1. Home
  2. About SEPA
  3. How we work
  4. Privacy notice
  5. Working at SEPA

Back to Working at SEPA

SEPA staff

Table of contents
Select a section to jump to:
Select a section to jump to:

How we use your personal information

This privacy notice explains how we collect and use personal information about employees, workers and contractors working for SEPA.  It also states how and when data may be shared with other organisations and how long data will be retained after employment has ceased. 
 
If you are a SEPA employee, worker or contractor, we collect and use your personal information for the purpose of carrying out our duties as an employer, to support you in your employment at SEPA and to fulfil our contractual obligations as an employer.  This will include collection and use of your personal details, financial information, health information, and information relating to your performance, attendance and activity at work.  Your personal information will be processed by SEPA staff members where it is part of their job role, for example members of the HR team.    
 
If you leave employment at SEPA, we will continue to process your personal information in order to end your contract with us, to fulfil any outstanding obligations we have as your former employer, and to meet our statutory obligations. 
 
We share some employee information with public bodies such as HMRC in line with statutory obligations, or where you have given us your consent to share your information with them.  
 
We also have contracts with third parties who are part of our own supply chain to collect and use your personal information, on our behalf. In each case they do this under explicit instructions from us and are not allowed to pass your personal information to others without our permission, or to use it for any further purpose. They retain your personal information only as long as is necessary and we ensure that they return to us, or destroy, any remaining personal information at the end of our contract with them. 
 
This privacy notice does not form part of your contract. We keep this notice under regular review and may amend this notice at any time

What data do we hold?

Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person.

There may also be situations where we process special categories of personal information that need more protection due to its sensitivity.  It is often information you would not want widely known and is very personal to you.

We may also hold personal information about your family members or next of kin, where you have provided it, for example to apply for parental leave. 

Below are examples of the types of personal information listed in relevant Data Protection legislation, which we may hold about SEPA staff members.

  • Personal information
    • Personal details [e.g. Staff number, name, home address, National Insurance number, personal contact number]
    • Family details [e.g. Next of kin, dependents]
    • Lifestyle and social circumstances
    • Visual images, personal appearance and behaviour [e.g. Photograph for staff pass]
    • Financial details [e.g. Bank account details, salary and benefits details, including pernsion]
    • Employment and education details [e.g. Qualifications certificates]
    • Details of complaints, incidents and grievances [e.g. records of investigations]
  • Special category information
    • Physical or mental health details [including pregnancy]
    • Racial or ethnic origin
    • Religious or other beliefs
    • Political opinions, sexual life
    • Trade union membership [e.g. only if dues are paid from your salary or you are a Union official]
    • Offences (including alleged offences)
    • Criminal and legal proceedings, outcomes and sentences

We may also receive your personal data from external bodies such as:

  • Providers of salary sacrifice services (e.g. Childcare vouchers or Additional Voluntary Contributions) – so that SEPA payroll can administer the required payments and maintain records required by HMRC. 
  • Recruitment agencies  
  • Background check providers 
  • Credit reference agencies 
  • Former employers or other referees, whom you have given us permission to contact.
  • Medical professionals

How the law allows us to use your personal information

We must have a legal basis for using your personal information and make it clear to you, which one is being used. As an employee, this will include:

  • if you have entered into a contract with us, including if you are an employee 
  • if you, or your legal representative, have given us consent  
  • it is required by law (legal obligation
  • it is necessary to protect someone in an emergency (vital interests

Where we need to process any of your personal information, which is defined as special category information, we must also ensure that we have an additional legal basis for doing so.  These include:

  • if you, or your legal representative, have given us consent  
  • it is required by law (legal obligation
  • it is necessary to protect someone in an emergency (vital interests
  • necessary for the establishment, exercise or defence of legal claims
  • it is necessary for the purposes of preventative or occupational medicine, assessment of working capacity, medical diagnosis.  

Below are examples of the activities that will be undertaken under the relevant legal basis, which may include the necessary sharing of your personal information with other organisations. [Where the activity may include special category information, the wording is shown in bold italics]

Contract

  • Administer our contract with you and ensure compliance with the terms of your contract
  • Manage requests and maintain records for time off work (including but not limited to time off for antenatal appointments; maternity, paternity, adoption, parental and / or shared parental leave; time off for dependants; trade union duties, bereavement; and / or jury service)
  • Provide and process payments and benefits to you (including complying with pension auto-enrolment obligations, liaising with your pension provider and determining pension eligibility) and, if applicable, deduct tax and national insurance
  • Manage performance and conduct
  • Manage sickness absence; assess your fitness to work; and consider disability status and reasonable adjustments for disabled workers
  • Assess qualifications and suitability for a job or task, including promotion decisions; make decisions about salary and compensation
  • Manage flexible working applications 
  • Make arrangements for the termination of our working relationship
  • Carry out education, training and development
  • Monitor your use of our IT and communications systems
  • Conduct disciplinary and grievance proceedings

Consent

  • Referral to Occupational Health provider  
  • Registration with Business Continuity messaging service (SESIL)

Legal Obligation

  • Comply with gender pay gap reporting obligations  
  • Comply with health and safety obligations [Health & Safety Executive]  
  • Comply with tax obligations [HMRC)] 
  • Carry out equal opportunities monitoring

Vital interests  

  • Protect your vital interests or those of another person (in exceptional circumstances, such as a medical emergency)
  • Inform your contacts in the event of sickness, accident or other emergency

How we share personal information

We sometimes need to share your personal information with other organisations for statutory or regulatory reasons.  Any sharing will be carried out lawfully and securely in accordance with the Data Protection Principles.  Information will be sent by secure means or in encrypted format.

These organisations include

  • the suppliers of our IT systems and infrastructure 
  • suppliers of communications systems and services 
  • suppliers of professional services (such as auditors or legal advisors 
  • pension and taxation bodies (such as Falkirk Local Government Pension Scheme and HMRC).
  • Scottish Government and other public bodies  
  • Audit Scotland and the Audit Commission (for National Fraud Initiative) 

How long we keep it

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements    At the end of the necessary retention period your data will be confidentially destroyed.

What are your rights?

As an individual, you have certain rights regarding your own personal data.

For more information on your rights, please see ‘Your data protection rights’.