Employee data privacy statement

The University of Westminster is the data controller of the personal data collected and held in relation to its employees, unless otherwise indicated below.

Confidentiality

The University of Westminster takes its data protection obligations very seriously. Access to your personal information is limited by permissions to only those staff and administrators who need access to manage your employment with us or where otherwise allowed by UK law.

Your personal data

All of the information you provided us with during your successful application to become an employee with the University will form the basis of your employee record, and where required used to facilitate your employment with us.

We do not collect more information in the course of your employment with the University than we require in order to fulfil our employment purposes and will not retain your personal information for any longer than is necessary.

Your information will not be shared with any third parties for marketing purposes.

Your information may be stored outside of the European Economic Area, but when it is, the contractual arrangements governing the legal transfer of your data will be available to you on request.

Use of personal data and legal basis of processing

The personal details you supply us with at the point of employment and subsequently as an employee of the University, will be used for the following purposes related to your contract of employment:

  • Employment matters (including obtaining references, probation period reports, appraisals, attendance, conduct, personal development, internal post applications, interviews, appointments and promotions, leave and sickness absence, grievance issues and complaints, including academic misconduct investigations, employee disciplinary actions and family/business relationship details)
  • Maintenance of employee records, including your emergency contact details
  • Compliance with employment visa requirements
  • Administering employee payments and salaries (including pensions and other employee benefits)
  • Providing employee support services (including the Employee Assistance Programme and our Occupational Health Service)
  • Provision of access to University sites and facilities, and use of IT services, including the University Library systems, and the IT tools you require for your role

Also, your personal information will be used in relation to our legal obligations, which include:

  • Information required by the Home Office and UKVI, in connection with visa requirements and immigration
  • HMRC in matters relating to pay, benefits and taxation
  • Responding to requests for information from government bodies and their authorised agents in line with current UK Higher Education legislation
  • Monitoring Equal Opportunities, Equal Pay and the Gender Pay Gap at the University
  • Ensuring the safety and security of employees
  • Safeguarding and promoting the welfare and wellbeing of employees
  • Responding to requests related to your rights under UK Data Protection Law
  • As a public authority under the Freedom of Information Act (2000), responding where lawful to requests for information
  • And as otherwise allowed in UK law
  • Provide information to the Higher Education Statistics Agency (HESA) for their use and purposes

Additionally, as a public authority, and in the public interest, your personal information may be used to:

  • Provide operational information and aggregate statistics to improve University performance and services
  • Conduct authorised research, surveys and analysis, which may involve third-party data processors

Some information you give us for the above purposes, will be collected and processed on the basis of your explicit consent, eg Equal Opportunities information.

In an emergency situation, contact details you have given to us will be used in relation to your or others' vital interests.

Health Management Ltd

Health Management Ltd provide occupational health services for the University. As an employee, you will have completed a questionnaire, which will have helped to determine if you are fit to undertake the work you have been offered and to establish if any reasonable adjustments are needed.

In March 2023, HML was acquired by Medigold Health Consultancy Limited ("Medigold Health"), to form the UK's largest independent occupational health provider. Health Management Ltd will hold your sensitive personal health data as a Data Controller and Medigold Health will process your personal data on behalf of HML as a Data Processor, providing the University with a fit to work certificate or a report with recommendations.

You will have been given the opportunity to view any report before it was sent to us and to have consented to any potential occupational health assessment.

For your initial health assessment and any subsequent personal health records held by Health Management Ltd and your rights relating to this information, please see Health Management Ltd's Privacy Notice.

Legal and General

If your contract states that you are eligible for enhanced life assurance (i.e. assurance which is additional to any to which you are eligible through the appropriate University pension scheme), the University will share the minimal required data with the service provider, Legal and General, in order that they can administer the insurance contract.

Colleague benefits and rewards

The University offers colleagues a number of employment-related benefits, and when these involve using a third party, for example our eye care scheme where all permanent members of staff who habitually use display screen equipment as a significant part of their normal work are entitled to free regular eye tests, you will have access to relevant Privacy Statements.’

For details of current colleague benefits and rewards, see our SharePoint page (log-in required).

Data retention

Your personal details are necessary and used only for the purpose of processing, as given above.

We will not retain much of your personal employment information for any longer than is necessary.

However, there are instances when we are required by law to retain your information for a lengthy period, even after you have left our employ, for example for HMRC and pension purposes.

There is a substantial and complex amount of EU and UK legislation which has an impact upon the retention of People, Culture and Wellbeing (PCW) (Formerly HR) records.

HR will keep documents for either 6 or 7 years and delete from SAP as follows:-

  • 7 years after leaving date (to ensure 6 tax years) for any documents containing or referring to contractual terms, changes to contract and salary, and to Visa and Immigration regulations;
  • 6 years after event (Limitations Act) or 12 months after leaving date, if this is earlier, for any supporting documents relating to formal processes (including applications for posts or grades/ references and assessments/ disciplinary, grievance and capability documentation/ redundancy, VS and TUPE documents/ requests for family leave/ appeals).

Changes to your personal data

As an employee, you can use our Self Service portal to help keep your personal details up-to-date.

A change to your bank or building society details should first be discussed with our People Services Team. Do not put sensitive details in an open email, first contact us to discuss.

Requests to a legal change of name will also need to be submitted in writing to the People Services Team [email protected].

Data transfers and sharing

None of your personal information is shared by the University with any other third party organisation, other than where this is necessary for the processing as outlined above, or where otherwise allowed by UK law.

Where services involve a third party processing your information, such services will be covered by a contract.

Staff Networks

Staff Networks (BME, Women of Westminster (Wow), Q+ and Disability to name a few) are a safe space for colleagues to develop a community, explore opportunities, exchange ideas and share cultures. Membership is voluntary and you are free to opt out if and when you so desire.  Our membership list is treated with the highest integrity and remains confidential with restricted access as per University guidelines. Your details will only be used, with your permission, to contact you and provide updates on events and activities.

Further information

Further information and guidance for colleagues on their responsibilities for personal data protection under UK data law can be found in the University of Westminster Personal Data Protection Policy.

Your rights

If you have any questions relating to your personal information and your information rights, including right of access, rectification and erasure, please see the University’s data protection web pages.

Or contact the University Information Compliance Team [email protected]

You can also contact the Information Commissioners’ Office in relation to any concerns or issue you may have with the processing of your personal information.

Last reviewed and updated May 2024.