During the course of its employment activities, West Midlands Ambulance Service (WMAS) collects, stores and processes personal information about prospective, current and former staff.
This Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience.
We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.
What types of personal data do we handle?
In order to carry out our activities and obligations as an employer we handle data in relation to:
- Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
- Contact details such as names, addresses, telephone numbers and Emergency contact(s)
- Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)
- Bank details
- Pension details
- Medical information including physical health or mental condition (occupational health information)
- Information relating to health and safety
- Trade union membership
- Offences (including alleged offences), criminal proceedings, outcomes and sentences
- Employment Tribunal applications, complaints, accidents, and incident details
Our staff are trained to handle your information correctly and protect your confidentiality and privacy.
We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes.
What is the purpose of processing data?
- Staff administration and management (including payroll and performance)
- Pensions administration
- Business management and planning
- Accounting and Auditing
- Accounts and records
- Crime prevention and prosecution of offenders
- Health administration and services
- Information and databank administration
- Sharing and matching of personal information for national fraud initiative
We have a legal basis to process this as part of your contract of employment (either permanent or temporary) or as part of our recruitment processes following data protection and employment legislation.
Sharing your information
There are a number of reasons why we share information. This can be due to:
- Our obligations to comply with legislation
- Our duty to comply any Court Orders which may be imposed
Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.
Use of Third Party Companies
To enable effective staff administration WMAS may share your information with external companies to process your data on our behalf In order to comply with our obligations as an employer.
Employee Records; Contracts Administration (NHS Business Services Authority)
The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Business Services Authority for maintaining your employment records, held on the national NHS Electronic Staff Record (ESR) system.
Prevention and Detection of Crime and Fraud
We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.
We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.
Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These are:
- To be informed why, where and how we use your information.
- To ask for access to your information.
- To ask for your information to be corrected if it is inaccurate or incomplete.
- To ask for your information to be deleted or removed where there is no need for us to continue processing it.
- To ask us to restrict the use of your information.
- To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.
- To object to how your information is used.
- To challenge any decisions made without human intervention (automated decision making)
Should you have any further queries on the uses of your information, please speak to the Human Resources Department or contact the Trust’s Data Protection Officer – Chris Kerr at Data.Protection@wmas.nhs.uk or telephone 01384 215555.
Should you wish to lodge a complaint about the use of your information, please contact our Human Resources Department via email@example.com or telephone 01384 215555.
If you are still unhappy with the outcome of your enquiry you can contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/