Examples Contact information Personal identifiers Emergency contact details Bank account details Purpose To set up your accounts and system access To ensure your salary is paid on time So we can contact your nominated contact in the event of an emergency So we can set up your pension We do this in order to perform our contract with you
Examples Your employment history Any training you’ve undertaken or qualifications achieved (at StepChange or prior to your employment) Any information you provide as part of your application Your contact details Purpose To review your application and update you on its progress To arrange any interviews or assessments We do this because we have a legitimate interest to carry out recruitment activities.
Examples Right to work checks CIFAS checks Disclosure and Barring Service (DBS) checks Purpose To ensure you have the right to work in the UK To ensure your suitability for the role We do this in order to comply with the law.
Examples Your name Your work email address Your job title Purpose To maintain our employment records and our global address directory We do this because we have a legitimate interest to maintain our employment records.
Examples Your StepChange career history, including current and previous roles Your progress through a StepChange academy (if your job requires one) Records of any apprenticeship you attend Any external or internal training you receive Our internal leadership programme Your Insights profile Purpose To monitor the progress of your career To ensure you have the training you need to perform your job To ensure that any legally required training is completed To support you in your career development We do this because we have a legitimate interest to develop our colleagues. In some cases we do this to comply with the law.
Examples Records of annual leave Records of any sickness absence Records of any other absence, including maternity and paternity leave, adoption leave, or sabbaticals Purpose To ensure any absence from work is recorded correctly To ensure you are able to use your full entitlement of annual leave To ensure that any leave you are entitled to is administered correctly We do this because we have a legitimate interest to maintain our employment records.
Examples Details of any absence management processes you are involved with, including any meetings you are invited to Details of any disciplinary proceedings you are involved with, including any meetings you are invited to Details of any grievance proceedings you are involved with, including any meetings you are invited to and any statements you provide Purpose To ensure our internal processes are followed To ensure you are fully supported through any proceedings To monitor your progress against any agreed actions We do this in order to perform our contract with you.
Examples Records of any quality checks carried out on your work, including call recordings Records of your monthly 121 meetings with your manager Any Performance Development Plans (PDPs) which you have in place Any Performance Improvement Plans (PIPs) which you have in place Details of any performance management proceedings you are involved with, including any meetings you are invited to Purpose To ensure our internal processes are followed To ensure you are fully supported through any proceedings To help you improve and develop your performance To monitor your progress against agreed development goals To monitor your performance against team and individual targets We do this in order to perform our contract with you.
Examples Your salary and bank details Your pension Any employee benefits you are entitled to (for example: cycle to work schemes and annual leave purchase) Your nominated beneficiaries Purpose To ensure your salary is paid correctly To maintain your pension and make agreed contributions To ensure any employment benefits are provided correctly Where necessary, to ensure any nominated beneficiaries are paid We do this in order to comply with the law.
Examples Details of any Display Screen Equipment (DSE) assessments you have completed Details of any reasonable adjustments put in place to allow you to carry out your role Details of any reasonable adjustments put in place to allow you to carry out your role Details of any Occupational Health referrals, and records of any advice given Purpose To ensure your salary is paid correctly To ensure any issues identified are resolved To ensure that we are providing any adjustments necessary To ensure we have a record of advice provided by Occupational Health to support you We do this in order to comply with the law.
Examples Records of any Health & Safety training you've received Details of any voluntary positions you hold (such as Fire Marshal or First Aider) Your colleague ID card, including your name and face Purpose To ensure you receive all relevant training To protect the safety of our colleagues To protect the security of our offices and equipment We do this in order to comply with the law.
Examples Your IP address Details of any software you have downloaded onto a work device, and any licences you hold for software Records of any tickets you raise with our IT service desk Purpose To ensure the safety of our IT network and equipment To protect the charity against malicious software and phishing attacks To monitor any issues with our systems and equipment We do this because we have a legitimate interest to protect our network and systems.
Examples Records of any annual leave or other planned absence you have Details of your career development goals and aspirations Records of any developmental training you've received Records of any mentorship programme you're involved with Purpose So we can plan to ensure a good level of service is provided to our clients So we can support you in your development So we can create succession plans We do this because we have a legitimate interest to provide our service to our clients, and to develop our colleagues.
Examples Records of any training you're required to complete by law Regulatory references, where these are required for your job role Details of any regulatory roles or responsibilities you hold Purpose So we can maintain our regulatory records So we can demonstrate that we're complying with regulatory requirements We do this because we have a legitimate interest to demonstrate that we're complying with our regulators.
Examples Records of any gifts or hospitality that you receive from clients or partner organisations Purpose So we can maintain our regulatory records So we can ensure that our internal gifts and hospitality processes are followed To avoid any potential conflicts of interest We do this because we have a legitimate interest to demonstrate that we're complying with our regulators.
Examples Anything you post on our internal social media Information that colleagues have shared about you Your basic personal identifiers Purpose So we can provide an internal social media for our colleagues So we can consider nominations for internal awards, including our Iain Kendall award So we can send you a card on your birthday We do this because we have a legitimate interest to promote and support the engagement of our colleagues.
Examples Anything you share on our annual Colleague Engagement Survey Anything you share on any “temperature check” surveys we carry out Any feedback or questions you share with your Joint Consultative Committee (JCC) representative Purpose So we can regularly monitor how our colleagues feel about their work, and about StepChange as an employer So we identify any issues affecting our colleagues So your JCC representative can share any concerns or questions you have We do this because we have a legitimate interest to promote and support the engagement of our colleagues.
Examples Details of your working pattern, daily schedule and responsibilities Records of any short-term absence (for example, GP or hospital appointments) Records of conversations with your manager about performance, absence or personal issues Purpose So we can plan work around the availability of our colleagues So we can ensure work is covered in your absence So we can help support you through any performance, absences or personal issues So managers can handle the day to day running of their teams We do this because we have a legitimate interest to provide our services to clients. In some cases, we will also do this in order to perform our contract with you.
Examples Records of internal correspondence from, to or concerning you Copies of any reports concerning you (for example, departmental performance reports) Records any Microsoft Teams messages from, to or concerning you Purpose So our colleagues can correspond with each other So colleagues can share important work information We do this because we have a legitimate interest to provide our services to clients. In some cases, we will also do this in order to perform our contract with you.
Examples Recordings of telephone conversations between you and clients Records of other interactions you have had with clients (such as emails or webchats) Records of any notes you make on our systems concerning clients Purpose To handle complaints To look into conduct issues To check the quality of our services. We do the above to meet financial regulations and rules. Listening to calls for training We may let third parties listen to live calls. These could be journalists or funders. This is to promote our services and raise awareness of our charitable aims To provide evidence for any law enforcement investigations To protect your wellbeing by investigating any abusive behaviour by callers To monitor the quality of our services. Clear and strict rules are followed at all times to protect your information. We do this because we have legitimate interests to promote our services, train our colleagues, report criminal activity and look after our colleagues.
StepChange carry out events & publicity activities, and sometimes we ask colleagues if they would like to participate in these. If you wish to participate in any of these events, we recommend you read our Events & Publicity Privacy Notice.
Examples Where you make a qualifying disclosure concerning any of the following areas, and you choose not to remain anonymous: A criminal offence A miscarriage of justice An act creating risk to health and safety An act causing damage to the environment A breach of any other legal or regulatory obligation Breaches of internal policies and procedures Bullying, harassment or discrimination Inappropriate conduct or unethical behaviour Financial irregularities or fraud Bribery or corruption Negligence Concealment of any of the above Purpose To allow us to investigate any concerns you have raised To support you through this process To feed back to you where possible To ensure you suffer no detriment or disadvantage as a result of making a disclosure We process this data where we need to so we can: Comply with the law Prevent or detect unlawful acts Prevent fraud
Examples Recordings of any safeguarding disclosures or concerns you raise, about colleagues or clients Purpose So we can ensure any safeguarding issues we become aware of are handled appropriately We do this in order to comply with the law, and because we have a legitimate interest to safeguard our clients and colleagues.
Examples Any information about EDI that you choose to share with us (for example, details of sexuality, neurodiversity or ethnicity) Purpose So we can understand the demographic makeup of our colleagues and uphold our commitment to a diverse workforce We will process this data when we have your consent to do so.
Examples Arranging a courier Purpose If we need to securely deliver work equipment or collect it from you. We will process this data only when we have a lawful basis for doing so. This will depend on the nature of the processing activity.
Where you have chosen to share this with us - for example, where you have been the victim of a crime that affects you at work. Examples Relevant details of: Criminal activity Criminal allegations Criminal investigations Criminal proceedings Criminal offences (and absence of offences) Criminal penalties Criminal convictions Purpose To make sure we can offer you any support that you need We process this type of sensitive data where we need to. There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
Examples Information shared as part of legal proceedings involving us and you This could be sensitive information. It may relate to you and your situation Purpose Establishing, exercising or defending legal proceedings Where we are subject to a court order
Examples Information about any complaint, rights request, or other legal request which you may have submitted. This can include: Details of the request Our investigations, and How we have responded Information about you where this is required to investigate any issues that we have discovered. Such as if your data is involved in a data breach. This could be: Sensitive information Related to you and your situation Purpose To maintain records as required by law or because our regulators tell us to do so Where we have a legitimate interest to maintain records about our compliance with the law To fully investigate any complaints or answer any information request you may have.