This Privacy Notice explains what personal information we collect from you, how we store this personal information, how long we retain it and with whom and for which legal purpose we may share it.
To find out more about our Privacy Notice please select the relevant link.
Please note that the terms ‘employee’ and ‘worker’ are referred to throughout this privacy notice to cover the different types of contracts held within Oxford Health NHS Foundation Trust.
Oxford Health NHS Foundation Trust (OHFT) provides physical, mental health and social care for people of all ages across Oxfordshire, Buckinghamshire, Wiltshire, Bath and North East Somerset.
The Trust employs more than 6,000 employees and flexible workers providing care over four counties. Our services are delivered at community bases, hospitals, clinics and in people’s homes. We focus on delivering care as close to home as possible.
Our Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 (subject to parliamentary approval) and our registration number is Z1411013.
For further information, please refer to www.oxfordhealth.nhs.uk.
The Trust collects, stores and processes personal information about prospective, current and former staff and workers to ensure compliance with legal or industry requirements.
Processing of employee/workers personal information is necessary for the purposes of carrying out the obligations and exercising specific rights of the data controller (the Trust) or of the data subject (staff member/worker) in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
The Trust does not require explicit consent of employees/workers to process their personal data if the purpose falls within the legal basis detailed above.
You can find further information on this legislation on the website below.
Personal information about you will largely be collected directly from you during your recruitment and contract.
Personal information may also be collected from employees/workers in certain circumstances, through routine update checks such as professional registration and DBS clearances.
In order to carry out our activities and obligations as an employer we handle data in relation to:
Your personal information is processed for the purposes of:
We will not routinely disclose any information about you without your express permission. However, in order to enable effective administration and comply with our obligations as your employer, we will share the information which you provide during the course of your contract (including the recruitment process) with the NHS Business Services Authority for maintaining your employment records, held on systems including the national NHS Electronic Staff Record (ESR) system and Workforce Management System.
Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Personal Information is only shared with those agencies and bodies who have a “need to know” or where you have consented to the disclosure of your personal data to such persons.
Where possible, we will always look to anonymise/ pseudonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it, and will only ever use/ share the minimum information necessary. However, there are occasions where the Trust is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
For any request to transfer your data internationally outside the UK/EU we will make sure that an adequate level of protection can be satisfied before the transfer.
There are a number of circumstances where we have a legal duty to share information about you to comply or manage with:
As a Trust we do use third party providers to facilitate your employment with OHFT who require us to share your personal information, for example:
We take security and confidentiality very seriously. Employees and workers are required to abide by Trust Policy which defines the strict codes of conduct expected from anyone accessing your personal information, and participate in regular Information Governance training and workshops at Trust Induction.
Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.
We hold and process your information in accordance with the Data Protection Act 2018 (subject to Parliamentary approval) as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.
OHFT takes Cyber Security seriously and has dedicated teams of people who are regularly reviewing and updating security to the Trusts Confidential and Personal data both about the Trusts patients, staff and workers.
We have a duty to:
If we need to use your information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 (subject to Parliamentary approval) gives you certain rights, including the right to:
If you wish to access the personal data we hold about you, please contact the Trust’s Human Resources Department in writing.
Please remember to include details of the information you require plus contact details and two forms of identification such as a copy of your driving license/ passport and also a document with your name and address on such as a utility bill.
We are not allowing visitors to any of our hospital or inpatient sites in order to protect our patients and staff who care for them from the spread of COVID-19 (coronavirus).
This is with effect from Monday 23 March 2020 until further notice.