Skip to main content
Human Resources

Privacy Notice for Staff

Data Protection Privacy Notice for Staff

About this notice

This privacy notice explains how Queen Mary University of London (‘we’, ‘our’, ‘us’) collects, uses and shares personal data of its staff (‘you’, ‘your’). Your personal data will be processed in accordance with our Data Protection Policy and this statement.

Queen Mary is a data controller in terms of Article 4 of the U.K. General Data Protection Regulation. We maintain information about you (your personal data) in paper and electronic form, which is kept in Human Resources, faculties and departments for the administration of your employment and to comply with certain statutory obligations. Queen Mary wants to ensure that your personal data is accurate and up-to-date, therefore it is important that you inform us of any changes and/or use MyHR to update your information.

The personal data we process

The sort of personal data we hold about you usually includes: your application form and references; your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; details of qualifications and any professional memberships/registrations; eligibility to work information; records of holiday, sickness and other absence; information needed for equal opportunities monitoring; and records relating to your career history, such as training records, appraisals, other performance measures, attendance and, where appropriate, disciplinary and grievance records. We may also hold and process data about criminal convictions and offences if it is appropriate given the nature of your role.

How we use your personal data and the legal bases

We use your personal data to administer payroll, pensions, training and appraisal, monitor equality, diversity and inclusion, employ you and manage your access to various services such as IT facilities and buildings, in order to

  • fulfil the contract between you and us
  • comply with legal obligations to which we are subject
  • carry out our obligations and exercise our (or your) specific rights in the field of employment and social security
  • exercise and defend legal claims.

We are legally obliged to collect, retain and disclose certain information about you, for example to ensure you pay the correct rate of taxation, to fulfil our statutory reporting duties and comply with other obligations. We believe we have a legitimate interest to request and hold emergency contact information from you.

We may also use special category personal data, such as ethnicity, disability and sexual orientation data to monitor and promote equality and diversity throughout Queen Mary, should you choose to disclose this information. The legal basis for this is your explicit consent, which you are free to withdraw at any time. We may also hold information about your health for the purposes of employment, social security and preventative and occupational health.

Personal data relating to criminal convictions and offences may be collected as part of the recruitment process or we may be notified of such information directly by you or a third party, such as the Police, in the course of you working for us. The legal basis is that this is necessary for the purposes of performing or exercising employment law obligations or rights, or for safeguarding; in some cases, it could be with your consent. This type of personal data will be retained confidentially and securely, and access will be strictly controlled.

We may also invite you to participate in surveys, which will have their own privacy notices.

Specific purposes include:

  • HESA

Some personal data about you is sent once a year to the Higher Education Statistics Agency (HESA). The data is sent in an anonymised and/or aggregated form (so you cannot be identified from it). Please see https://www.hesa.ac.uk/about/regulation/data-protection/notices for more information. JISC is the data controller once this data has been sent.

  • IT Facilities

Please read the privacy notice relating to Office 365. Your name will also be included in the Queen Mary Directory. Under the Regulation of Investigatory Powers Act 2000 and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 we have the right to monitor the use of computer and telephone facilities for purposes such as preventing and detecting criminal acts, investigating unauthorised use, making sure that policies are being followed and for training and quality control. We allow the Queen Mary email system to be used for personal use, but users should be aware that there is NO GUARANTEE OF PRIVACY. Access will be given to line managers or Heads of School, Faculty Operating Officers or other appropriate staff members upon appropriate request as per the Guidelines on the Right to Privacy and Monitoring of Data. Queen Mary does not control or prohibit access to any external web-based email system and users should use these services if they wish to maintain privacy of personal emails. Users should use Queen Mary email for all University-related activity. Work email addresses may be shared with third parties in connection with work/business activities. When you log in to Queen Mary services including Eduroam, your device ID and location are logged, though this is not used to identify specific individuals or monitor browsing activity.

  • Car Parking

Permits are issued as per our Parking Policy. Car parking charges are administered by Liberty Services (t/a Car Parking Partnership); please see its terms and conditions as displayed in parking areas. Personal data is only shared in the context of parking enforcement between Queen Mary and Car Parking Partnership.

  • Report & Support

You may make use of Queen Mary’s Report & Support Tool, or another user may identify you in doing so, which could result in personal data, including special category personal data or data relating to criminal offences being processed. Please refer to the privacy notice for more information.

  • Overseas Employees

This statement only applies to staff with Tier 2 or Tier 5 visas. As required by U.K. government legislation, we will report on your attendance at Queen Mary to UK Visas and Immigration.

  • Occupational Health

Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage any sick pay.

If you are referred to OH, or refer yourself, you will be directed to or given information about how that department will use and share the personal data it collects from you. Note that these services are provided to us by OHWorks Ltd and you should also refer to its privacy notice at https://www.ohworks.co.uk/privacy-notice

Sharing your personal data with others

Sometimes we will pass information about you to third parties, where the law allows it. For example, we would confirm the dates and nature of your employment here to a prospective employer. We provide information to your provider if you join a pension scheme. We will share information with other parties who may be responsible for part or all of your employment, for example, an NHS trust, QMSU or the University of London. We may share information for benchmarking and auditing purposes, for example with UCEA and auditors. You should refer to the privacy notices of these other organisations where applicable. We will share information with HMRC for U.K. taxation purposes. We never sell your information.

International transfers

Zellis provides our HR systems. Its sub-contractor provides support services, which may result in staff personal data being transferred outside the European Economic Area. We have a contract in place to ensure this is legally compliant.

How long your personal data is kept

If you decide to leave Queen Mary’s employment, your personnel file is kept for 6 years from the date you leave. If you were a member of a pension scheme, some information will be kept longer to allow payment of a pension.

Your rights and further information

You have a right to see all the information that we keep about you. This is called a subject access request; please see https://www.qmul.ac.uk/governance-and-legal-services/governance/information-governance/data-protection/ for further details.

Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

For further information, including on your rights, please see https://www.qmul.ac.uk/privacy/

Please contact the Data Protection Officer if you have any questions.

Back to top