Privacy Notice for staff

Frontier Learning Trust uses your personal information in order to manage its employment relationships and meet its legal and contractual obligations as an employer. When you are an applicant, this is necessary so that we can assess your suitability for employment, communicate with you during the recruitment process and, if successful, set up your employment record. When you are employed, this is necessary to issue and manage your contract, pay you, administer pensions, monitor attendance, performance and professional development, and ensure compliance with safeguarding, health and safety, and equality duties. If you are a former employee, this enables us to provide references, confirm employment details, and meet statutory record-keeping requirements.

• personal information (such as your name, teacher reference number/DfE number, national insurance number, passport number, copies of documents which we use to confirm your identity and proof of address as part of the pre-employment checks)

• special categories of data including information about your personal characteristics such as your gender, age, ethnic group

• your DBS (Disclosure Barring Services) disclosure number and date of clearance in our Single Central Record

• contract information (such as start dates, hours worked, post, roles and salary information)

• your bank details

• a photograph of you for your ID badge and staff gallery

• further photographs you let us use to communicate the work of the Trust and for marketing purposes

• work absence information (such as dates of absences and reasons, including annual leave)

• medical, health and occupational health information

• fitness for work notes and self-certification forms

• personal risk assessments, action plans and follow up notes

• maternity certificates (MATB1 certificates)

• your qualifications achieved prior to your employment if these are a requirement of the job, and those you tell us about subsequently

• the continuing personal development (CPD) you undertake during your employment

• visits you undertake as part of your employment

• dietary and medical requirements usually in relation to day visits and residential trips

• your driving licence details if you drive a Trust vehicle

• appraisal and performance management records

• documents regarding any disciplinary or capability proceedings

• detail concerning the roles you undertake and your timetable where relevant

• a record of any books and other resources (including IT equipment) you borrow from the Trust

• a record of expenses you claim

• a copy of any references about you and those we provide for you

• pension-related documents and records

• information you tell us about yourself during your employment such as any criminal convictions (that are not part of a DBS check)

• any other formal, written correspondence you make with the Trust as your employer or which we make with you

• some of what you write as part of the work you do such as emails or printed information

• personal data stored in site security systems to maintain security and monitor entry/exit times*

• ID cards used to identify and monitor staff use of facilities and resources such as photocopiers, library loans and for site/room access

  *Whilst site entry/exit data is not routinely monitored, it may be accessed by authorised personnel in emergency situations such as a fire evacuation and exceptionally, to monitor/ verify staff attendance where there are concerns about attendance or timekeeping.

We use your data:

• to recruit and appoint staff
• to issue and manage contracts of employment
• to pay salaries and pensions and make statutory deductions
• to ensure compliance with safeguarding, equality, health and safety and employment law
• to maintain a Single Central Record and other statutory registers
• to plan staffing and professional development
• to monitor and manage performance, attendance and conduct
• to assess the quality and effectiveness of our services
• to meet audit, financial and reporting obligations
• to provide employment or other references and confirm employment details when requested

We process personal data under the UK GDPR and Data Protection Act 2018 for the following reasons:

• Contract (Article 6(1)(b)) to meet our contractual obligations to you as an employee.
• Legal obligation (Article 6(1)(c)) to comply with employment, tax, safeguarding and equality law.
• Public task (Article 6(1)(e)) to perform our functions in the public interest as an education provider.

We process special-category data (for example, health or diversity information) under Article 9(2)(b) and Schedule 1, Part 1(1) and Part 2(8) of the Data Protection Act 2018, which relate to employment, social-security and equality-of-opportunity obligations. Where processing relies on consent (for example, optional photographs or wellbeing initiatives), this will be clearly explained and consent may be withdrawn at any time.

Some data may be collected and processed with your explicit consent, such as surveys, optional wellbeing initiatives or photographs for marketing purposes. You may withdraw consent at any time.

Most of the information above is collected directly from you via application, onboarding and HR processes. Some information, such as references or DBS results, may be collected from third parties. Certain statutory information is shared with external bodies, such as HMRC or pension providers, for verification and compliance.

Failure to provide data required to meet legal obligations may prevent us from entering into or continuing employment. Failure to provide other information, such as health details for adjustments, may affect our ability to provide the standard of support we would wish to offer.

We hold your data securely on Trust systems and in secure paper files. We retain your data based on the criteria below:

• Applicant data for six months after the recruitment process has finished so that we can effectively deal with re-applications and queries from applicants.
• Employment data for six years after you leave employment. We do this to meet legal obligations, such as responding to references, claims and to confirm employment history

We have a duty to keep your data accurate and up to date and will periodically ask you

to check that it remains correct. This includes change of address, contact details and next of kin.

We may share your information with:

• Cintra – payroll provider
• MoorepayHR –HR software service to hold all staff files and manage all HR processes
• Teachers’ Pension Service
• Local Government Pension Service provided by West Yorkshire – support staff pension provider
• Strictly Education – DBS registered body
• TEP Services - Staff survey provider
• Tucasi and the Trust caterers
• Statutory bodies (such as HMRC, HSE, Department for Education, Ofsted) - as necessary to fulfil statutory reporting requirements. 
• Funders, awarding bodies and sector bodies (such as U-Maths and SFCA) - to facilitate operation of the education provision and allow staff access to relevant services.  
• Software/Security/online platform suppliers (such as Lightspeeed web filter, Keep-IT cloud backups, Microsoft 365, Google Workspace, MIS suppliers,  ALPS, education and library software) - to create staff accounts, software use and resolve any technical issues. 
• Staff development providers and other contractors (such as Croft IT support or occupational health specialists) - minimum details necessary to carry out the contracted service. 

All suppliers are vetted for GDPR compliance and appropriate data sharing agreements are in place.

We may disclose personal information to the Police or the Department for Education Teaching Regulation Agency and to the disclosure and barring service in relation to investigations which involve staff members.

Where the Trust uses proprietary software subscriptions to process personal data on its behalf, we require them to do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We do not share information about staff without consent unless the law and our policies allow us to do so. The main reasons we share workforce data are to pay salaries and pensions, meet legal and safeguarding requirements, and manage the day-to-day operation of the Trust.

Under data-protection legislation, you have the right to request access to the information we hold about you. To make a request, contact the Trust’s Data Protection Officer, see their contact details below.

You also have the right to:

• object to processing likely to cause damage or distress
• prevent processing for the purpose of direct marketing
• have inaccurate personal data rectified or completed
• request that data be blocked, erased or destroyed in certain circumstances
• object to decisions being taken by automated means
• claim compensation for damages caused by a breach of data-protection regulations

If you have a concern about the way we are collecting or using your personal data, please raise it with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.

You have the right to obtain the erasure of personal data where this data is no longer necessary in relation to the purposes for which they were collected and processed. However, there are certain limits on this right, such as the need to retain data for funding, safeguarding and pension obligations.

Any person who wishes to exercise this right should complete the "Subject Access Request" form and submit it to the Trust’s Data Protection Officer. (Completion of this form is not mandatory but doing so will accelerate a request.)

The Trust may charge a fee if the request is manifestly unfounded or excessive.

The Trust aims to comply with requests as quickly as possible but will ensure that it is provided within one month unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the person making the request.

If you have any questions or would like to discuss anything in this privacy notice, please contact:

Beth Holmes
Data Protection Officer
Frontier Learning Trust
Woodhouse College
Woodhouse Road
Finchley
London 
N12 9EY

dpo@frontierlearningtrust.ac.uk