Data Controller contact details
Faversham Medical Practice
Faversham Health Centre
Purpose of the processing
Reasons for processing your personal data include:
- Staff administration and management (including payroll and performance)
- Pensions administration
- Business management and planning
- Accounting and Auditing
- Accounts and records
- Health administration and services
- Information and databank administration
- Crime prevention and prosecution of offenders
- Sharing and matching of personal information for national fraud initiative
A list of Practice processing activities can be found here
Information we collect and use
- your name, photograph, contact details including address, email address and telephone number, date of birth, National Insurance (NI) Number and driving licence (if relevant to the role), information about your nationality and entitlement to work in the UK
- the terms and conditions of your employment
- details of your working arrangements (days of work and working hours) and attendance at work
- details of your qualifications, skills, experience, and employment history, including start and end dates, and dates of continuous service
- information about your remuneration, including entitlement to benefits such as pensions or insurance cover
- details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave
- details of vaccinations if relevant to your post
- details of your bank account for pay and expenses purposes
- details of any disciplinary, performance, absence, or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
- assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence
Information about your family
- information about your spouse, partner or civil partner or other individuals when names as an emergency contact
- information on dependants where required for pension purposes or childcare vouchers or benefits
Special Category Data
- information about medical or health conditions, including whether you have a disability for which the Practice needs to make reasonable adjustments
· equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
· Trade union affiliations, where applicable
· Information about past criminal convictions (Disclosure and Barring Service), and or your fitness to practise in certain regulated professions
Lawful basis for processing
Article 6(1)(b)…‘necessary for the performance of a contract with employee’
Article 6(1)(c)…’necessary for compliance with a legal obligation’
Article 6(1)(f)…’in the Practice’s legitimate interests, which are not outweighed by the fundamental rights and freedoms of the data subject’
Article 9(2)(b) Employment, social security, and social protection
Article 9(2)(g) Reasons of substantial public interest
Schedule 1, Part 1(1) Data Protection Act 2018 - Necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the Data Subject in connection with employment, social security, or social protection.
Schedule 1, Part 2(8) Data Protection Act 2018 - necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained
Schedule 1, Part 2(14) Data Protection Act - is necessary for the purposes of preventing fraud or a particular kind of fraud
Recipient or categories of recipients of the processed data
Professional Bodies (ie GMC, RCN, etc.)
Payroll Provider Fairway Training Ltd
Pension Provider NHS Pension Scheme
Occupational Health Provider Preventative Healthcare Company Ltd.
HM Revenue and Customs
Police & Judicial Services
New Hayesbank Surgery as lead for shared Mid Kent PCN Payroll services
Retention Data for NHS
Solicitors appointed to work in association with incident claims. Outsourced HR function From time to time we may seek advice from a third party legal advice provider.
Disclosure and Barring Service (DBS)
Your previous or prospective employer
The Practice may also receive information about you from these organisations.
Right of access
Subject to certain conditions, you are entitled to have access to your personal data (this is more commonly known as submitting a “data subject access request”).
Rights in relation to inaccurate personal or incomplete data
You may challenge the accuracy or completeness of your personal data and have it corrected or completed, as applicable.
Rights to object to or restrict our data processing
Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data.
This right applies where our processing of your personal data is necessary for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
Right to erasure
Subject to certain conditions, you are entitled to have your personal data erased (also known as the “right to be forgotten”), e.g. where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.
We may not be able to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.
How to exercise your rights
To exercise your rights, please contact email@example.com
Your personnel records are kept in compliance with law and national guidance. Details on how long records are kept are set out in the NHS England, Record Management Code of Practice 2021.
Right to complain
If you are unhappy with how your personal data is processed, you have the right to complain to the Information Commissioners Office (ICO). Their helpline number is 0303 123 1113.
We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please do contact us (firstname.lastname@example.org) in the first instance.
Data Protection Officer contact details
A. Ervine GP Data Protection Officer
NHS Kent and Medway