UFM Personnel Privacy Notice (for Employees and Mission Partners)
How your information will be used
- 1. UFM Worldwide needs to keep and process information about you either for normal employment purposes (employees) or to provide pastoral and practical support (mission partners). The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to fulfil our legal, contractual and pastoral obligations and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us (employees) or partnering with us (mission partners), and for a period of time after your employment or placement ends in line with our ‘Storage of Data and Records’ statement. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of UFM Worldwide and protect our position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
- 2. The vast majority of the information we hold will have been provided by you, but some may come from other internal sources, such as your line manager (employees) or UFM Senior Leadership Team Contact (mission partners), or in some cases, external sources, such as referees or supporters.
- 3. The sort of information we hold includes (this list is not exhaustive):
4. You will, of course, inevitably be referred to in UFM documents (e.g. minutes, prayer calendars, newsletters, magazines) and documents that are produced by you in the course of carrying out your duties relating to UFM. You should refer to the Data Protection Policy which is available on the UFM website or in paper format from Head Office in Swindon (email@example.com)
- 5. Health records:
Employees: Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay.
Mission Partners: Where necessary, we may keep information relating to your health. This information will be used in order to comply with our Duty of Care obligations – to consider how your health affects your ability to carry out your assignment and whether any adjustments might be appropriate.
- 6. Employees: Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to pension or health insurance schemes.
- 7. Your personal data will be stored for a period of 6 years from the end of employment/final assignment.
- 8. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
- 9. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us:
- access to and rectification of your personal data;
- erasure of your personal data;
- the right to restrict processing, object to processing as well as in certain circumstances the right to data portability (i.e. moving your data from one data controller (UFM) to another)
- 10. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- 11. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
- 12. UFM Worldwide is the controller [and processor] of data for the purposes of the DPA 18 and GDPR.
- 13. If you have any concerns as to how your data is processed you can contact: Jonathan Redhead, Data Compliance Manager at firstname.lastname@example.org
- 14. More information is available on the Information Commissioner’s website: www.ico.org.uk