This privacy notice sets out how we, the Human Resources department at BFI collect and use your personal data information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).
What is personal data?
Personal data means any information which can directly or indirectly identify an individual.
Where does your data come from?
We keep a record of and process the data you provide when:
- Applying for a vacant, new job or opportunity at the BFI, for example, application documents and records of the recruitment process.
- Completion of paperwork in relation to a job or opportunity including but not exclusively, details provided by your referees, personal and bank details.
- You communicate with us about other HR related products whilst being an employee, worker, work experience student, volunteer or an individual providing a service on a self-employed basis (e.g. regarding sickness absence, training, invoicing).
We store your personal data on secure manual and electronic filing systems, password protected HR software systems and administrative systems and access is restricted to those BFI staff who need to access it as part of their duties.
Automated decision making
An automated decision is one that is made with no human involvement. For example, monitoring sickness absence via the HR software system and the disciplinary process is automatically triggered when an employee reaches a certain number of days’ absence.
Please be aware that you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Why do we need your data?
We are required to obtain and process certain personal information so that for example, staff can be recruited and paid and legal obligations to government are compiled with, including the following:
- To manage the recruitment process and successful candidates’ transition from applicant to employee
- To carry out pre-employment/engagement checks including right to work, occupational health, references and disclosure & barring service
- To manage all HR contractual processes, including probation, absence management, pension administration
- To administer payment processes including payroll, pension, staff benefits, expense claims and invoices from individuals providing services on a self-employed basis
- To support training and professional development
- To ensure the health, safety and wellbeing of Employees, Workers, Work Experience Students, Volunteers, individuals providing services on a self-employed basis and applicants for job vacancies and accommodate special requirements where necessary (i.e. in respect of declared disability, religion).
- To meet our legal obligations to compile statistics and provide data to the department for Digital, Culture, Media and Sport (DCMS) and regulatory bodies
- To process Diversity and Inclusion data (e.g. legal sex, gender identity, relationship status, religion or belief, sexual orientation, nationality, ethnicity, disability) for reporting purposes
- To ensure that you have access to BFI’s facilities
- To allow us to contact a chosen next of kin in the event of an emergency.
- To manage the termination of employment by resignation, redundancy, retirement or dismissal
- For internal and external audit purposes
- To fulfil our obligations under other laws and legislative regimes as is required
What is the lawful basis of using and storing your data?
We have identified that our using and storing of your personal data is necessary for the purpose of either:
- Complying with a legal obligation (e.g. checking your right to work in the UK)
- Performing our contractual obligations with you or to take steps to enter into a contract (e.g. administering your employment contract; monitoring the recruitment process; making a payment for a contract for services).
- Additionally, we may process data that is classed as a “special category” of personal data, this includes information about your legal sex, gender identity, relationship status, religion or belief, sexual orientation, nationality, ethnicity, disability. We have identified that our using and storing of special categories of personal data is necessary for the purpose of:
- Assessing the working capacity of our employees (e.g. occupational health checks and referrals)
- Carrying out obligations under employment, social security or social protection law (e.g. administering sickness records , statutory maternity pay records and other statutory frameworks)
- Performing statistical research to ensure we meet our public-sector equality duties (e.g. monitoring Diversity and Inclusion data)
When we require your explicit consent for processing your personal data for a specific purpose, then we will ask for your consent at the point of collecting that data from you (such as when prospective employers, landlords and other external organisations ask us to provide references about you, or in respect of an application for retirement on the basis of ill-health or incapacity). Any request for consent we make is clear and separate from other terms & conditions and you can withdraw your consent at any time.
When do we share your data with external parties?
We have a legal or contractual obligation to share your personal data with the following external parties:
- Department for Digital, Culture, Media and Sport (DCMS) for statistical research purposes.
- Office for National Statistics (ONS) for statistical and government policy research purposes. For further details please visit their website.
- Her Majesty’s Revenue & Customs (HMRC) for regulatory tax returns
- UK Visas & Immigration Service (UKVI) in order to comply with the Immigration and Nationality Act 2006 (e.g. ensuring we are able to provide evidence that all our employees and workers have the correct documents to support their right to work in the UK). More details can be found on the government website for Visas and Immigration.
- External pension’s provider, i.e. Legal and General or London Pension Fund Authority (LPFA) either when you commence employment with the BFI or when you meet the minimum criteria to be enrolled, unless you inform us that you do not wish to be in the scheme.
- Internal and external auditors when asked to do so. As a publicly-funded organisation, the BFI is subject to audit and is required on occasion to give the auditors’ access to details of BFI employees, workers, applicants for job vacancies and those providing services on a self-employed basis, in order for them to report on the integrity of BFI’s processes. The auditors will not normally retain personal data once an audit is complete.
The only other occasion where we might have to share data with an external party without your express consent would be where it is necessary in order to protect the vital interests of you or another person, for example in the case of an emergency, or in the case of legal proceedings.
We will never sell personal data to external parties.
How long will we keep your data?
How long we keep your personal data depends on the kind of data and on your specific engagement or relationship with the BFI.
- If you are an employee; we will keep a record of your personal data for the full duration of your employment with the BFI and for a period of time after your employment has ended, depending on the kind of data and in accordance with legal and contractual obligations.
- If you are a worker or work experience student or volunteer; we will keep a record of your personal data for the full duration of your engagement with the BFI and for a period of time after your engagement has ended.
- If you are an applicant for a job vacancy; if you are unsuccessful we will keep a record of any data you have provided to us during the recruitment process and for a period of 12 months after the completion of the recruitment process. If you are the successful candidate, your information will be used as part of your electronic personal information and retained on your personnel file.
- If you are an individual providing services on a self-employed basis we will keep a record of your personal data (i.e. your invoices) for the financial year in which you provided this service and for a period of time following, in accordance with HMRC regulations
For information on our retention schedule and how long we keep specific data please contact the BFI Data Protection Officer (DPO), Richard Brousson, firstname.lastname@example.org.
How can you access and update your personal details/data?
As an employee, you can access and update certain personal details (e.g. bank account details, contact details and next of kin) via the Employee Self Service (EES) portal. Access is available via Citrix through your PC.
If you cannot gain access to ESS, or wish to update personal data that you do not have access to, please contact our HR Systems and Project Advisor, Jaycie Hughes, in the Human Resources department on email@example.com for advice and assistance.
Additionally, you have the right to access all personal data we hold about you by submitting a Subject Access Request, which is free of charge and any request will be responded to within one calendar month.
Your request should be forwarded to the BFI Data Protection Officer (DPO), Richard Brousson on firstname.lastname@example.org
What can you do if you think your data is wrong?
If you believe that any data we hold about you is inaccurate or have any other query relating to data protection please contact the BFI Data Protection Officer (DPO), Richard Brousson on email@example.com
How can you complain about the way your data is being used?
If you are unhappy about the way your data is being used and would like to make a complaint then we hope to resolve any issues informally and reach an amicable agreement and all queries should be directed to the BFI Data Protection Officer, Richard Brousson on firstname.lastname@example.org.
However, if we are not able to resolve the matter, then you may discuss the issue further with the Information Commissioner’s Office; ICO using the following link Report a concern | ICO or via their helpline number: 0303 123 1113.