We collect your personal data directly from you in your job application and during your time as a member of staff. We may also collect data from other sources including:
- third party recruitment agencies;
- referees, former employers, schools, colleges and universities;
- government organisations, for example Her Majesty's Revenue and Customs (HMRC), benefits providers and the courts;
- university procedures, for example, when you connect to systems.
We may collect the following types of personal data about you:
- including name, date of birth, contact details, emergency contacts, National Insurance number, nationality.
Contractual employment information
- contracts and terms and conditions of employment;
- expenses and travel arrangements;
- promotion proceedings;
- disciplinary proceedings;
- grievances, dignity at work and any other formal HR procedure or investigation;
- appraisal, qualifications and training;
- salary and grade details;
- bank or building society account details;
- correspondence between the University and third parties on your behalf;
- correspondence between you and the University;
- investigations into breaches of terms and conditions of employment and university policies and procedures;
- superannuation details.
Special category data
- gender and gender identity;
- health-related information relevant to your work (for example, sickness absence and details of any disclosed disability and reasonable adjustments);
- racial or ethnic origin;
- religious or philosophical beliefs;
- sexual orientation;
- trade union membership.
Criminal offence data
- unspent criminal conviction(s) and/or pending cases, cautions and bind-over orders;
- for roles which require a standard or enhanced DBS certificate, unspent and spent convictions.
Academic and professional data
- audio and/or video recording data of lectures, presentations and workshops;
- research interests and undertakings plus expressions of opinion regarding staff research for quality governance and Research Excellence Framework (REF) preparation;
- REF appeals handled in line with the Code of Practice;
- workload, work allocation and financial information;
- metrics (for example, citations relating to your research);
- module evaluation data (for teaching staff only);
- time allocations to different domains of the academic career framework.
- application forms and references;
- right to work in the UK documentation including visa details and copies of passport.
- health and safety records (for example, accident reports);
- information generated through your use of the University's digital systems (for example, MAC address, location and device information).
We process staff personal data for the following purposes:
To manage your employment with us
- to enable staff to undertake their roles in teaching, research and administration (for example, to process and make available teaching timetables);
- to enable use of and access to university systems and facilities;
- to manage staff training and development;
- to monitor absence and sickness records in accordance with HR policy;
- to pay your salary and expenses into your bank account;
- to assess suitability for promotion;
- to process any HR investigation relevant to you;
- to handle claims in relation to insurance (for example, travel insurance for student trips);
- ensuring staff safety and security including the use of CCTV;
- mobile trail cameras may be present on site for wildlife and conservation monitoring. Footage that shows illegal or inappropriate human activity may be passed to relevant authorities.
To comply with employment, immigration and data protection laws
- to respond to freedom of information and subject access requests;
- to return data for statutory requirements and government framework exercises (for example, the Higher Education Statistics Agency (HESA), HM Revenue and Customs (HMRC), UK Visas and Immigration (UKVI), REF, Teaching Excellence Framework and Knowledge Exchange Framework).
To share research and other data
- to provide basic details for participation in the annual QS survey of academic reputation;
- to record staff research activities (for example, REF activities).
To manage and lead the university
- to publish a staff profile page on the University website;
- to participate in quality standards and benchmarking surveys;
- to control university finances and inform strategic decision making;
- to publish staff directories of basic contact details;
- to review staff and University performance.
We have identified appropriate legal bases for processing information as follows:
For a contract
We process some of your information because it is necessary for the performance of a contract with you, for example, to manage your employment with us and deal with any queries you may have.
We process some of your information in order to comply with employment, immigration and data protection laws.
We process some of your information to perform a task in the public interest, for example, to share research data.
We process some of your information because it is necessary for our legitimate interests, for example, to manage and lead the university.
We may share some of your personal data with:
Other Kingston University employees
- employees of Kingston University only where they have legitimate need to access the data;
- the Development, Alumni Relations and Events (DARE) team, to stay in contact with you after you leave. For more information about how your personal data is used by DARE, please see the Privacy notice for Alumni, donors and Friends.
Other Higher Education and related bodies
- bodies funding the research and other academic activities you are involved in plus collaborators in those activities as required;
- other education and research institutions, for example, digital information relating to Eduroam connections or Universities and Colleges Employers Association (UCEA) surveys. For more information about how UCEA process your personal information, please see the UCEA Privacy Notice;
- UK Research and Innovation and the Higher Education Statistics Agency (HESA). For more information about how HESA process your personal information, please see the HESA Collection Notices;
- selected external assessors of research quality.
Other third parties
- benefits providers;
- recipients of references (for example, prospective employers, financial institutions and tenancy agencies);
- third party suppliers (for example, our travel booking partner, our occupational health service provider, providers of software-as-a-service for university processes);
- trade unions;
- internal and external auditors.
In all cases access will be restricted to individuals with the appropriate permissions and duty of confidentiality.
We keep your personal data only for as long as is necessary. Employment contract, payroll and pension data will generally be retained after the end of employment for the current tax year plus 6 years.
For full details you can access the University retention schedule on our website at policies and regulations.
Data will be anonymised or securely destroyed at the end of its retention period.
Under the GDPR and the Data Protection Act 2018, you have the following rights:
- to access the personal data we hold about you;
- to require us to correct the personal data we hold about you;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller;
- to object to any of our particular processing activities where you feel this has a disproportionate impact on your rights;
- to not be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you.
Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply.
When considering your personal data, staff should ensure that the information that you have provided to the University remains accurate and up-to-date. You should inform the University as soon as possible if details, such as your address, change. You can make changes to your personal details online via Unified.
When handling other people's personal data, staff are required to maintain confidentiality and abide by the GDPR principles. These responsibilities are set out in our Data Protection Policy.
If you have any queries about this privacy notice or how we process your personal data, or you wish to request access to the personal data we hold about you, please speak to your line manager or a member of HR first.
If you then wish to exercise your rights as a data subject, please use the Data Subject Request form on our website under policies and regulations.
If you have further questions, please email firstname.lastname@example.org.
If you are not satisfied, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website.