Data Protection Act 1998 Employee Fair Processing Notice Reference: Document Type: Status of Document: Policy Final Version: 1.3 Date Approved: 16 th December 2014 Approved By: Director of HR & OD Publication Date: 16 th December 2014 Review Date 16 th December 2015 Policy Owner Applies to: Document Location: Publication: HR Services Manager All Staff Induction CD/ Sharepoint/ EDRMS HR Site/ Website Internal & External DOCUMENT STATEMENT: All Translink Group Corporate Procedural Documentation (policies, procedures and guidelines) should be consistent in terms of development, approval, implementation, communication, control and review in line with these guidelines. Do you need to print this document? If yes, please consider the environment; print double-sided copies and print only those pages you need using the Page Range in Print Properties. Page 1 of 5
Version Control Record Policy Owner: Main Contributors/coauthors: Executive Sponsor: Version Reviewed Reviewed by / Consultation Sought from 1.0 HR Services Manager HR Services Manager Director of HR & OD Date of Consultation Comments 24.10.14 Notice sectioned into component parts Section 4 included on Subject Access Requests Section 5 included on Related Policies 1.1 Information Manager 28.10.14 Inclusion of paragraph in Section 1 Personal Data definition added to Section 2. Details of grade and job duties removed from Section 2 as not personal data. Last paragraph in Section 2 amended to include to comply with a Court Order or where you have consented to disclosure. Section 3 title amended to sensitive personal data Section 3 removal of comment in first bullet point regarding using health info for consideration of reasonable adjustments as first line in bullet covers this point Section 4 on Subject Access Requests amended to include more details of identification required Section 5 new section added for how long will my data be held Section 6 Retention & Disposal Policy added Page 2 of 5
1.2 HR Business Partner (Bus), ER Manager, HR Manager, HR Advisor (Bus), HR Advisor (Rail) HR Advisor temp (Rail) 06.11.14 Amend section 4 to include job title of person in HR who is responsible for sending subject access requests to This is a controlled document. Whilst this document may be printed, the electronic version is maintained within the Corporate Records Centre within EDRMS by the Policy Owner. Page 3 of 5
1. Introduction Throughout this Notice, the words Translink Company and/or the Group refer to all corporate entities under the ownership of the Northern Ireland Transport Holding Company (NITHC). This includes the parent company and each subsidiary either individually or taken together as a group. In order for us to carry out our duties as a public transport company we are required to handle personal information. As such NITHC, Northern Ireland Railways, Ulsterbus and Metro are registered Data Protection Controllers with the Information Commissioners Office. We therefore are committed to and are legally required to comply with the Data Protection Act 1998 in terms of how we process (ie collect, store and use) personal and sensitive personal data. Throughout your employment and for as long a period as is administratively or legislatively necessary following the termination of your employment the Company will need to keep information about you for purposes connected with your employment. 2. Scope Personal Data is defined as any data, which relates to a living individual who can be identified from the information we hold or from the information combined with any other information which is already in the possession of, or likely to come into the possession of, the person or organisation holding the information. Such employee records may include but are not limited to:- information gathered from you and any references obtained during your recruitment; details of your terms of employment; payroll; tax and national insurance information; health records; absence records including holiday records and self-certification forms; details of any disciplinary proceedings; training records; details of an emergency contact and personal addresses; correspondence with the Company and other information that you have given to the Company. The information we hold will be for our management and administrative use only but we may, from time to time, need to disclose some information we hold about you to relevant third parties (e.g. where legally obliged to do so i.e. by the Inland Revenue, to comply with a Court Order or where you have consented to disclosure). 3. Sensitive Personal Data Additionally the Company may hold sensitive personal data about you, for which your explicit consent will be obtained to process. Disclosure to any person will only be made when strictly necessary for the purposes set out below and where we are legally obliged to do so, to comply with a court order, where you have consented to disclosure: Your health for the purposes of compliance with our health and safety and occupational health obligations; and the administration of insurance, pension, sick pay and any other related benefits in force from time to time. Page 4 of 5
DATA PROTECTION ACT 1998 In connection with the Company s monitoring requirements under equality legislation and best practice, e.g. community background, ethnic background, physical or mental health/condition, criminal offences (including alleged offences). 4. Subject Access Requests All data subjects have the right to access personal data held about them, if and as provided for by the DPA, to ensure that it is correct, for their personal data to be held securely and lawfully and to make a complaint to the Information Commissioner should they believe that their DPA rights have been breached. All requests to access personal data will be handled according to the DPA as detailed in the Corporate Data Protection Guidelines. A fee of up to 10 may be charged (to cover all photocopying and postage costs) and proof of identity will be required. All requests will be responded to within the 40 calendar day timescale allowed by the Act (following proof of identity and receipt of the fee). Subject access requests should be sent to the HR Business Support Advisor. Data subjects include all staff and customers of the Group and any other person about whom Translink processes personal data. 5. How long will my data be held? In some instances the law sets the length of time information has to be kept, but where the law does not stipulate the Group will determine how long records are kept based on administrative requirements. Your information will only be held for as long as necessary and will be disposed of in a secure manner when it is no longer needed. 6. Related Policies Employees may find it useful to review other related policies in conjunction with the Employee Fair Processing Notice. These include: Data Protection Policy Retention and Disposal Policy Any queries about this Notice should be raised in the first instance with your manager. Page 5 of 5