Staff Privacy Notice

How your personal data is being used by The Clatterbridge Cancer Centre NHS Foundation Trust

Privacy Notice – Employment Records

During the course of its employment activities, The Clatterbridge Cancer Centre NHS Foundation Trust collects, stores and processes personal information about prospective, current and former staff.

This Privacy Notice includes applicants, employees (and former employees), workers (including agency, bank and contracted staff), volunteers, trainees and those carrying out work experience.

We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

1. What types of personal data do we handle?

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
  • Contact details such as names, addresses, telephone numbers and Emergency contact(s)
  • Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)
  • Bank details
  • Pension details
  • Medical information including physical health or mental condition (occupational health information)
  • Information relating to health and safety (including CCTV)
  • Trade union membership
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment tribunal applications, complaints, accidents, and incident details

Staff are trained to handle your information correctly and protect your confidentiality and privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes.

Your information is not processed overseas.

2. What is the purpose of processing data?

The Trust needs to process staff personal data in order to function effectively as an organisation, examples of these are:

  • Our obligations to comply with legislation
  • Our duty to comply any Court Orders which may be imposed
  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and auditing
  • Accounts and records
  • Crime prevention and prosecution of offenders
  • Education
  • Health administration and services
  • Information and databank administration
  • Sharing and matching of personal information for national fraud initiative

3. Sharing your information

The Trust shares staff information with a range of organisations or individuals for a variety of lawful purposes, including:


  • Disclosure to Data Processors - e.g. to companies providing archive storage of personnel records under contract to the Trust
  • Public disclosure under the Freedom of Information Act- e.g. requested names or contact details of senior managers or those in public-facing roles
  • Disclosure of job applicant details - e.g. to named referees for reference checks, to the Disclosure & Barring Service for criminal record checks, to named GPs for health checks, to housing agencies for staff relocation or accommodation
  • Disclosure to employment agencies - e.g. in respect of agency staff
  • Disclosure to banks & insurance companies - e.g. to confirm employment details in respect of loan/mortgage applications/guarantees
  • Disclosure to professional registration organisations - e.g. in respect of fitness to practice hearings
  • Disclosure to Occupational Health professionals (subject to explicit consent)
  • Disclosure to police or fraud investigators - e.g. in respect of investigations into incidents, allegations or enquiries

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

4. Use of third party companies

To enable effective staff administration the Trust may engage with third party organisations to process your data on our behalf. These organisations are known as data processors and we ensure that they are legally and contractually bound to the Trust.

5. Prevention and detection of crime and fraud

We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

We will not routinely disclose any information about you without your express permission. However, there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

6. How long do we retain your records?

All our records are destroyed and retained in line with the NHS Records Management Code of Practice which set out the appropriate length of time each NHS record is held for. We do not keep your records for longer than necessary.

All records are destroyed confidentiality once their retention period has been met and the Trust has made the decision that the records are no longer required.

7. Your Rights

Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:

  1. To be informed why, where and how we use your information.
  2. To ask for access to your information.
  3. To ask for your information to be corrected if it is inaccurate or incomplete.
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it (This only applies when certain conditions are met).
  5. To ask us to restrict the use of your information.
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information (This only applies when certain conditions are met).
  7. To object to how your information is used.
  8. To challenge any decisions made without human intervention (automated decision making)

8. Further Information

If you have any questions or concerns regarding how we use your information, please contact the Trust's Data Protection Officer:

The Information Governance Manager
The Clatterbridge Cancer Centre NHS Foundation Trust
Clatterbridge Cancer Centre - Wirral
Clatterbridge Road
Wirral
CH63 4JY

Tel: (0151) 556 5844
E-mail: ccf-tr.cccdataprotectionofficer@nhs.net

9. Information Commissioner's Office

The Information Commissioner’s Office (ICO) is the regulator for current data Protections Laws and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.

Additionally, you have the right to complain to the Information Commissioner if you should ever be dissatisfied with the way the Trust has handled or shared your personal information:

The Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 or 01625 545745
Information Commissioner's Office website - www.ico.org.uk

This privacy notice will be reviewed on a regular basis to ensure it is in line with national guidance and legislation. This privacy notice was last reviewed in May 2018