Show/hide main menu

Human Resources

Human Resources Privacy Notice

At King’s College London, we collect data so we can operate effectively and provide you with the best experience at the university. We process your personal information under the Data Protection Act 2018 and subsequent enactments – including the EU General Data Protection Regulation (GDPR) that came into force on 25 May 2018.

The university’s Data Protection Policy regulates how we use the personal information people provide, in accordance with GDPR. King’s Human Resources (HR) Department has an additional Privacy Notice that is used in conjunction with the university’s Data Protection Policy and King’s Core Privacy Notice. The contents of this HR Data Privacy Notice are set out below:

Lawful basis for processing personal information

The lawful basis on which we process most personal information is for the fulfilment of an employment contract. We have a contract with you and we need to process your personal data to comply with the obligations of that contract.

There are sometimes circumstances where we process your personal sensitive information on the lawful basis of legal obligation. An example is the need to transfer data between King’s and government departments for the purposes of UK Visas and Immigration (UKVI), Disclosure & Barring Service (DBS) or tax administration.

We also process sensitive personal data to comply with our legal requirement under the Public Sector Equality Duty (Equality Act 2010). This includes the reporting and analytics we carry out regarding personal sensitive information such as gender, ethnicity or sexual orientation. This data informs projects and initiatives across the university, such as Athena Swan, Race Equality Charter Mark and Stonewall.

The Information Commissioner’s Office provides further information on the lawful bases for processing personal information.

We may amend the HR Privacy Notice to reflect changes in our processing of data. We encourage you to review this notice periodically to stay informed of how the university is protecting your privacy.

What personal information do we collect?

 

  • Your name, address, telephone number, email address and emergency contact details.

  • Proof of your right to work in the UK.

  • Your date of birth, legal sex, gender, trans history, nationality, ethnicity, religion, disability status and sexual orientation. (We use this information for monitoring equalities.)

  • Your employment history prior to King’s; plus other relevant experience, achievements, skills and qualifications.

  • Your employment references and the results of any pre-employment screening.

  • Information required to comply with requests from law enforcement authorities or court orders.

  • The results of interviews and tests in your recruitment process.

  • Terms and conditions of your employment, any contract variations and your employment history at King’s.

  • Employee relations details, including information regarding conduct and performance.

  • Your employee benefits (eg childcare voucher schemes).

  • Pay and pension details, National Insurance number, tax coding and details of the bank or building society account into which your salary is paid.

  • Reasons for periods of absence (eg maternity/paternity leave, sickness absence).

Why we process your data

 

  • To pay you; administer your employee benefits; and calculate any tax, National Insurance contributions, pension deductions or statutory payments that are due (eg sick or parental leave pay).

  • To inform conversations regarding the management of your performance and attendance.

  • To supply references to prospective employers.

  • To enable business decision-making at King’s, eg Business Planning Round, UniForum Benchmarking, and workforce planning.

  • To fulfil our statutory statistical obligations to organisations such as the Higher Education Statistics Agency (HESA).

  • To fulfil our legal obligations under the Equality Act 2010 Public Sector Equality Duty.

  • To enable equality analyses to be data informed, fulfilling our obligation to eliminate discrimination, promote equality of opportunity and foster good relations between different people.

  • To inform diversity and inclusion projects including Athena SWAN, Race Equality Charter Mark, Stonewall and Business Disability Forum accreditation.

  • To fulfil our legal reporting duties for gender pay gaps and ethnicity pay gaps.

How we collect your data
Direct collection

You provide us with some data when you join King’s and complete the onboarding process. You provide more information when you update your data.

Indirect Collection

We obtain data from third parties when a pre-employment check is required. For example, this might be from UK government departments such as UK Visas and Immigration (UKVI) or the Disclosure & Barring Service (DBS).

Who we share your data with

We only share your personal identifiable data if there is a legitimate business reason. For example, we may share your data with teams in the HR and Finance Departments; your manager; and senior management.

We sometimes use third parties to process data on our behalf, subject to contractual restrictions with regard to confidentiality and security, and in addition to our GDPR obligations. We will not disclose your data to third parties without your consent, except where they are acting as authorised agents for the university for the purposes listed below; or where we are permitted or required to do so under GDPR.

Typical third parties include:

  • Public authorities and public partnerships such as police or government departments, if required by law.

  • Businesses contracted to help us deliver services, for example Cubane Consulting.

  • HESA, as legally required.

  • Professional bodies such as the General Medical Council, General Dental Council and the Universities and Colleges Employers Association (UCEA).

How we protect your personal information

King’s follows the Privacy by Design approach to all new data processing activities. Privacy by Design is where any action a company undertakes that involves processing personal data must have data protection and privacy in mind at every step.

Our systems, drives and email accounts are secure. They are accessed only by authorised users, based on the specific requirements of their roles.

We take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date. We only keep data for so long as it is needed.

King’s Information Compliance team advises on data protection at the start of any new, large-scale activities.

Additionally:

  • All HR and Finance staff sign confidentiality agreements and complete mandatory data protection training.

  • Confidential data sent in emails is encrypted and/or password protected.

  • Access to shared folders where personal information is stored is restricted.

  • Access to systems is restricted to authorised users.

  • Security profiles within systems mean users can only access the records and information they need to do their jobs.

  • The processing of personal and sensitive data to inform diversity and inclusion initiatives is carried out at an aggregate level and does not allow individuals to be identified.

How we keep your data secure in other countries

For processing activities detailed in this privacy notice, we do not transfer personal data outside of the EU/EEA.

How long we keep your data

We store your data in line with our retention and disposal schedule.

Your rights

King’s processes your personal information in accordance with your rights under data protection legislation. You can find details about your rights under data protection legislation in King’s core privacy notice. If you have queries about how your rights are upheld, please contact the Information Compliance team at info-compliance@kcl.ac.uk

How to access and change your personal information

You can access your information via our Requests for Personal Information webpage. If you are unhappy with how your data was processed, please contact King’s Information Compliance team in the first instance at info-compliance@kcl.ac.uk
If you are not satisfied with our response, you can then consider taking the matter to the Information Commissioner’s Office.
To keep your information up to date, please see the Managing your personal records at King’s page.

 

Sitemap Site help Terms and conditions  Privacy policy  Accessibility  Modern slavery statement  Contact us

© 2020 King's College London | Strand | London WC2R 2LS | England | United Kingdom | Tel +44 (0)20 7836 5454