Staff Data Protection Notice
- Who we are
- How we collect your personal data
- Personal data provided by you about others
- How we use your personal data
- The legal basis for collecting your data
- Details of third parties with whom we share personal data
- How long we will keep your data
- Your rights
- Questions or Complaints
At University College Cork, we treat your privacy seriously. Any personal data which you provide to the University will be treated with the highest standards of security and confidentiality, in accordance with Irish and European Data Protection legislation. This notice explains how the University collects, uses and shares personal data relating to prospective, current and former employees, self-employed contractors and consultants, and voluntary workers (“you”). It also explains your rights under data protection law in relation to our processing of your data.
Throughout this Notice, “we”, “us”, “our” and “the University” refers to University College Cork.
We collect personal data from you primarily during the application, recruitment and appointment process, supplemented by information generated in the course of your employment. It will be used by us only in accordance with the purposes outlined in this notice.
We may sometimes collect personal data about you from third parties including (but not limited to):
- references from former employers, colleagues or other relevant parties;
- information requested from external sources to assist in the consideration of promotion;
- validation of qualifications from awarding institutions;
- taxation information from Revenue;
- information regarding related payroll contributions or benefits from the Department of Social Welfare;
- confirmation of fitness for work from nominated Occupational Health Providers.
You may provide us with personal data about other individuals, for example, next of kin/emergency contact details and information about your family circumstances and dependents. You should notify the relevant person that you are providing their contact details to us as your listed next of kin/emergency contact.
Your personal data will be used for various legal and practical purposes, without which we would be unable to employ you. It enables us to maintain a full staff record and manage the entire employee lifecycle. Holding your personal data enables us to meet various statutory obligations over the course of your employment and to manage relevant payments associated with your employment.
Depending on your role, we may process your personal data for the following purposes:
- managing human resources processes such as recruitment and selection, payment of wages/salaries, statutory and other deductions, pension scheme membership, performance management, training and development;
- providing facilities such as car parking, IT services, library services, cycle-to-work scheme;
- to manage insurance/personal accident claims;
- monitoring equal opportunities and to comply with other statutory reporting requirements;
- to produce statutory and University reports using summarised statistics e.g. Athena Swan;
- to ensure that the digital services provided by the University are performant, reliable, secure and to support appropriate IT incident resolution;
- disciplinary matters, staff disputes, employment tribunals;
- providing communications about University news and events;
- maintaining contact with past employees;
- provision of wellbeing and support services;
- to promote and protect equality and human rights;
- to meet health and safety obligations;
- to operate a CCTV system to protect the security of the University property and premises.
Any personal data you provide to us on recruitment/appointment and during the course of your employment will be processed fairly and lawfully.
The legal basis for processing your data will usually be:
- to fulfil the terms of your contract with the University;
- to comply with our legal obligations e.g. employment and equality laws and statutory deductions;
- where necessary for our legitimate interests e.g. evaluating a candidate for a role;
- to protect your vital interests or those of another person e.g. where we know or have reason to believe that you may suffer harm.
The University will share your data with the following third parties where necessary for purposes of the processing outlined above:
- Higher Education Authority (HEA)
- Department of Education and Skills
- Department of Finance
- Department of Public Expenditure and Reform
- Department of Social Welfare
- Other Governmental Departments (as may be required within grant or other applications)
- Research sponsors/external funding agencies
- Potential employers (where you have requested us to provide a reference)
- Occupational Health Providers and medical practitioners as specified in the sick leave policy
- Insurance brokers and providers
- Pension administrators
- External auditors
- Software vendors where necessary to provide technical support and software upgrades.
Where we use third parties to process personal data on our behalf (acting as data processors), a written contract will be put in place to ensure that any personal data shared will be held in accordance with the requirements of data protection law and that such data processors have appropriate security measures in place in relation to your personal data.
In the course of processing your personal data, it may be transferred outside of the European Economic Area on the understanding that we rely on legally approved mechanisms to lawfully transfer data across borders, including the Standard Contractual Clauses approved by the European Commission. For example, data may be shared during reporting on University rankings or during various applications for grants, research proposals etc.
Other than as mentioned above, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you.
In keeping with the data protection principles we will only store your data for as long as is necessary. For the purposes described here we will store your data in accordance with the University’s Record Retention Schedules.
You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data, including the right:
- to find out if we use your personal data, access your personal data and receive copies of your personal data;
- to have inaccurate/incomplete information corrected and updated;
- in certain circumstances, to have your details deleted from systems that we use to process your personal data or have the use of your personal data restricted in certain ways;
- to object to certain processing of your data by UCC;
- to exercise your right to data portability where applicable (i.e. obtain a copy of your personal data in a commonly used electronic form;
- where we have relied upon consent as a lawful basis for processing, to withdraw your consent to the processing at any time;
- to not be subject to solely automated decision;
- to request that we stop sending you direct marketing communications.
If you wish to avail of any of these rights, please write to: The Information Compliance Manager, University College Cork, 4 Carrigside, College Road, Cork (or email firstname.lastname@example.org).
If you have any queries in relation to the personal data processed by the University, contact the Department of Human Resources in the first instance. Please note that the University has an Employee Records Access Procedure in place to allow employees to routinely access their personnel files.
If you have any queries or complaints in connection with our processing of your personal data, you can contact UCC’s Information Compliance Manager: Information Compliance Manager, Office of Corporate & Legal Affairs, University College Cork, Western Road, Cork E: email@example.com Tel: +353 (21) 4903949.
You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found on the Data Protection Commission’s website, or by telephoning 1890 252 231.