Seconded employees for the Covid Asymptomatic Testing Programme Privacy Notice
This privacy notice is designed to help you understand how we use personal information when you have been seconded to work on our Covid-19 Asymptomatic Testing Programme, we have set out the services types, the information we may use to deliver the services, who we may share it with, and how long we will keep it.
Services covered by this privacy notice
We need your contact information, and any information on medical conditions that might put you into a clinically vulnerable group, so that team managers/supervisors can contact you for setting rotas outside of normal working hours.
We need details on your emergency contacts so that team managers/supervisors can contact them in the event of an emergency. When collecting your nominated emergency contact information, we are relying on “legitimate interests” under the Data Protection Act 2018.
Information we hold about you
We only collect and use the minimum amount of personal information required when delivering a service to you.
The service may use some or all of the personal information provided:
- your name, address, post code, mobile number, landline number and details on any medical conditions that might put you into a clinically vulnerable group
- emergency contact details including contact name, telephone number and name of employer or employer agency
Why we need your information and how we use it
We use your information to:
- enter into a contract with you to facilitate the delivery of the Covid-19 Asymptomatic Testing Programme
- plan our resources
- highlight and manage workplace issues or risks
- maintain accurate contact details
- arrange rotas and work schedules
- contact you to talk to you about your Covid-19 test results
- discuss your availability for work
- deal with any queries that you may have
Who your information may be shared with
Sometimes we may need to share your information, but we will only do so where it is necessary or required by law. We will only share the minimum information for each circumstance.
We may sometimes need to share some of your information with:
- Test and Trace
- health service providers including NHS agencies
- internally with some of our colleagues
The Data Controller
We are the Data Controller for this processing
The lawful basis for the processing
Most of the personal information we process is provided to us directly by you, under the Data Protection Act 2018, the lawful bases we rely on for using your personal information are:
- we have a contractual obligation with you (GDPR Article 6 (b)
- we need to protect your vital interests (GDPR Article 6 (d)
- we have a legitimate interest (GDPR Article 6 (f)
When we collect data about your health we also rely on the following lawful basis:
- we need it for employment, social security or social protection (GDPR Article 9 (2) (b))
When we need to collect information about any medical conditions that might put you into a clinically vulnerable group, we do so in order to meet our health and safety obligations under the Health and Safety at Work Act 1974. (Data Protection Act – Schedule 1, Part 1, Paragraph 1 (a) and (b), a copy of our appropriate policy for the collection of this data can be found on the Appropriate Policy Document section of our website).
Under the Regulation of Investigatory Powers Act 2000, Computer Misuse Act 1990 and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, we also have the right to monitor the use of computer and telephone facilities for purposes such as preventing and detecting criminal acts, investigating unauthorised use, making sure that policies are being followed and for training and quality control.
Protecting your information
Your information will be securely stored on our network and in our offices in Chester, Ellesmere Port, Winsford and Northwich.
How long will we keep your personal information?
We will only use your personal information whilst delivering the service to you and to deal with any questions or complaints that we may receive about this, unless the law requires us to keep it for a longer period. In practice, this means that your information will be kept for seven years and then securely destroyed.
Under data protection law, you have rights including:
- your right of access - you have the right to ask us for copies of your personal information
- your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- your right to erasure - you have the right to ask us to erase your personal information in certain circumstances
- your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances
- your right to data portability - you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To make a request follow the instructions on our Data protection for you page.
How to complain if you are unhappy about how your data is used
You can complain directly to our Data Protection team online or by post.
- Online: Contact the DPO
- By post: Data Protection Officer, 4 Civic Way, Ellesmere Port, CH65 0BE
You also have the right to complain to the Information Commissioner’s Office using the following details:
Will my personal information be accessible outside the UK?
Should the transfer of personal information outside of the UK become necessary, it will only take place if permitted by law, and then only where there are appropriate safeguards in place to protect the personal information.
Your information will be stored on servers/offers within the UK.