Data Controller

NHS West Yorkshire Integrated Care Board

Purpose

The ICB holds personal and confidential information of its staff for administering sick leave and pay, managing absence, managing a safe working environment and ensuring fitness for work.

Lawful basis

The ICB’s lawful basis for processing personal data under the UK GDPR is Article 6(1) b - contractual relationship.

For special category data the basis is article 9(2) h - assessment of the working capacity of the employee.

Type of information used

Personal data: your name, the organisation you work for and your pay amounts.

Who we will share the information with (recipients)

The ICB uses a third party provider to undertake its Occupational Health function. Therefore, your personal human resources information will be shared with South West Yorkshire Partnership NHS Foundation Trust, Leeds Teaching Hospitals NHS Trust, or Airedale Hospital Trust based on each ‘place’ arrangement.

In addition to the above sharing, information which is required to be disclosed by law will be disclosed to the relevant organisation, for example the Department for Work and Pensions in line with their statutory obligations relating to the working capacity of an employee.

Do we use any processors

The Health Informatics Service (THIS), our IT supplier who store all our information securely on their servers.

Microsoft Azure, supported by IT staff, host our data.

How we collect (the source) and use the information

The types of information that the ICB processes include personal information contained within your HR record which you provided us when you started working for the ICB.

How long we will keep the information

6 years after the staff member leaves or the 75th birthday, whichever is sooner.

Your Rights

With regards to your occupational health record, under the UK GDPR you have the following rights: