NOC Privacy Notices

Purpose

The National Oceanography Centre (NOC) provides a number of privacy notices to explain how we use different categories of personal information. Below we supply links to the individual privacy notices.
 

NOC privacy notice for applicants for jobs at NOC

Purpose

This NOC Recruitment Privacy Notice relates to personal information submitted by you, to NOC as part of the application process for jobs at the NOC. We use this information to assess your suitability for jobs you have applied for.

What is the legal basis for NOC processing your personal information?

The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract (ie employment contract) or to take steps at your request, before entering a contract.

If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes.

We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

What personal information does NOC process?

NOC collects and processes a range of information about you. We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

  • You will be asked to set up a user account in the NOC recruitment portal and provide us with:
    • your name,
    • contact details,
    • information regarding your right to work in the UK,
    • diversity information,
    • previous employment history,
    • qualification and training information,
    • and other information relevant to the job.
  • If your personal information and CV have been submitted by a trusted third party, your details will be uploaded on to the system by the NOC Recruitment Team.

In the circumstance where you are accepted for employment, as part of the onboarding process, we will request further personal information required to fulfil your employment contract. That personal information is covered by the NOC staff privacy notice, below.

Who has access to your personal data?

NOC restricts access to personal data on an as-needs-basis. Your information will only be shared with NOC staff taking part in the recruitment process, the NOC People and Skills team and NOC staff with expertise to assess your suitability for the position.

Do we use any data processors?

NOC may share your personal data with a number of third party processors in assessing your suitability

  • If the position involves supervision by non-NOC staff, we may share your application details with relevant external supervisors in order for them to contribute to assessing your suitability. Such external people will be required to treat your details in strictest confidence and abide by NOC information security standards.
  • With your permission, we may contact references provided by you to undertake pre-offer reference checks.
  • For apprenticeships, your information will be input to the UK Government Digital Apprenticeship Service (DAS) and your information shared with the relevant apprenticeship training partner. Here is the link to the UK Government Digital Apprenticeship Service (DAS) privacy notice.

How does NOC protect data?

NOC takes the security of your data seriously. The NOC has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees or third parties in the recruitment process.

Where the NOC engages third parties to process personal data on its behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Will the personal information be shared outside of the UK?

No, your personal information will not be shared with third parties outside of the UK.

How long does NOC keep data?

Your personal information will be held for 12 months following no activity on your recruitment portal account, logging into your account is included as activity. At this point your account will be de-activated by anonymizing your information and the secure deletion of all documents attached to your account. At any time, you also have the option to deactivate your account yourself when logged in, this will also anonymise all data and delete attached documents.

Within the 12 month period, if you consent, NOC may also contact you to inform you of other NOC job vacancies that we consider you may be interested in.

Your rights as an applicant to the NOC

As a data subject, you have a number of rights:

  • NOC must inform you of how your personal information is being used – which is the purpose of this Privacy Notice.
  • You have the right to request NOC to provide a copy of your personal information we store about you.
  • You have the right to request the correction of any inaccuracies in your personal information.
  • You have the right to update your personal information if it has changed.
  • At any time, you may withdraw your job application by notifying NOC in writing.
  • If you do not have an active job application with NOC, you have the right to request the de-activation of your account (see above – How long does NOC keep data?).

If you would like to exercise any of these rights or discuss your personal information, please contact NOC’s People and Skills team by emailing askhr@noc.ac.uk. If you are not happy with the response from the People and Skills team, you may contact the NOC Information Governance team: noc_information_governance@noc.ac.uk. In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner's Office (ICO). Full details may be accessed on the complaints section of the Information Commissioner's Office website. Here is the link to ICO complaints.

Automated decision-making

Suitability decisions are not based on automated decision-making.

About this Privacy Notice

From time to time, we may need to change this privacy notice, for example, if we introduce new data into the recruitment process and we encourage you to check this privacy notice from time to time.

NOC privacy notice for NOC staff

Purpose

This privacy notice covers the personal data that you supply to The National Oceanography Centre (NOC) relating to your employment with NOC. The organisation is committed to being transparent about how it collects, stores and processes your data and to meeting its data protection obligations.

What is the legal basis for NOC processing your personal information?

The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract (ie employment contract) or to take steps at your request, before entering a contract.

If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes.

We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

What personal information does NOC process?

NOC collects and processes a range of information about you. We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. This includes (as applicable):

  • information provided by you such as your name, address and contact details, including email address and telephone number, date of birth and gender.
  • the terms and conditions of your employment.
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the NOC.
  • information about your pay and benefits.
  • details of your bank account and national insurance number.
  • information about your marital status, next of kin, dependants and emergency contacts.
  • information about your nationality and entitlement to work in the UK.
  • information from references.
  • information on Disclosure and Barring Service (DBS) checks including the outcome of the checks.
  • details of your work pattern (days of work and working hours).
  • details of periods of leave taken by you, including holiday, sickness and other absence, and the reasons for the leave.
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
  • performance management information, including annual appraisals, performance development reviews (PDR) and ratings, training you have participated in, performance improvement plans and related correspondence.
  • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
  • other relevant information as applicable required by NOC in order to ensure we fulfil our obligations as an employer.

NOC collects this information in a variety of ways.

For example, data is collected through application forms and CVs; obtained from your passport or other identity documents; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

You are also able to directly update some of the information held on your record on NOC’s Business Information System - UNIT 4, and to view the other fields in your record.

In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers and information from criminal records checks permitted by law.

Data is stored in a range of different places, including in your electronic personnel file, in NOC’s Business Information System, the flexitime tracking system and across other IT systems (including the organisation's network drives and email system).

Who has access to data?

NOC restricts access to personal data on an as-needs-basis. Your information will be shared within People & Skills team (including external managed services covering payroll, flexible benefits, occupational health), your line manager, managers in the business area in which you work and senior managers and IT staff if access to the data is necessary for performance of their roles.

Your data could also be shared with employee representatives in the context of collective consultation on a redundancy or merger, if such a situation were to arise. This would be limited to the information needed for the purposes of consultation, such as your name, role and length of service.

Relevant data (e.g. mobile number) may also be shared for the purposes of the organisation’s Business Continuity Plan or Serious Incident Group procedures.

Your data may also be shared for the purposes of audit compliance and may be transferred to countries outside the European Economic Area (EEA) for information required within the NOC or for audit or compliance purposes, including EU funded grant activity. Data will only be transferred outside the EEA where required and where adequate safeguards such as an International Data Agreement or contract are in place.

Do we use any data processors?

NOC engages with a number of third party processors in providing elements of our business processes:

  • We use Automatic Data Processing, Inc (ADP), to manage our payroll. Here is a link to the ADP privacy notice.
  • We use the Agenda Screening Services to complete Disclosure and Barring Service checks. Here is a link to the Agenda privacy notice.
  • We use Edenred for the provision of wellbeing and lifestyle benefits. Here is the link to the Edenred privacy notice.
  • We use Legal and General for benefits such as life insurance and Group Personal Pension Plans. Here is the link to the Legal and General privacy notice.
  • We use Health Assured in the provision of our occupational health services. Here is the link to the Health Assured privacy notice.

How does NOC protect data?

NOC takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How long does NOC keep data?

During your employment, NOC will retain your personal information and ensure it is up to date and accurate, After you leave the organisation, we will retain only key information such as job and salary records for one year and we will delete your record entirely after 6 years, unless we are required to maintain data for a longer period for compliance or donor reporting reasons.

Your rights as a NOC employee

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
  • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights or discuss your personal information, please contact NOC’s People and Skills team by emailing askhr@noc.ac.uk. If you are not happy with the response from the People and Skills team, you may contact the NOC Information Governance team: noc_information_governance@noc.ac.uk. In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner's Office. Full details may be accessed on the complaints section of the Information Commissioner's Office (ICO) website. Here is the link to ICO complaints.

What if you do not provide personal data?

You have some obligations under your employment contract to provide the organisation with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the NOC with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the organisation to enter a contract of employment with you. If you do not provide other information, this will hinder the organisation's ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

Automated decision-making

Employment decisions are not based solely on automated decision-making.

About this Privacy Notice

From time to time, we may need to change this privacy notice, for example, if we introduce new data into our business processes supporting your employment contract. We will inform NOC staff when a new privacy notice is published.

NOC privacy notice for suppliers and customers

Purpose

This privacy notice covers the personal data that you supply to The National Oceanography Centre (NOC) relating to you acting in a capacity as a customer of, or supplier to, NOC. The organisation is committed to being transparent about how it collects, stores and processes your data and to meeting its data protection obligations.

What is the legal basis for NOC processing your personal information?

The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.

The NOC needs to process data in order to be able to enter into a contract with you or your employing organisation and to meet its obligations under the contract. For example, it needs to process your data to undertake due diligence activities, or to invoice or pay you in accordance with contract.

NOC will only ever ask for and process data which is required to enable the contractual relationship and does not collect sensitive personal data from customers or suppliers.

What personal information does NOC process?

NOC collects and processes a range of information about you. This includes (as applicable):

  • information provided by you such as your name, address and contact details, including email address and telephone number.
  • details of your bank account.
  • other relevant information as applicable required by NOC in order to ensure we fulfil our obligations created by the business relationship.

NOC collects this information in a variety of ways.

For example, data is collected through customer or supplier forms and through the completion of contractual or due diligence documentation.

Data is stored in NOC’s Business Information System, paper files (contracts) and across other IT systems (including the organisation's network drives and email system).

Who has access to data?

NOC restricts access to personal data on an as-needs-basis. Your information will be shared within NOC to the extent necessary to administer the business relationship.

Your data may also be shared for the purposes of audit compliance and may be transferred to countries outside the European Economic Area (EEA) for information required within the NOC or for audit or compliance purposes, including EU funded grant activity. Data will only be transferred outside the EEA where required and where adequate safeguards such as an International Data Agreement or contract are in place.

Do we use any data processors?

For data supplied by our customers and suppliers, NOC will only use third party processors in the context of due diligence, audit activity or banking. For example, we may use an external credit checking partner and may pass your details to our bank in order to enable payments to be made. Data processors with whom we may share information:

How does NOC protect data?

NOC takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees in the performance of their duties.

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How long does NOC keep data?

NOC will retain your personal information only for the time necessary according to the purpose of the holding of the data. Your data will be retained for the time you are deemed to be a registered supplier or customer of NOC. If you cease to be a customer or supplier, then the data may be retained for as long as may be necessary for NOC business purposes related to the business relationship that was in place. This may include for the purposes of relevant audit activity some years after the supplier or customer contract relationship has ended.

Your rights as a data subject

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
  • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact NOC’s Legal and Governance team by emailing legal_support@noc.ac.uk. If you are not happy with the response from the Legal and Governance team, you may contact the NOC Information Governance team: noc_information_governance@noc.ac.uk. In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner's Office (ICO). Full details may be accessed on the complaints section of the Information Commissioner's Office website. Here is the link to ICO complaints.

What if you do not provide personal data?

If an organisation is unwilling to provide some data NOC considers necessary for the business relationship, then NOC may choose not to enter into the business relationship with that organisation.

About this Privacy Notice

From time to time, we may need to change this privacy notice, for example, if we introduce new data into our business processes supporting supplier and customer contracts. We will inform you when a new privacy notice is published.

Cookies policy

NOC’s website does not store or capture personal information, but for administration purposes merely logs the user’s IP address which is automatically recognised by the web server.

Cookies policy

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the Internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • enabling a service to recognise your device so you don’t have to give the same information several times during one task
  • recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.

You can manage these small files yourself and learn more about them with this advice from Directgov about Internet browser cookies – what they are and how to manage them.

Our use of cookies

Cookies for improving service: Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage.

Name Typical content Expires
_utma Randomly generated number 2 years
_utmb Randomly generated number 30 minutes
_utmc Randomly generated number When user exits browser
_utmz Randomly generated number and information on how the site was reached (e.g., directly or via a link, organic search or paid search) When user exits browser

For further details on the cookies set by Google Analytics, please refer to the Google Code website.

How to control and delete cookies

We will not use cookies to collect personally identifiable information about you.

However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.

Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.

Please be aware that restricting cookies may impact on the functionality of our website.

If you wish to view your cookie code, just click on a cookie to open it. You’ll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

Further information

Any enquiries about this policy should be addressed to NOC’s Web Team.

d96b37e25c18f40a