LionHeart Privacy Notice for Employees
The data controller processing your personal data is LionHeart. We are registered as a data controller with the Information Commissioner’s Office (our notification number is Z6406612) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation (the General Data Protection Regulation and UK Data Protection Act 2018). 
Our CEO is the Data Protection Lead, and can be contacted via ceo@lionheart.org.uk.

What information do we collect from you? 
LionHeart holds and processes personal data about current and former members of LionHeart staff, including temporary workers, and permanent employees.
We only collect the data we need and keep that data up to date. The personal data that we hold about you consists of:
  • Personal information - your name, data of birth, gender, nationality, national insurance number, copies of documentation proving your right to work such as your passport or visa, identifiers issued by public bodies (e.g. NI Number) and your contact details. 
  • Information about your job and contract of employment - your role title and department, information about your employment contract such as start date/s, hours, contract type (for example, fixed term, permanent, temporary etc.), your salary, information about any benefits you receive, and details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals 
  • Information relating to your performance in your role - assessments of your performance, including supervision notes, performance reviews, training you have participated in, promotions, details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence 
  • Education and work history - details of your qualifications, skills, experience and employment history and references received. 
  • Family, lifestyle and social circumstances - In certain circumstances we will also hold limited information about your spouse, partner, or civil partner, or other individuals. This is collected where you name them as an emergency contact or where shared parental leave is requested - in which case we will receive the spouse/partner’s name and any relevant information.
LionHeart may process some information about you that is classed as ‘special category’ data, and which receives additional protections. We may collect the following special category data:

Details of periods of leave taken by you relating to sickness absence, family leave, etc. 
Health or disability information about you 
Information about your religion or beliefs 
Information about your ethnic origin 
Your sexual orientation 
Gender identification 
Trade union affiliations, where applicable
For certain roles, other special category data may be processed, such as information about past criminal convictions, working with children or vulnerable adults, and your fitness to practise in certain regulated professions.

How do we collect this information from you?
We receive a lot of this data from you when you:
  • Submit an application for a job at LionHeart
  • Complete your new starter and payroll forms
  • Supply your passport or other identity documents at the start of your employment, at other times when necessary during your employment with us, or when we ask you to confirm your identity
  • Update your personal record via our HR online system during your employment or ask us to update your record in any way
  • Supply emergency contact details - where you do this, please inform your emergency contact that you are providing LionHeart with their details  
  • Request shared parental leave, in which case we will receive the spouse/partner’s name and the name of their employer either from you or from your spouse/partner’s employer
  • At various other times when you share it during the course of your employment, for example, during correspondence with you, during the supervision process, if you need to take sick leave, or if your role changes.
If we do not receive information directly from you, we either generate it ourselves (supervision notes for example), or we receive it from third parties.
Data about you that we receive from third parties comprises your employment references; tax details; medical information, where appropriate for occupational health purposes; and details of voluntary salary deductions.
We receive this information from the following third parties:
Organisations or individuals which you may have named as a referee
HM Revenue and Customs (HMRC)
Pensions scheme providers
Student Loans Company
Disclosure and Barring Service

Why do we collect this information from you?
We take our obligations around the handling of personal data very seriously, and it is therefore important for you to know the various lawful bases that we rely on for the processing of your personal data.
We process some of your data in order to enter into and to fulfil a contract of employment with you, or to meet a relevant obligation under employment law or other legislation. We process your personal data for these purposes when we:
  • Provide you with an employment contract 
  • Administer HR-related processes, including those relating to performance management, conduct and promotion 
  • Operate and keep a record of disciplinary, complaint and grievance issues to ensure acceptable conduct in the workplace 
  • Ensure you are legally eligible to work in the UK 
  • Calculate your pay, including any statutory or voluntary deductions (such as to a pension scheme, salary sacrifice scheme or trade union) 
  • Ensure that you are able to practice in a particular role 
  • Ensure that you are physically fit to work or practice in a particular role 
  • Identify and prevent any potential risks to your health or wellbeing that may arise from your work 
  • Give you access to any LionHeart online accounts, access to a LionHeart email account, and give you personalised access to buildings (such as 55 Colmore Row), IT applications, resources and network services such as WiFi 
  • Monitor use of IT services to ensure adherence to the LionHeart’s Acceptable Use Policy 
  • Provide you with access to training and development services 
  • Process and pay your statutory and occupational payments for relevant periods of absence or leave, such as when you are unable to work due to illness 
  • Administer pension and benefit entitlements 
  • Ensure we can get in touch with you if we need to regarding work or employment related matters 
  • Compile statistics for regulatory and statutory reporting purposes 
In other circumstances, LionHeart processes your data where we have a legitimate interest in doing so. 
This is an assessment made by weighing our requirement against the impact of the processing on you. Our legitimate interests will never override your right to privacy and the freedoms that require the protection of your personal data. 
We process your data in our legitimate interest when we:
  • Produce statistics for internal reporting to ensure the effective management of our workforce. Analysis of statistics is carried out at an aggregate level and does not identify you directly. 
  • Enable effective communications with you regarding information you need to know for security or operations. 
  • Provide opportunities for employee wellbeing and support, such as our Employee Assistance Programme. 
  • Operate and keep a record of employee performance and related processes to plan for career development, succession planning and workforce management purposes. 
Some special category data is processed to carry out our obligations and exercise specific rights in relation to employment.
We process information about ethnic origin, sexual orientation, religion or belief or trade union membership, offences and alleged offences, criminal offences, gender identification, health information to carry out our employment obligations when we:
  • Make reasonable adjustments for staff who have a disability 
  • Ensure that you are fit to work in a particular role 
  • Meet our obligations under the employment law such as the Equality Act 2010, and related initiatives including Athena Swan, Race Equality Charter 
  • Manage voluntary salary deductions to a trade union, where applicable 
  • For some roles, we are obliged to seek information about criminal convictions and offences
Some special category data is processed for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee.
We process for this reason when we obtain occupational health advice, to ensure that we comply with our duties in relation to individuals with ongoing health issues or disabilities. This assessment is carried out by health professionals via our HR consultancy providers, details of whom can be provided upon request.  They will have a separate privacy notice which you will be made aware of.

What do we do with your information?
Your information may be shared internally with members of the LionHeart Finance and Administration team, your line manager, and other staff if access to the personal data is necessary for performance of their roles.
We combine the personal data you provide us with other data generated during your employment in order to maintain a summary record of your employment with us.
We also combine your data with data received from the third parties listed above in order to:
Determine whether you are eligible to work in the UK 
Ensure that you pay the correct tax and National Insurance contribution 
Ensure you receive any pension payments you are due once you are eligible.

Access to, and the sharing of, your special category data are controlled very carefully. You will be given further details about our need for collecting such data when we ask you to share it with us, including any consequences for you of not providing it.

How long do we keep your information?
We will keep limited information for a maximum period of six years after the end of your employment with the LionHeart, unless we are legally required to keep them for longer, for example pension details. This will consist of:
Redundancy notes
Compromise agreements
P45/tax information
A leaver’s form with the following details: Start date, end date, salary on leaving, number of days sick in last two years and a standard reference

After six years we will only retain your name, job title and start and end date, and any other data that we may be legally required to hold. All other data we hold about you will be permanently destroyed.

Who do we share your information with?
Within LionHeart, we share your data with:
  • The Finance and Administration team in order to enrol you in a pension scheme and ensure appropriate contributions can be made. 
  • The Finance and Administration team in order to pay expenses claims and ensure that LionHeart can budget to continue to meet its payroll obligations 
  • The Finance and Administration Team, in order to maintain statutory records regarding any accidents or hazardous exposure you sustain at work 
  • The Finance and Administration Team in order to provide you with an IT account, email address and access to relevant buildings, IT networks, systems and resources 
  • Our Internal Management team, to ensure LionHeart compliance with policies and processes
We also share your personal data, where required, with the following external third parties:
  • Government departments and agencies where we have a statutory obligation to provide information (e.g. Her Majesty's Revenue and Customs (HMRC), the Office for Students (formerly the HEFCE), the Home Office (in connection with UK visas and immigration). 
  • Our pension scheme providers in order to enrol you into a pension scheme and ensure contributions are paid correctly  
  • The Disclosure and Barring Service (DBS) where we need to make a criminal records check for certain roles 
  • An external payroll administrator
  • IT Services provider
  • Where appropriate, financial institutions such as a company credit card provider
  • On occasion and where necessary, the police and other law enforcement agencies
  • On occasion and where necessary, appointed external auditors
  • We will provide references about you to external enquirers or organisations where you have requested or indicated that we should do so
How do we protect your data?
We take the security of your data seriously. LionHeart’s cybersecurity guidelines specify the correct way of handling IT in order to protect data in order to protect against the consequences of breaches of confidentiality, failures of integrity and interruption of availability.
We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

What rights do you have in the way that we protect your data?
  • Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) that data as well as to be provided with supplemental information about the processing (by making a subject access request)Require us to change incorrect or incomplete data
  • Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • Object to the processing of your data where we rely on our legitimate interests as the legal ground for processing
  • Receive from us the personal data we hold about you which you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that data to another data controller
  • Ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override LionHeart’s legitimate grounds for processing data
  • Withdraw your consent for us to process your data where we do so with your consent
Not all of these rights apply in all circumstances. If you would like to exercise any of these rights, or make a subject access request please contact LionHeart’s Data Protection Lead, the CEO. They can be contacted by email: ceo@lionheart.org.uk or by phone by calling 0121 2895410 or by writing to:  LionHeart, Ground Floor, 55 Colmore Row, Birmingham B3 2AA
If you continue to have concerns about the use of your personal data, the Information Commissioner’s Office (ICO) is the independent regulator of the use of personal data in the UK.  They can be contacted through their website: www.ico.org.uk, or their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire

Policy updated October 2018; reviewed annually. 

Helpline 0800 009 2960           or 0121 289 3300