Skip to main content

Staff privacy notice

We (Bournemouth University Higher Education Corporation) collect and retain personal information, in various formats, about our current, past and potential future staff (staff data) for a variety of purposes as set out below, in separate privacy notices provided on collection and in our registration with the Information Commissioner under the Data Protection Act 1998 (DPA).

We hold this personal information about our staff securely, both in hard copy format and electronically, under the requirements of the DPA.

The information provided below is intended to guide staff on the types of purposes and disclosures made by us. It is important to note that any such uses and disclosures will only be made where permitted under the DPA.

Anyone proposing to use staff data must first consult BU’s Data Protection Policy for Staff and BU Representatives

How we use staff data

We will use staff data for all purposes associated with the administration of the employer/employee relationship. The purposes for which we may use staff data (including sensitive personal information) we collect during an employee’s association with us include:

  • recruitment and selection
  • employment matters (e.g. promotion, development, conduct, attendance, appraisals, managing progress, grievance and academic misconduct investigations, disciplinary actions and complaints)
  • maintaining staff records
  • complying with visa requirements
  • administering finance (e.g. salary, pension  and any other staff benefits)
  • providing support services (e.g. through the Employee Assistance Programme, Chaplain and Occupational Health Service based at the Medical Centre in Talbot House)
  • providing library, IT and information services (please refer to the Acceptable Use Policy for information about IT monitoring)
  • complying with statutory requirements (e.g. monitoring equal opportunities and equal pay, and processing and responding to subject access requests and information requests and complying with our obligations under our publication scheme)  
  • carrying out research, surveys and statistical analysis (including using third party data processors to carry out benchmarking and surveys for us)
  • providing operational information
  • promoting our services and other operational reasons (including displaying staff details on our website where appropriate, handling external business calls via our reception team and our AskBU enquiry service and taking or commissioning photographs or films on campus or at BU events for promotional purposes)
  • safeguarding and promoting the welfare of staff
  • ensuring the safety and security of our staff
  • preventing and detecting crime
  • dealing with complaints
  • carrying out audits.

The name, professional service or faculty, work email address and telephone number(s) for staff will appear in BU’s internal email and staff intranet directory. This information will be used by external call handling staff to direct calls and general enquiries accordingly. If a member of staff has any safety concerns about the release of work related contact information they should contact HR at . Staff profiles for academic staff, senior staff and staff in roles that involve significant contact with external organisations and or members of the public will normally be available online in accordance with BU’s policy on the Disclosure of Information on Employees.

Sharing staff data with others

Unless an opt–out is in place, we may disclose limited staff data to a variety of recipients including:

  • our employees, agents and contractors where there is a legitimate reason for their receiving the information (including service providers such as our external payroll provider, our insurers and external legal and financial advisers)
  • current, past or potential employers of our staff (to provide or obtain references)
  • professional and regulatory bodies (e.g. NMC, HCPC, BPS, SRA, BSB, ACCA,) in relation to the confirmation of conduct including complaints, job description and information provided as part of the recruitment process
  • government departments and agencies where we have a statutory obligation to provide information (e.g. Her Majesty's Revenue and Customs (HMRC),  the Higher Education Funding Council for England (HEFCE), the Higher Education Statistics Agency (HESA), the Home Office (in connection with UK visas and immigration))
  • the Disclosure and Barring Service (DBS) where we require a DBS check for certain roles
  • third parties who work with us to provide staff support services (e.g. counselling and occupational health services)
  • third parties who are contracted to provide out–of–hours IT services for us
  • other higher education providers or employers where the member of staff is taking part in an exchange programme or other collaboration as part of their employment
  • external organisations including funders and third party clients (for example, where our member of staff is named as part of a research application for external funding or is to be involved in providing consultancy services to an external organisation)
  • crime prevention or detection agencies (e.g. the police, security organisations, Department for Works and Pensions and local authorities)
  • relatives/next of kin (but only where we have consent from the member of staff or there is a legitimate reason for the disclosure)
  • healthcare, social and welfare organisations
  • representatives of a current, former or potential member of staff (but only where we have consent from the member of staff or there is a legitimate basis for the disclosure)
  • internal and external auditors
  • debt collection and tracing agencies
  • courts and tribunals
  • local and central government
  • trade union and staff associations (where information is already in the public domain or we have consent from the member of staff)
  • survey and research organisations, for example the annual staff survey
  • press and the media.


We will send some of the staff information we hold to the Higher Education Statistics Agency (HESA). This does not include the name or contact details of staff. HESA collects and is responsible for the database in which HESA staff records are stored. HESA uses that information in its own right – to publish statistics about staff in higher education, for example. HESA also processes the information held in the databases for other organisations. The Data Protection Act 1998 (and from 25 May 2018 the General Data Protection Regulation) also applies to HESA.

If a member of staff provides us with information about their disability status, ethnicity, sexual orientation, gender reassignment, parental leave or religion, this will be included in the HESA staff record. This helps to make sure people are being given equal opportunities and to prevent unlawful discrimination. HESA will not use this information in any way to make decisions about you.

For more information about the way HESA use staff information please visit the HESA website which contains the staff collection notice.

Changes to your personal data

Please tell us promptly about any changes to the data we hold about you. This is particularly important for your contact details. You can do this through the Employee Self Service Portal (ESSP). You can also use ESSP to download and print your payslips each month and change your bank account details. For support contact:

Handling personal data responsibly

Staff will, during their employment with us, come into contact with personal data from many sources (including that of other staff members and students). We expect staff to handle data about other people responsibly and in accordance with our Data Protection Policy for Staff and BU Representatives.

We encourage the use of social media as it can be a valuable tool for communication and learning and can assist in the work of students and staff. Staff are reminded that the usual standards of behaviour and conduct that we expect on a day–to–day basis apply equally to the use of social media. For further information on this, see our Social Media Policy and Procedures. Misuse of social media can cause significant distress to others, and we may take action against those responsible.