Privacy Notice: Staff

This information is for staff who are employed by Yorkshire Ambulance Service NHS Trust. It should be read in conjunction with the Trust’s Privacy Policy available on our website. For the purposes of this privacy notice, ‘staff’ includes employees, workers (including agency, temporary and contracted staff), volunteers, trainees and those carrying out work experience.

During the course of our employment activities, the Trust collects, stores and processes personal information about our current and former staff. It does this only when the requirements for fair and lawful processing are met. This privacy notice provides a summary of how we uphold this by describing:

  • the categories of personal data we collect
  • the purposes for which it is processed
  • the people and organisations it might be shared with.

It is important the information we hold about you is accurate and up-to-date. If your personal details change or if they are currently inaccurate then it is important that you let us know by updating your own details via ESR Self-service or by contacting your manager, who can update your personal details via Manager ESR Self-service and the HR Team via the HR Portal for pay/assignment changes only.

To carry out our activities and obligations as an employer, we process the following personal information:

  • name (current or previous names)
  • date of birth
  • National Insurance number
  • contact details, including email address, home address and telephone numbers
  • education and training
  • employment records (including professional registration/membership, references, and proof of eligibility to work in the UK)
  • personal demographics (including gender, race, ethnicity, sexual orientation, religion, disability and marital status)
  • information relating to health and safety
  • health and attendance records
  • details relating to occupational health (see Vita, Vivup and Optima privacy notices) including vaccination details
  • training and development records
  • disciplinary, grievance, performance, sexual safety and harassment/bullying records
  • bank account details
  • pension details
  • driving licence details, including endorsements and accident history
  • personal vehicle details when making expense claims or for our volunteer car drivers
  • criminal records (including alleged offences), criminal proceedings, outcomes and sentences
  • Trade Union membership
  • emergency contact details.

The majority of this personal data will be collected directly from you. In limited circumstances, your personal data may be provided by third parties such as former employers, social workers, Local Area Designated Officer(s), the police, medical professionals and official bodies (such as regulators or disclosure and barring bureaus).

Information is processed in a variety of paper and electronic formats and is used to:

  • Create and maintain your staff record. (Processing is necessary under the contract you have with us or because we have asked you to take specific steps before entering into a contract.)
  • Communicate with you throughout your employment with YAS. (Processing is necessary under the contract you have with us or because we have asked you to take specific steps before entering into a contract.)
  • Monitor diversity statistics and help us understand staff demographics. (We request your explicit consent to process this data.)
  • Check criminal records every three years, where relevant for the role, to help make safer working environments. (We request your explicit consent to process this data. Processing shall be carried out only under the control of official authority or when the processing is authorised by Union or Member State Law providing for appropriate safeguards for the rights and freedoms of data subjects.)
  • Maintain attendance records (where necessary for the assessment of the working capacity of the employee).
  • Maintain records of mandatory vaccination status (where we have a legal obligation to do so).

The Trust does not carry out automated decision-making using employee data.

We will not routinely disclose any information about you without your permission. However, there are circumstances where the law says we must or can share information about you. Any disclosures of personal data are always made using the minimum personal data necessary for the specific purpose and with the appropriate security controls in place.

There are a number of reasons why we may need to share your information. It can be because of:

  • our duty to comply with legislation
  • a requirement to comply with a court order.

It may also be to fulfil our obligations as an employer, for example:

  • meeting and safety obligations
  • safeguarding
  • security checks
  • the provision of employee services, such as occupational health, pay, pensions administration and staff training
  • external audit or counter fraud purposes.

We may obtain and share personal data with a wide variety of bodies, including:

  • Her Majesty's Revenue and Customs (HMRC)
  • Disclosure and Barring Service
  • Home Office
  • Child Support Agency
  • Central government, government agencies and departments
  • Local authorities and other public bodies
  • Ombudsman and other regulatory authorities
  • Courts and prisons
  • Financial institutes such as banks and building societies for approved mortgage references
  • Credit reference agencies
  • Organisations where employment references are requested
  • Utility providers
  • Educational training and academic bodies
  • Law enforcement agencies
  • Emergency services
  • Auditors
  • Department for Work and Pensions (DWP)
  • The Assets Recovery Agency
  • Relatives or guardians of an employee where there is a legal duty to do so.

Records are maintained in line with the Trust’s Records Management Policy and retention periods are based on guidance provided in the Records Management Code of Practice for Health and Social Care (NHS Digital). We will store your information as part of your employee file for the duration of your employment plus six years after you have left the Trust.

NHS England has commissioned and implemented a National Immunisation Vaccination Service (NIVS). This is provided by NHS England and NHS Improvement and will be used to record the vaccination details of healthcare workers.

This delivers a centralised data capture tool for clinical teams delivering the seasonal flu immunisation and is an essential component of NHS England’s response to the COVID-19 pandemic. The vaccination event data will feed back to GP systems and the National Immunisations Management System (NIMS).

Information will be recorded within NIVS using minimal information.

Data Sets:

  1. NHS Number
  2. Forename
  3. Surname
  4. Postcode
  5. Gender
  6. DOB

Data will be disseminated to NHS Digital as Data Processors on behalf of NHS England. The National Data Opt Out provision does not apply to this data processing.