If you wish to make a Subject Access Request, please click here for a step-by-step guide.
If you wish to request that we erase your data (the "Right to be Forgotten"), please click here for a step-by-step guide.
If you wish to make a request that we restrict the processing of your data, please click here for a step-by-step guide. 
*Please note that completion of the above forms is not compulsory, and you can exercise your rights in whichever way you feel happy with. It does, however, help us with fulfilling your request by ensuring that the information we need is supplied.

 

Data Protection Privacy Notice (employment/volunteers)

Forget Me Not Children’s Hospice and FMNT Trading Ltd are committed to protecting and respecting your privacy.

This notice explains what personal data (information) we hold about you, how we collect and use it, and when we may share it. The notice applies before, during, and after your period of employment, or period of volunteering. We are required to notify you of this information under data protection legislation, so please ensure that you read it carefully, along with any other similar notices that we may provide you with when we collect or process personal information about you.

This privacy notice applies to both Forget Me Not Children’s Hospice (‘FMN’) and FMNT Trading Ltd.

Who are we?

Forget Me Not Children’s Hospice supports children with life-shortening conditions and their families across West Yorkshire. Forget Me Not Children’s Hospice is a registered charity (no. 1110457). The registered address is Forget Me Not Children’s Hospice, Russell House, Fell Greave Road, Huddersfield, HD2 1NH.

Forget Me Not Children’s Hospice consists of both the charity and our trading company, FMNT Trading Ltd (company number 06332306), which is 100% owned by the charity. We share your personal information between the two companies for the purposes of handling and administering your employment or volunteering contract (for example for processing payroll or employee benefits).

This privacy notice explains how Forget Me Not Children’s Hospice and FMNT Trading Ltd use personal information. All references to ‘we’, ‘FMN’, ‘us’ or ‘our’ in this notice refer to both Forget Me Not Children’s Hospice and FMNT Trading Ltd.

Both companies are registered as Data Controllers, which means we decide how, when and why your personal data will be used. This is explained in more detail later in this policy.

If you have any questions, please contact us by:

Emailing: hradmin@forgetmenotchild.co.uk

Telephoning: 01484 411040

Writing to us: Forget Me Not Children’s Hospice, Russell House, Fell Greave Road, Huddersfield, HD2 1NH

Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our Data Protection and Privacy Policy.

About the information we collect and hold

The table set out in 0 (at the back of this notice) summarises the information we collect and hold, how and why we collect and use it, and who it may be shared with.

We need to process your information to enter into an employment contract or volunteering agreement with you, and to meet our obligations under your employment contract or volunteering agreement. For example, we need to process your data to pay you, process expenses, and to administer pension and employee benefits. We also need to process your information to handle job and volunteer applications, such as by inviting you to an interview.

Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check an employee's entitlement to work in the UK, to deduct tax, to comply with health and safety laws, and to allow employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal record checks to ensure that individuals are permitted to undertake the role in question.

In other cases, we have a legitimate interest in processing personal data before, during and after the end of the employment or volunteering relationship, which is set out in Schedule 1.

We also process some special categories of personal data, such as information about health or medical conditions. Information on why we do this, and what information we collect, is also set out in Schedule 1.

You can choose not to provide any information to us, however please be aware that without the information, we may be unable to enter into an employment contract or volunteering agreement with you. For example, if you choose not to provide your name, address and bank details, this will mean we are unable to pay you. As such, if you have any concerns about the information you are being asked to provide, we encourage you to contact us using the details at the top of this notice.

Who has access to your information?

Your information will be shared internally, including with members of the HR and Finance teams (including payroll), your line manager, managers in the business area in which you work, and IT and Facilities staff.

We may also need to share your data with third parties - for example, for pre-employment references from other employers, employment background checks from third-party providers, and to obtain necessary criminal record checks from the Disclosure and Barring Service. The organisation also shares your data with third parties that process data on its behalf, for example for the provision of employee benefits (i.e. Life Assurance) and the provision of occupational health services. In some cases, they will be both the data controller and data processor of your information, so we advise you to read their privacy policy carefully. For clarity, the third parties that we share your information with are as follows:

  • Busy Bees Benefits, for the purposes of providing childcare vouchers;
  • Evans Cycle to Work, for the purposes of providing tax-free bicycles and equipment;
  • The Predicative Index, for the purposes of giving an overview of a candidates preferred behaviours (further information on this can be found in the ‘Profiling’ section in this policy;
  • Any referees that you provided in your application form, for the purposes of obtaining pre-employment references from other employers and organisations;
  • DBS Online, for the purposes of conducting pre-employment criminal background checks;
  • Schofield Sweeney, for the purposes of seeking legal advice;
  • Calderdale Royal Hospital, for the purposes of sending a colleagues medical history to enable them to administer vaccinations to those that require it for their job role;
  • Ellipse Financial Systems, for the purposes of providing life assurance benefits;
  • Fairways Pension Service, for the purposes of providing a NHS pension scheme;
  • People's Pension Services, for the purposes of providing a lawful pension scheme;
  • DocuSign, for the purposes of allowing electronic signing of employment and volunteering contracts, guidelines and company policies;
  • Microsoft, for the purposes of providing you with an account that has access to our e-mail, online document storage, and video conferencing systems;
  • Survey Monkey, for the purposes of employee and volunteer feedback and surveys;
  • Best Companies, for the purposes of our employee engagement survey;
  • Core Facilities Management, for the purposes of providing employment badges and IT Support;
  • PeopleHR, for the purposes of providing a centralised location for storing and viewing employee records (including annual leave, appraisals and payroll information);
  • RotaCloud, for the purposes of creating staff rotas which can be viewed and accessed online, and for requesting changes to shifts;
  • PeopleSafe, for the purposes of providing a mobile-phone application to support and ensure the safety of lone-workers;
  • Kirklees Council, for the purposes of fulfilling the ‘WorksBetter’ programme which supports people into work through referrals;
  • Blue Stream Academy, for the purposes of training and development which is mandatory to role;
  • Maji Financial Wellbeing Ltd, for the purposes of providing guidance and support for improving employees financial wellbeing, alongside providing mechanisms for managing salary sacrifice and the pension scheme; and
  • Making Life Work For You, for the purposes of providing an occupational health and well-being service.

We will only ever share the minimum information needed to allow these third parties to provide their services. For example, we will only ever share your name with Microsoft, as that is the only information needed to set you up with an account.

Please be aware that, for the purposes of providing staff ID employment cards, your photograph and name will be passed to the ID card printing supplier, and used only for the purpose of printing an ID card. The company used for this will vary depending on when your ID card was printed, so please contact the HR department for details of the supplier used.

There may be occasions where we need to record online video meetings (such as Zoom or Microsoft Teams meetings). For example, if we are carrying out staff training, or holding a staff update meeting, we may record this meeting to allow others to view the recording at a later date. Recordings will be held securely by Zoom Communications or Microsoft, and only used for the purpose stated at the beginning of the meeting. Likewise, you will be informed before the meeting begins that the meeting will be recorded, and will have the right to object and/or withdraw from the meeting.

It may not always be possible, or appropriate, for information shared with third parties to be anonymised, however we will always ensure recipients of the information are bound by confidentiality obligations.

We may also be required to share some personal information with our regulators, or as required to comply with the law. We may also share your data with third parties in the context of a sale of some or all of the business.

We will always seek to ensure that information that we collect and process is always proportionate, and will notify you of any changes to information we collect, or to the purposes for which we collect and process it.

How do we protect your data?

We take the security of your data seriously, and we have internal policies and controls in place to ensure that your data is not lost, destroyed, misused or disclosed, and is not accessed by anyone except by those authorised. Those processing your information will do so only in an authorised manner, and are subject to a duty of confidentiality. Likewise, we use strong passwords to control access to systems (such as the payroll system), and restrict system access to only those that need it. Further information on how we keep information secure can be found in the Network and Security Policy, which can be obtained by contacting us.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any relevant regulator (such as the ICO) of a suspected data security breach where we are legally required to do so.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How long we keep your information

We keep your information during, and after, your employment or volunteering, for no longer than is necessary for the purposes for which the personal information is processed. Schedule 1, found at the back of this document, explains how long we hold specific types of information.

Accessing and updating your information, or finding out more

The accuracy of your information is important to us. If you need to correct any information that we hold about you (for example your email address), please contact us using the details at the top of this notice.

You can also ask us about how we use or handle your information, including:

  • How we have decided how, why and when we process your data; and
  • What categories of personal data we collect, store and process, including the purpose and legal basis for this processing;

You also have a number of rights, and if you would like to exercise any of these rights, please contact us using the details at the top of this notice. You can:

  • Access and obtain a copy of your data on request;
  • Require us to change incorrect or incomplete data;
  • Require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • Object to the processing of your data where we are relying on its legitimate interests as the legal ground for processing; and
  • Ask us to stop processing data for a period of time if data is inaccurate, or if there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

Sensitive Personal Data

Sensitive personal information is sometimes referred to as ‘special categories of personal data’ or ‘sensitive personal data’.

We may, from time to time, need to process sensitive personal information. We will only process sensitive personal information if:

  • We have a lawful basis for doing so. For example, if it is necessary for the performance of an employment contract, or to comply with the our legal obligations, or for the purposes of our legitimate interests; and
  • One of the special conditions for processing sensitive personal information applies, for example:
    • You have given us explicit consent;
    • The processing is necessary for the purposes of exercising employment law rights or obligations of you or us;
    • The processing is necessary to protect your vital interests, and you are physically incapable of giving consent;
    • Processing relates to personal data which are manifestly made public by you;
    • The processing is necessary for the establishment, exercise or defence of legal claims; or
    • The processing is necessary for reasons of substantial public interest.

Sensitive personal information will not be processed until:

  • We have assessed whether the processing complies with the criteria noted above; and
  • You have been properly informed (by way of a privacy notice or otherwise) of the nature of the processing, the purposes for which it is being carried out, and the legal basis for it.

Schedule 1 sets out types of sensitive personal information that we process, what it is used for, and the lawful basis for the processing.

Making a complaint

You have the right to make a complaint about how we (or any third parties) use your personal data. We encourage employees and volunteers to come forward with any suggestions and queries, and welcome people challenging us if they feel that the use of their information is unfair, misleading or inappropriate. You can contact us by using the details at the top of this policy.

You also have the right to make a complaint directly to the supervisory authority, which is the ICO. They can be contacted by telephone on 0303 123 1113. Alternatively, please visit their website: https://ico.org.uk/concerns

We regularly review this policy to ensure it reflects how we use and handle your information, and it was last updated in September 2022. We may, from time to time, need to change this policy, however we will always inform you of any changes to the way we use your personal information.

Updates in version 1.1

•           Updated the list of sub-processors with the latest details of who we may share information with

•           Removed the use of ‘profiling’ as this is not in use across the organisation

Updates in version 1.2

•           Updated the list of sub-processors with the latest details of who we may share information with

Schedule 1
About the information we collect and hold

For employees of Forget Me Not Children’s Hospice, we are required to retain information in accordance with guidelines and best practice issued by the NHS Information Governance Alliance. The schedule we follow is the “Records Management Code of Practice for Health and Social Care 2016”, and this informs the schedules shown below. If you have queries about any of the information shown below, please contact us.

The information
we collect

How we collect the information

Why we collect the information

How we use the information, and if we share it and may share the information

How long we retain the information for and why

Your name and contact details (name, address, date of birth, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and contact details, including home and mobile phone numbers)

From you

To enter into/perform the employment contract

 

To enter into/perform the employment contract, and provide you with employee benefits/support 

Your contact details are kept during and after your period of employment or volunteering.

If you are employed by Forget Me Not Children’s Hospice, your details will be retained for six years, or your 75th birthday, whichever is later, however some information will be kept in summary form. This is to comply with retention of records as outlined by IGA and legal guidelines.

If you are employed by FMNT Trading Ltd, we retain this information for six years after leaving. However, there are occasions (primarily for pension reasons) where we are required to keep information for longer periods (this is explained further later in this schedule).

If you are a volunteer, your details will be kept for a maximum of three months after leaving.

Emergency contact details are kept for the length of employment or volunteering only.

Details of salary and benefits, bank/building society, National Insurance and tax information, including P45’s and P60’s, and tax code notifications.

From you

To perform the employment contract including payment of salary and benefits, and ensuring we deduct the correct amount of tax.

 

To ensure you receive the correct pay and benefits.

Information shared with our payroll administrators (Sage Payroll) for the purposes of processing payroll and online payslips (including P45’s and P60’s), and with HM Revenue & Customs (HMRC).

Bank details and National Insurance details are kept during your period of employment. Upon leaving, we will retain these records for a period of six years, or up until your 75th birthday – whichever is sooner.

P45’s, P60’s and Tax Code notifications are retained for ten years from the end of the financial year in which the payroll was processed.

This is to comply with IGA and legal guidelines.

Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information v

From you and, where necessary, the Home Office

To enter into/perform the employment contract

To comply with our legal obligations

 

To carry out right to work checks

Information may be shared with the Home Office

These details are kept during your period of employment or volunteering. Upon leaving, we will retain these records for a period of six years, or up until your 75th birthday – whichever is sooner.

This is to comply with IGA and legal Guidelines

Information relating to your application, including interview notes, your CV and contact details, a copy of any offer letter, and any references supplied to us. This also applies for internal applications (such as applying for a position in another department within the organisation).

From you and those conducting the recruitment process

To enter into/perform the employment contract

To comply with our legal obligations

 

To enter into/perform the employment contract and comply with our legal obligations

If you are successful in your application (for employment or volunteering), we retain these details during your period of employment or volunteering.

For those employed by Forget Me Not Children’s Hospice, upon leaving, we will retain these records for a period of six years, or up until your 75th birthday – whichever is later, however some information may be in a summary format. This is to comply with IGA Guidelines.

For those volunteering with Forget Me Not Children’s Hospice or FMNT Trading Ltd, or employed by FMNT Trading Ltd, we will retain these records for a period of six years.

If you are unsuccessful in your application, we retain these details for a period of three months.

A copy of your driving license v

From you

To perform the employment contract

To comply with our legal obligations

To comply with the terms of our insurance

To ensure that you have a clean driving license

Information may be shared with our insurer

These details are kept during your period of employment or volunteering. Upon leaving, we will retain these records for a period of six years, or up until your 75th birthday – whichever is sooner.

Details of your pension arrangements, and all information included in these, alongside information necessary to implement and administer them v

From you, from our pension administrators (Fairways Pension Services, and the People's Pension Services) and (where necessary) from your own pension fund administrators.

To perform the employment contract including employment-related benefits

To comply with our legal obligations

 

To administer your pension benefits and/or to comply with our auto-enrolment pension obligations

Information shared with our pension administrators (Fairways Pension Services, and the People's Pension Services), with HMRC, and with services that allow you to manage your pension scheme (Maji Financial Wellbeing).

Details are retained for ten years from the end of the financial year to which the pension contribution was processed.

However, information processed through the NHS Pensions Agency is retained until the 100th birthday.

Information in your sickness and absence records, including fit notes, vaccination records (including sensitive personal information regarding your physical and/or mental health) v

From you (including in the Medical Questionnaire and Return to Work forms), from your doctors, from medical and occupational health professionals we engage (including Making Life Work For You).

To perform the employment contract including employment-related benefits

To comply with our legal obligations

 

To maintain employment records, to administer sick pay entitlement, to follow our policies and to facilitate employment-related health and sickness benefits

To comply with our legal obligations to you as your employer

Information shared with your doctors, with medical and occupational health professionals we engage and with our insurance benefit administrators (Ellipse Financial Systems).

To comply with CQC obligations

For those employed by Forget Me Not Children’s Hospice, these details are kept during your period of employment. Upon leaving, we will retain these records for at least six years in accordance with the IGA guidelines, however some information may be in a summary format.

For those employed by FMNT Trading Ltd, we will retain these records for a period of six years upon leaving.

 

Staff training records and appropriate certificates

From you, or any training provider we may use

To perform the employment contract including employment-related benefits

To comply with legal, regulatory and corporate governance obligations and good employment practice, to ensure safe working practices

To comply with our regulatory obligations to ensure staff are appropriately qualified and trained

Clinical training records: Retained until your 75th birthday, or six years after you leave, whichever is longer.

Statutory and mandatory training records: Retained for ten years after the training is completed.

Other training records: Retained for six years after the training is completed.

This is to comply with IGA Guidelines.

Criminal records information, including the results of Disclosure and Barring Service (DBS) checks v

From you and DBS Online

To perform the employment contract

To comply with our legal obligations

For reasons of substantial public interest (preventing or detecting unlawful acts and protecting the public against dishonesty)

To carry out statutory checks

Information shared with DBS and other regulatory authorities as required

For further information, see * below

These details are kept during your period of employment or volunteering.

For those employed by Forget Me Not Children’s Hospice, upon leaving, we will retain these records for a period of six years, or up until your 75th birthday – whichever is later however some information may be in a summary format. This is to comply with IGA Guidelines.

For those volunteering with Forget Me Not Children’s Hospice, or employed by FMNT Trading Ltd, we will retain these records for a period of six years upon leaving.

 

Information on grievances raised by or involving you

From you, from other employees and from consultants we may engage in relation to the grievance procedure

To perform the employment contract

To comply with our legal obligations

To comply with legal, regulatory and corporate governance obligations and good employment practice

For staff administration, to follow our policies and to deal with grievance matters

Information shared with relevant managers, HR personnel and with consultants we may engage

These details are kept during your period of employment or volunteering. Upon leaving, we will retain these records for a period of six years.

 

Information on conduct issues involving you

From you, from other employees and from consultants we may engage in relation to the conduct procedure

To comply with our legal obligations

 

For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters

Information shared with relevant managers, HR personnel and with consultants we may engage

These details are kept during your period of employment. Upon leaving, we will retain these records for a period of six years.

 

Details of your appraisals and performance reviews

From you, from other employees and from consultants we may engage in relation to the appraisal/performance review process

To comply with our legal obligations

 

For staff administration and assessments, to follow our policies, to monitor staff performance and conduct and to deal with disciplinary and grievance matters

Information shared with relevant managers, HR personnel and with consultants we may engage

These details are kept during your period of employment. Upon leaving, we will retain these records for a period of six years.

 

Details of your performance management/improvement plans (if any)

From you, from other employees and from consultants we may engage in relation to the performance review process

To comply with our legal obligations

To perform the employment contract

For staff administration and assessments, to follow our policies and to monitor staff performance

Information shared with relevant managers, HR personnel and with consultants we may engage

These details are kept during your period of employment. Upon leaving, we will retain these records for a period of six years.

 

Details of your time and attendance records

From you

To perform the employment contract

 

For payroll and staff administration and assessments, to follow our policies and to monitor staff performance and attendance

Information shared with relevant managers, HR personnel and with occupational health professionals we engage (Making Life Work For You).

Two years from the date of creation. This is to comply with IGA Guidelines.

Information about your use of our IT, communication and other systems

Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, remote access systems, trading platforms, email and instant messaging systems, intranet and Internet facilities, telephones, voicemail, and mobile phone records.

Legitimate interests:

to monitor and manage staff access to our systems and facilities

to protect our networks, and personal data of employees and customers/clients, against unauthorised access or data leakage

to ensure our business policies, such as those concerning security and internet use, are adhered to

for operational reasons, such as maintaining employment records, recording transactions, training and quality control

to ensure that commercially sensitive information is kept confidential

to check that restrictions on your activities that apply after your employment has ended (post-termination restrictions or restrictive covenants) are being complied with

for security vetting and investigating complaints and allegations of criminal offences

for statistical analysis

to prevent unauthorised access and modifications to our systems

as part of investigations by regulatory bodies, or in connection with legal proceedings or requests

To protect and carry out our legitimate interests (see adjacent column)

Information shared with relevant managers, HR personnel and with consultants we may engage

 

Monitoring records are retained for a period of one month, unless we have a legitimate reason to retain them for longer.

CCTV records are retained for a period of up to two months from the date of recording.

Details in references about you that we give to others

From your personnel records, our other employees. If you are happy for us to share this information, please provide us with consent on the Exit Application Form that we ask you to complete upon leaving. For volunteers, please indicate prior to leaving whether you are happy for us to provide references to others.

To perform the employment contract

To comply with our legal obligations

 

To provide you with the relevant reference

To comply with legal/regulatory obligations

Information shared with relevant managers, HR personnel and the recipient(s) of the reference

These details are kept during your period of employment. Upon leaving, we will retain these records for a period of six years.

 

You are required (by law or in order to enter into your contract of employment) to provide the categories of information marked ‘v’ above to us to enable us to verify your right to work and suitability for the position, to pay you, to provide you with your contractual benefits, such as to administer statutory payments such as statutory sick pay (SSP). If you do not provide this information, we may not be able to employ you, to make these payments or provide these benefits.