This statement explains how St. Catharine's College ("we" and "our") handles and uses information we collect about our staff and Fellows ("you" and "your"). For these purposes, "staff" is intended to include employees, workers and casual workers and contractors (e.g. undergraduate supervisors, ad-hoc or temporary maintenance or kitchen or catering staff etc.). In broad terms, we use your data to manage your employment and/or Fellowship with the College, including your role and the performance of it, how we support you as an employer, and how you are paid, as well as other statutory requirements.
The controller for your personal data is St. Catharine's College, Cambridge, CB2 1RL. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS Ltd) [12B King's Parade, Cambridge; 01223 768745; email@example.com]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Simon Summers, firstname.lastname@example.org.
Unless otherwise stated, the legal basis for processing your personal data is that it is necessary for the performance of an employment contract or Fellowship agreement we hold with you, or for statutory purposes (e.g. processing your monthly salary, tax and pension contributions).
How your data is used by the College
Your data is used by us for a number of purposes, including:
A. supporting your employment and your performance in your role:
Personal data includes:
i)* personal details including name, contact details (phone, email, postal, both work and personal) and photograph;
ii) your current and any previous role descriptions;
iii) your current and previous contracts of employment and related correspondence;
iv) any occupational health assessments and medical information you have provided, and related work requirements;
v)* your training and development qualifications, requests and requirements.
B. ensuring that you have the right to work for the College:
Personal data includes:
i)* your recruitment information (including your original application form and associated information submitted at that time);
ii) other data relating to your recruitment (including your offer of employment and related correspondence, references we took up on your appointment, and any pre-employment assessment of you);
iii)* evidence of your right to work in the UK (e.g. copies of your passport).
C. paying and rewarding you for your work:
Personal data includes:
i)* your bank details;
ii)* details of your preferred pension scheme
iii) your current and previous salary and other earnings (e.g. maternity pay, overtime), and the amounts you have paid in statutory taxes;
iv) correspondence between you and the College, and between Fellows and staff of the College, relating to your pay, pension, benefits and other remuneration.
In addition, we maintain records of your use or take-up of any benefit schemes provided by us (e.g. healthcare), which we collate and monitor to review the effectiveness of these benefits. The legal basis for processing is that it is in our legitimate interest to ensure that any staff benefit schemes represent good value for money to both you and us, and to ensure that you do not overuse your entitlements.
D. administering personnel-related processes, including records of absences and regular appraisals of your performance and, where necessary, investigations or reviews into your conduct or performance:
Personal data includes:
i)* records of your induction programme and its completion;
ii)* records of your performance appraisals with your line manager;
iii) records, where they exist, of any investigation or review into your conduct or performance;
iv) records of absences from work (including but not limited to annual leave entitlement, sickness leave, parental leave and compassionate leave);
v) correspondence between you and the College, and between Fellows and staff of the College, regarding any matters relating to your employment and/or Fellowship and any related issues (including but not limited to changes to duties, responsibilities and benefits, your retirement, resignation or exit from the College and personal and professional references provided by the College to you or a third party at your request).
E. maintaining an emergency contact point for you:
Personal data includes: details of your preferred emergency contact, including their name, relationship to you and thier contact details.*
F. monitoring equality and diversity within the College:
Personal data includes: information relating to your gender, age, ethnic origin, and disabilities and/or health conditions. * This is generally held in anonymised form and kept for no longer than 12 months.
G. disclosing personal information about you to external organisations, as permitted or required by law.
Data marked with an * relate to information provided by you, or created in discussion and agreement with you. Other data and information is generated by the College or, where self-evident, provided by a third party.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at email@example.com or Simon Summers, Bursar, St. Catharine's College, Cambridge, CB2 1RL.
We would not monitor social media sites for any personal data relating to you, unless we believed there was a legitimate interest for us to do so (e.g. monitoring compliance with an agreed plan, such as a homeworking agreement) and only if we informed you we might do this in advance. Consequently, we do not routinely screen your social media profiles but, if aspects of these are brought to our attention and give rise to concerns about your conduct, we may need to consider them. Our social media guideline are presently being updated. If you have any questions regarding the College's social media policy please contact the Personnel Manager firstname.lastname@example.org.
We operate CCTV on our sites, which will capture footage, and a SALTO lock system. Further details of the College’s CCTV system and procedures can be found in our CCTV Policy. If you have any questions regarding the College's CCTV please contact the Head Porter email@example.com. The SALTO lock system controls door access, and will by its nature record movements in and out of staircases and some College rooms, though this is not its primary purpose. Like all data we store, this information is kept confidentially. Please also contact the Head Porter firstname.lastname@example.org if you have questions about the SALTO lock system.
We also operate wifi across our sites, which can be accessed by members of the College and guests. We retain device information (such as physical MAC address and IP address) and details of the IP address the device connected to. The data is retained for 3 months.
For certain posts, we may use the Disclosure and Barring Service (DBS) and Disclosure Scotland to help assess your suitability for certain positions of trust. If this is the case, we will make this clear to you in separate correspondence. Certificate and status check information is only used for this specific purpose, and we comply fully with the DBS Code of Practice regarding the correct use, handling, storage, retention and destruction of certificates and certificate information. We recognise that it is a a criminal offence to pass this information on to anyone who is not entitled to receive it.
Who we share your data with
For Fellows, we would normally publish (on our website and in some College printed publications) your name, photograph (if one is available), your email, College contact phone number and basic biographical information relating to your College and University posts. For staff, we would normally publish (on our website) your name, your role, your email and College contact phone number.
We share your personal information where necessary and appropriate across the collegiate University. The University and its partners (including all of the Colleges) have a data sharing protocol to govern the sharing of data about staff and Fellows of the College. This is necessary because they are distinct legal entities. The parties may share any of the above categories of personal information, and the agreements can be viewd in full at https://www.ois.cam.ac.uk/policies-and-protocols/data-sharing-protocols. Any transmission of information between partners is managed through agreed processes that comply with UK data protection legislation.
We share relevant personal data with our sub-contracting agents (payroll and cafeteria payments system), with relevant government agencies (e.g. HMRC), your pension provider and the Office of Intercollegiate Services. Information is not shared with other third parties without your written consent, other than your name, role and employment contact details which are made publically available. Generally, personal data is not shared outside the European Economic Area.
We hold all information for the duration of your employment and for members of staff, for not more than 10 years after the end of your employment, except where noted in this statement. Records of your time as a Fellow are retained as part of the College's historical record in the College Archive for the lifetime of the College.
We reserve the right to retain the personal data longer than the periods stated above, where it becomes apparent that there is a need to do so - for example, in the event of a major health or personal injury incident, records may need to be kept for up to 40 years.
We then store in a permanent College Archive:
i) your full name and title;
ii) your date of birth;
ii) your job title(s), department (s), and dates of employment.
You have the right: to ask us for access to, rectification or erasure of your personal information; to restrict processing (pending correction or deletion); and to ask for the transfer of your personal information electronically to a third party (data portability).
Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Failure to provide the information reasonably requested of you may result in disciplinary action taken by the College, which could ultimately lead to your dismissal from employment.
You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner's Office at https://ico.org.uk/concerns.