroll Department.

7. You will, of course, inevitably be referred to in many of the Council’s documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the Council. You should refer to the Data Protection Policy or in paper format from:

Senior Records Manager and designated Data Protection Officer
Armagh City, Banbridge and Craigavon Borough Council

8. Where we process special categories of information relating to you eg,

– information regarding your physical or mental health or condition;
– your racial or ethnic origin, political opinions, religious and philosophical beliefs (fair
employment monitoring forms);
– trade union membership;
– biometric/genetic data;
– sexual orientation; or
– disclosure of offences or alleged offences etc,

we will always obtain your explicit consent to those activities unless this is:-

– not required by law;
– is processed to assist us to perform tasks which are carried out in the public interest; or
– the information is required to protect your health in an emergency.

If we are processing data based solely on your consent, you have the right to withdraw that consent at any time.

9. Where necessary, we may keep information relating to your health, which could include:-

– dates of and reasons for absence;
– GP and Occupational Health reports and notes.

This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate.

We will also need this data to administer and manage statutory and occupational sick pay where applicable.

10. We will also keep records of your hours of work by way of our time recording/attendance systems & procedures, time in lieu and annual leave records where applicable.

Why we process personal information

11. We need to process your personal information to enable us to:-

– comply with any contractual requirements;
– comply with any legal requirements;
– pursue the legitimate interests of the Council;
– perform tasks carried out in the public interest; and
– protect our legal position in the event of legal proceedings.

If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.

12. If in the future we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information.

Who the information may be shared with

13. As a Local Government organisation, we may sometimes need to process or share your data to pursue our legitimate business interests, for example:-

– to prevent fraud;

– National Fraud Initiative (NFI) (further information can be found at
https://www.gov.uk/government/collections/national-fraud-initiative ;

– administrative purposes including compliance with external funding bodies requirements or
reporting potential crimes.

The nature of our legitimate interests are to ensure the organisation meets external or internal governance obligations. We will never process your data where these interests are overridden by your own interests.

14. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with contractual or public interest requirements, for example, we may need to pass on certain information to:-

– the Northern Ireland Local Government Officers’ Superannuation Committee;
– Department of Finance, Civil Service Pensions (CSP);
– Her Majesty’s Revenue & Customs (HMRC);
– National Fraud Initiative (NFI);
– third parties associated with payroll deductions eg, unions, nominated charities, childcare
scheme organisations;
– external Occupational Health Provider(s)/other Medical Professionals;
– external funding bodies etc.

We may also need to use your data in order to provide anonymised statistical information to third parties eg, Equality Commission for Northern Ireland, Department of Finance, NI Statistics & Research Agency (NISRA), Public Records Office of Northern Ireland (PRONI) etc.

We may confirm the dates and nature of your employment to prospective employers upon receipt of a written enquiry.

We may also provide certain information to third parties upon receipt of your written consent eg, to solicitors, mortgage companies etc.

15. We may share information about you with external organisations for purposes connected with your period of work for the Council or the management of the Council’s business. For example, information about you may be provided to external Occupational Health Providers for the purposes outlined above. We may also share information about you internally within the Council eg, to ensure you receive remuneration/payment; and in order to ensure the efficient management of the organisation eg, for budget preparation; to inform the development of recruitment and retention polices; and to enable the development of a comprehensive picture of the workforce and how it is deployed. Information about you may also be shared with Trade Unions for collective bargaining purposes in order to comply with legislative requirements.

16. In limited and necessary circumstances, your information may be shared outside of the EEA or to an international organisation to comply with our legal or contractual requirements. All information sent externally to the organisation will be sent with encryption to ensure the security of your data.

How long we keep your personal information

17. Your personal data will be retained and disposed of in compliance with the Council’s Retention & Disposal Schedule, after which time it will be destroyed securely.

The Council’s Retention & Disposal Schedule complies with current legislative requirements and may be amended as required. A copy is available from the Council’s Senior Records Manager.

Security and safe storage of your personal information

18. The security of your personal information is very important and we take this matter very seriously. The Council uses appropriate procedures and security features for its systems and records to ensure the security of personal information.

Your rights

19. Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to:-

– be informed (ie, via this Privacy Notice);
– request from us access to, and rectification (correction) or erasure of, your personal data;
– the right to restrict processing;

and in certain circumstances only,

– the right to object;
– the right to data portability.

Rights in relation to automated decision making and profiling

This right prevents decisions being taken based solely on automated processing including profiling. The Council’s HR/Payroll Departments do not perform solely automated decision making.

20. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

21. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.

Personal data breaches

A personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed.

The Council has a duty to report certain types of personal data breach to the Information Commissioner’s Office (ICO) within timescales as outlined in the GDPR legislation ie, currently within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk of adversely affecting your individual rights and freedoms, the Council must also inform you without undue delay.

The Council will operate robust detection, investigation and internal reporting procedures to facilitate decision making about whether or not it needs to notify the Information Commissioner’s Office (ICO) or the individual(s) affected.

Identity and contact details of Controller and Data Protection Officer

22. Armagh City, Banbridge and Craigavon Borough Council is the Controller and Processor of data for the purposes of the GDPR.

23. If at any point you believe the information the Council processes about you is incorrect, you can ask to have this information rectified.

Furthermore, if you have any concerns as to how your data is retained, shared, processed and disposed of, or your believe your personal data has been compromised, you should contact:

Senior Records Officer and designated Data Protection Officer at

or you can write to the Senior Records Manager at the following address:

Armagh City, Banbridge and Craigavon Borough Council
39 Abbey Street
Armagh
BT61 7DY

24. If you are not satisfied with our response or believe the Council is not processing your personal data in accordance with the law, you can complain to the Information Commissioner:

Information Commissioner’s Office
3rd Floor, 14 Cromac Place
Belfast BT7 2JB

Tel: 028 9027 8757 or 0303 123 1114
Email:

Further information is available at:
www.ico.org.uk

Changes to this Privacy Notice

The contents of this Privacy Notice will be kept under regular review and may change from time to time. It is therefore recommended that you check the Council’s website for the most up to date version of this document on a regular basis.

Last reviewed: 24 May 2018

This version of the Privacy Notice is live from 24 May 2018