Skip to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. Hide this message

You are here: Home > About us > Information Governance > Privacy notices > Staff privacy notice

About us

In this section

Staff privacy notice

Why are we collecting your information?

This Privacy Notice has been written to inform you that York and Scarborough Teaching Hospital NHS Foundation Trust (the Trust) processes information about you in order to manage your employment with the Trust

Who do we collect your information from?

Much of the information we use will be collected directly from you: We also use information received from:

  • Checks carried out with professional bodies
  • Information provided by previous employers

Who are we?

The Trust is a ‘Data Controller’, this means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The Trust has appointed Rebecca Bradley (Head of Information Governance) to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the Trust is compliant with Data Protection legislation and to oversee data protection procedures. The DPO contact details are:

York and Scarborough Teaching Hospital NHS Foundation Trust
York Hospital
Wigginton Road
York
North Yorkshire
YO31 8HE
yhs-tr.Information.Governance@nhs.net

What Information are we collecting?

  • Personal identifiers (your name, address, date of birth etc);
  • Previous job experience and qualifications (including copies of certificates and employment references);
  • Information about your employment attendance and performance (including disciplinary information);
  • Information about your right to work;
  • Emergency contact information of those individuals you identify; and
  • Financial information, including bank account information, tax, national insurance and pension contributions to facilitate salary payments.

We may also process special categories of information that may include:

  • Nationality, racial and/or ethnic origin (for equality purposes);
  • Religious or philosophical beliefs(for equality purposes);
  • Sex life or sexual orientation(for equality purposes);
  • Trade Union Membership;
  • Health information.

What is our lawful basis for processing your information?

Any personal data we process is done so in accordance with the UK GDPR. Our lawful basis for processing are:

  • Article 6(1)(b) Contractual obligation;
  • Article 6(1)(c) Legal obligation.

Where we process your special category information our lawful basis are:

  • Article 9(2)(b) Employment, social security and social protection; Schedule 1, Part 1 Paragraph 1;
  • Article 9(2)(h) Health and Social purposes; Schedule 1, Part 1, Paragraph 2 specifically in relation to the assessment of the working capacity of an employee.

In relation to DBS checks we process in accordance with GDPR Article 10 and the Data Protection Act 2018 Section 10 (4) and (5), Schedule 1 Part 2 Paragraph 18 Safeguarding of children and individuals at risk and Schedule 1 Part 2 Paragraph 10 preventing or detecting unlawful acts.

How long do we keep your information for?

The Trust follows NHS Digitals recommended retention schedule which can be found in the Records Management Code of Practice for Health and Social Care

Who do we share your information with?

We will share your information with the following organisations:

  • HMRC;
  • Department for Work and Pensions, if applicable;
  • Pension Fund;
  • any salary sacrifice arrangement you sign up to such as a charity;
  • your trade union, if applicable;
  • examining bodies, if applicable;
  • disclosure and barring service to conduct criminal record checks, if applicable; and
  • prospective future employers, landlords, letting agents, or mortgage brokers where you have asked them to contact the council to seek a reference;
  • Organisations to which you are seconded etc.

If you have signed up to the service provided by Wagestream we will share your information directly with them and then they are responsible (data controller) for your information. This can be reviewed as part of their employee terms of service and for more information regarding their data protection policies please see here.

Do we transfer your information outside the UK?

The majority of the information we collect is held in the UK. In some circumstances we may transfer your information outside of the UK, for example where servers are held in the EU.
We will take all reasonable steps to make sure your data is not processed in a country that the UK government does not see as ‘safe’. If we do need to send your data out of the EU we will ensure that necessary safeguards are in place.

National Fraud Initiative

The Trust participates in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise. This is necessary to comply with a legal obligation (GDPR Article 6(1)(c)) and does not require consent under the data protection legislation. For further information, please see the National Fraud Initiative Privacy Notice.

What rights do you have over your data?

Under GDPR data subjects have the following rights in relation to the processing of their personal data:

  • to be informed about how we process your personal data. This notice fulfils this obligation
  • to request access to your personal data that we hold, and be provided with a copy of it
  • to request that your personal data is amended if inaccurate or incomplete
  • to request that your personal data is erased where there is no compelling reason for its continued processing
  • to request that the processing of your personal data is restricted
  • to object to your personal data being processed

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above. To put in a Subject Access Request please contact your HR business partner.

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the Trust has handled your personal data. You can do so by contacting:

First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
casework@ico.org.uk // 0303 123 1113

Version 4

Internal hospital signage with arrows to Main Reception, Outpatients and Pharmacy

A-Z of Services

Chinese Poland

View all languages >

Staff Benefits Hull York Medical School Y&S Hospitals Charity

Providing care together in York, Scarborough, Bridlington, Malton, Whitby, Selby and Easingwold communities

© 2024 York and Scarborough Teaching Hospitals NHS Foundation Trust | Accessibility | Site map | Cookies policy

Website by See Green

York and Scarborough Teaching Hospitals NHS Foundation Trust is registered, and therefore licensed to provide services, by the Care Quality Commission (Provider ID: 1-114394658). For more information, visit www.cqc.org.uk

Yellow weather warnings in our area

The Met Office has issued yellow weather warnings for ice and snow in our area. This is expected to affect routes to and from our hospital sites. 

If you are attending for an appointment, please plan ahead. Check road closures, leave in plenty of time, and drive safely.