This section includes our privacy statement to staff, volunteers and contractors (including prospective employees).
When do we collect your personal data
- You apply for a position with us or contact us in relation to volunteering for us, or fundraising on our behalf.
- As part of the everyday administration and management of your contract with us. For example:
- You let us know if there is a change to your personal data.
- You apply for or notify us of leave.
- You make a formal complaint or raise a concern about your work with us.
- As part of the everyday administration of work-related activities. For example:
- You use an ICT approved or ICT provided system or technology.
- You are present (CCTV) at one of our sites or sign in at one of our buildings.
- You make a formal complaint or raise a concern.
Why do we collect and use your personal data
- To recruit and select employees.
- To enable payment of salary, tax, pension contributions and expenses.
- To manage your contract with us.
- To meet legal obligations. To take appropriate action in the event that a formal complaint or concern is raised, including safeguarding.
- To run background checks in accordance with our due diligence policies and procedures.
- Other employees might access your personal data where this is required for work purposes. Where this is the case, the organisation relies on all employees to access and use personal data in accordance with their obligations under our data protection policy.
In what situations do we collect personal data from other sources
We run a background check on all employees using a third party screening and due diligence service provided by Thomson Reuters. We might also use sources in the public domain such as Google or the Driver and Vehicle Licensing (DVLA) database for this purpose. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests such as the risk of fraud, corruption, bribery, terrorism and money laundering.
In what situations do we share personal data with other organisations
- With Her Majesty’s Revenues & Customs (HMRC) for taxation purposes.
- With law enforcement agencies if we receive a valid legal instruction.
- With third parties that we contract to administer HR activities on our behalf including payroll, pension and health/insurance cover providers.
- If you are involved in an insurance claim, we might share your personal data with insurance companies / brokers.
- As part of our recruitment and selection processes, we might run a background check on you. This may include sharing your personal data with employment agencies, previous employers, the Disclosure & Barring Service (DBS), the Driver and Vehicle Licensing Authority (DVLA) and our third party screening and due diligence service provided by Thomson Reuters.
- We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.
- We only share personal data with another organisation if we have a legal basis to do so.
- In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes data protection clauses to ensure that they do not use personal data for their own marketing purposes and have security requirements in place to protect your personal data.
What is our legal basis for collecting and using personal data
Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, to enable payment of your salary, tax, pension contributions and expenses.
Where the processing is required under the law. For example, collecting your medical information to protect your health & safety.
Where the processing is in our legitimate interests. For example, using your leave details to plan staffing levels and necessary cover. We will only rely on this legal basis if your interests and fundamental rights do not override our interest.
Where the processing is in your vital life interest. For example, sharing your personal data with emergency services in the event of a medical emergency.