As your employer, Heritage Skills Academy (HSA) regards the lawful and correct treatment of personal information as important and therefore ensures that information is treated in accordance with The General Data Protection Regulation (GDPR). HSA will, through appropriate management, strict application of criteria and control, process and keep information about you for normal employment purposes and ensure your Data is held securely and will take appropriate technical and organisational security measures to safeguard personal information.
The information we hold and process will be used for our Management and Administrative use only and will be processed lawfully and fairly. We will keep and use it to enable us to run the business and manage our relationship with you effectively and appropriately, during the recruitment process, whilst you are working for us, when your employment ends and after you have left, but not for longer than is legally necessary. This includes using information to enable us to comply with the employment contract and to comply with any legal requirements. We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external payroll and pension provider.
The information we hold will have been provided by you, but some may come from external sources such as references. This includes your application form, your contract of employment and any amendments to it; correspondence with or about you, for example information needed for payroll purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as training records, appraisals and, where appropriate, disciplinary and grievance records, but will remain adequate and in relation to the purpose the information is processed and used for.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports. This information will be used in order to comply with our health and safety and occupational health obligations, to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also use this data to administer and manage statutory and company sick pay.
HSA also undertakes to continue compliance with GDPR and any future changes in law, ensuring your records are kept accurate and up to date.
Under the GDPR you have a number of rights with regard to your personal data. You have the right of access to your personal information, the right to prevent processing in certain circumstances and the right to request to correct, rectify, block or erase information. You have the right to withdraw consent of processing of your data.
If you have any concerns as to how your data is processed and used contact our DPO.