[Skip to content]

Mid Cheshire Hospitals - NHS Foundation Trust
Departments and services How To Find Us
Search our Site

General Staff Privacy Notice

How we use your data

Mid Cheshire Hospitals NHS Foundation Trust is registered as a data controller with the Information Commissioner’s Office (ICO) for the purposes of the Data Protection Act and is committed to ensure that it collects, stores and processes personal information about prospective, current and former staff in line with UK Data Protection Law and the General Data Protection Regulation (GDPR).

Why do we collect information about you?

The Trust collects, holds and processes personal data and sensitive data about its current, past or prospective staff including agency, casual and contracted staff, volunteers, trainees and those carrying out work experience from recruitment to employment and beyond.

What information is provided by you?

When you apply for a position within the Trust you will provide us with relevant information about you including:

  • Name and contact details
  • Employment history
  • Qualifications
  • Referee Details

During the recruitment and selection processes we will begin to add further information including:

  • Copies of qualifications and certificates
  • Pre-employment checks, including references, identity documents and right to work check information
  • Publicly available information such as social media presence
  • Selection information including correspondence, interview notes, results of any selection tests that you may be undertake

Following your appointment, we may add any other information you supply to us or is required as part of your employment such as revalidation information.

What information do we get from other sources?

Information may be provided about you from a number of sources during your recruitment and on-going employment with the Trust including:

  • Disclosure and Barring Service disclosures, where applicable, which will tell the organisation about any criminal convictions you may have
  • Referees providing confidential information about your suitability to the role
  • Inter Authority Transfer (IAT) – Information held by your previous NHS employer
  • Information from HM Revenue and Customs (HMRC) relating to your pay and employment
  • Information about your right to work and visa applications
  • Pension Information when transferring within the NHS
  • Information from your manager and HR team relating to your performance, sickness absence and other work related matters
  • Confirmation of your registration with a professional body


What types of personal data do we hold?

Personal data

The Trust will hold personal data about you for example: Name, address, telephone number, staff number, gender, NI Number, next of kin/emergency contact details, professional membership information, reference information and bank details.

Sensitive personal data (special categories)

The Trust will also hold sensitive personal data including racial or ethnic origin, religious beliefs, trade union membership, health, sexual orientation, criminal convictions and disabilities.

How do we access and secure your personal data?

The Trust will use your information to administrate your employment and associated functions, personal data will be shared between relevant colleagues who legitimately need the information to carry out their duties e.g. your line manager and HR teams.

The Trust maintains electronic and paper records relating to your recruitment and employment, with information held by the HR team and locally with your line manager.

All paper files are kept in secure locked cabinets/cupboards and only relevant staff will have access to this information. Electronic information is accessed on a need to know basis only using the Trust’s ESR system. Some Information may be held on the Trust’s secure electronic drive i.e. S: H: drives, where access is only granted to appropriate individuals.

How do we use staff data?

The Trust uses staff data for all purposes associated with the administration of the employer/employee relationship and to meet our legal obligations. The purposes for which we may use staff data (including sensitive personal information) include:

  • Process your recruitment application and correspond with you in relation to Trust vacancies
  • Maintaining staff records
  • Recruitment and selection
  • Managing Human Resource employment matters (e.g. promotion, training and development, conduct, attendance, appraisals, management progress, grievances, misconduct investigations, disciplinary actions and complaints)
  • Administering finance (e.g. salary, pension and staff benefits)
  • Complying with visa requirements
  • Providing facilities such as IT/system access, library services and car parking
  • Monitoring equal opportunities
  • Preventing and detecting crime, such as using CCTV and using photo’s on ID badges
  • Providing communication about the Trust, news and events
  • Maintaining contact with past employees
  • Provision of wellbeing and support services
  • Compliance with legal obligations such as making external/statutory returns to NHS England, sharing information with HMRC
  • Carrying out research, surveys and statistical analysis (including using third party data processors to carry out the national staff survey)
  • To enrol you as a Foundation Trust member
  • Carrying out audits
  • To issue text message reminders of trust appointments i.e. Occupational Health appointments or training reminders

The Trust processes sensitive personal data for a number of administrative purposes:

  • Equal opportunities monitoring
  • Managing Human Resources processes such as administering sick pay and sick leave, managing absence, administrating Maternity Leave and associated pay schemes
  • Managing a safe environment and ensuring fitness to work
  • Managing obligations under Equal Opportunities Legislation
  • Provision of Occupational Health and Wellbeing service to individuals
  • Payment of trade union membership fees


How do we share your data with third parties?

The Trust may disclose personal and sensitive information with a variety of recipients including:

  • Our employees, agents and contractors where there is a legitimate reason for them receiving the information
  • Current, past or potential employers of our staff to provide or obtain references
  • Professional and regulatory bodies (e.g. Nursing and Midwifery Council (NMC), Health and Care Professions Council (HCPC), General Medical Council (GMC)) in relation to the confirmation of conduct including complaints, job description and information provided as part of the recruitment process.
  • Government departments and agencies where we have a statutory obligation to provide information (e.g. HMCR, NHS Digital, Department of Health and the Home Office)
  • The Disclosure and Barring Service (DBS) and DBS Update Service where we require a DBS check for certain roles
  • Third parties who work with us to provide staff support services (e.g. counselling)
  • Crime prevention or detection agencies (e.g. the police, security organisations, department for works and pensions and local authorities)
  • Internal and external auditors
  • Debt collection and tracing agencies
  • Courts and tribunals
  • Trade union and staff associations
  • Survey organisations for example for the annual staff survey

Any disclosures of personal data are always made on case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

Sharing information with the NHS business service authority 

The Trust also shares employee records information with: NHS Business Services Authority.

The information which you provide during the course of your employment (including the recruitment process) will be shared with the NHS Business Services Authority for maintaining your employment records, held on the national NHS Electronic Staff Record (ESR) system.

On commencement of employment with the organisation, your personal data will be uploaded into the ESR system. ESR is a workforce solution for the NHS which is used by the organisation to effectively manage the workforce leading to improved efficiency.

In accepting employment with the organisation, you accept that the following personal data will be transferred in accordance with streamlining staff movement principles, if you accept an offer with another NHS organisation, or your employment transfers or is seconded to another NHS organisation the following information will be shared:

  • Personal data e.g. name, DOB, address, NI Number, to enable the new NHS employer to verify who you are
  • Employment Information e.g. your position, salary, grade, employment dates, dates of any sickness (excluding absence reasons), to enable you to be paid correctly and the new employer to calculate appropriate NHS entitlements for annual leave and sickness
  • Training compliance / competency dates, to reduce the need to repeat nationally recognised training and statutory and mandatory training

This information will be shared via the Inter Authority Transfer (IAT) which is the secure process where information is transferred from one NHS employer to another.

How is your information kept up to date?

All staff are responsible for ensuring that the information held on ESR is always up to date and should notify their line manager promptly of any changes.

How long is your information kept for?

The Trust will keep your records as defined within the Corporate Records Management Policy.

What legal basis is used for processing my information?

The Trust will only ever process your personal information where it is able to do so by law and using one of a number of legal basis available under the Data Protection Act 2018 and General Data Protection Regulation 2016 (GDPR).

The legal basis we use most often as follows:

  • Legal Obligations – In many cases we have a legal obligation to hold and process information about you for example informing HMRC of the tax and National Insurance Contributions you have made and ensuring the safety and care of our patients and staff. (GDPR Article 6,1(c))
  • Legitimate Interests – In some cases for example sharing data between NHS organisations via IAT the Trust will rely of legitimate interests of the business function. (GDPR Article 6, 1 (f))

 Where we process sensitive personal or special categories of data about you (i.e. racial or ethnic origin, religious beliefs, trade union membership, health, sexual orientation, criminal convictions and disabilities) we will ensure this is done so using the following one of the following legal basis:

  • Employment Rights – Carrying out obligation’s and specific rights required by us as an organisation for the purposes of employment (e.g. monitoring the equality and diversity of our workforce or DBS checking) (GDPR Article 9, 2(b))
  • Preventative or Occupational Medicine – assessing the working capacity of our employees (GDPR Article 9, 2(h))


What are my individual rights?

You have certain rights with respect to the data held about you by the Trust. These are:

  1. To be informed why, where and how we use your information
  2. To ask for access to your information
  3. To ask for your information to be corrected if it is inaccurate or incomplete
  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it
  5. To ask us to restrict the use of your information
  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information
  7. To object to how your information is used
  8. To challenge any decisions made without human intervention (automated decision making)

Further information

Should you have any further queries on the uses of your information, please speak to the Human Resources Department.

HR Advisory Team MF62 Residences Leighton Hospital Crewe

Cheshire CW1 4QJ

Email: hrhelp@mcht.nhs.uk

Telephone: 01270 273712 (Internal Extension 3712)

Should you wish to lodge a complaint about the use of your information, please contact the Trust’s Data Protection Officer:

Stuart Basford

MD38, Information Governance, Leighton Hospital, Crewe

Cheshire CW1 4QJ

Email: dpo@mcht.nhs.uk Telephone: 01270 273812

If you are still unhappy with the outcome of your enquiry you can write to:

The Information Commissioner Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

Telephone: 0303 123 1113

Latest news