Skip to main content

Staff Privacy Notice

During the course of its employment activities, the Welsh Ambulance Service, collects, stores and processes personal information about prospective, current and former staff.

This Privacy Notice includes applicants, employees (and former employees), workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience.

We recognise the need to treat staff personal and sensitive data in a fair and lawful manner. No personal information held by us will be processed unless the requirements for fair and lawful processing can be met.

What types of data do we handle?

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Contact details such as names, addresses, telephone numbers and emergency contact(s)
  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
  • Employment records (including professional membership, education and training, references, and proof of eligibility to work in the UK and security checks)
  • National Insurance Number
  • Bank details
  • Pension details
  • Medical information including physical health or mental condition (occupational health information), health and attendance records, including vaccinations
  • Information relating to health and safety
  • driving licence details, including endorsements and accident history
  • personal vehicle details when making expense claims or for our volunteer car drivers
  • Trade union membership
  • Disciplinary, grievance, and performance records
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment Tribunal application, complaints, accidents and incident details.

The majority of this personal data will be collected directly from you. In limited circumstances, your personal data may be provided by third parties such as former employers, social workers, the police, medical professionals and official bodies (such as regulators or disclosure and barring bureaus).

Our staff are trained to handle your information correctly and protect your confidentiality and privacy.

We aim to maintain high standards, adopt best practice for our records keeping and regularly check and report on how we are doing. Your information is never collected or sold for direct marketing purposes.

We may use outsourced providers or data processors that are based outside of the UK. Should your data be transferred outside of the UK, we will ensure in accordance with Data Protection legislation that the data will only be transferred where there is an adequacy regulation or other appropriate safeguard in place.

What is the purpose of processing data?

  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Crime prevention and persecution of offenders
  • Education
  • Health administration and services
  • Information and databank administration
  • Sharing and matching of personal information for national fraud initiative

We have a legal basis to process this as part of your contract of employment (either permanent or temporary) or as part of our recruitment process following data protection and employment legislation.

Sharing your information

We will not routinely disclose information about you without your permission. However, there are circumstances where the law says we must or can share information about you. Any disclosures of personal data are always made using the minimum personal data necessary for the specific purpose and with the appropriate security controls in place.

There are a number of reasons why we may need to share your information. It can be because of:

  • our duty to comply with legislation
  • a requirement to comply with a court order.

It may also be to fulfil our obligations as an employer, for example:

  • meeting health and safety obligations
  • safeguarding
  • security checks
  • the provision of employee services, such as occupational health, pay, pensions administration and staff training
  • external audit or counter fraud purposes.

We may obtain and share personal data with a wide variety of bodies, including:

  • Her Majesty's Revenue and Customs (HMRC)
  • Disclosure and Barring Service
  • Home Office
  • Central government, government agencies and departments
  • Local authorities and other public bodies
  • Ombudsman and other regulatory authorities
  • Courts and prisons
  • Financial institutes such as banks and building societies
  • Organisations where employment references are requested
  • Educational training and academic bodies
  • Law enforcement agencies
  • Emergency services
  • Auditors
  • Department for Work and Pensions (DWP)
  • Relatives or guardians of an employee where there is a legal duty to do so.

 

Use of Third Party Companies

To enable effective staff administration The Welsh Ambulance Service NHS Trust may share your information with external companies to process your data on our behalf in order to comply with our obligations as an employer.

Employee Records; Contracts Administration

The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Shared Services for maintaining your employment records, held on the national NHS Electronic Staff Record (ESR) system.

Prevention and Detection of Crime and Fraud

We may use the information we hold about you to detect and prevent crime or fraud. We may also share this information with other bodies that inspect and manage public funds.

We will not routinely disclose any information about you without your express permission. However there are circumstances where we must or can share information about you owing to a legal/statutory obligation.

Individual Rights

Data Protection laws give individuals rights in respect of the personal information that we hold about you. These are:

  • To be informed why, where and how we use your information
  • To ask for access to your information
  • To ask for your information to be corrected if it is inaccurate or incomplete
  • To ask for your information to be deleted or removed where there is no need for us to continue processing it
  • To ask us to restrict the use of your information
  • To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
  • To object to how your information is used
  • To challenge any decisions made without human intervention (automated decision making)

 

The Welsh Ambulance Services NHS Trust is open and transparent about how your personal data is used and shared. Should you have any queries or concerns, please contact the Data Protection Officer at:

Data Protection Officer, Welsh Ambulance Services NHS Trust, Tŷ Elwy, Richard Davies Road, St Asaph, Denbighshire, LL17 0LJ

Email: amb_infogovernance@wales.nhs.uk

If you are still unhappy with the outcome of your enquiry you can write to:

The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 01625 545700