About us

Staff privacy notice

To fulfill our role as your employer, we must hold certain information about you.

We need to obtain this information fairly and lawfully, so you'll probably already be aware of what we hold.

Why we process your information

In our role as your employer, we'll process your personal information:

  • to pay you
  • to make salary deductions, for example, if you are a member of a trade union
  • to make sure you work in a safe environment
  • to check you are fit to work
  • to assess your performance and training
  • to monitor and support your health and wellbeing
  • to monitor and promote the diversity of our staff
  • to monitor and promote equality of opportunity or treatment
  • to administer the NHS Pension Scheme
  • to deliver NHSBSA services
  • to analyse your data to understand patterns and trends that will be used to plan and make improvements to workforce retention, employment and recruitment processes and policies
  • to manage building and car park occupancy throughout NHSBSA buildings
  • to administer the colleague recognition and rewards scheme
  • for workforce development and planning purposes
  • to submit to the Best Companies Survey
  • if you respond to staff surveys and this data is not anonymous
  • to locate NHSBSA devices if not returned when you leave the organisation, or if the device is lost or stolen
  • for the prevention, detection and investigation of fraud
  • if you join an NHSBSA colleague network
  • to utilise artificial intelligence to enhance staff productivity, efficiency and to make reasonable adjustments to prove accessibility
  • to routinely monitor communications and activity on or through NHS Business Services Authority’s systems to ensure secure and effective system operation, policy compliance and for other lawful purposes.   This routine monitoring could include, but is not limited to, internet browsing history and location.  Where justified and proportionate to do so, emails, Teams Chat and the frequency and detail of other activity may be monitored.

Your employment contract

We process information in line with your contract, and our policies and procedures. This is so we can:

  • assess your job applications
  • provide you with employee benefits
  • identify learning and development opportunities as part of managing your work performance
  • detect and prevent any possible mistakes or fraud
  • check you're complying with the terms of your employment

Our legitimate interests

We'll use certain information to promote our values and interests, which may include the use within our publications of:

  • images and videos of you
  • your comments

It is also our legitimate interest to process your personal data for the purpose of workforce insight and analytics, to retrieve NHSBSA devices if lost or stolen, to offer our colleague recognition scheme, and if you join an NHSBSA colleague network. 

Where we process your information

Your information will not be transferred outside the UK or European Economic Area (EEA), unless the UK has approved the country as having comparable data protection laws or there are appropriate safeguards in place.

Sharing your personal information

We may share your information with:

  • Amiqus and TransUnion verification services to complete pre-employment checks
  • the Disclosure and Barring Service (DBS), if your role requires a DBS check
  • medical professionals, to assess your fitness to work and any reasonable adjustments that you need
  • organisations you choose to make payments to through our payroll service, such as Vivup
  • organisations you're placed with, such as through the NHS Management Graduate Training Scheme to allow them to manage your the placements - those organisations will share information with us about your employment status and any health and safety incidents
  • your next of kin in an emergency situation
  • the National Fraud Initiative, NHS Counter Fraud Authority or the police, to help prevent and detect fraud
  • people who request it, in circumstances detailed in our Freedom of Information policy and Data Protection and confidentiality policy
  • providers of business travel, accommodation or car hire that we book and pay for - if a hire car is dropped off at your home address, a profile is created to help with any subsequent car hire bookings which can be updated or deleted on request
  • organisations you've asked us to provide references to, such as a prospective employer, landlord or mortgage provider
  • any other organisation who has a legal right to it

Keeping your personal information

Your information will be deleted from our systems as detailed in our records retention schedule, under the Function Grouping ‘Human Resources’.

When you leave the NHSBSA, we need to retain summary information to allow us to:

Your rights

The information you provide will be managed as required by Data Protection law.

You have the right to:

  • receive a copy of the information we hold about you
  • request your information be changed if you believe it was not correct at the time you provided it – you can update your information through the ESR self-service facility or by contacting your line manager

You can:

  • access your annual pension benefits information, through Total Rewards Statement (TRS) and My NHS Pension
  • access your employment details, through ESR self service
  • access your attendance details, through the time recording system
  • access your performance information, in meetings with your manager
  • object to processing under our legitimate interests
  • request that your information be deleted if you believe we are keeping it for longer than necessary

Find out more about your rights and how we process information.

Last updated June 2026.

Back to top