Staff Privacy Policy

During employment, the School collects, stores, and processes personal data about you, including special category personal data where necessary, such as information relating to health, disability, equality monitoring, or safeguarding, and, where lawful and appropriate, information relating to criminal convictions. Special category and criminal convictions data are processed only where a lawful condition applies and with appropriate safeguards in accordance with the School’s Data Protection Policy.

We collect your personal information to support our operations and enhance services and facilities. This data may be collected in various ways:

• From information provided when you engage with us before and upon joining.
• Through communication by phone, email, or our website.
• During interactions with us throughout your employment.
• From third-party sources.

The School processes staff personal data under one or more lawful bases under the UK GDPR depending on the purpose of processing. These typically include:

• contractual necessity for managing employment and associated benefits;
• legal obligation for tax, payroll, safeguarding, right-to-work, and regulatory reporting;
• legitimate interests for operating, improving, and securing School services and systems;
• vital interests in emergency situations; and
• consent only where appropriate, such as optional initiatives or specific uses of images or communications.

Special category and criminal convictions data are processed only where an additional lawful condition applies and appropriate safeguards are in place.

If you wish to exercise your data protection rights, including making a Data Subject Access Request, requesting rectification, or raising concerns about how your personal data is handled, you may contact the Internal Data Protection Lead at dataprotection@lsi-ac.uk.

The School may share your personal information with external organisations to fulfil legal duties, manage operations, or upon your request. These organisations may include:

• Government departments (e.g., Home Office, Department of Education).
• Higher Education Statistics Agency (HESA) - please see Collection notices and Staff Collection Notice.
• Public bodies and agencies (e.g., HMRC, Health and Safety Executive).
• Office for Students (OFS) and Office of the Independent Adjudicator (OIA).
• Programme-accrediting organisations (e.g., BCS).
• Local Authorities for Council Tax and electoral registration.
• Police, law enforcement, and safeguarding agencies.
• Insurers, auditors, and providers of external training placements.
• Current or prospective employers for references.
• Third-party support services and IT providers.
• Crime prevention or detection agencies.
• Banks and employers upon your request.

We share personal information where we have a lawful basis to do so, including where necessary for the performance of your employment contract, to comply with legal obligations, to protect vital interests in an emergency, or where we have legitimate interests that are not overridden by your rights and interests. Where consent is the appropriate lawful basis for a specific disclosure, we will seek consent.. Anonymised or aggregated data may be shared for purposes like equality benchmarking.

The School securely collects, stores, and processes your personal information in both paper and electronic formats, including databases accessible to academic and professional departments. Access is restricted to authorised staff, contractors, or agents with a legitimate business need within their contractual duties. Personal information is used for:

• Managing finances and related funding.
• Administering facility use and event participation (e.g., building access, libraries, health services).
• Handling complaints, investigations, and disciplinary matters, including academic misconduct.
• Fulfilling statutory reporting and monitoring equality legislation compliance.
• Ensuring health, safety, and wellbeing, including safeguarding and crime prevention.
• Monitoring compliance with School regulations.
• Conducting management reporting, research, and statistical analysis.
• Checking right-to-work status and visa compliance.
• Communicating work-related information and updates.
• Inviting participation in research to improve services.

Some data may be ‘special categories’ (e.g., race, ethnicity, medical information) for specific purposes like equality monitoring or providing necessary support. Access to such data is strictly controlled under the School’s Data Protection Policy. Accountability for processing sits with the relevant Data Owners for their domains, with privacy operations coordinated by the Internal Data Protection Lead and information security and systems controls operated by the Director of Technology in their role as Senior Information Risk Owner, in line with the Information Governance Policy.

Your personal data is stored only within the School’s designated systems-of-record and approved repositories used for human resources, payroll, safeguarding, and operational administration. Access is controlled through role-based access controls so that staff and approved contractors access only the information necessary for their role. Records must not be stored in unmanaged local files or informal systems that bypass governance, auditability, or retention controls.

We retain personal data only for as long as necessary for the purposes for which it was collected and in accordance with legal, regulatory, contractual, and operational requirements. Retention periods for staff records are defined and managed through the School’s Data Retention Schedule and Policy, which specifies minimum retention periods, accountable Data Owners, systems-of-record, and secure disposal expectations for each category of record. Where legal claims, investigations, safeguarding matters, audits, or statutory obligations apply, retention may be extended under a documented legal hold. When records are no longer required, they are securely deleted or disposed of using approved methods. The School does not use automated decision-making or profiling that produces legal or similarly significant effects without appropriate safeguards and transparency.

We regularly review our privacy notices to ensure they remain accurate and up to date.

We prioritise protecting your privacy. Please note that other privacy notices cover data related to staff, enquiries, applications, current students, alumni, and website use. These notices are available on our website.