WE ARE COMMITTED TO RESPECTING YOUR PRIVACY
AND COMPLYING WITH DATA PROTECTION LAW.
We want to help you make informed decisions, so please take a few moments to read this policy.
WHO ARE WE? AND WHY DO WE PROCESS PERSONAL DATA?
We are BigChange Group Limited a mobile workforce management technology company based in Leeds, UK;
- We provide workforce management data processing services for which we are a Data Processor on behalf of our contracted business customers. Our business customers input and access data about their prospects, customers, suppliers and employees, or arrange for others to do so. The data is collected by our websites, mobile apps, trackers, import services, system integrations, webservices API and integration products, our JobWatch integration products for Sage, Xero, Microsoft Word (Word for documents) and Microsoft Outlook (BigChange for email); and Microsoft Outlook (BigChange for Email);
- We are the Data Controller for BigChange’s employees, prospective employees and suppliers with whom we intend, have or had obligations under contract;
- We maintain a marketing database of prospective and current customer data where consent has been given and not withdrawn, or where we have reason to believe there is legitimate business interest in us keeping you informed of our company, products and services. This information can be collected directly from our website when a customer signs up to hear more about our products and services, or from other publicly available sources such as LinkedIn, or company websites.
Contracts with BigChange constitute written instructions to process the data that you send to us or arrange for others to send to us.
If you do not have a direct contract with BigChange, and you do have a direct relationship with one of our business customers, then you should review their data privacy information; it is likely that they are the Data Controller and will be best placed to help you.
WHAT CUSTOMER DATA DO WE PROCESS?
Where we are processing personal data to fulfil our legal obligations to our business customers, the data that we process and store are determined by our business customers. Typically, business customers process:
- name, and other identity data;
- address and contact details;
- timesheets and expenses;
- skills and qualifications;
- personal or business vehicle details;
- locations and journeys collected via vehicle tracking and other mobile devices;
- driving events and behavior scores calculated using business customer configured algorithms;
- business photographs and videos which may include images of people or identity documents;
- phone call recordings and meeting videos;
- other business, personal and possibly sensitive personal data as determined by our business customers.
In addition, we will process information for business administration purposes e.g. invoicing, shipping and installation of products and delivery of services.
PROCESSING OF YOUR INFORMATION
If you are an employee, subcontractor or supplier with BigChange, you should contact firstname.lastname@example.org to make a Data Subject Access Request, or to ask us to rectify, restrict or stop processing your information at any time.
If BigChange are marketing to you directly, and you wish to withdraw consent to our marketing emails, then please contact us at email@example.com.
We will respond to your request promptly and comply with your wishes subject to applicable privacy and other legislation, and any relevant contractual terms and conditions.
If your primary contact is not with us, and is with a BigChange business customer, please contact that business.
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
We may disclose your information to BigChange Group Limited, its subsidiaries, and other third parties we engage to enable us to provide services to you. A list of current sub-processor categories is available to parties with whom we have contracts to protect confidentiality. You can email firstname.lastname@example.org to request a list of sub-processor categories. We will introduce new sub-processors or retire existing sub-processors in order to deliver and optimise the service we provide to you; it is not practicable for us to consult with you on each appointment. We ensure that our contracts with sub-processors have adequate safeguards to:
- protect your data and use it only for the purpose of delivering our service to you;
- maintain the rights of data subjects where processing of data may be in a different country.
Examples of third party providers are Amazon and Microsoft.
BigChange business customer may purchase our integration products or services with third party providers such as Microsoft, Sage and Xero. By ordering these services and using these products we understand that you are instructing us as a Data Processor to pass personal data to/from the third party provider. BigChange is not responsible for the data processing practices of third party providers. We encourage you to review your third party providers’ respective privacy notices before connecting.
BigChange does not sell, trade or rent your information,or use or disclose it for marketing purposes without your prior consent, and does not give or distribute it to any third parties except as described above.
For our general day to day data processing activities, we use third party organisations to help us administer and monitor the services that we provide. Examples of such third parties include our accountants and external auditors.
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
BigChange understands the importance of good information security management and is certified to ISO 27001 to demonstrate this commitment. We identify, develop,implement, maintain and continuously improve a wide range of policies, processes, procedures and technical controls to keep your data secure.
Please be aware that communications over the internet, such as emails and webmails, are not secure unless they have been encrypted. Browser access to BigChange websites and applications that process personal data is encrypted.
Despite the encryption described above, your communications may route through a number of countries before being delivered – this is the nature of the internet -and BigChange is therefore unable to guarantee the security of any information you transmit to or via our website.
BigChange has appropriate organisational and technical measures in place to protect the personal information that we have under our control. These include policies, education & training as well as security controls. We are audited on a regular basis to ensure that these controls continue to meet the requirements of ISO27001.
BigChange websites use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session id), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. Functional cookies are cookies that ensure the proper functioning of the Website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission. Non-functional cookies are cookies that can be set for statistical, social, targeting and commercial purposes.
When you use the BigChange websites, we will set and access cookies on your computer as described below to enhance your user experience and for your convenience in using the site.
MICROSOFT ADD-IN ‘COOKIES’
BigChange Word for Templates and BigChange for Email are integrations between JobWatch and Microsoft Office. We use local storage (similar to Cookies) to hold the users’ email addresses, names, user IDs, an auto-logon access token for JobWatch, and the BigChange webservices URL. This data is stored until you delete it by signing out of the add-in or clearing the browser’s stored data. Auto-logon access tokens for JobWatch expire after 7 days. These are necessary cookies and support the functionality of JobWatch.
GOOGLE ANALYTICS COOKIES
In addition, BigChange uses Google Analytics to help analyse how users use our sites. This analytical tool uses a cookie set by Google to collect standard internet log information and visitor behavior information in an anonymous form. The information generated by the Google analytics cookie about your use of the Websites is transmitted to Google, and used to evaluate and compile statistical reports about this use for BigChange. This information is used by us to improve the user experience.
BigChange will not (and will not allow any third party to) usethe statistical analytics tool to track or collect any personally identifiable information about users of our sites, and will not associate any data gathered by means of the Google statistical tool with any personally identifying information.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
The cookies that are used by BigChange are set to automatically expire 6 months after you visited the website. You can amend your preferences at any time by selecting ‘decline’ on the cookie banner on the website. If you have any concerns then please contact us.
TRANSFER AND USE OF INFORMATION INSIDE AND OUTSIDE THE UK AND EUROPEAN ECONOMIC AREA
BigChange continually improves to maintain a high level of compliance with all applicable data privacy legislation and regulation in the United Kingdom and European Economic Area.
BigChange does not transfer data outside of the combined European Economic Area (EEA) and UK except where sub processors are located in other geographies. In these instances, we will conduct a Data Transfer Impact Assessment to evaluate any risk.
We may export data where customers or other users may access our services and products while visiting countries outside of the EEA. In accordance with our contractual obligations to deliver service, we interpret this as an instruction to export the data. The data protection and other laws of countries outside the EEA may not be as protective of your information as those in the UK or the European Union – in these instances we will take reasonable steps to ensure that your privacy rights are respected, and your personal information adequately protected as required by applicable law.
In light of the recent changes following the Schrems II ruling and the UK’s departure from the European Union, we have standard contract clauses in place with our partners in Europe and undertake transfer assessments to ensure that privacy rights continue to be respected.
Data processed by BigChange is subject to data retention policy and processes which where practicable minimize the retention of data. We retain data to comply with contractual, legislative and regulatory obligations.In order that we are able to provide the best possible service to you, we have agreed and documented retention schedules that we consider to be relevant and proportionate to the service we are providing. If you would like more information on our retention periods, then please contact us at the addresses below.
Our Data Protection Officer can be contacted via email@example.com. Our address is: 3150 Century Way, Thorpe Park, Leeds LS15 8ZB.
Follow the UK’s departure from the European Union, BigChange has appointed a Representative within the EU for queries related to data privacy and to support the fulfilment of data subject rights. If you are an EU resident, and do not have a business contract with BigChange, then please contact RGDP@bigchange.com for advice or write to: BigChange, Legalim, 9 rue Pierre Le Grand, F-75008 Paris.
You have the right to complain about BigChange’s personal data management to your country’s data protection regulator; in the UK this is the Information Commissioner’s Office www.ico.org.uk. The regulator in France can be contacted at is www.cnil.fr. A full list of the data protection regulators in Europe is available at https://edpb.europa.eu/about-edpb/board/members_en
DOWNLOAD THIS DOCUMENT AS A PDF
Please click here to download this document as a PDF.