The Council collects and processes personal data relating to its employees to manage the employment relationship. The Council is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

All personal information is held and processed by North Ayrshire Council in accordance with the UK Data Protection Laws. As a Data Controller North Ayrshire Council is registered with the UK regulator, the Information Commissioner.

The Council collects and processes a range of information about you. This may include personal data such as: name, date of birth, national insurance number, tax code, personal characteristics such as gender and ethnic group, qualifications, training, health, disciplinary or absence information.

The lawful basis for processing personal data is set out in Data Protection legislation. In this case the reasons for processing your data are:

a) Employment Contract - The processing is necessary for the Council to meet its obligations under this contract.

b) Legal Obligation - The processing is necessary for the council to comply with the law.

c) Public task - the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.

d) Consent – in limited circumstances, for instance relating to employee benefit schemes, the council may rely on employee consent to process their personal data. Where the council is relying on employee consent to process personal data then employees have the right to withdraw this consent at any time.

e) Legitimate interest – in other cases the Council has a legitimate interest in processing the data such as providing references on request in which case the Council is required to conduct a legitimate interest impact assessment.

Data Protection legislation defines Special Category Data as data relating to the processing of personal data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation. In the conduct of your employment, it may be necessary to process some types of Special Category Data and in particular health information for employee assistance and absence monitoring and equality data.

The lawful basis for processing Special Category Data is:

a) The processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or the employee in the field of employment law

b) The processing is necessary for the purposes of occupational medicine, for the assessment of the working capacity of the employee

The council may receive employee personal data from or share employee personal data with the following organisations:

• the Department for Work and Pensions, HMRC and other Government departments
• Police Scotland and other criminal investigation agencies
• Scottish Public Services Ombudsman
• the (UK) Information Commissioner
• the Care Inspectorate
• Scottish Social Services Council
• the General Teaching Council (Scotland)
• Disclosure Scotland
• Strathclyde Pension Fund
• Scottish Public Pensions Agency
• Occupational Health
• COSLA
• the Law Society of Scotland or other professional bodies if required

The council will disclose information required by law and may share information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds.

The Council takes the security of your data seriously. The Council has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. System restrictions and authorisation requirements are put in place as well as a code of conduct to which all employees comply to act under key principles of public life.

Where the Council engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We will only keep your personal data for as long as necessary. Full details of how long we will retain employee personal data can be found in our Retention Schedules. Providing Accurate Information It is important that we hold accurate and up to date information about employees. If your details have changed or change in the future, you should inform us as soon as possible and we will update our records.

Individuals have the right to request access to information about them. Further details on how to exercise these rights can be found on our data protection page.

Employees also have the right to:

• require the Council to change incorrect or incomplete data and in certain circumstances, have inaccurate personal data rectified, blocked, erased, or destroyed
• object to processing of personal data that is causing substantial, unwarranted damage or distress
• object to the processing of your data where the Council is relying on its legitimate interests as the legal ground for processing
• prevent processing for the purposes of direct marketing

If employees have a concern about the way in which the council has collected or used their personal data, in the first instance this should be raised with their line manager. Should you remain unhappy you can contact the council’s Data Protection Officer and contact details can be found on the Council’s Privacy Policy.