Privacy Policy

Collecting personal information

Sometimes the PeoplePlus website may ask for personal information to provide you with a service. This information is collected and stored in a manner appropriate to the nature of the request and on a strictly confidential basis by appropriate PeoplePlus personnel or its licensed agencies. It will not be provided or sold to any company for independent use.

Protection of privacy

PeoplePlus is committed to protecting its’ website users’ privacy and does not engage in unauthorised collection of users’ data or cookies, unless specifically stated at the appropriate website page where such collection might take place. If such data is collected, it is collected and used only with the user’s permission and never for unauthorised marketing or unsolicited emailing purposes (spamming). PeoplePlus does not associate itself with unauthorized marketing or unsolicited emailing or any activities associated with them. If you feel you have received such mail in the PeoplePlus name, please contact us as soon as possible with examples so we can investigate. Furthermore, as required by current relevant legislation (see below), PeoplePlus follows procedures in the storage and disclosure of information to prevent unauthorised access. PeoplePlus does not sell, trade or rent personal information to others. It may provide aggregate statistics about our customers, sales, traffic patterns and related site information to reputable third-party vendors but these statistics include no personally identifying information. By using our website, you consent to PeoplePlus collecting and using certain data as described above. If we change these statements, we will post the changes on this website so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.

Relevant Legislation

Current relevant legislation includes: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) and the General Data Protection Regulation (GDPR). A copy of our full Customer Privacy Statement is available below.

Contact us

Please contact us if you have improvements to suggest or if you believe that PeoplePlus has contravened any of the statements contained on this page by emailing dpo@peopleplus.co.uk. We will ensure that your comments, suggestions and concerns are addressed as quickly as possible.

PeoplePlus Group Limited

Privacy Notice for our Customers and Learners

PeoplePlus takes the security of your personal data very seriously. This privacy statement sets out why we need your information, what we need and how we will use it.

Why do we need data about you?

PeoplePlus, and the supply chain partners we work with to deliver our services, need to collect and use information about you (data) to deliver our range of services including employability support, skills training and independent living support to help you increase your skills, find and keep employment and live independently. PeoplePlus works as a data processor for a number of public bodies including the Department for Work and Pensions (DWP), The Education and Skills Funding Agency (ESFA), devolved administrations in Scotland, Wales and Northern Ireland and local authorities. As the “Data Controller” these bodies are able to lawfully process data in line with the following lawful basis and PeoplePlus as a “Data Processor” for these bodies are able to lawfully process your data on the same basis under the contracts we have with these bodies.

Lawful Basis for Processing

We are able to gather, use and share (process) your data as a “public task in the public interest” under relevant laws, including the General Data Protection Regulation (article 6(1)(e)). We are able to process your sensitive personal (special category) data by ensuring that this processing is proportionate, and is necessary for statistical research purposes under the General Data Protection Regulation (article 9 Sections (2)(g) and (j)).

For the purposes of the General Data Protection Regulation, the various supply chain partners that PeoplePlus use to support delivery of the contracts we have with the various “Data Controllers” are also able to process this information in line with the contractual requirements we have with them.

How will your data be used?

PeoplePlus and our supply chain partners will use your data to: - Help us agree with you the appropriate type of service we can provide to support you in your training or support you into employment and independent living or other service we provide to you. - Monitor and report on our performance in supporting you, including producing statistics and equalities monitoring reports. Privacy Notice for our Customers and Learners Page 1 of 4 PP-078 Version 1.0 - Enable supply chain partners to claim payment from PeoplePlus as per contract. - Better understand how our services work, what difference they make to the people involved and how to improve future services for people like yourself.

What information about you is needed?

To deliver, monitor and evaluate our services, we will ask you for: - Your contact details; - other personal data (for example, your age, gender, National Insurance Number), and; - sensitive / personal data (for example, about your health, religion, ethnicity). We will also ask you about your relevant background / historical information that supports the service we offer to you and will hold information on the support you receive as a participant in the programmes we offer through these public bodies.

How will we store your data?

Your data will not be transferred to, stored at, or processed in a destination outside the European Economic Area (EEA). We will store your information on databases held in locations that have been tested for electronic and physical security and access will be permitted only to those with a need to know. We will not store your personal information for longer than is necessary to deliver and evaluate the services we offer.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Sharing your Data

To deliver our services, PeoplePlus and our supply chain partners may need to share the minimum necessary of your personal and sensitive details with: - potential employers; - specialist training and other organisations necessary for your full participation in the service we offer, where these organisations are covered by a contract held with PeoplePlus and therefore incorporated into our contract(s) held with the data controller; - third party contractors acting on behalf of PeoplePlus to provide support services necessary for the delivery of our service to you; and Privacy Notice for our Customers and Learners Page 2 of 4 PP-078 Version 1.0 - other parties, as is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings).

To evaluate our services, we may also contact you to invite you to take part in the evaluation of our services. The feedback you give will help shape future employability and other services we offer. The information collected will be used for research, evaluation and statistical purposes only. You do not have to take part in evaluation activities if you do not want to. We will not share your contact information for any marketing purposes.

Your Responsibilities

You are reminded that it is your responsibility to ensure the security of your own data (including printed material such as CVs) at all times, including when on PeoplePlus or supply chain partner premises. PeoplePlus cannot accept responsibility for the loss or theft of your personal data if caused by your own negligence.

Your Rights

  • You have the right to access the personal data we process about you. To access the personal data we processes about you, submit a request in writing (by post or email) to the PeoplePlus Data Protection Officer (address below). PeoplePlus will treat this as a Subject Access Request and will respond within one month of receipt of the request. PeoplePlus as the “Data Processor” will need to contact the relevant public body to obtain their authority as “Data Controller” to release your data but we will provide the “Data Controller” with all the assistance they require to meet your demands for access to your personal data on a timely basis.
  • You have the right to object to processing that is or is likely to cause substantial damage or distress to you or another. To exercise this right, please write stating what processing you object to and why it is causing, or is likely to cause you damage or distress. PeoplePlus will consider the request and respond within 21 days to confirm whether the objection is accepted. PeoplePlus as the “Data Processor” will need to contact the relevant public body to obtain their authority as “Data Controller” to respond to your request but we will provide them with all the assistance they require to respond to your request on a timely basis.
  • We seek to ensure that personal data processed is accurate and up to date. You have the right to request to rectify, block, erase or destroy inaccurate information. To exercise this right you can write to PeoplePlus setting out the information and the reasons you wish it to be changed etc. We will consider the request and respond within 21 days to confirm whether the request is accepted. In cases where the inaccurate data is the result of processing by PeoplePlus we will respond to you directly without reference to the public bodies who are our “Data Controllers”. However in some cases the inaccurate data may relate to information we have received about you from the various public bodies we process data for. In these cases we will need to confirm details with the public body but we will work with them to provide you with an appropriate resolution on a timely basis.

Privacy Notice for our Customers and Learners Page 3 of 4 PP-078 Version 1.0

  • You have the right to be confident that we will handle your personal information responsibly and in line with good practice. If you have a concern about the way we are handling your information you can write using the details below.

Processing as Data Controller

The vast majority of the data processing carried out by PeoplePlus is under contracts with public bodies and we process your data as a “Data Processor” in line with the lawful basis outlined above. In a minority of cases the lawful basis of processing may be contractual or by consent or by another lawful basis. In these circumstances we will confirm the specific legal basis to you via additional documentation. Where PeoplePlus requests additional personal data from you above and beyond the data required to act as a Data Processor or in circumstances where PeoplePlus are the Data Controller we will also specifically ask for your consent to process your data. In any circumstances where the lawful basis of processing is your consent you will be able to withdraw your consent at any time.

To exercise these rights, you can write to the PeoplePlus, Data Protection Officer: Postal Address: Data Protection Officer, Edmund House, 6th Floor, 12-22 Newhall Street, Birmingham, B3 3EW Email Address: DPO@peopleplus.co.uk

Complaints

Please note that PeoplePlus have a Complaints procedure and if you need to complain about the way any request you have made in relation to your personal data has not been handled appropriately you can use our Complaints procedure to help resolve this issue. Please ask for a copy of our complaints procedure. If you feel we have been unable, or unwilling, to resolve your information rights concern, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO are the supervisory authority responsible for data protection in the UK. For further information, including independent data protection advice and information in relation to your rights, you can contact the Information Commissioner at: Postal Address: The Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 08456 30 60 60 Website: www.ico.gov.uk You can also report at concern here - https://ico.org.uk/concerns/handling/. Privacy Notice for our Customers and Learners PP-078 Page 4 of 4 Version 1.0