The categories of the information that we collect, process, hold and share include:
Records and information that Avon Fire & Rescue Service (AF&RS) may hold about its current and former employees, to include permanent and temporary staff (interns and staff seconded to AF&RS or any other individual who is on the AF&RS payroll). All employee personal data that is covered by the data protection legislation is in scope of this notice, regardless of whether it is held in an electronic, paper or another accessible format. Information held can be in the form of documents, emails, forms, images and voice recordings.
Categories of personal information can include (but is not limited to) your name, contact details, employment references, employment history, CV/job application information, health & welfare information for occupational health purposes, equalities information that you have provided, payroll data, your training requirements, employment letters and correspondence, absence and leave records, and where your name or other details appear on Fire Service reports, lists, registers, papers and systems as part of your role and in order to manage the employment relationship.
Why we collect and use this information
As an employer, Avon Fire Authority (operationally known as Avon Fire & Rescue Service) has to keep and process information about you (our employee) for normal employment purposes. The information we hold and process will enable us to perform our function as a Fire & Rescue Service and manage our relationship with you effectively, lawfully and appropriately, whether it is during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left the organisation. This includes using information to enable us to comply with our Employment Contract (Statement of Particulars), associated Schemes of Conditions of Service and negotiated terms, Service policies, to comply with any legal requirements (such as employment law, health and safety law and taxation), and to pursue the legitimate interests of the Service.
We will endeavour to process your personal data in line with your reasonable expectations and ensure that any processing is fair, lawful and transparent, in line with the requirement of the data protection legislation.
Below are more detailed examples of the reasons why we collect and use your employee data:
- To enable the administration of the recruitment and promotions process (which depending on the role, can include vetting and law enforcement checks)
- To enable the administration of, and provision of payroll and pension services for employees (including former employees)
- To administerterms and conditions of employment, pensions, benefits and use of facilities, which will support functions such as Human Resources, Finance, Resource Planning and Learning & Development
- To meet our statutory obligations e.g. employment law, tax and national insurance deductions, equalities monitoring, health and safety and safeguarding reporting
- To ensure that our employees are fully trained and equipped to carry out their role
- To provide information about the workforce or individuals (e.g. occupational health reports) to inform management decisions and ensure the efficient running of AF&RS, including the management of employees
- To facilitate external reporting that we are required to do as a Service, such as reporting to Government and various authorities
- To ensure that Service policies are being adhered to and to support good governance
- To manage the wellbeing (including health data) and security of our employees and our assets
- To aid the prevention,detection and monitoringof crime
- Internal management reports to manage Fire & Rescue Service resources
The lawful basis on which we use this information
The majority of the personal data that we process for you as an employee will fall under the General Data Protection Regulation (GDPR) lawful processing conditions of:
- 6(1)(a) your consent, such as for the provision and processing of equality monitoring information, which identifies you.
- 6 (1)(b) the performance of a contract (being a Contract of Employment/Statement of Particulars) or to take steps to enter into a contract. Information is collected to help us manage your employment and make sure both parties uphold their roles as stated in this Contract and associated Schemes of Conditions of Service, negotiated terms and Service policies.
- 6(1)(c) for compliance with a legal obligation (including common law and statutory obligations) that AF&RS is subject to, such as employment law, health and safety law, taxation and other legislation that we have to comply with as your employer.
- 6 (1)(d) to protect the vital interests for you, such as when seeking emergency medical attention in relation to you.
- 6(1)(e) for the performance of a task carried out by the Service in the public interest in the exercise of our official authority vested in us as set out by UK law, such as in order to carry our obligations under the Fire Services Act and other associated legislation for local authorities.
- 6(1) (f) purposes of legitimate interests pursued by AF&RS taking into account your rights and freedoms. This basis would typically apply to support AF&RS within our function as an employer and the administration of running our organisation, however, this basis does not apply when we are performing our official tasks as a Fire & Rescue Service. Instances where this would apply include the processing of witness statements you have given during discipline and grievance cases, to handle other employment processes/cases in line with Service policy, and to hold emergency contacts details for your next of kin so that we have the ability to contact them in the event of an emergency.
Lawful processing for Special Categories (sensitive personal data)
Similar to the lawful processing of general personal data, AF&RS will only process special category data where we can identify a lawful basis for general processing and an additional condition for processing this type of data.
The most common examples of processing conditions for us to process special category personal data will be:
- with your explicit consent (written);
- for carrying out our obligations under employment law, social security or social protection;
- in order to establish, exercise or to defend a legal claim;
- it is necessary for statutory or government purposes and for equality of opportunity or treatment; and
- for the purposes of preventative or occupational medicine for assessing the working capacity of you, the employee.
In order to support the health and welfare of our employees, to monitor sickness absence and ensure that our employees are physically competent to fulfil their roles, AF&RS will process employee health and welfare information, which may be shared externally with our Occupational Health provider and other medical practitioners.
AF&RS do not collect information relating to political opinions, biometric data and genetic data.
Collecting this information
Much of the information we hold has been provided by you, the employee, but some may be generated by other internal sources, such as line management, or in some cases, external sources, such as referees.
Security and emails
For network and information security purposes we have the ability to audit your IT activity and transactions through some of the ICT infrastructure to ensure that it complies with our IT Acceptable Use and other Service policies.
Storing this information
Informationaboutcurrentandformer employees is storedinthe following places. All of the below are subject to AF&RS existing Information Security controls and policies:
- Personal Records File (PRF)
- Dedicated drives within the IT network that are managed by departments that routinely process personal data
- Firewatch (Integrated HR, RPU and Learning & Development system)
- MOST (employee maintenance of skills)
- MyLo (employee online training system by The Learning Pool Ltd)
- Payroll system (administered by Bristol City Council)
- Pension system (administered by Bath & North East Somerset Council)
- Occupational Health Service Providers electronic system (provided by IMASS)
- Disclosure & Barring Service (DBS) - vetting
- Outlook email system
- OSHENS (Wellworker HSW system)
- Employee contact and staff operational data held by Service Control
- Personal Development Review system (ePDR)
- Guide for Assessment (GFA) database (feedback booklet for operational internal promotions process)
- CCTV, video, voice recordings and photograph libraries
- AF&RS premises access control systems
- Return to Work and Attendance Records
- Intelligent Data Systems (IDS) for driving licence information for DVLA checks
- In house registers and spreadsheet trackers which contain employee data for various processes such as long term sickness, long term modified and pregnancy/maternity cases, discipline and grievance cases, and a register of discipline outcomes.
Details of how long we will keep your personal information can be found in the Service’s Retention Schedule.
Who we share this information with and why
We will disclose your information to third parties if we are legally obliged to do so, and we need to comply with our contractual duties to you or where that third party is providing a service on our behalf e.g. payroll provision.
Where the Service engages third parties to process personal data on our behalf, the third party do so on the basis of written instructions, under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Below are some examples with whom why we may share your data:
- Payroll and pension providers
- To seek legal advice on employment matters
- Insurance providers
- Equalities monitoring organisations (however, typically such employee information is aggregated and anonymised.)
- Her Majesty’s Revenue & Customs (HMRC) for tax purposes
- Government Departments (however, typically such employee information is aggregated and anonymised.)
- Police & Fraud Officers – under our legal duty to ensure the protection and detection of crime.
- Statutory Organisations- AF&RS has a legal obligation to report certain events concerning employees to organisations such as the Health & Safety Executive for RIDDOR adverse H&S events
- Partner Agencies for public sector collaborative working arrangements and in order for AF&RS to fulfil it public task duties to deliver a Service to the public, such as working with the Police, Ambulance, local councils and agencies, other Fire & Rescue Services and local community organisations, which can include when attending emergency incidents, preventative fire safety and public welfare work, and training.
- Staff Welfare providers
- Other providers of employee services – such as providers of staff training, equipment and vehicles, workwear and PPE and depending on the nature of the Service will be based on AF&RS duty to fulfil a public task or our legitimate business interests.
- Employment references – such as confirmation of employment and salary details for mortgage companies, which will be shared based on employee consent.
- National Fraud agencies
Your Information Rights
As with all legislation, there are exceptions and this also applies to whether a you can exercise certain rights and this will depend on the lawful basis to which AF&RS is processing your personal data. As an employee, your right to object to processing does not apply when processing takes places under a Contract of Employment, and when processing on the basis of a legal obligation (such as employment laws / tax laws etc.) your rights to object or right to data erasure is restricted. Where processing is based on consent, you can withdraw that consent at any time.
Further information about Employee Information Rights and how to exercise those rights is available on the staff intranet pages and via the AF&RS website: https://www.avonfire.gov.uk/guide-to-published-information/data-protection-act/an-individual-s-rights-regarding-their-personal-information.
Our new Individual Rights Policy and Employee Information Policy are coming soon.