Schools’ Personnel Service Privacy Notice

The Schools’ Personnel Service (SPS) is part of the Business Services Centre within Kent County Council. SPS offers a number of HR services to Schools, Academies and other educational settings. We aim to maintain the highest possible standards and seek to adopt best practice with regards to the way in which we manage and process data in the course of our business.

Kent County Council collects, uses and is responsible for certain personal information about you. When we do we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including the United Kingdom) and we are responsible as a ‘controller’ of that personal information for the purposes of those laws. There are occasions where SPS may be a data controller or joint data controller with your Employer.  

This Privacy Notice offers both our customers (schools, academies and other educational settings) and you, their employees, with meaningful and accessible guidance on our approach to handling personal data.

Should you have any questions about this privacy notice please contact our Data Protection Officer, Benjamin Watts – see Who to contact below.
 

Who are we?

SPS offers a number of HR services:

  • HR Administration – including administration and issuing of employment contracts
  • HR Helpline – an online and telephone advice service offering support and guidance on staffing matters relating to terms and conditions
  • Consultancy Services – providing specialist advice to schools / academies regarding personnel and employment matters such as sickness absence and disciplinary issues alongside bespoke works such as investigations and mediation services
  • IntePay Payroll Services – a comprehensive payroll service including processing staff payroll and addressing individual queries
  • SPS Training – providing learning and development opportunities to individuals, groups and whole school communities through our open course calendar, bespoke initiatives and personal development tools

In providing a service to your Employer, it will be necessary for SPS to gather, obtain, record and hold employee [your] personal information.  
 

The personal information we collect and use

In the course of providing HR services to your Employer we collect personal information about our customers’ employees. This information may be provided directly by you, as the employee or by your Employer on your behalf. This includes but is not limited to:

  • Personal information: such as name, address, telephone number, email address, date of birth, national insurance number, identification documents
  • Special Categories of Data (also known as sensitive personal data): including personal characteristics (such as gender, age, ethnic group, health and disability information), and data relating to your opinions or trade union membership
  • Employment information: such as, information relating to Disclosure and Barring Service checks, work history, start dates, hours worked, post holdings, grade and salary information, attendance records, qualification details, training records and details of your professional registration and any restrictions which may apply
  • Financial details: such as bank account details, payroll records, tax status information, pension and benefits information, details relating to statutory third party payments i.e. court orders / attachment of earnings or voluntary payments 
  • Personal data: such as information related to recruitment, management, performance and employment of staff (for example disciplinary / absence / ill health / capability / performance management / grievance / management investigation records) 

We may also obtain personal data from third parties with whom we liaise in providing a service to your Employer (i.e. HMRC / LGPS / Teachers’ Pension Scheme / Disclosure and Barring Service / Legal Advisors), or by a representative acting on your behalf (trade union representative / solicitor).
 

How we use your personal information

We use your personal information to:

  • To provide a personnel service to your Employer – including administering recruitment, issuing contracts of employment and contractual variations, payment of salaries and administration of pensions, maintaining your personnel / payroll file on behalf of your employer
  • To provide advice to your Employer regarding personnel and employment matters related to your employment
  • To provide training and development opportunities to individuals and groups of staff on behalf of your Employer
  • To fulfil safeguarding obligations towards students
  • To meet the statutory and contractual obligations of your Employer in relation to pay / deductions and comply with their obligations under employment law
  • To communicate with you on behalf of your Employer where necessary throughout your employment lifecycle

We do not undertake automated decision making or profiling using the information we process.
 

The lawful basis for which we collect and use your personal data

The lawful basis for which we collect and use your personal data are as follows:

  • with your consent (please note this applies to SPS Training only)
  • for the performance of a contract. (Please note this may be in relation to your own contract of employment with your Employer or in relation to our contract of service with your Employer)
  • for compliance with a legal obligation or,
  • legitimate interests in offering employment practice advice and/or the legitimate   interests of our clients to receive employment advice

The lawful basis on which we collect and use special categories/sensitive personal data is as follows:

  • for carrying out legal obligations or exercising specific rights in employment or social law
  • for occupational health assessment
  • Where it is necessary for the establishment, exercise or defence of legal claims or where the courts are acting in their judicial capacity
     

How long your personal data will be kept

We will not keep your information during or after your employment for longer than is necessary, for either:

  • the purpose of administering your individual staff record
  • or as is necessary in providing a service to your Employer
  • or as required by law

following which your personal data will be securely destroyed.
 

Who we share your personal information with

Personal information may be shared between SPS colleagues who legitimately need the information to carry out their duties in providing a service/services to your Employer.  All our staff are appropriately trained and understand their obligations with regards to the personal data they have access to.

Other than your Employer we may share your personal or sensitive personal data with the following:

  • Representatives of recognised trade unions and professional associations or workplace colleagues identified by you to support in employment matters
  • HM Revenue and Customs, Department for Work and Pensions, Local Government Pension Scheme and Teachers Pension Scheme
  • Third parties engaged by the school for the provision of identified services – i.e. Occupational Health Providers / Legal Advisors
  • Third Party organisations - where you have instructed us to make payments / contributions from your salary or where we are advised directly to make deductions from your salary.
  • KCC Safeguarding Team/Local Authority Designated Officer (LADO) for the purposes of safeguarding children and young people
  • Professional regulatory authorities such as the Teaching Regulation Agency
  • Law enforcement or other authorities if required by applicable law.

Providers of management information systems and platforms used by SPS may also have access to personal and sensitive personal data to enable them to provide the service for which they have been contracted.  We require any providers to respect the confidentiality and security of your personal data and treat it in accordance with the law.

We may transfer your personal information outside the EU, but if we do, you can expect a similar degree of protection in respect of your personal information.
 

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and the ICO as regulator of any suspected data security breach where we are legally required to do so.
 

Your Rights

Under the GDPR you have a number of rights which you can access free of charge. You have the right to request access to information about you that we hold [please see Who to contact below].  You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.

We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note: your request may delay or prevent us delivering a service to you.

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance [see Who to contact below]. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

If you would like to exercise a right, please contact [the Information Resilience and Transparency Team at data.protection@kent.gov.uk


Who to Contact

You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk .

Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.

The General Data Protection Regulation also gives you right to lodge a complaint with the Information Commissioner’s Office (ICO) – the UK supervisory authority. The ICO may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.

For further information visit https://www.kent.gov.uk/about-the-council/about-the-website/privacy-statement

We keep our Privacy Notice under regular review.  This document was last reviewed May 2018.