Manchester City Council

Human Resources and Organisational Development privacy statement

  1. Summary

    This privacy notice explains what personal information is collected, what it is used for and who it is provided to. It describes why the Council requires your data, and the legal basis on which it does this.

    This notice relates to the Council’s Human Resources, Organisation Development Service and the Employee Shared Service Centre. It provides additional privacy information for applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience. It describes how we collect, use and share personal information about you before, during and after your working relationship with us, and the types of personal information we need to process, including information the law describes as ‘special’ because of its sensitivity.

    This notice provides additional information that specifically relates to this particular service, and should be read together with our general privacy notice, which sets out our core data protection obligations and commitments. It is important that you read this notice, together with any other privacy information we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using it.

  2. What personal information does this service use?

    To carry out our activities and obligations as an employer we process personal information including: 

    • Personal demographics (such as date of birth, gender, marital status, civil partnerships);
    • Photographs, CCTV footage and other information obtained through electronic means such as swipe card records;
    • Contact details such as names, addresses, personal email address, telephone numbers and Emergency contact(s);
    • Recruitment records (including CV, application form, references, pre-employment and verification checks); 
    • Employment records (including your workplace, job title, national insurance number, training records, skills and qualifications information, professional memberships, proof of eligibility to work in the UK and security checks); 
    • Records of periods of unpaid leave (parental leave, unpaid sick leave, unpaid maternity leave)
    • Bank account details, payroll records and tax status information;
    • Salary, annual leave, pension and benefits information;
    • Information about health and safety (including incidents of sickness absence, accident and incident details);
    • Information about your use of our information and communications systems;
    • Performance management information including Absence Management, Disciplinary and Employee Dispute information (including Employment Tribunal applications, complaints).

     
    We may also collect, store and use the following special and sensitive personal information:

    • Information about your race or ethnicity, religious beliefs, sexual orientation and gender identity (including ensuring meaningful equal opportunities monitoring and reporting);
    • Trade union membership (including complying with employment law and paying subscriptions);
    • Medical information including physical health or mental condition, sickness and occupational health records (including to comply with employment and other laws, ensure health & safety, assess fitness to work and monitor and manage absence);
    • Offences (including alleged offences), criminal proceedings, outcomes and sentences.

    We will only collect information about criminal convictions if it is appropriate for the employment role and where we are legally permitted or required to do so. We collect information about criminal convictions as part of the recruitment process or may be notified of information directly by you or a third party in the course of your recruitment or employment.  We will use information about criminal convictions and offences in the following ways:
     

    • To comply with the Council’s statutory obligations on safer recruitment practices
    • To help us make safer recruitment decisions  
    • To safeguard employees and service users of the Council.

    We do not need your consent to use personal or special categories of your personal information to carry out our legal obligations or exercise specific rights in the field of employment law, Statutory Returns, Local Government Transparency Code, social security and social protection. In limited circumstances, we may approach you for your written consent to allow us to process your personal information. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

    It is not a condition of your contract with us that you agree to any request for consent from us and that where consent is given, you have the right to withdraw it at anytime (without affecting the lawfulness of our processing prior to the withdrawal of your consent).

  3. What is your personal information used for?

    The main reasons for processing your personal information are:

    • Undertaking pre-employment and verification checks during the recruitment process;  
    • Making a decision about your recruitment or appointment;
    • Determining the terms on which you work for us;
    • Checking you are legally entitled to work in the UK;
    • Paying you and, if you are an employee, deducting tax and National Insurance contributions;
    • Providing data in relation to statutory workforce returns and publications (i.e. names of senior officers, National Minimum Dataset) 
    • Ensuring access to employee recognition and benefits, including sending out information to employees' home addresses and emails to their work email addresses
    • Liaising with the relevant pension scheme you are eligible to be a member of;
    • Administering the contract we have entered into with you;
    • Business management and planning, including accounting and auditing;
    • Conducting performance reviews, managing performance and determining performance requirements;
    • Making decisions about salary reviews and compensation;
    • Assessing qualifications for a particular job or task, including decisions about promotions;
    • Strategic Workforce Planning to understand gaps in current and future capacity and capability
    • For the purpose of investigating employee disputes and disciplinary matters subject to the agreed policies;
    • Making decisions about your continued employment or engagement;
    • Making arrangements for the termination of our working relationship;
    • Education, training and development requirements;
    • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
    • Ascertaining your fitness to work; which may inform any required referral for Occupational Health assessment
    • Managing sickness absence, both at an individual and collective level;
    • Complying with health and safety obligations and public access legislation;
    • To prevent fraud, including sharing and matching of personal information for the national fraud initiative;
    • To conduct data analytics studies to inform organisational planning. including the review and better understanding of employee retention and turnover rates;
    • For equal opportunities monitoring purposes.
    • Subject to reasonable and lawful request to inform statutory bodies and professional regulatory bodies. 

  4. What is the lawful basis we are relying on?

    The lawful bases we rely on for processing your personal information are:

    • entering into or performing obligations under your contract of employment (Article 6(1)(b) of the GDPR);
    • performing or exercising general legal obligations we must meet, including duties and rights under employment law, social security law or social protection (Article 6(1)(c) of the GDPR);
    • where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for example fraud prevention and protection of public funds (Article 6(1)(e) of the GDPR);
    • our legitimate interests (or those of a third party) provided your interests and fundamental rights do not override those interests (Article 6(1)(f) of the GDPR). Examples of our legitimate interests are:
      1. to monitor your use of our information and communication systems to ensure compliance with our IT policies;
      2. to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
      3. To ensure the verification and registration process for the MCR+ employee benefits and savings hub can be adequately carried out.
    • your consent (in situations where you have a genuine choice and control over whether your information is processed, including the right to withdraw your consent at any time without detriment) (Article 6(1)(a) of the General Data Protection Regulation (GDPR));
    •  

    We collect and use special category personal information by relying on the lawful basis that processing is necessary for the:

    • purposes of carrying out the obligations and exercising specific rights of the Council or of you in the field of employment (Article 9(2)(b) of the GDPR);
    • establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (Article 9(2)(f) of the GDPR);
    • purposes of preventive or occupational medicine or for the assessment of the working capacity of the employee (Article 9(2)(h) of the GDPR).
    •  

     
    If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers). This could damage our employment relationship with you and in some instances result in breach of contract.

  5. Where has your personal information come from?

    As well as information collected directly from candidates in the recruitment process, and from employees during the course of employment, we also collect or receive information from:

    • former employers;
    • referees;
    • employment agencies;
    • Disclosure and Barring Service;
    • complainants (e.g. service users/employees); 
    • next of kin;
    • health professionals; 
    • public sources, if relevant to employment and job role.
    •  

  6. Who will we share your personal information with?

    As well as the general reasons for information sharing described in the council’s general privacy notice we may share information about you with third parties where required by law, where necessary to fulfil your contract of employment or where we or a third party has a legitimate interest; 

    • for the purposes of the National Fraud Initiative conducted by central government under Section 33 and Schedule 9 of the Local Audit and Accountability Act 2014;
    • in connection with school workforce census as provided for in Section 114 of the Education Act 2005 and the associated Education (Supply of Information about the School Workforce) (No.2) (England) Regulations 2007/2260, which affects some directly employed council staff working in education.
    •  

    We share your personal data with the following organisations:

    • Best Companies
    • MCR+
    • Icom Works
    • Healthworks
    • Health Assured
    • Apprenticeship providers.
    •  

  7. How long will we keep your information?

    Our retention schedule sets out how long we keep personal information for.

  8. Your personal information and your rights

    You have a number of legal rights in relation to your personal information.  These apply regardless of your employment status with the Council. 

    You can find out more about your rights regarding the personal information used for this service. Your rights apply to the information held by the Council as a data controller, and the information we hold on behalf of the other data controllers.

  9. Updates

    We may change this privacy notice from time to time. Tell us if you want to know when we change this notice, or any related documents.

    If you have any questions or concerns about how we use your personal information, please contact the Council’s Data Protection Officer. 

    You also have the right to complain to the Information Commissioner’s Office if you're unhappy about how we process your information.

Was this page helpful?

Was this page helpful?

;