Privacy Notice

What is a privacy notice?

This Privacy Notice is a statement by Barnsley Facilities Services Limited (BFS), which describes how we collect, use, retain and disclose personal data we hold. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy.

This privacy notice is part of our commitment to ensure that we process your personal data fairly and lawfully.

Why issue a privacy notice?

BFS recognises the importance of protecting personal and confidential data in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open.

This notice also explains what rights you have to control how we use your data.

Security of Data

During the course of its activities, BFS collects, stores and processes personal data in both electronic and paper formats.

We recognise the need to treat personal and sensitive data in a fair and lawful manner. No personal data held by BFS will be processed unless the requirements for fair and lawful processing can be met.

This data is used by BFS in the course of our work for legitimate reasons and is not processed, transmitted or stored outside of the UK.

We take our duty to protect personal data and confidentiality very seriously.  We are committed to complying with all relevant legislation and to take all reasonable measures to ensure the confidentiality and security of your personal data for which we are responsible.

BFS  have a Senior Information Risk Owner who is accountable for the management of all information assets i.e. computer systems and any associated risks and incidents.

BFS also has a Data Protection Officer who assists the organisation by providing independent specialist advice on data protection obligations and impact assessments as well as the primary contact for data subjects which includes staff members.

Legal basis for processing Data

BFS process personal data as part of a contract of employment, as part of a legal obligation or with consent of the individual whose personal data is being processed.

What types of personal data do we process?

In order to carry out our service activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion and disability)
  • Contact details such as names, addresses, telephone numbers and Emergency contact(s)
  • Employment records (including professional membership, qualifications, references and proof of identity and eligibility to work in the UK)
  • National Insurance details
  • Financial details
  • Photographs and video footage
  • Pension details
  • Occupational health questionnaire regarding your fitness to work
  • Data relating to health and safety
  • Trade Union Data
  • Disclosure and Barring Service data
  • UK Security Vetting (UKSV) data
  • Employment Tribunal data, complaints, accidents and incident details
  • Access to records requests
  • Training Records
  • Vehicle details
  • Employee relations records

Our staff are trained to handle your data correctly and protect your confidentiality and privacy.

We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing.  Your data is never collected or sold for direct marketing purposes.

What is the purpose of processing data?

BFS may process personal data for the following purposes:

  • Staff administration and management (including payroll, attendance and performance, car parking, staff prize draws and awards and staff feedback via questionnaires or SMS texts, )
  • Provision of goods and services
  • Security, car parking and lift passes
  • Workforce planning
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Crime prevention, investigation and prosecution of offenders
  • Education and Training
  • Health administration and services
  • Sharing and matching of personal data for national fraud or crime initiatives
  • Legal compliance

Who data is processed about?

We process personal data about:

  • Customers and clients
  • Service users
  • Staff
  • Suppliers
  • Business contacts
  • Professional advisers

Who data may be shared with:

We sometimes need to share the personal data we process with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal data we process with for one or more reasons:

  • healthcare professionals
  • social and welfare organisations
  • central government
  • local government
  • emergency services
  • police and law enforcement agencies
  • business associates
  • family, associates and representatives of the person whose personal data we are processing.
  • suppliers and service providers and legal representatives
  • auditors and audit bodies
  • educators and examining bodies
  • survey and research organisations
  • people making an enquiry or complaint
  • financial organisations
  • staff
  • current, past and prospective employers;
  • employment agencies and examining bodies
  • professional advisors and consultants

BFS may share personal data without your consent:

  • Where the disclosure is required by law (for example if ordered by a judge or a presiding officer of a court using a court order; to the HSE under the Health & Safety at Work etc. Act 1974; to the NHS Counter Fraud Service to detect and prosecute Fraud; to law enforcement agencies to detect, investigate and prosecute offenders)
  • Where the disclosure is in the public interest (for example where a worker’s health endangers others and the worker refuses to disclose data which would allow potential harm to be avoided)

Where disclosure of personal data is necessary for the above reasons, this will always be assessed on a case-by-case basis, using the minimum data necessary for the specific purpose and circumstances and with the appropriate security controls in place.

Surveillance Cameras & Access Control – Crime Prevention and/or Staff Monitoring

Surveillance cameras and electronic access control (including car parking barriers) are used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the data processed may include visual images, personal appearance and behaviours.

This data may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this data is shared with the data subjects themselves, employees and agents, service providers, police forces, security organisations and persons making an enquiry.

Individuals Rights

Data Protection laws give individuals rights in respect of the personal data that we hold about you.

Anyone who has personal data recorded by BFS either directly or indirectly has specific rights under current and future legislation. These include:

Under the Data Protection Act – 6th Principle:

  • a right of access to a copy of their personal data; Make a Subject Access Request
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act.

Under the General Data Protection Regulation (GDPR)

  • a right to confirmation that their personal data is being processed and access to a copy of that data which in most cases will be free of charge and will be available within one month (which can be extended to two months in some circumstances)
  • Who that data has or will be disclosed to;
  • The period of time the data will be stored for; Records Management Code of Practice for Health and Social Care 2016
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed. The right to be forgotten and erasure of data does not apply to an individual’s health record or for public health purposes;
  • Data Portability – data provided electronically in a commonly used format;
  • The right to lodge a complaint with a supervising authority.

Make a request under your ‘Information Rights’

Freedom of Information

The Freedom of information Act 2000 provides any person with the right to obtain information held by BHNFT, subject to a number of exemptions.

Make a Freedom of Information request

Further information on the Freedom of Information Act and Making a Request

Please note: if your request is for information we hold about you (for example, your health record), please instead see above, under ‘Data Subjects Rights’.

Should you have any further queries on the uses of your data, please contact Information Governance on 01226 432017 or by email: information.governance@nhs.net

If you are unhappy with the outcome of your enquiry you can write to:  The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF – Telephone: 01625 545700