Privacy notice relating to the processing of employee personal data by Rhondda Cynon Taf County Borough Council for Employee Location Tracking when using the StaySafe Application.
This privacy notice is intended to provide information about how the Council will use (or ‘process’) employee personal data when using the StaySafe Application.
This notice should be read in conjunction with.
- Any departmental protocols relating to the use of the StaySafe app.
Please note, some services may use the StaySafe App for other purposes. Separate privacy notices are provided in this regard. Please speak to your line manager to confirm their purpose for which the App is used within your service.
Introduction
The Council has many employees who work in the community providing vital front-line services. As an employer we have a duty of care to ensure our employees are safe whilst community working and are also fulfilling theirs and the Council’s duties in line with our statutory functions.
The use of the StaySafe App by the Council provides visibility of the location and safety status of our employees out in the community. The app is installed on the employee’s mobile phone providing Global Positioning System (GPS) location data to assist managers in tracking the location of our employees.
Location tracking only commences when the employee checks into the App and ends when they check out. Employees are in complete control of when their location is tracked to ensure their privacy is maintained, for example during lunch breaks and when travelling home at the end of the day.
The Data Controller
The Council is the data controller for the personal data processed via the StaySafe App.
The Council is registered with the Information Commissioner’s Office (ICO) as a controller under reference Z4780100.
The Data Protection Officer
The Councils Data Protection Officer (DPO) can be contacted in relation to data protection matters.
Should you have the need to contact the Data Protection Officer directly you can do so via email at Information.management@rctcbc.gov.uk.
Queries relating to this privacy notice
If you have any questions or queries relating to this privacy notice and the use of the StaySafe App, please contact your Line Manager in the first instance.
The categories of personal data we process
When an employee uses the StaySafe application the following data is captured:
- Biometric data – if the employee uses this method to authenticate access to the app
- Employee location data captured via the apps GPS including time/date
- Employee personal identifiers such as name, job role, mobile phone number etc.
Why we process the personal data
We process the personal data within the StaySafe App for the following activities:
- To enable the employees use of the App (account creation, management etc)
- To ensure the employee is using the App correctly i.e how and when they should be etc
- To determine the whereabouts of employees when checked into the app
- To ensure all areas within RCT are receiving vital front-line services i.e., patrolled by a community warden
- To provide stats to elected members on the presence of employees in their relevant wards
- To provide proof of employee’s attendance in areas where members of the public have raised a complaint for non-attendance.
- In some circumstances provide evidence for disciplinary or additional training and support if an employee is not fulfilling their duties.
Our lawful basis for processing the personal data
Under the General Data Protection Regulation (GDPR), our lawful basis for processing the personal data when tracking employees through the StaySafe application is:
Public Task – Article 6(e) GDPR – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Contract - Article 6(b) GDPR - processing is necessary for the performance of a contract to which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract.
The primary legislation, regulations and guidance that supports this includes, but is not limited to;
- Environmental Protection Act 1990
- The Anti-Social Behaviour, Crime and Policing Act 2014
- Highways Act 1990
Who or where we get the personal data from
We obtain the personal data directly from employees when they use the StaySafe App
Who we share personal data with
The data captured when using the StaySafe Application is accessed by and may be shared with:
Who
|
Purpose
|
Employees Line Manager / Management Team etc.
|
To ensure the safety of our employees when community working
To ensure employees are fulfilling theirs and the Council’s duties whilst working out in the community.
|
Human Resources
|
To seek advice and guidance relating to employee performance in the event of a disciplinary.
|
Elected Members
|
To provide stats on attendance of employees in their wards
|
When sharing the personal data, we only share the minimum amount necessary in relation to the purpose.
Data Processors
A data processor is a company or organisation that processes personal data on our behalf. Our data processors act only upon our instruction. They cannot do anything with the personal data unless we instruct them to do so. They will not share the personal data with any organisation apart from us or use it for their own purposes. They will hold it securely and retain it for the period we instruct.
StaySafe Apps Limited is the data processor for the personal data processed via the StaySafe Application.
How long we retain the personal data
We retain the personal data captured via the StaySafe App for the following time period:
Purpose
|
Length of time
|
Reason
|
Location Tracking – Business Need
|
1 year from the date the data is captured
|
Business Need.
Please note, in the event of an accident or incident, the data may be kept for 7 years for that purpose.
|
Please note, where the data captured via the StaySafe App is used as evidence in a disciplinary, accident or complaint etc, the data may be retained longer for that purpose.
In keeping with the General Data Protection Regulation storage limitation principle, records are periodically reviewed. If an employee leaves the authority or changes roles the data will become inactive, removed from all reports until automatically deleted in line with the retention period.
Your data protection rights
The General Data Protection Regulation (GDPR) gives individuals important rights, including the right of access to the personal data that the Council holds about you.
Click here for further information on your information rights and how to exercise them.
Your right to make a data protection complaint to the Council
You have the right to complain to the Council if you believe we have not handled your personal data responsibly and in line with good practice.
If you have any concerns about the processing of you personal data via the StaySafe app you should contact your line manager in the first instance.
Your right to make a data protection complaint to the ICO
You also have the right to complain to the ICO if you are unhappy with how we have used your data. However, we encourage you to contact us first and provide us with an opportunity to look into your concern and put things right.
The ICO can be contacted:
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline number: 0303 123 1113
- Website: https://www.ico.org.uk