NHS BBS Privacy Notice
Returning staff recruitment
NHS England and NHS Improvement have established a joint recruitment service and are responsible as joint controllers for the processing of personal data that you provide on your application, and from other sources. We have engaged the NHS Business Services Authority (NHSBSA) and Capita to process applications for employment on our behalf.
NHS BSA and Capita work with NHS England and NHS Improvement through each stage of the recruitment process. NHS BSA and Capita operate dedicated Customer Relationship Management (CRM) systems for processing your data. This includes, professional registration screening (where applicable), ID checks, pre-employment checks and a discussion about where you would like to return to work.
Your data will be collected through one of two systems. 1. The Qualtrics Survey tool setup by NHS Digital and operated by NHS England and NHS Improvement. 2. Gravity Forms website setup and operated by NHS Improvement. Your information will also be directly entered into one of the above CRM systems during discussions with our call handlers or through email correspondence with yourself.
We will use information you have provided to verify your identity when we speak to you, and at all stages of the application process.
For successful applicants
Before passing you to an employing organisation, we will use the information you have provided to complete the following pre-employment checks in line with NHS Employers’ guidance:
- Professional registration checks
- Employment history and reference checks
- Disclosure and Barring Service (DBS) check (if required)
- Work health assessment: to check you are fit to work or confirm what reasonable adjustments are required, if applicable
- Confirming Right to Work, identity, and eligibility for the vacancy
- Meeting safeguarding law requirements where this is relevant to the vacancy role
Information about these checks will be passed to the organisation you intend to return to work in.
NHS England and NHS Improvement are also required to monitor the diversity of candidates to ensure we comply with the Equality Act 2010.
Categories of recipients
We share your information with:
- professional bodies e.g. GMC and NMC, to confirm you are on the correct register to work in the capacity in which you are applying
- the Disclosure and Barring Service (DBS), if your role requires a DBS check
- with named referees to obtain a reference
- the employing organisation you intend to return to work in
- any other organisation who has a legal right to it.
Your information will not be transferred outside the European Economic Area (EEA).
Keeping your personal information
For applications that don’t end in a return to work, personal information collected through the BBS process will be kept in line with the NHS England and NHS Improvement Records Management Policy. This information is retained so that we can revisit applications to enable us to respond to any candidate queries.
Successful applications will be kept in line with the NHS England and NHS Improvement Records Management Policy. Employing organisations will store your information in line with any employment you enter into and in line with their own records retention policies. This will be specified in your contract of employment.
NHS BSA and Captia will only retain records for the length of their contracted involvement in the project. After this time, all records will be returned to NHS England and NHS Improvement or destroyed according to records management policies.
Equal opportunities monitoring
NHS England and NHS Improvement operate a joint analytics team that is responsible for analysing data to enable reporting on compliance with equal opportunities requirements by NHS England and NHS Improvement. This supports workstreams such as the Workforce Race Equality Standard, the public sector Equality Duty and the Gender Pay Gap, which are mandatory for NHS employers.
Record level staff data is required to enable analysis by data items representing any characteristics relevant to equalities monitoring. Personal data including employee number may be obtained from the Electronic Staff Record and other sources for example appointments to roles.
The dataset extracted includes employee number, data about role including grade and pay scale, position, type of contract, working hours, also protected characteristics including gender, ethnic origin, disability, marital status, sexual orientation, age band, religious belief.
The employee number is required to enable linkage between datasets including the Covid response tracking within ESR.
Access to personal data including employee number is restricted to members of the joint analytics team.
Legal basis for processing
NHS England’s and NHS Improvement’s lawful basis for processing personal data jointly is Article 6(1)(e) ‘…exercise of official authority…’. This is underpinned by our statutory duties to cooperate, and accompanies other the bases that apply, as described below.
For entering into and managing contracts with the individuals concerned, for example our employees the legal basis is Article 6(1)(b) – ‘processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.
Where we have a specific legal obligation that requires the processing of personal data, for example equal opportunities monitoring, the legal basis is Article 6(1)(c) – ‘processing is necessary for compliance with a legal obligation to which the controller is subject’.
For other processing of personal data about our employees, our legal basis is Article 6(1)(e) – ‘…exercise of official authority…’.
Where we process special categories data for employment purposes the condition is: Article 9(2)(b) – ‘…processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law…’.
For the processing of information about the health of our workforce, the legal basis is: Article 9(2)(h) – ‘…processing is necessary for the purposes of preventive or occupational medicine…assessment of the working capacity of the employee…the provision of health or social care…’.
Workforce Race Equality Standard
The Workforce Race Equality Standard (WRES) was introduced to the NHS in April 2015 to ensure that employees from black and minority ethnic (BME) backgrounds to have equal access to career opportunities and receive fair treatment in the workplace.
The WRES is an integral part of the NHS Long Term Plan (LTP) and NHS People Plan, with ambitions for NHS trusts to set aspirational targets for BME representation across their leadership team and broader workforce. A model employer; Increasing black and minority ethnic representation at senior levels across the NHS, sets out the ambitions for this criterion to be met.
The aspirational targets have been developed by analysts at NHS England / NHS Improvement and the Department of Health and Social Care; they are based upon a robust and fit for purpose methodology.
To support this NHS England receives aggregate data (numbers) that are collected by NHS Digital from trusts under directions from the Secretary of State for Health and Social Care.
Working with the seven NHS England and NHS Improvement regional directors and their respective HR directors, individual organisation targets will be shared for oversight on how trusts in each region are performing against their objectives.
Aspirational target data for NHS trusts will not be published by the WRES team or regional teams, however individual organisations could publish their data, if they choose to.
NHS England as a data controller
NHS England is a data controller under the EU General Data Protection Regulation and the Data Protection Act 2018. Our legal name is the NHS Commissioning Board. Our head office address is:
NHS England London
80 London Road
NHS England and NHS Improvement are cooperating to establish a joint enterprise and may collect and use personal data for the functions that we exercise jointly. Our joint privacy notice explains how we do this.
Contact details of our Data Protection Officer
NHS England and NHS Improvement have appointed a joint Data Protection Officer. If you have any queries about this privacy notice or about how NHS England or NHS Improvement process personal data please contact our data protection officer at the address below.
Head of Corporate Information Governance and Data Protection Officer
Transformation & Corporate Development Directorate
E-mail: [email protected]