Privacy notice - staff data

Publication date:
20 November 2020
Date range:
November 2020 - ongoing

Privacy notice

The Kent and Medway NHS and Social Care Partnership Trust are committed to protecting your privacy. This statement explains how we collect and use the personal information we collect about you, and the rights and choices you have in relation to the information.

The links below can be used to navigate your way around this statement: 

  1. Who are we
  2. Data Protection Legislation
  3. What personal information do we collect?
  4. Why do we collect and how are we using your information
  5. Information Sharing and Disclosure
  6. The accuracy of your information
  7. Storing your information
  8. Your rights
  9. Privacy concerns
  10. Information Commissioners Office

Who are we?

KMPT provides a number of different mental health services to people living in Kent and Medway. Our services are more specialised than services provided by General Practitioners. Most of our mental health services are provided through:

  • Community based teams
  • Outpatient clinics
  • Inpatient units

Community services and inpatient/outpatient units are generally split into services for working age adults and services for older adults over local areas. In addition to our community and inpatient/outpatient services, we also provide a number of specialist services across the county including mental health services for people with learning disabilities.

We currently work as a partnership organisation for mental health services, our partners include:

  • Clinical Commissioning Groups (CCGs)
  • Commissioning Support Units
  • General Practitioners (GPs)
  • Ambulance Services
  • Acute Hospital Trusts
  • Mental Health Social Services

Our Trust is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018 and our registration number is Z9417133.

Data protection and legislation

In carrying out our day to day activities we process and store personal information relating to who you are. We are therefore required to adhere to the requirements of the General Data Protection Regulations, and the Data Protection Act 2018. We take our responsibilities under this legislation very seriously and we ensure the personal information we obtain is held, used, transferred and otherwise processed in accordance with that legislation and all other applicable data protection laws and regulations.

What personal information do we collect?

Personal information about you will largely be collected directly from you during your recruitment and employment.  Personal information may also be collected from healthcare professionals in certain circumstances, through national checks such as DBS etc.

In order to carry out our activities and obligations as an employer we handle data in relation to:

  • Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
  • Contact details such as names, addresses, telephone numbers and emergency contact(s)
  • Employment records (including professional membership, references and proof of eligibility to work in the UK and security checks)
  • Bank details
  • Pension details
  • Occupational health information (medical information including physical health or mental condition )
  • Information relating to health and safety
  • Trade union membership
  • Trust’s governors / membership
  • Offences (including alleged offences), criminal proceedings, outcomes and sentences
  • Employment Tribunal applications, complaints, accidents, and incident details

Why do we collect and how are we using your information?

The Trust collects stores and processes personal information about prospective, current and former staff to ensure compliance with legal or industry requirements.

Reasons for collecting your information will include the purposes of:

  • Staff administration and management (including payroll and performance)
  • Pensions administration
  • Business management and planning
  • Accounting and Auditing
  • Accounts and records
  • Education
  • Health administration and services
  • Information and databank administration
  • Crime prevention and prosecution of offenders
  • Sharing and matching of personal information for national fraud initiative

We may supplement or add to the information we hold about you with information that is available through, or we receive from, other sources e.g. previous employers or education bodies.

The records we hold may be written down (manual/paper records), held on a computer in electronic form or as part of an information system.

Information Sharing and Disclosure

We will not routinely disclose any information outside of the organization, about you without your express permission. However, in order to enable effective staff administration and comply with our obligations as your employer, we will share the information which you provide during the course of your employment (including the recruitment process) with the NHS Business Services Authority for maintaining your employment records, held on systems including the national NHS Electronic Staff Record (ESR) system.

Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Personal Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

Where possible, we will always look to anonymise/ pseudonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it, and will only ever use/ share the minimum information necessary.  However, there are occasions where the Trust is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

For any request to transfer your data internationally outside the UK/EU we will make sure that an adequate level of protection can be satisfied before the transfer.

There are a number of circumstances where we must or can share information about you to comply or manage with:

  • Disciplinary/ investigation processes; including referrals to Professional Bodies, e.g. NMC and GMC;
  • Legislative and/or statutory requirements;
  • A Court Orders which may have been imposed on us;
  • NHS Counter Fraud requirements;
  • Request for information from the police and other law enforcement agencies for the prevention and detection of crime and/or fraud if the crime is of a serious nature.

Internally we may share your information within teams of the organisation such as your manager, and senior management team in order to ensure you are correctly managed. This will include information on training, sickness and other managerial aspects of your employment. 

The accuracy of your information

We have a duty to ensure your information is accurate and kept up-to-date. To do this, we undertake regular checks on the quality of the data we hold and will ask you at regular intervals to confirm your basic information, such as name, address, date of birth, ethnicity etc. is right.

We may also take part in Information Quality Assurance Assessments with our partner organisations to ensure we deliver improvements in the quality of information we record about you.

Storing your information

Your personal information is held in both paper and electronic forms for specified periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.

We hold and process your information  in accordance with the Data Protection Act 2018 (subject to Parliamentary approval) as amended by the GDPR 2016, as explained above.  In addition, everyone working for the NHS must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements. 

We have a duty to:

  • maintain full and accurate records of the care we provide to you;
  • keep records about you confidential and secure;
  • provide information in a format that is accessible to you

Your rights 

You have the right to:

  • request a copy of the information we hold about you;
  • update or amend the information we hold about you if it is wrong;
  • change your communication preferences at any time;
  • ask us to remove your personal information from our records;
  • object to the processing of your information for marketing purposes; or
  • raise a concern or complaint about the way in which your information is being used.

If you wish to find out more about these rights, or obtain a copy of the information we hold about you, please contact our Information Governance Department at:

Information Governance Department
St Michaels House
St Michaels Road
ME10 3DW

Telephone: 01795 514525

Privacy enquiries

If you have any questions or queries about this Privacy and Data Protection Statement, please contact our Data Protection Officer using the details below.

Head of Information Governance

Information Governance Department
St Michaels House
St Michaels Road
ME10 3DW


Telephone: 01795 514525

  1. Information Commissioners Office


The Information Commissioner’s Office (ICO) is the body that regulates the Trust under Data Protection and Freedom of Information legislation.  If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:

Information Commissioner's Office

Wycliffe House
Water Lane

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Fax: 01625 524 510