Skip to main content

Language: English / Gàidhlig

Loading…

Worker

This is the ‘Worker Privacy Notice’ of The Scottish Parliamentary Corporate Body. We are a data ‘controller’, which means we are responsible for deciding how we hold and use your personal information. This notice explains how we will collect and use your personal information in the context of your engagement with us and your rights in relation to your personal information.

Some of the language used in privacy notices can be specialised.  The Information Commissioner's website provides a useful introduction to key terms and concepts.

What is this notice?

This is the ‘Worker Privacy Notice’ of The Scottish Parliamentary Corporate Body. Our contact details are: People and Culture Group, The Scottish Parliament, Edinburgh, EH99 1SP.

We are a data ‘controller’, which means we are responsible for deciding how we hold and use your personal information. This notice explains how we will collect and use your personal information in the context of your engagement with us and your rights in relation to your personal information.

Who does this notice apply to?

This notice applies to all current and former employees of the SPCB. It also applies to agency staff, contractors and student placements (although not all of the material contained within this notice will be relevant to them (for example, the material relating to processing of personal data relating to pensions).

Does this notice form part of my contract?

This notice does not form part of your contract. We may amend this notice at any time.

Data protection queries

We have appointed a Data Protection Action Officer within the People and Culture Group.  The Scottish Parliament has also appointed a Head of Information Governance. If you have any questions about this privacy notice or how we handle your personal information please contact the People and Culture office or Head of Information Governance. They can be contacted via dedicated email address: [email protected] OR [email protected].

Your personal information

In this privacy notice, ‘your personal information’ means your personal data i.e. information about you from which you can be identified. The appendix to this notice lists ‘your personal information’ that we may process.

Your ‘personal information’ does not include data where the identity has been removed (anonymous data).

It is important that your personal information is accurate and up to date. Please keep us informed if your personal information changes during your engagement.

Where does your personal information come from?

Your personal information will come from you or us, and may also come from the following sources:

  • Recruitment through direct application or via agencies may provide us with the following personal information; name, date of birth, home address, national insurance number, bank details, email address, contact telephone number, qualifications, previous employment history, skills and experience, interests, next of kin/ emergency contact details, disability
  • Former employers, whom you have given us permission to contact, may provide us with the following personal information; employment references, employment history, absence history
  • Medical professionals may provide us with the following personal information; Occupational Health reports, health data relating to disability, medication, treatment and required adjustments
  • Equalities/ diversity monitoring may provide us with the following information; gender, age, gender reassignment, nationality, ethnicity, sexual orientation, disability, religion/ belief, marital status, caring responsibilities.
  • Professional bodies may provide us with the following personal information if relevant to your post; name, address, date of birth, gender, details of relevant qualification, CPD records, membership number, date of qualification and renewal details, membership status, professional qualification provider.
  • Pension providers may provide us with the following details; personal details in relation to widows, children and other dependants; this will include name, date of birth, address, national insurance number, bank details.
  • Trade unions may provide us details of member status for the purpose of membership deductions through payroll.
  • Courts may provide us with personal details in relation to arrestment of earnings, personal information includes; name, home address and nature of debt ie council tax.
  • Other members of staff, clients, contractors or customers may provide us with the following personal information; flexible working provisions, discipline actions, grievance actions.

If you would like more information on the source of your personal information, please contact the data protection action officer in the People and Culture office.

Processing your personal information

We may process your personal information during and after your engagement with us. This may include collecting your personal information, recording it, storing it, using it, amending it, destroying it and, in some circumstances, disclosing it.

In general, we process your personal information to:

  • Make a decision about your recruitment or appointment;
  • Determine the terms on which you work for us and advise you of these;
  • Check you are legally entitled to work in the UK;
  • Contact you;
  • Administer our contract with you and ensure compliance with the terms of your contract;
  • Provide and process payments and benefits to you (including complying with pension auto-enrolment obligations, liaising with your pension provider and determining pension eligibility) and, if applicable, deduct tax and national insurance and any arrestment of earnings order 
  • Process deductions from pay in relation to union membership
  • Carry out business management and planning, including accounting and auditing;
  • Manage performance and conduct;
  • Make decisions about salary and compensation;
  • Conduct disciplinary and grievance proceedings;
  • Assess qualifications and suitability for a job or task, including promotion decisions;
  • Manage flexible working applications;
  • Make decisions about continued employment or engagement;
  • Make arrangements for the termination of our working relationship;
  • Manage sickness absence; assess your fitness to work; and consider disability status and reasonable adjustments for disabled workers;
  • Manage requests for time off work (including but not limited to time off for antenatal appointments; maternity, paternity, adoption, parental and / or shared parental leave; time off for dependants; trade union duties, bereavement; and / or jury service);
  • Carry out education, training and development including coaching and mentoring services;
  • Comply with gender pay gap and diversity monitoring reporting legal obligations;
  • Monitor your use of our IT and communications systems;
  • Ensure a safe work environment;
  • Carry out equal opportunities monitoring recruitment to comply with our legal obligations;
  • Provide adjustments to someone with a disability in line with our legal obligations under the Equality Act (2010);
  • Comply with health and safety obligations;
  • Maintain records of your working time, holidays, and working time opt-out agreements;
  • Inform your contacts in the event of sickness, accident or other emergency;
  • Make administrative arrangements for travel and accommodation for business purposes (including details of dietary requirements);
  • Protect your vital interests or those of another person (in exceptional circumstances, such as a medical emergency);
  • For business promotion;
  • To understand employee attrition rates;
  • To provide a reference regarding you;
  • To establish, exercise or defend legal claims;
  • To comply with the law and regulations; 
  • To maintain a register of interests for all SPS staff and publish declared interest of Leadership Group members; and
  • In order to assess entitlement to certain benefits such as childcare vouchers.

The appendix to this notice provides more information on our legal grounds and reasons for processing your personal information.

Data necessary for the contract

The appendix sets out your personal information that is necessary for us to enter or carry out our contract with you. If you don’t provide this data, we may not be able to enter into, or carry out, the contract. For example, if you don’t provide your bank details, we may not be able to pay you. 

Statutory requirement to provide your personal information

In some circumstances, the provision of your personal information is a statutory requirement. This includes:

  • Documentation confirming your right to work in the UK – if you don’t provide this, we may not be able to enter into a contract with you, or we may need to terminate your contract.
  • Statutory information you must provide to us if you wish to take maternity, paternity, adoption, shared parental or parental leave, or claim statutory payments in relation to such leave. If you don’t provide this, we may not be able to comply with our legal obligations and / or provide relevant benefits to you.
  • Protection of Vulnerable Groups membership for roles determined to be carrying out regulated work (Disclosure Scotland) – if you don’t provide this, we may not be able to enter into a contract with you, or we may need to terminate your contract.

Special categories of personal information

‘Special categories of personal information’ means information about your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health; sex life; sexual orientation; criminal convictions, offences or alleged offences; genetic data; or biometric data for the purpose of uniquely identifying you. Data marked * in the appendix falls within these ‘special categories’ or might disclose special categories of personal information.

We must have additional legal grounds for processing special categories of personal information. These are set out in the appendix.

Sharing your personal information with third parties

We may share your personal information with the following third parties if this is required by law; necessary to enter or carry out our contract with you or administer the working relationship with you; where we have another legitimate interest in doing so; or where it is necessary to protect your vital interests or those of another person:

  • HMRC;
  • Banks/ building society
  • Health and safety executive;
  • Training providers; including accrediting bodies/ qualifications, external facilitators, coaches and mentors
  • Health professionals and occupational health providers involved in your care;
  • Audit (internal and external);
  • Our professional advisors;
  • Our service providers, including IT service providers; recruitment testing providers; payroll and pension administrators; and those involved in providing benefits in connection with your employment
  • Public: contact in relation to business work, we may share details of your name, work location, work email address, work contact number;
  • Any person specified by you, where you ask us to provide a reference to that person; and
  • Other third parties as necessary to comply with the law.

Sharing your personal information with the People and Culture office

The People and Culture office collates, manages and stores personal information about staff on behalf of the SPCB.

The People and Culture office operates restricted access email accounts to support the flow of information between staff and People and Culture and managers and People and Culture.  This includes a recruitment mailbox for managing the flow of information in relation to recruitment activities and a learning mailbox for learning and development activities.  Additionally, it operates a mailbox for managing the flow of information relating to:

  • contractual changes;
  • declarations of interest;
  • maternity and pregnancy;
  • physical and mental health;
  • job and workplace adjustments;
  • sickness absence; and 
  • special leave.

Information provided is then stored securely on individual career folders on SharePoint.  All other queries and information is managed through a general people and culture mailbox.

Access to, and management of, the information provided is restricted to those undertaking specific roles within the People and Culture office as delegated by the Head of People Services, Diversity, and Inclusion  to support the delivery of people and culture activities, and is restricted as appropriate depending on the mailbox used.

Automated decision-making

We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.

Transferring your personal information outside the EU

We do not intend to transfer your personal information to any country outside of the EU, or to any international organisation.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements.

We will retain the following personal information up until age 100 (or 5 years after last action if later) to comply with pension requirements and to allow us to establish, exercise or defend legal claims - 

  • Written particulars of employment (e.g. contractual information)
  • Employee details for pension purposes
  • Consolidated career history
  • Previous service dates
  • Assessment reports for the last 5 years of service
  • Health declaration
  • Health referrals
  • Injuries on duty
  • Added years/ additional voluntary contributions
  • Complete sick absence record
  • Death benefit nomination and revocation forms
  • Death certificates [retain copy]
  • Marriage certificate and documentation relating to civil registration [retain copy]
  • Decree (of divorce) [retain copy]
  • Pensions estimates and awards
  • Resignation, termination and/ or retirement letters#
  • Unpaid leave periods

We will retain the following personal information till the end of the calendar year plus 55 years to ensure that we have all the information required to respond to historic pension queries.  

  • Monthly Payroll – monthly payroll processing files

We will retain the following information till the end of the calendar year plus 5 years

  • Assessment reports 
  • Register of hospitality and gifts 
  • Equality and diversity monitoring

We will retain the following information for the periods specified

  • Leave and attendance documentation – end of leave year plus two years
  • Qualifications/ references – completion of recruitment process plus 5 years
  • Working time directive opt-out forms – opt-out rescinded or ceased to apply plus 3 years
  • Unsuccessful internal recruitment applications – completion of recruitment process plus 3 months, or end of reserve list process if applicable
  • Medical/ self-certificates unrelated to industrial injury – end of calendar year plus 4 years
  • Advances – repayment plus 6 years
  • Authorisation for temporary promotion and/ or overtime – end of calendar year plus 6 years
  • Current bank details – end of employment plus 6 years
  • Bonus nominations – end of calendar year plus 6 years
  • Disciplinary action – termination of employment plus 6 years
  • Maternity pay – end of financial year plus 6 years
  • Overpayment documentation – repayment/ write off plus 6 years
  • Redundancy details – redundancy plus 6 years
  • Statutory sick pay – last 6 years
  • Declared interests – the period of employment during which they apply 

Your rights

You have the following rights:

Data protection legislation sets out the rights which individuals have in relation to personal data held about them by data controllers. Applicable rights are listed below, although whether you will be able to exercise data subject rights in a particular case may depend on the purpose for which the data controller is processing the data and the legal basis upon which the processing takes place.

For example, the rights allowing for deletion or erasure of personal data (right to be forgotten) and data portability do not apply in cases where personal data is processed for the purposes of the performance of a task carried out in the public interest. The right to object to the processing of personal data for the purposes of a public interest task is restricted if there are legitimate grounds for the processing which override the interest of the data subject. The rights allowing for erasure, data portability and the right to object do not apply where personal data is processed in respect of a legal obligation. Finally, the right to object to process does not apply where processing is carried out in the performance of a contract. This would be considered on a case by case basis and depends on what personal data is involved and the risks further processing of that data would pose to you.

The following rights may apply:

Access

You can request a copy of your personal information that we hold, and check we are processing it lawfully.

Further information on how to make a data protection subject access request.

Correction

You can ask us to correct your personal information if you don’t think it is accurate, complete or up-to-date.

Deletion

You can ask us to delete your personal information, if:

  • It is no longer necessary for the purposes for which we obtained it;
  • You withdraw your consent, and we have no other legal basis for the processing, so if, for example, the processing is necessary for us to perform tasks in the public interest, or to exercise or defend legal claims, we will not be required to delete your data;
  • You validly object to the processing as described below;
  • We have unlawfully processed the data; or
  • We must delete the data to comply with a legal obligation.

Objection

If we process your personal information to perform tasks carried out in the public interest or on the basis of legitimate interests (as set out in the appendix), you can object to this processing on the basis of your particular situation. We will only then continue the processing if we have overriding legitimate grounds for this, or the processing is to establish, exercise or defend legal claims. You may also object if we process your personal information for direct marketing purposes.

Restriction

You can ask us to restrict our processing of your personal information if:

  • You contest the accuracy of the data (for a period that enables us to check it);
  • Our processing is unlawful, but you don’t want the data deleted;
  • We no longer need the data, but you require it to establish, exercise or defend legal claims; or
  • You have objected (as above) and are awaiting confirmation as to whether we have overriding legitimate grounds for processing.

Transfer

If our processing is based on your consent or necessary to carry out our contract with you, and is carried out by automated means, you can request a copy of the personal information you have provided to us and the transfer of this to someone else. Where technically feasible, you can ask us to transfer it directly.

Contact information and further advice

If you have any further questions about the way in which we process personal data, or about how to exercise your rights, please contact the Head of Information Governance at:

The Scottish Parliament
Edinburgh
EH99 1SP

Telephone: 0131 348 6913

(Calls are welcome through the Text Relay service or in British Sign Language through contactSCOTLAND-BSL.)

Email: [email protected]

Please contact us if you require information in another language or format.

Complaints

The Information Commissioner is the UK supervisory authority for data protection issues. We aim to resolve all complaints internally via our Head of Information and Governance who can be contacted via dedicated email address [email protected] but you do have the right to complain to the Information Commissioner at any time.

Our Data Protection Policy has more information on these rights and explains how you can exercise them.

Share this page

Share this page on x Share this page on pinterest Share this page on linkedin