Employment information privacy notice

The University of Leicester is the Data Controller for your employment information.

This privacy notice explains how we use your personal information, and your rights regarding that information.

Individuals engaged via Unitemps are covered by a separate privacy notice.

What information are you collecting?

The organisation collects and processes a range of information about you. This includes:

  • personal contact details such as your names, titles, date of birth, photograph, home address, email addresses, and other contact details;
  • the terms and conditions of your employment, including information relating to your role(s) such as job title, contract/funding types and length;
  • details of your education history, qualifications, and professional memberships, such as medical registration for those in posts with clinical duties;
  • employment history with previous employers, and with the organisation;
  • diversity data (such as gender, ethnicity, religion/belief, etc);
  • information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
  • details of your bank account, national insurance number, tax reference, and related information such as student loan obligations;
  • information about your dependants and emergency contacts;
  • information about your nationalities and entitlement to work in the UK;
  • information about your criminal record, as required for your role;
  • information about medical or health conditions, including whether you have a disability, which may require reasonable adjustments;
  • details of your working hours/pattern, attendance at work, periods of leave taken by you and the reasons for the leave;
  • details of any disciplinary, grievance or related procedures in which you have been involved, including any warnings issued to you, and related correspondence;
  • assessments of your performance, including as part of the staff reward and recognition portfolio, and details of training you have participated in;
  • information about personal conduct outside work, where it impacts on your employment;
  • details of trade union subscriptions, when taken directly;
  • reference numbers for compliance with sector requirements, such as HESA or ORCID IDs;
  • details of affiliation to the military, in support of the Armed Forces Covenant;
  • information regarding volunteering activities;
  • employment references, including those related to academic promotions;
  • in some departments, workload and work allocation is maintained.

This may change/expand over time, as staff records and data capture evolve.  We will endeavour to reflect any significant changes by periodically updating this privacy notice.

The organisation collects this information in a variety of ways.  For example, data is collected through application forms or CVs, obtained from your passport or other identity documents, from forms completed by you at the start of/during employment (including digitally, through Employee Self-Service and PDDManager for example), from correspondence with you, or through interviews, meetings or other assessments.

In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers, information from employment background check providers, information from criminal records checks permitted by law, and HESA IDs.

Data is stored in a range of different places, including in your staff file, the organisation's HR management systems, and in other digital applications (including the organisation's email system).

Why are you collecting my data?

The University holds information about members of staff to manage staff recruitment, induction, probation, development, safety, reward, discipline and other functions, such as security, welfare, and advancement of equity, diversity and inclusion.

In some cases, the organisation needs to process data to ensure it is complying with its legal obligations.  For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake a specific role.

Some special categories of personal data, such as information about gender, health, or medical conditions, is processed to carry out legal obligations (such as those in relation to pension entitlements, or health and safety purposes).  Some of this information, with your consent, may also be shared with Occupational Health, to ensure the organisation can help support you with a period of absence, or facilitate your return to work.

Where the organisation processes other special categories of personal data, such as information about ethnicity, health, gender identity or reassignment, religion or belief, or sexual orientation, etc, this is done for the purposes of monitoring equity, diversity and inclusion, as part of the University’s obligations under the Equality Act 2010.  Data that the organisation publishes for these purposes is anonymised.  Employees are encouraged to provide this data to ensure the University has complete demographic information to inform targeted actions to advance equity and inclusion.  Individuals have the option to choose ‘prefer not to say’ (unless a legal framework requires otherwise – such as in the case of nationality, to comply with UK Government requirements), and there are no consequences of doing so, but we would encourage employees to share their data as fully as they can. 

How will you use this data?

Some examples of how the University processes staff personal data include:

  • Complying with applicable laws;
  • Paying your salary;
  • Reviewing individual staff and organisational performance (including gathering evidence for employee relations cases);
  • Upholding the University’s legal duties as an employer in respect of equity, diversity and inclusion within the workplace;
  • Enabling staff to undertake their roles;
  • Assessing suitability for promotion or recognition, and eligibility for certain benefits or schemes;
  • Monitoring absences in accordance with HR policies;
  • Publishing on-line staff directories of basic contact details;
  • For academic staff only, recording the individual's research activities in the research tool, IRIS.

Please note that this is intended to be an illustrative framework, rather than an exhaustive list.

What is the legal basis for processing the data?

The legal basis for processing personal data is the contract between the University and the individual and, where necessary, if processing is necessary for compliance with the University’s statutory and policy obligations.

Where special category data is processed, the legal basis is where it is necessary for the purposes of compliance with the University’s legal obligations such as monitoring for matters of equity, diversity, and inclusion, and where processing is necessary for the purpose of occupational medicine, or the assessment of the working capacity of the employee.

If you are sharing my data with others, who are you sharing it with?

Information transits between various sections of the University for operational reasons (for example, the HR Division notifies changes in staff (starters and leavers) to Digital Services, the Library, and other areas, on a ‘need to know’ basis).

Additionally, information shared with a line manager, such as the content of a PDD, may occasionally need to be shared with other colleagues, either within or outwith HR, where it is relevant to an employee relations case.  Such use will be limited to those involved with the case.

Some information may be disclosed to external agencies to which the University has obligations to/agreements with, such as:

  • HM Revenue and Customs (HMRC);
  • Office for Students (OfS);
  • Research England;
  • Higher Education Statistics Agency (HESA) (part of JISC);
  • The University’s pension scheme providers and administrators;
  • UK Visas and Immigration (UKVI);
  • Disclosure and Barring Service (DBS);
  • Office for National Statistics (ONS);
  • Funding bodies;
  • Mortgage lender and letting agencies (subject to written consent from current staff);
  • UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, collection of a tax or duty, or safeguarding national security;
  • Third party suppliers (including those who are under contract to provide benefits or services, such as access to the ePay system, green vehicles scheme, cyle2work scheme, Access to Work or the coaching and mentoring academy);
  • Colleagues in other organisations for the purpose of academic promotions (limited to the information supplied during the academic promotions itself);
  • Accreditation and award bodies, or for equity, diversity and inclusion initiatives such as those led by AdvanceHE

Information may be shared outside of the UK for selected staff with roles exceptionally based outside of the UK, or where the circumstances require this (eg a referee based overseas).

How long will you process the data for?

We retain employee data for 6 years from the end of employment as outlined in the University’s retention schedules. There are some exceptions to this, such as where an individual has been employed via external funds, where contractual arrangements with funding bodies require records to be retained for a longer period of time, or medical records, where more complex regulations exist with which the University must comply.  Records relating to Unitemps assignments are covered by a separate privacy notice.

What are my rights and how can I enforce them?

You have the right:

  • to be informed;
  • of access;
  • of rectification;
  • to restrict, or object to processing, in certain circumstances;
  • to erasure (to be forgotten), in certain circumstances;
  • to data portability.

In respect of direct marketing, there are options you can select on Employee Self-Service (ESS) to indicate your preferences.  After logging into ESS, navigate to 'Personal Profile' (under Personal Information), then click on 'Full details…' within the Personal Data section.

How do I complain if I am unhappy?

In the first instance, you may wish to contact the University’s Information Assurance Services Team (ias@le.ac.uk), who can also escalate relevant concerns to the University’s Data Protection Officer (dpo@le.ac.uk).  You can also make a formal complaint to the Information Commissioner (ICO), whose contact details are as follows:

  • Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
  • tel: 0303 123 1113
  • ICO website

Last updated: 7 March 2024

Back to top