Menu

Employee privacy notice

Clanmil Housing is committed to protecting your privacy and complying with the Data Protection Act 2018 Update. This Privacy Notice sets out the basis by which we collect, use and disclose the personal data of our employees, as well as your rights in respect of such personal data.

We may update this Privacy Notice from time to time, however, the most up to date version of the Employee Privacy Notice is kept on the Association's website and intranet.

How do we collect your Personal Data?

We may collect your personal data in a number of ways, for example:-

  • when you apply for a vacancy within the Group;
  • following appointment, entering details onto our Human Resources Manangement System (itrent)
  • when we collect data through the implementation of any HR Employee Relations Policies e.g. Disciplinary/Grievance etc;
  • when you complete employee customer satisfaction surveys (Best Companies);
  • in the course of managing your employment with Clanmil Housing, for example Payroll;
  • personal contact details you provide to Corporate Services during updates of itrent;
  • when you use any HR services; and
  • when we receive your personal data from third parties, for example health professionals (GPs & Occupational Health bodies), Access NI and agencies who may be involved in the recruitment process.

 

What type of Personal Data do we collect?

We may collect the following types of Personal Data:-

  • your name, address, email address, telephone number and other contact information that allows Clanmil to meet our organisational and statutory obligations to you as your employer;
  • details of family members and next of kin details;
  • national insurance number;
  • biometric information e.g. facial/fingerprint recognition details (for building access connected to our Attendance Management System (Timeware)
  • bank details;
  • Images (photos or film) taken at publicity events

 

Some of the information we collect about you may include Sensitive Personal Data, as defined in the General Data Protection Regulations 2018. We will not normally share this data outside of the organisation unless we have your explicit consent.

 

Legal basis for processing

When anyone first applies to Clanmil for employment they will be asked for their consent to process their data - both during the course of their application and if they are successful and later become a Clanmil employee.

The legal basis for processing employee data will, however, be for legitimate purposes i.e. for Clanmil to discharge it obligations as an employer, contract and legal.

 

How will we use your Personal Data?

We may use your personal data in the following ways:-

  • to ensure that the information we hold about you is kept up-to-date;
  • to deal with any employee/employer related disputes that may arise;
  • for assessment and analysis purposes to help improve the operation of, and manage the performance of, our business;
  • to prevent, detect and prosecute fraud and other crime;
  • for any other purpose for which you give us your consent to use personal data;
  • to comply with legal obligations e.g. HMRC, payroll and pensions,
  • Printed publications - online (website, social media channels, internal intranet), audio visual material, promotional materials and marketing campaigns.

 

In order to manage the business we will use information which personally identifies you however, we may also use consolidated information. We may share your personal data:-

  • with our employees, or professional advisors;
  • with other third party suppliers who provide services to us;
  • where we are under a legal obligation to do so, for example where we are required to share information under statute, to prevent fraud and other criminal offences or because of a Court Order for example HMRC, or the PSNI.
  • Media outlets/housing bodies (for the promotion of Clanmil's work)

 

Where we do share your data with external agencies, we will ensure adequate safeguards are in place to protect your data. Assurance of these safeguards will be achieved through Data Sharing Agreements which will be prepared with any organisation with whom we share personal data.

 

Transferring personal data outside the EEA

It is unlikely that we will transfer your personal details outside of the EEA. Where any transfer is made outside of the European Union, it will be in compliance with the conditions for transfer set out in GDPR.

 

Your Rights

As an employee, under the General Data Protection Regulations you have rights which include:-

  • confirmation that your personal data is being processed;
  • access to your data; and
  • be provided with supplementary information about the processing i.e. purposes of the processing, categories of data processed, data portability, retention periods, employee rights regarding rectification, erasure and to restrict or object to processing.

 

If you wish to exercise any of your rights above you should complete an online request.

Your data will not be used for direct marketing purposes unless we have your consent.

 

Retention of Personal Data

Personal Data will be retained in line with the Association's Data Retention Schedule which is reviewed annually - if you would like to see how long we keep personal data please click here.

 

Security of information

We are committed to ensuring that your information is kept secure. We have developed separate ICT policies which set out how we keep the information held on our systems secure. We also have a number of physical security measures in place, such as office security and confidential destruction of all waste paper. We also retain information in line with best practice, and retention periods of data we hold are reviewed annually.

 

Responsibilities of Staff

All staff are responsible for the safeguarding of personal data and sensitive personal data. These responsibilities are set out in the Data Protection Policy which all staff are expected to sign. A Data Protection clause is also included in Contracts of Employment which also refer to this Privacy Notice.

 

Changes to our Privacy Notice

We keep our privacy notice under regular review and will place any updates on this webpage. The Notice was last reviewed in May 2018.

 

Registration with ICO

Clanmil is registered as a Data Controller with the Information Commissioners Office (ICO) and is registration is renewed annually. The point of contact within Clanmil in relation to all data protection issues is:-
 

Data Protection Officer

dpo@clanmil.org.uk 

 

Making a Complaint

If you have any concerns regarding the security of the data that Clanmil holds on you, you can raise the matter with Clanmil's Data Protection Officer above, however you can, if you wish, raise the matter directly with the Information Commissioner's Office. Contact Details are as follows:-

The Information Commissioner's Office - Northern Ireland
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Telephone: 028 9027 8757 / 0303 123 1114
Email: ni@ico.org.uk