Employee privacy notice
This privacy notice explains what types of information will be gathered about you as an employee, worker or contractor, and how this information will be used.
Nottingham Trent University Privacy Notice – for employees, workers and contractors
Nottingham Trent University is committed to protecting the privacy and security of your personal information. This Privacy Notice provides important information about how Nottingham Trent University and its associated entities (“NTU,” “we,” or “us”) identifies and manages its data protection responsibilities in accordance with its legal and regulatory obligations.
NTU encourages you to review the privacy statements of any websites you choose to navigate to from our website (or navigate from to our website) or digital services that we provide links to so that you can understand how those websites collect, use and share your information as well. Any third-party sites that you can access through the website are not covered by this Privacy Notice and we accept no responsibility or liability for these sites.
NTU is a data controller which means we are responsible for deciding how we hold and use personal information about you.
This Privacy Notice applies to any NTU staff, including current and former employees, workers, contractors and candidates for recruitment (“you” or “your”) or services that link to it (collectively, our “Services”). Occasionally, a Service will link to a different Privacy Statement that will outline the particular privacy practices of that Service, such as:
Please read this Privacy Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information.
Data Protection Officer, Nottingham Trent University
Address: 50 Shakespeare Street, Nottingham, NG1 4FQ
Alternatively, please contact your Line Manager who may be able to assist.
We may need to update this Privacy Notice from time to time. When changes made to this Privacy Notice are considered to be material, we will notify you of the changes.
NTU is committed to the responsible handling and protection of personal information.
Personal Data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data).The information will be Personal Data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations.
We collect, use, disclose, transfer, and store personal information to provide Services to you and for our operational and business purposes as described in this Privacy Notice.
We want to be clear about our privacy practices so that you are fully informed about the use of your information, and we encourage you to contact us at any time with questions or concerns: DPO@ntu.ac.uk
The categories of personal information that we may collect, store and use about you include (but are not limited to):
- Name, address(es), phone number(s), date of birth, gender;
- National Insurance Number, Passports, Driving Licence and driving history;
- Right to work documentation (visas and other immigration data);
- Requests for special arrangements;
- Family details, such as marital status, dependents, next of kin and emergency contact information;
- Your position, role, contract terms, salary, benefits and entitlements;
- Your financial details, including bank account numbers, sort codes, NI numbers, tax codes, payslips;
- References, qualifications, recruitment and training and development records;
- Communications relating to decisions we make;
- Pensions data;
- Promotion and progression data;
- Grievance and disciplinary investigations/proceedings;
- Visual images / photographs (including CCTV);
- Computing and email information including login details, network access and your use of our information and communications systems.
In some circumstances, we may, during the course of your employment with us, also collect, store and use the following the “special categories” of more sensitive personal information which may include (but are not limited to):
- Trade union membership;
- Information about your race, ethnicity, religious or similar beliefs, political beliefs, sexual orientation, sex life* and equality monitoring data;
- Information about your health, including medical conditions that you have notified to us, disability, decisions and consideration of reasonable adjustments, and sickness absence records; and
- Details of any relevant criminal convictions we have asked you to declare.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you/and or we may be prevented from complying with our legal obligations. This would mean, we would be unable to employ you.
For example if you fail to provide:
- Copies of your passport and right to work visa;
- Financial data including bank account and sort code for us to pay you;
You have a contractual duty to inform us of any conflicts of interest that may affect your role and decision making at NTU.
We typically collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or through an employment agency or background check provider (including your previous educational establishments and/or former employers if they provide references to us, or credit reference agencies).
Not all of the personal information NTU holds about you will always come directly from you. We may collect personal information from third parties such as our partners, service providers, and publicly available websites, to assist Services and facilitate business operations to help us maintain data accuracy and provide and enhance our Services.
We will collect additional personal information in the course of job-related activities throughout the period of you working for us. We will ask you to keep your personal information up to date throughout your employment.
Our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.
NTU uses CCTV around campus and will collect and store information. Access our CCTV policy by logging in to MyHub.
When processing personal data, we rely on a combination of the grounds permitted by data protection law. We process your personal data to assist us in effectively administering the employment relationship between you and the University. The table below illustrates the personal data we process and the reasons why. Without processing your personal data the University would be unable to employ you or fulfil our legal obligations as an employer and Higher Education Institution.
To make decisions about recruitment and employment – necessary for entering into a contract with you and to comply with Employment Law.
To determine your employment contract terms – to set up your employment contract and comply with Employment Law.
To carry out our obligations under your employment contract with us
To manage work responsibilities, performance and conduct as an employee, including the management of grievance and disciplinary hearings.
Contract / Legal Obligation
To administer your employee file including paying you and providing any benefits (including regrading, recognition, prizes, awards and promotion),
To provide information about your employment and allow you to participate in interactive features of our Services, when you choose to do so.
To manage your sickness absence.
To assess your fitness to work and/or legal entitlement to work in the UK, including carrying out right to work checks, other pre-employment checks, DBS checks, seeking references, seeking information on unspent convictions.
Contract / Legal Obligation /
To maintain health and safety across the University, monitoring Test and Trace during global health situations through self-reporting.
Legal Obligation / Legitimate
To implement and manage compliance with University policies.
To allow financial transactions to and from us, including payments for Services and expenses, to ensure safe and legal transfer of currency and information.
When you access/use facilities provided by NTU Sport, such as gym membership.
To share with third parties where we have retained their services that we or you have requested e.g. for the purpose of references.
To pay salary, tax and pension contributions and any associated benefits.
To manage training and development opportunities.
To provide IT services, building access and other services such as library services.
Maintaining departments and individual contact details published internally and externally on the University website.
To support the administration and application of accreditation such as Race Equality and Athena SWAN.
To monitor and ensure we meet our statutory obligations, including those related to diversity and equal opportunity.
To ensure compliance with legislation (e.g. the Prevent Duty under The Counter Terrorism & Security Act 2015).
For the purpose of ensuring compliance with the UK Visas and Immigration.
To allow us to complete statutory and regulatory data returns for HESA and OfS (where required)
For the maintenance of our financial accounts.
To carry out surveillance through CCTV and body worn cameras for the purpose of prevention, detection and investigation of crime and incidents and to ensure the safety of staff, students and visitors to the University. To assist in the investigation of breaches of University regulation, code of conduct.
Contract / Legal Obligation /
To provide management information and through research using employee data which may be used to enhance the staff/student experience at the University and to enable the development of a comprehensive picture of the workforce.
Contract / Legal Obligation /
To enable submission of funding applications and applications for grant funding and to manage agreements with grant funders which includes information to support funding which may be shared with third parties such as the UKRI in aggregate form.
Contract / Public Task
To carry out internal research for non-academic purposes which may include monitoring performance and quality at an institutional level where there is no direct impact on data subjects.
To ensure compliance with research funders’ policies, including policies relating to bullying and harassment which may require certain information to be shared with research funders.
Participation in the Research Excellence Framework (REF)
To provide online lecture services, i.e. lecture capture for students.
Measuring aggregated engagement through tracking mechanisms for example attendance at briefing sessions, VC sessions, and other circular materials.
Call contents and voice when making calls to helpdesks. Content may be recorded for training and monitoring purposes.
To notify you about changes to our services or to provide you with information about services or products at the University which may be of interests to you.
To ensure that content from our website/intranet is presented in the most effective manner for you and your computer/device by gathering aggregate information bout our users, using it to analyse the effectiveness and efficiency of communications.
To provide tailored advertising and marketing information to you or to permit trusted selected partner or third parties to provide you with information about goods or services we feel may be of interest to you, where the ‘legitimate interest’ condition for processing does not apply.
In limited cases, we may also process data where is it necessary to protect someone’s “vital interests” (either the data subject, or another person). Disclosures may be made to external parties to ensure the safety and wellbeing of individuals; for example, we may share your contact details with emergency health services if you are taken unwell while on the premises.
Where special categories of personal data (see above) are processed, the permitted legal bases for doing so will include:
- Explicit consent of the data subject.
- Processing necessary for employment law or social security law.
- Processing necessary to protect vital interests (see above).
- The processing of personal data manifestly made public.
- The establishment, exercise or defence of legal claims.
- Purposes specified in data protection law as being in the substantial public interest.
- The processing is necessary for reasons of public interest in the area of public health.
- For archiving, statistical and research purposes.
NTU shares or discloses personal information when necessary to provide Services or conduct our business operations. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised or pseudonymised, and statistical data with third parties.
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legal requirement or legitimate interest in doing so.
Below are the parties with whom we may share personal information and why;
- Within NTU: We provide data to a variety of NTU teams and functions, and personal information will be made available to them where necessary for the provision of Services or technical support.
- Our business partners: We occasionally partner with other organisations to deliver services.
- Awarding and accredited bodies.
- We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud.
- We are required to share your information within data returns to HMRC and Pension providers.
- Our benefit suppliers: We are required to share your information within data returns to deliver employee benefits.
- We process personal information with a range of regulatory and statutory bodies, in fulfilling our public and legal obligations which includes with the Home Office to fulfil NTU’s obligations as a visa sponsor.
We may also use personal information to meet our internal and external audit or governmental requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:
- (a) Under applicable law, which may include laws outside your country of residence;
- (b) To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
- (c) To enforce our terms and conditions; and
- (d) To protect our rights, privacy, safety, or property, or those of other persons.
We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Notice will delete your personal information when they no longer require it.
In determining data retention periods, NTU takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. When we no longer need personal information, we securely delete or destroy it. Access our full Data Retention Schedule.
Your personal information may be transferred by us or our trusted partners outside of the UK and the European Economic Area (the “EEA”). The trusted partners that may do this are organisations who process data for analysis or marketing purposes, including a marketing automation hub where the email address of recipients will be logged and a record of email delivery, opening, click-through and bounce-backs will be kept. Our partner uses Microsoft’s Windows Azure data centres located in East US (Virginia), West Europe (Netherlands), and Australia East (New South Wales).
NTU has networks, databases, servers, systems, and support located throughout the world. NTU collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of NTU, workforce, and students. Your personal information may be shared with record matching and customer targeting partners, including Google, Facebook, Snapchat and LinkedIn. Some of these partners process personal data in Canada and the United States of America.
In some cases, we may need to disclose or transfer your personal information within NTU or to third parties in areas outside of the UK. The areas in which these recipients are located will vary from time to time, but may include the United States, Europe, Canada, Asia, Australia, India, and other countries.
We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. When we transfer personal information from the UK to other countries in which applicable laws do not offer the same level of data privacy protection as in the UK, we take measures to provide an appropriate level of data privacy protection.
In other words, your rights and protection remain with your data, i.e., we use approved contractual clauses, multiparty data transfer agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact DPO@ntu.ac.uk
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Request the transfer of your personal information to another party.
*Definitions of special category data are provided as per the UK General Data Protection Regulation (UK GDPR)
Please contact our Information Governance Team with any requests related to your personal information.
If you are not satisfied with how NTU manages your personal data please contact the Data Protection Officer.
In addition you have the right to make a complaint to a data protection regulator.
The ICO contact details are available at: https://ico.org.uk/global/contact-us/.