We understand well that Personal Data, its security and its protection are increasingly important to individuals and organisations. This is particularly true given the part that GDPR now plays in our lives: GDPR applies to all organisations established in the European Economic Area (EEA) and also to those established outside the EEA, when their processing activities relate to the offering of goods and services to individuals in the EEA or to the monitoring of individuals' behaviour within the EEA. This note is intended to set out the data privacy issues as they impact on our client organisations in respect of Personal Data processed by a Product Author on your behalf and any Personal Data held and/or processed by ourselves.
This Privacy Policy sets out the basis on which any personal data we collect from or about you will be processed by us, whether via our website (www.peopleperformancealliance.com) or during our Services. It also sets out the steps that we take to ensure that any information provided to us is kept secure and is used only for the purposes for which it is provided.
Personal Data:
Website: When you communicate with us via our website, for example, by submitting a query form or using the chat function, we will collect the Personal Data that you provide to us for the purpose of responding accurately to your enquiry. We may also collect technical information about your equipment, browsing actions and patterns through cookies; full details can be found in our Cookie Policy.
Assessments, salary and compensation data, talent framework and other products: We do not collect any Personal Data; all submissions and reports are made and received direct to and from the relevant Product Author.
Employee engagement surveys, analytics, feedback and reporting: We will collect and process email addresses and, in an anonymised format, the responses received from you and / or your employees following participation in our survey questionnaires on the basis that (i) it is in our legitimate interests to do so and for the purposes set out below, and (ii) those interests are not overridden by your interests and your fundamental rights.
Much of the information we hold will have been provided by you, but some may come from other internal sources, such as a Sales representative, or in some cases, external sources, such as marketing or event management agencies. We will combine information we receive from other sources (as set out in this Notice) with information you give to us. We will only use this information and the combined information for the purposes set out in this Notice.
Purposes for which Personal Data may be used
The Personal Data that you provide to us or which we collect about you via our website will be used only for the following purposes:
- To provide information or services to you as requested by you.
- To the extent permitted by law, to tell you about our products and services which may be of interest.
- To improve website content.
Change of Purpose
We will only use your Personal Data for the purposes for which we have collected and processed it, following which, we will delete all of such Personal Data.
Disclosure
As at the date of this Privacy Policy, we share your personal data with the Product Authors stated in this Notice and the following trusted third parties for the purposes of managing our business and providing the information and services you request from us:
- Feedback Works Limited, our survey and feedback consultants.
- Google Analytics, our web analytics provider.
- Zoom Video Communications, Inc
International Transfers
Any Product Author that is based in US (i.e., outside EEA) will be certified under the EU-U.S. Privacy Shield Framework which means they are required to protect your Personal Data in accordance with the Privacy Shield Framework. You can view their certifications at www.privacyshield.gov . Otherwise, all data shall be stored on servers in the EU or UK
Retention of Information
Unless we need to keep your data for legal purposes (such as to defend against a legal claim), we will only retain your Personal Data for 3 months from your last interaction with us, for example, when you submitted a query on our website.
Protection of Information
We have implemented appropriate technology safeguards, security policies and other measures to protect data under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction or accidental loss. These include implementing suitable access controls and ensuring that encryption is used and robust security controls are in place. We also require that all our employees, sub-contractors and others who may be associated with the processing of your data respect your confidentiality.
Your Rights
Data protection laws provide you with the following rights to:
- request access to your Personal Data which enables you to receive a copy of the information we hold about you and to check that we are lawfully processing it.
- request correction of any of your Personal Data that we hold.
- request deletion or restrictive use of your Personal Data.
- request the restriction of processing of your Personal Data, for example if you want to establish its accuracy or the reason for processing it; and
- obtain a copy of the Personal Data you have provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.
Post Brexit situation: Following the United Kingdom’s exit from the European Union (“Brexit”), we intend to observe the advice and guidelines laid down by the Office of Information (see https://ico.org.uk/for-organisations/data-protection-and-brexit/) in terms of data privacy, processing and management. The UK government plans to incorporate the provisions of GDPR into UK law alongside the Data Protection Act 2018 after Brexit. This means that, if you are an organisation in the EEA that sends us any personal data, you can rest assured that we comply with EU data protection laws. Therefore, any references to the General Data Protection Regulation (GDPR) in our contracts or other corporate documentation will include the UK Data Protection Act 2018 to the extent it applies. Other references to EU or European Economic Area (EEA) legislation will include any implementing or equivalent UK legislation, to the extent relevant.
Table I – Summary of Personal Data processed
The following information is required by the GDPR |
|
|
Subject matter of processing |
Employee survey and feedback services |
|
Duration of processing |
Personal Data will be anonymised to the fullest extent possible and processed over a maximum period of 3 months. The data shall then be deleted or returned at the request of and as instructed by the customer. |
|
Nature and Purpose of processing |
The data subject will respond to our questions and the responses evaluated by us to produce a feedback report with results and interpretation, which we will the provide to the customer. The customer will have access to all candidate data, including analytics, feedback and reports. |
|
Type of personal data |
Name, Email Address, Gender, Language, Customer ID, employee demographic information, responses to assessments or surveys and any other data requested by the customer. |
|
Categories of data subjects |
Customer employees. |