Better Care

Membership Privacy Notice

Birmingham Community Healthcare NHS Foundation Trust Employee and Membership Privacy Notice

1. How Birmingham Community Healthcare NHS Foundation Trust (BCHC) ("We", “our”) use your information

(a)We will collect and process data about employees and Members for legal, regulatory, personnel, administrative, contractual and legal compliance and governance and management purposes and to enable us to meet our legal and contractual obligations as an employer, for example to pay you, monitor your performance and to administer benefits in connection with your employment.  "Employees" also includes contractors and Non-Executive Directors. “Members” refers to public, staff and partner members of the Foundation Trust and includes those elected and appointed to the Trust Council of Governors.  

(b)We may process Special Category data relating to employees including, as appropriate:

(i)information about an employee's physical or mental health in order to support employees accordingly;

(ii)the employee's protected characteristics (Equality Act 2010) or similar information in order to monitor in accordance with equal opportunities legislation;

(iii)information relating to the commission or the alleged commission of an offence, or proceedings or sentence relating to offences or alleged offences. 

(c)More detailed information about the data We process and the purposes We use it for are set out in paragraphs 2 and 3 below.

(d)If you do not provide this data, We may be unable in some circumstances to comply with our obligations and it may cause you to be in breach of your employment agreement with us. We will tell you about the implications of that decision.

2.What data do We collect and process?

(a)Names, titles, and preferred names. Contact details such as telephone numbers, home addresses, and email addresses;

(b)Demographic and socio-economic  information such as gender, age, date of birth, marital status, nationality, ethnicity, postcode and eligibility to work in the UK;

(c)Details of education, academic / professional qualifications;

(d)The terms and conditions of your employment;

(e)Details of your work pattern and attendance at work including any leave such as

holiday, sickness and compassionate leave;

(f)Details of skills, experience and employment history, including start and end dates with previous employers and with the organisation;

(g)Remuneration data and information, including benefits such as pensions, tax calculations, student loan deductions, other deduction, records of current and historic earnings and tax code;

(h)Financial identifiers such as bank account details and national insurance number;

(i)Other operational personal data created, obtained, or otherwise processed in the course of carrying out our business activities, including but not limited to, media access control, IP addresses and website visit histories (including personal devices, if connected to BCHC network), logs of visitors, and logs of accidents, injuries and insurance claims;

(j)Other Human Resources data (not covered above) relating to employees including emergency contact information; referral source (e.g. agency, employee referral); performance reviews and ratings and employment references; staff employment groupings;

(k)Special Category  data: personal characteristics and circumstances of sensitive nature such as racial or ethnic origin, mental and physical health, details of injuries, medication/treatment received; and background checks, including identity, financial, criminal records checks and details of any offences or alleged offences and any criminal proceedings (either actual or contemplated) and the copy of your passport or other ID;

(l)Copies of application forms for which you have requested We provide details or reference e.g. mortgage, bank account, credit card, tenancy reference, visa.

3.For what purposes do We collect and use this data?

(a)Administering your employment relationship with us;

(b)Administering compensation, payroll and benefits;

(c)Operate and keep a record of employee performance and related processes for workforce management purposes;

(d)Operate and keep a record of absence, for example to allow effective workforce management and to ensure that employees are receiving the pay or benefits to which they are entitled to;

(e)Obtain occupational health advice, to ensure that We meet our obligations under health and safety law;

(f)Complying with legal requirements, including our contractual obligations to our Employees and suppliers and our regulatory and corporate governance obligations including, for example, seeking criminal records checks from the Disclosure and Barring Service (DBS) prior to making any offer;

(g)Selecting employees to participate in specific projects, development and administrative projects, assigning work to Employees;

(h)Undertaking surveys of all staff or as a cohort of the workforce to assess levels of compliance with equality and discrimination legislation and ensuring that our workforce at all levels remains representative of the communities it serves;

(i)Establishing, exercising, enforcing or defending legal claims, conducting internal investigations of suspected breaches of organisational policies and monitoring Employees' use of corporate e-mail, communications, systems and Internet services.

(j)Complying with legal requirements to undertake Staff and Public Governor Elections to the Trust Council of Governors.

(k)Enabling the Trust to communicate with the Members of the Foundation Trust and ensure a representative membership.

4.On what basis are We entitled to process your information?

We are able to process your data on the following grounds:

(a)Legal obligation

Where we need to process your data in order to comply with a legal obligation (or a court order as required) – for example (the following is a non-exhaustive list) under the Employment Rights Act 1996, the Health and Safety Act Work Act 1974, the Equality Act 2010, Disability Discrimination Act 1995 and any subsequent or secondary legislation related thereto; any financial requirements imposed on us by HMRC under relevant law;

(b)Pursuant to you entering into a contract of employment with the Trust

As you are entering into a contract of employment with the Trust we are entitled to process your data in order to comply with our obligations under the terms of that contract;

(c)As a public body carrying out a public function in the public interest or in the exercise of official authority

Where the processing is not directly covered by an explicit legal obligation, in certain circumstances we are able to process your data to carry out our public function, for example, where we are required to process your data as a Member of the foundation trust, we will do so pursuant to our function as a public body governed  our Members.

5.How long We will keep this information

We will hold your personal data for the duration of your employment and for up to 6 years following the end of employment for regulatory purposes and to defend or pursue any legal claims and for our legitimate business.

We will hold the personal data of members for the duration of your membership.  Your membership record is deleted upon termination of your membership.

6.Our approach to information security

(a)To protect your information, We have policies, protocols and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, our employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

(b)In addition to these operational measures We also use a range of technologies and security systems to reinforce the policies. The relevant policies can be found on the BCHC intranet.

(c)To make sure that these measures are suitable, We perform audits to identify the areas of weaknesses and non-compliance. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.

7.Your rights

(a)When exercising any of the rights listed below, in order to process your request, We may need to verify your identity for your security. In such cases your response will be necessary before you can exercise these rights.

(b)The right to access information We hold on you

(i)At any point, you can contact us to request the information We hold on you as well as why We have that information, who has access to the information and where We obtained the information from. Once We have received your request We will respond within 30 days.

(ii)There are no fees or charges for the first request but additional requests for the same data or where recovery of a large amount of material is required may be subject to an administrative fee.

(c)The right to correct and update the information We hold on you

(i)If the data We hold on you is out of date, incomplete or incorrect, you have to inform us and your data be will be updated.  Alternatively, if your data is related to your employment you can access the Electronic Staff Register (ESR) and amend directly at .

(d) The right to object to processing of your data

You have to right to request that We stop processing your data. Upon receiving the request, We will contact you and let you know if We are able to comply or if We have legitimate grounds to continue to process your data. Even after you exercise your right to object, We may continue to hold your data to comply with our other rights or to bring or defend legal claims.

(e)  The right to data portability

You have the right to request that We transfer your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.


(a)Where We need your consent to hold your information We will ask you to confirm your consent in writing and We will inform you why We are collecting the information, how We will use it, how long We keep it for, who else will have access to it and what your rights are as a data subject.

(b)We do not rely on consent for processing your personal data in the normal course of your employment and membership. The legal bases on which we are able to process your data is set out at 4. above

9.Sharing your information

Where necessary to fulfill our obligations to you and our wider legal obligations and where it is in the public interest to do so We may pass your details to third parties. These third parties include HMRC, organisations undertaking Pre-Employment background checks (eg. Disclosure and Barring Service), payroll providers and Benefit Providers, and organisations providing services for the annual staff survey, membership communications and governor election services. 

The Trust will not share your data to Third Countries outside the European Economic Area. 

10.Contact details

If you have any queries about this notice, need further information or wish to lodge a complaint you can contact the Trust’s Data Protection Officer whose details are set out below.   

Data Protection Officer: Ben Pumphrey, Head of Legal Services and Interim DPO


Tel: 0121 466 7033

Birmingham Community Healthcare NHS Foundation Trust
3 Priestley Wharf
Holt Street
B7 4BN

ICO registration number Z243363X 

In the event that BCHC has been unable to resolve your concerns you can raise the matter with the ICO directly, the ICO may be contacted at:

Information Commissioner’s office
Wycliffe House
Water Lane

Tel: 0303 123 1113