Jump directly to main contentJump directly to menu

Privacy Notice – Staff (1)

Privacy Notice – Employees, Workers, Contractors and Volunteers

Purpose of this statement

Your privacy is important to us. This privacy notice explains what personal data DN Colleges Group collects from you, through our interactions with you and through our products, and how we use that data.

DN Colleges Group is committed to protecting the privacy and security of your personal information. As a “data controller” we are responsible for deciding how we hold and use personal information about you.

We are required under data protection legislation to notify you of the information contained in this privacy notice.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

It applies to all current and former employees, workers and contractors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

DN Colleges Group is registered under the Data Protection Act 2018. This means that the purposes for which the College collects, and processes personal data is notified to and registered with the Information Commissioner’s Office (ICO), under the Registration Number ZA341759.

DN Colleges Group (also referred to below as ‘we’) will collect the following information from you, which we need in order to carry out our functions. The legal grounds for processing the information are outlined under each section and where your consent is required we give you the opportunity to opt in.

Data protection principles

We will comply with GDPR. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those
  3. Relevant to the purposes we have told you about and limited only to those
  4. Accurate and kept up to
  5. Kept only as long as necessary for the purposes we have told you
  6. Kept securely.

The kind of information we hold about you

Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.

Personal data and where appropriate special categories of data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to:

  • Contact details such as first name, middle names, surname, address, personal and work email addresses, personal and work telephone numbers
  • Financial details e.g. bank details, salary details, tax/national insurance details, pension details, credit/debit card details and purchase history
  • Lifestyle information such as dietary preferences, hobbies, other likes/dislikes/preferences
  • Location e.g. physical or electronic information which identifies your location
  • Online/Unique identifiers such as staff codes, online/website details e.g. usernames, passwords, session IDs, geo locations, device/pps ID, IP and MAC addresses, cookies, RFI
  • Special Categories of Data which may include information about racial and ethnic origin, religion, politics, trade union membership, genetic and biometric data (e.g. fingerprints used for ID purposes), health, mental health, physiological and disability information, sexual orientation, behavioural characteristics, social identity, cultural background, facial Images, philosophical beliefs and economic data
  • Personal non-contact details e.g. date of birth, age, gender, photographs, video imaging, passport details, visa details, driving licence details
  • References and Employment Details
  • Information about business and pecuniary interests (where applicable)
  • Employee Contract Details such as employment history, job title, staff ID cards and ID no, teacher ref no, hours worked, start/leave dates, annual leave details, absence/sick leave details/reasons, performance details, disciplinary details, references
  • Academic and staff development information subjects taught, exam results/qualifications/academic achievement/mandatory and voluntary professional body memberships/ accreditations/ certifications / training records
  • Complaints/Grievances details e.g. Student, staff, public and other complaints to which you are a named party or involved in the investigation process
  • Health and Safety information such as accident records, risk assessments, occupational health records, personal protective equipment records, industrial disease monitoring, insurance and legal claims
  • Criminal and Conviction Information e.g. Disclosure Barring Service checks and disclosures provided to us (see below) and other notifications e.g. ‘Overseas Criminal Record Checks’, ‘List 99’ and National College for ‘Teaching and Leadership (NCTL)

How is your personal information collected?

Whilst most of the information you provide to us is mandatory or necessary to enable us to provide services to you or conduct our business activities, some of it is provided to us on a voluntary basis. To comply with data protection legislation, we will inform you whether you are required to provide information to us or if you have a choice in this.

We collect personal data in a variety of different ways for example paper and online forms by email and verbally.

We may ask to see copies of your identification data to ensure we have your correct details and can verify your identity.

Collecting this data enables us to comply with our various legal and contractual obligations in connection with the performance of your employment, maintaining your personnel file and to conduct business activities for example:

  • Administration and management of the employment relationship (pre, during and post- employment);
  • Enabling individuals to be paid and the payment of income tax and national insurance contributions
  • Enable us to collect and make payments in relation to the contract, expenses, provision of goods
  • Processing statutory payments such as sick pay, maternity pay, paternity pay and redundancy pay
  • Enabling us to administrate workplace pensions – this includes payments to local authorities, specific pension funds and higher education institutions to reimburse for pension increases under the local government superannuation scheme for people formerly employed at further and higher education institutions, teacher training colleges or institutions which provided further education or higher education and/or their dependents/beneficiaries.
  • The collection or and provision of employment references
  • To enable us to provide staff benefits and wellbeing opportunities
  • Developing our workforce through mandatory training and our voluntary training and development offer
  • Performing pre and post-employment checks which include References, Qualification/Academic checks, Qualified Teacher Status, DBS, Visas, Right to Work in the UK, Business Driver
  • Providing access to HR, Occupational Health and Health and Safety related systems e.g. Medigold, iTrent and
  • To allow the conduct of DN Colleges Group for example processing your personal information in connection with your work related activities for example access to organisation wide and department specific systems and applications e.g. Outlook, Network Logins, EBS, Portals, 4Insight, SharePoint, Medigold, SafeSmart and
  • Providing a safe and secure workplace through provision of Health and Safety, Occupational Health and Safeguarding services
  • To hold next of kin/ emergency contacts details
  • To record entry and exit to our buildings/campuses
  • To take photographs for the purpose of providing a Staff ID card
  • To use CCTV recording and images for safety and security purposes and staff and student grievance/disciplinary investigations
  • Emergencies as defined in the DN Colleges Group Business Disaster Recovery Plan(s).
  • To assist in the detection, investigation and prevention of crime
  • The purpose of any potential transfer of your employment under the Transfer of Undertakings – Protection of Employment (TUPE) Regulations
  • Fundraising initiatives
  • Participating in Trade Union collective agreements and to enable Trade Union Representatives to support and managing our
  • Comply with our Data Subject Access Request and Individuals’ Rights obligations under the GDPR
  • Statistical and research purposes to;
  • Complete and return Government and other funding body or awarding/validating body Data Collection Returns
  • Statistical and research purposes to;
    • enable the development of a comprehensive picture of the workforce and how it is deployed
    • monitor Equality and Diversity
    • inform the development of recruitment and retention policies
    • collate data collection/statistical returns to the government, funding bodies, validating/awarding bodies and partnership

How we will use information about you (lawful basis)

We only collect and use personal information about you when the law allows us to. Most commonly, we use it where we need to:

  • Comply with a legal obligation
  • Comply with a contractual obligation
  • Carry out a task in the public interest

Less commonly, we may also use personal information about you where:

  • You have given us consent to use it in a certain way
  • We need to protect your vital interests (or someone else’s interests)
  • We have legitimate interests in processing the data

The purpose of processing this data is to enable DN Colleges Group to:

  • Perform our contractual obligations, manage the employment relationship (both during and after employment) and maintain your personnel file
  • Enable you to carry out work activities
  • Enable us to establish and maintain effective governance
  • Enable us to meet our statutory (legal) obligations e.g. comply with HMRC requirements; facilitate a safe environment and comply with safeguarding obligations; undertake equalities monitoring; ensure that appropriate access arrangements can be provided for those who require them

The majority of the processing we carry out in relation to DN Colleges Group is necessary to comply with various legal and contractual requirements such as:-


  • HMRC Income Tax and National Insurance Requirements
  • Employers/Public Liability Insurance

Health and Safety

  • Health and Safety at Work etc. Act 1974 (& associated regulations and codes of practice)
  • Equality Act 2010


  • Prevent Duty
  • Section 175 of the Education Act 2002
  • Further and Higher Education Act 1992
  • ‘Keeping children safe in education Statutory guidance for schools and colleges’ Guidance (gov.uk) and adult safeguarding guidance
  • Validating/Awarding Body Terms and Conditions/Requirements

Statutory (EFSA) / Other Funding requirements

Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify our use of your data.

Where we ask you for information for which we do not have a contractual or legal basis for processing, we will either tell you the legitimate basis for processing or obtain your consent. Where you have provided us with consent to use your data, you may withdraw this consent at any time by contacting the HR Team.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

How we store this data (Data security)

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

When you apply for a job with us, but your application is unsuccessful, we will keep your personal information for 6 months.

When you are an employee, we will keep your personal information for as long as you work with us and then after you leave, we will keep your personal information for 7 years.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure and Barring Service (DBS) Checks

We will require a Disclosure and Barring Service (DBS) or similar check for non-UK staff to be carried out, this check helps employers make safer recruitment decisions and prevent unsuitable people from working with vulnerable groups, including children. As part of the DBS check application process, as required by the DBS, we will provide you with a separate Standard/Enhanced Check Privacy Policy for Applicants and ask you to confirm you understand how the DBS will process your personal data and the options available to you when submitting an application. Further information is available at www.gov.uk/dbs.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your employment with us.

Use of Personal Email Addresses and Social Media

To enable us to comply with our data protection responsibilities, we will only communicate with staff using their College issued email address. Personal email addresses will only be used in exceptional circumstances such as long term absence, during the application process or when a member of staff has left the college and no longer has access to their college email account. It is therefore extremely important that staff log into their college email accounts regularly so they do not miss any important information in connection with their employment, role and important college announcements. The use of the email account auto forward feature to forward emails to your own personal email should not be used.

Members of staff should take care when posting personal information on College Social Media platforms such as twitter and Facebook as posts can be shared publicly and we may have no control over your personal data.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you in writing.

Data sharing

We do not share information about you with any third party without your consent unless the law and our policies allow us to do so.

To enable us to comply with our legal and contractual obligations and to enable the conduct of business, we may need to share some of your personal information (and in some instances special categories of data) as follows;

  • Business System Providers/Suppliers and Service Providers in connection with work related activities and to enable access to systems and applications e.g. Microsoft Outlook/365 e.g. login details/file storage/Your Business Voice/Solicitors/Insurers/Occupational Health Service/Payments Systems – to enable them to provide the service we have contracted them for
  • Pension providers and Payroll providers (where a third party is used)
  • HM Revenue and Customs
  • Local Authority/Local Safeguarding Board/Social Care Teams/LADO – for safeguarding purposes
  • Health and Safety Executive – to report accident information/investigation purposes
  • Disclosure and Barring Service – to obtain a DBS check to check for criminal convictions and offences
  • Police and Enforcement Agencies – to assist in the detection, investigation and prevention of crime this includes the Courts and Coroner Service
  • Emergency services in the event of an emergency
  • In connection with DSAR requests (Data Subject or Authorised Representative) e.g. information which may be contained within emails, documents, systems, paper and electronic records/filing systems and other forms of media, this may include work email address(es), work contact details and also the disclosure of information of which you were the author or to which you have contributed. This includes deleted and archived personal information which is still
  • Information Commissioner’s Office (ICO) (complaints/breaches investigations)
  • Awarding/validating bodies for general administration, quality control and queries
  • Where necessary or mandatory, we will disclose personal information in connection with investigations, disputes, complaints and grievances internally and with third parties for example local authority safeguarding boards, trade unions, government departments and agencies, insurers and legal representatives and professional bodies to which a member of staff is affiliated e.g. CIMA, CIPD.
  • Personal information relating to any person(s) involved in administering, teaching or completing examinations/assessments where malpractice is suspected or alleged may be shared with other awarding/validating bodies, the qualifications regulator or other professional bodies and where relevant in accordance with the JCQ publication Suspected Malpractice in Examinations and Assessments – Policies and
  • Recruitment and employment agencies
  • Previous and future employers/referees – pre and post contract and governor checks
  • External Training/Travel Providers – booking and administration purposes
  • Childcare / Bike to Work scheme administrators
  • Mortgage companies/rental agencies (where authority is provided)
  • Higher Education Statistics Agency (HESA)/Research Excellence Framework (REF) submissions/Clinical Senior Lectureship Awards (CSLA) for Clinical Medicine and Dentistry/National Teaching Fellowship Scheme (NTFS)
  • Government departments or agencies for government audits, reviews, comply with funding requirements, and data collection requirements e.g. research/analysis/statistics/equality & diversity, benchmarking purposes g.
  • Department for Education (DFE) (gov.uk/dfe)
  • Office for Standards in Education, Children’s Services and Skills (gov.uk/ofsted)
  • Office for National Statistics (ons.gov.uk)
  • Education Skills and Funding Agency (wwgov.uk/esfa)
  • Depending on your role or interaction with DN Colleges Group, we may be required to share your personal information with Government departments and agencies for example the EFSA to enable them to contact you directly
  • Internal and external Auditors (e.g. Financial accountants/HMI Inspectors)

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Third Party Processors and Transferring Data Internationally

Where we use Third Party Processors or transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.

Your rights

Under the General Data Protection Regulation, you have various rights in relation to your personal information:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Please note, exemptions may apply when making a request to exercise your rights, for example where we have to retain or process information for legal purposes. For more information on your personal data rights visit www.ico.org.uk/your-data-matters

How to access the personal information we hold about you

Individuals have a right to make a ‘Data Subject Access Request’ to gain access to personal information that we hold about them. Please refer to our Data Protection (GDPR) Policy for more information on how to make a request or contact our Data Protection Officer can be found below.

Your other rights regarding your data

Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:

  • Object to the use of your personal data if it would cause, or is causing, damage or distress
  • Prevent your data being used to send direct marketing
  • Object to the use of your personal data for decisions being taken by automated means (by a computer or machine, rather than a person)
  • In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing – routine requests for changes to information you provide us with such as changing your contacts details etc. can be directed to
  • Claim compensation for damages caused by a breach of the data protection regulations
  • To exercise any of these rights, please contact Data Protection

Data protection officer

We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Our Data Protection Officer is:

Terry Hutchinson – dataprotection@dncolleges.ac.uk

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.