About Us | Contact Us | Print Page | Sign In | Join now
Privacy statement Staff & Volunteers

Privacy notice - for staff or volunteers

CILIP recognises that your privacy is important to you and is committed to protecting your privacy. This privacy notice tells you what to expect us to do with your personal information when you work for us.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

CILIP is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

CILIP is registered with the Information Commissioners Office (ICO) under The Chartered Institute of Library and Information Professionals Z5659864 and Cilip Pathways Limited ZB353900.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.

Please also see our overarching privacy notice.

1. Our contact details

CILIP’s registered offices are at Room 150, British Library, 96 Euston Road, London, NW1 2DB.

Data Protection Team: dataprotection@cilip.org.uk 

2. What information we collect and use, and why

Personal data is any information that relates to a living individual and from which they can be identified.

Special category data is data that is deemed particularly sensitive and requires additional safeguards to be in place.  In most cases our legal basis for processing special category data will be either Article 9 (a) Explicit consent or (b) Employment, social security and social protection. We may also process data under Schedule 1 of the DPA 2018 including for Equality of opportunity or treatment, Racial and ethnic diversity at senior levels, Preventing or detecting unlawful acts, Support for individuals with a particular disability or medical condition, safeguarding of children and individuals at risk or safeguarding of economic well-being of certain individuals.

We have an Appropriate Policy Document which sets out how we comply with the additional requirements on special category and criminal offence data.

3. Staff recruitment, administration and management

We collect or use the following personal information as part of staff recruitment, administration and management :

  • Contact details (e.g. name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Gender
  • Photographs (e.g. staff ID card and website)
  • Copies of passports or other photo ID
  • Copies of proof of address documents (e.g. bank statements or bills)
  • Marital status
  • Next of kin or emergency contact details
  • Employment history (e.g. job application, employment references or secondary employment)
  • Education history (e.g. qualifications)
  • Right to work information
  • Details of any criminal convictions (e.g. DBS checks)
  • Religious and philosophical beliefs (special category data)
  • Ethnicity and nationality (special category data)
  • Medical conditions and any required reasonable adjustments for interview (special category data)
  • Security clearance details (e.g. basic checks and higher security clearance)
  • Performance records (e.g. reviews, disciplinary records, complaints or disciplinary action)
  • Training history and development needs

Our lawful bases for collecting or using personal information as part of staff recruitment, administration and management are:

  • Contract
  • Legal obligation

3.1 Salaries and pensions

We collect or use the following personal information as part of managing salaries and pensions :

  • Job role and employment contract (e.g. start and leave dates, salary, changes to employment contract or working patterns)
  • Time spent working (e.g. timesheets)
  • Expense, overtime or other payments claimed
  • Leave (e.g. sick leave, holidays or special leave)
  • Maternity, paternity, shared parental and adoption leave and pay
  • Pension details
  • Bank account details
  • Payroll records
  • Tax status

Our lawful bases for collecting or using personal information as part of managing salaries and pensionsare:

  • Contract
  • Legal obligation

3.2 Staff health and wellbeing

We collect or use the following personal information for managing staff health and wellbeing :

  • General health and wellbeing information
  • Occupational health referrals and reports
  • Sick leave forms or fit notes (e.g. Statement of Fitness for Work from a GP or hospital)
  • Accident at work records
  • Access needs or reasonable adjustments
  • Protected Characteristics (as defined by the Equality Act and s.75 of the Northern Ireland Act for the purpose of equal opportunities monitoring)

Our lawful bases for collecting or using personal information as part of managing staff health and wellbeingare:

  • Contract
  • Legal obligation
  • Vital interests

4. Where we get personal information from

We collect your information from the following places:

  • From staff members or volunteers directly
  • Referees (external or internal)
  • Security clearance providers
  • Occupational Health and other health providers
  • Pension administrators or government departments (eg HMRC and DWP)
  • Staff benefit providers

5. How long we keep information

CILIP will only retain personal data where it has a need to do so. Our Retention Schedule sets this out but, in most instances, data relating to:

  • Unsuccessful applicant data is retained for 6 months following successful appointment of a post holder.
  • A full record will be retained for the length of your employment or volunteering with CILIP + 6 years.
  • Pension details will be retained until death of last beneficiary + 6 years.

6. Who we share information with

In some circumstances, CILIP may have to share your personal data with third parties including service providers and government agencies. We may share information with the following organisations:

  • Training suppliers
  • HMRC
  • Employee benefit schemes

In some instances, we may share your data with the emergency services in the event of an accident, our lawful basis to do so would be to protect your vital interests if you were not in a situation to be able to give consent.

We may also need to share personal data to comply with the law or a request from a law enforcement agency such as the police.

7. Data processors

We use the following data processors for the following reasons:

  • ADP

This data processor does the following activities for us: Process our payroll information.

  • KCS

This data processor does the following activities for us: Manage our IT systems.

  • PeopleHR

This data processor does the following activities for us: Stores our HR records.

  • Scottish Widows

This data processor does the following activities for us: Underwrites our pension scheme.

We may also use some additional data processors to provide elements of our services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

8. Data Security

CILIP has put in place appropriate technical and organisational security measures to prevent your personal data from accidental or unlawful unauthorised use, access, and disclosure as well as being altered or destroyed in an accidental or unlawful manner. Personal data within CILIP is only shared with those who need to access it to carry out their role.

9.Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal data.
  • Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

Should you wish to make a subject access request to view your personal data held by us or exercise any of your rights, please contact dataprotection@cilip.org.uk

10. How to complain

If you have any concerns about our use of your personal data, please contact dataprotection@cilip.org.uk

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

06 August 2024

CILIP
Support & Policies
Contact & Info

Accreditations

Cyber Essentials Certified Cyber Essentials Plus Certified

© 2025 Copyright CILIP. All rights reserved.