Sharing your data with third parties

We will send some of the staff information we hold to the Higher Education Statistics Agency (HESA). This does not include the name or contact details of staff. HESA collects and is responsible for the database in which HESA staff records are stored. HESA uses that information in its own right – to publish statistics about staff in higher education, for example. HESA also processes the information held in the databases for other organisations. The data protection laws also apply to HESA.

If a member of staff provides us with information about their disability status, ethnicity, sexual orientation, gender reassignment, parental leave or religion, this will be included in the HESA staff record. This helps to make sure people are being given equal opportunities and to prevent unlawful discrimination. HESA will not use this information in any way to make decisions about you.

For more information about the way HESA use staff information please visit the HESA website which contains the staff collection notice.

• Consent: this means that you have agreed that we can use your data for this specific purpose.

• To allow us to take steps to perform the employment contract with you.

• Necessary for compliance with legal obligations, such as compliance with BU’s employment law obligations.

• Necessary for legitimate interests pursued by the other organisation and or BU in our capacity as an employer and in assisting in providing a safe and secure environment for staff and students.

• Necessary for the performance of a task carried out in the public interest: this would usually be an activity within BU’s core purpose as a statutory higher education.

• Necessary to protect your vital interests or those of another person.

• Explicit consent: this means that you have explicitly agreed that we can use your personal data for this specific purpose. You are able to withdraw your consent at any time. Consent can be withdrawn at any point.

• Necessary for the purposes of substantial public interest.

• Necessary for establishment, exercise or defence of legal claims.

• Necessary for purposes of carrying out obligations and exercising rights in relation to employment, social security and social protection law.

• Necessary for research or statistical purposes, where it is considered that the use of your data will be proportionate to the aims of the research and that your interests as a data subject will be appropriately safeguarded.

We will share personal data with emergency services and/or the person you have identified to us as being your next of kin or emergency contact, where this is necessary to safeguard your position or that of other individuals.

We will also share personal data with the police or other organisations with responsibility for investigating potential crimes such as fraud (e.g. local authority fraud investigation teams) where satisfied that this is necessary for the prevention or detection of crime. This may include sharing special category data such as health information.

• Depending on the nature of the situation which has arisen, sharing with the emergency services could include sharing information with the police, National Health Service organisations and the Fire Service.
• Disclosure is necessary to protect your vital interests, i.e. where you are at clear risk of harm, or to protect the vital interests of others e.g. if they are at risk of harm from your actions. We will only share special category data on this basis if it is not possible for us to obtain a valid consent from you to the disclosure.
• Where the police have told us, and we are satisfied that this is the case, that sharing your data with them is necessary for the purposes of preventing or detecting crime.
• Disclosure is necessary for the purposes of protecting you or others from risk of harm, or for prevention/detection of crime: these are purposes in the substantial public interest.