• Your name, address and contact details, including email address and telephone number, date of birth and gender.
• Information about your right to work in the UK.
• The terms and conditions of your employment
• Recruitment documents for roles that you have held, including application, interview notes, shortlisting information, tests and references
• Details of your qualifications, professional memberships, skills, experience and employment history, including start and end dates and work locations, with previous employers and with the organisation.
• Information about any potential probity issues or conflicts of interest.
• Information about your remuneration, including entitlement to benefits such as pensions or insurance cover.
• Details of your bank account and national insurance number.
• Information about your marital status, next of kin, dependants and emergency contacts.
• Information about your status to drive.
• Details of your schedule (days of work and working hours) and attendance at work.
• Details of periods of leave taken by you, including holiday, family leave and sabbaticals, and the reasons for the leave.
• Details of any disciplinary, capability or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
• Details of any safeguarding concerns or referrals made to the Disclosure and Barring Service (DBS).
• Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence.
• Supervision and other management notes in relation to the performance of your role.
• Information related to health and safety claims, accidents, complaints incidents which you may be party or a witness to.
• Feedback you have provided for others through our performance management processes.
• Information about your use of St Mungo’s information and communications systems.
• Photographs.
• CCTV footage and door pass entry information.

• Information about your criminal record.
• Information about your nationality and entitlement to work in the UK.
• Details of periods of sickness absence taken by you, and the reasons for the leave.
• Details of attendance and sickness procedures in which you have been involved, including any stages of the process you have reached and correspondence.
• Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
• Details of trade union membership.
• Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

• Where we need to perform the contract we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest of for official purposes.

• Where we need to carry out our legal obligations or exercise rights in connection with employment, for example, in order to administer certain benefits, such as pensions schemes, life insurance or PHI / critical illness insurance.
• Where it is needed in the public interest, such as equal opportunities monitoring or reporting safeguarding concerns.
• Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

St Mungo’s collects this information in a variety of ways. For example, data is collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers; recruitment agencies; assessment information provided by assessment providers; medical information provided by medical professionals and information from criminal records checks permitted by law.

We will collect additional personal information in the course of job-related activities throughout the period of you working with us.

• Running recruitment processes and making decisions about pay and terms.
• Checking you are legally entitled to work in the UK and you are suitable for the role that you are engaged to conduct.
• Maintaining accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights.
• Paying you and deducting tax and National Insurance contributions.
• Administering benefits.
• Gathering evidence in relation to and operating and keeping a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace.
• Gathering evidence in relation to and operating and keeping a record of employee performance and related processes, to plan for career development, and workforce management purposes.
• Operating and keeping a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled.
• Obtaining occupational health advice, to ensure that we comply with duties in relation to individuals with disabilities, meet our obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled.
• Operating and keeping a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled.
• Complying with health and safety obligations.
• Ensuring effective general HR and business administration.
• Ensure effective business management, monitoring and planning activities.
• To monitor your use of our information and communication systems to ensure compliance with our IT policies and effective discharge of your duties.
• To provide references on request for current or former employees.
• Responding to and defending against legal claims.
• Maintaining and promoting equality in the workplace.

We will use your particularly sensitive personal information in the following ways:

• We will use information relating to your nationality in order to ascertain your right to work in the UK.
• We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
• We will use information about your physical and mental health, or disability status, to ensure your health and safety in the workplace and assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
• We will use information about your race, national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
• We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our policies in relation to Pre- Employment Checking and Employing People with Criminal Records.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or you have already made the information public.

We may also process such information about members or former members in the course of legitimate business activities with appropriate safeguards.

We envisage that we will hold information about criminal convictions.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We will use the information about criminal convictions and offences in the following ways:

• To ascertain your suitability (on an ongoing basis) for your role and employment at St Mungo’s.
• To inform any appropriate discussions or processes in line with our Code of Conduct and Disciplinary Procedures.

We are allowed to use your personal information in this way to carry out our duties as an employer working in fields with regulated activity and/or with vulnerable adults and/or children and/or in line with the requirements of the Rehabilitation of Offenders Act. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.

We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

Who we share with

“Third parties” include third-party service providers (including contractors and designated agents).

St Mungo’s shares your data with third parties who manage our databases and administrative systems and in order to obtain pre-employment references from other employers, obtain assessments as part of a recruitment process, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. The organisation may also share your data with third parties in the context of a potential TUPE transfer or when running a staff survey.

St Mungo’s also shares your data with third parties that process data on its behalf, in connection with insurances and legal advice, employee relations matters, payroll, the provision of benefits and the provision of occupational health services.

Keeping your information secure

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. With the exception of our occupational health provider (who uses your data for the purposes of advising you directly and safeguarding your wellbeing) we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal information with other third parties, for example in the context of possible mergers or take-overs, the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. We may also need to share your personal information with a regulator or commissioner/funder or to otherwise comply with the law.

Sharing outside of the EEA

Subject to the exceptions below your data will not be processed outside of the European Economic Area (EEA).

1. Our online test provider is based in the United States and as such data related to the online tests will be transferred outside of the EEA. In this situation data is transferred outside of the EEA on the basis that the test provider has signed up to the EU-US Privacy Shield Framework. More information about the Privacy Shield Framework can be found here: https://www.privacyshield.gov/welcome
2. We may from time to time use an online survey tool based in the United States and as such data contained in surveys will be transferred outside of the EEA. In this situation data is transferred outside of the EEA on the basis that the survey tool provider has signed up to the EU-US Privacy Shield Framework. More information about the Privacy Shield Framework can be found here: https://www.privacyshield.gov/welcome

St Mungo’s takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, altered, misused or disclosed, and is not accessed except as required by its employees in the performance of their duties. We operate under a suite of Data Protection Policies, a Data Retention Schedule and restrict access to our systems and files appropriately.

Where St Mungo’s engages third parties to process personal data on its behalf, it does so on the basis of written instructions and only where the third party has agreed to treat the information confidentially and to implement appropriate technical and organisational measures to ensure the security of data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use of disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information please see the Employee’s Data Summary Schedule.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee or worker of the company we will retain and securely destroy your personal information in accordance with our data retention policy.