WE ARE COMMITTED TO RESPECTING YOUR PRIVACY
AND COMPLYING WITH DATA PROTECTION LAW.
We want to help you make informed decisions, so please take a few moments to read this policy.
WHO ARE WE? AND WHY DO WE PROCESS PERSONAL DATA?
We are BigChange Group Limited a mobile workforce management technology company based in Leeds, United Kingdom;
- We provide workforce management data processing services for which we are a Data Processor on behalf of our contracted business customers. Our business customers input and access data about their prospects, customers, suppliers and employees, or arrange for others to do so. The data is collected by our websites, mobile apps, trackers, import services, system integrations and webservices API via our integration products,
- We are the Data Controller for BigChange’s employees, prospective employees, customers (for the purposes of contract administration only), and suppliers with whom we intend, have or had obligations under contract;
- We maintain a marketing database of prospective and current customer data where consent has been given and not withdrawn, or where we have reason to believe there is legitimate business interest in us keeping you informed of our company, products and services. This information can be collected directly from our website when a customer signs up to hear more about our products and services, or from other publicly available sources such as LinkedIn, or company websites.
Contracts with BigChange constitute written instructions to process the data that you send to us or arrange for others to send to us.
If you do not have a direct contract with BigChange, and you do have a direct relationship with one of our business customers, then you should review their data privacy information; it is likely that they are the Data Controller and will be best placed to help you.
WHAT CUSTOMER DATA DO WE PROCESS?
Where we are processing personal data to fulfil our legal obligations to our business customers, the data that we process and store are determined by our business customers. Typically, business customers process:
- name, and other identity data;
- address and contact details;
- timesheets and expenses;
- skills and qualifications;
- personal or business vehicle details;
- locations and journeys collected via vehicle tracking and other mobile devices;
- driving events and behaviour scores calculated using business customer configured algorithms;
- business photographs and videos which may include images of people or identity documents;
- phone call recordings and meeting videos;
- other business, personal and possibly sensitive personal data as determined by our business customers.
In addition, we will process information for business administration purposes e.g. invoicing, shipping and installation of products and delivery of services.
If you do not have a direct contract with BigChange, and you do have a direct relationship with one of our business customers, then you should review their data privacy information; it is likely that they process your personal data on your behalf and will be best placed to help you.
PROCESSING OF YOUR INFORMATION
If you are an employee of BigChange, please refer to the Employee Privacy Handbook. If you are a subcontractor or supplier with BigChange, you may contact [email protected] to exercise your data protection rights such as asking us for a copy of your data, to rectify, restrict or stop processing your information at any time.
If you have been invited by one of our BigChange customers to use our learning management system, then please contact their Data Protection Officer or appropriate contact for guidance on how to exercise your data privacy rights.
If BigChange are marketing to you directly, and you wish to withdraw consent to our marketing emails, then please contact us at [email protected].
We will respond to your request promptly and comply with your wishes subject to applicable privacy and other legislation, and any relevant contractual terms and conditions.
If your primary contact is not with us, and is with a BigChange business customer, please contact that business.
APPLYING TO JOIN BIGCHANGE
If you have applied for a position with BigChange, we need to process certain information about you. We only ask for details that will genuinely help us to consider you for a role, such as: –
- Contact details including telephone numbers, email address and postal address
- CV / Work History
- Work preferences including role, geographical area, salary
- Publicly available information, or information provided by you, in relation to professional history, educational background, employment history, skills and experience, professional certifications and affiliations, educational and professional qualifications
With your permission, we may ask you to provide information asking for information relating to your gender, ethnicity, sexual orientation, disability, religion and belief. By collecting and analysing equality and diversity data, we are able to ensure our recruitment practices are providing fair access and opportunities for all and that we are able to meet our obligations under the Equality Act 2010.
We will store your personal data in our applicant tracking system for 12 months from the date of your initial application/ submission. After the 12 months has expired, your data will automatically be deleted from our records except in circumstances where you are part of a live application process or you have updated your details, in these instances the retention period will be extended by a further 3 months. You have the right to delete your personal information at any time.
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
A list of current sub-processor categories is available to parties with whom we have contracts to protect confidentiality. You can email [email protected] to request a list of sub-processor categories. We will introduce new sub-processors or retire existing sub-processors in order to deliver and optimise the service we provide to you
Examples of third party providers are Amazon Web Services and Microsoft.
BigChange business customers may purchase our integration products or services with third party providers such as Microsoft, Sage and Xero. By ordering these services and using these products we understand that you are instructing us as a Data Processor to pass personal data to/from your third party provider. BigChange is not responsible for the data processing practices of third party providers. We encourage you to review your third party providers’ respective privacy notices before connecting.
BigChange does not sell, trade or rent your information, or use or disclose it for marketing purposes without your prior consent, and does not give or distribute it to any third parties except as described above.
For our general day to day data processing activities, we use third party organisations to help us administer and monitor the services that we provide. Examples of such third parties include our accountants and external auditors.
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
BigChange understands the importance of good information security management and is certified to ISO 27001 to demonstrate this commitment. We identify, develop, implement, maintain and continuously improve a wide range of policies, processes, procedures and technical controls to keep your data secure.
Please be aware that communications over the internet, such as emails and webmails, are not secure unless they have been encrypted. Browser access to BigChange websites and applications that process personal data is encrypted.
Despite the encryption described above, your communications may route through a number of countries before being delivered – this is the nature of the internet – and BigChange is therefore unable to guarantee the security of any information you transmit to or via our website.
BigChange has appropriate organisational and technical measures in place to protect the personal information that we have under our control. These include policies, education & training as well as security controls. We are audited on a regular basis to ensure that these controls continue to meet the requirements of ISO27001.
BigChange websites use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session id), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. Functional cookies are cookies that ensure the proper functioning of the Website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission. Non-functional cookies are cookies that can be set for statistical, social, targeting and commercial purposes.
When you use the BigChange websites, we will set and access cookies on your computer as described below to enhance your user experience and for your convenience in using the site.
MICROSOFT ADD-IN ‘COOKIES’
BigChange Word for Templates and BigChange for Email are integrations between the BigChange job management platform and Microsoft Office. We use local storage (similar to Cookies) to hold the users’ email addresses, names, user IDs, an auto-logon access token for the BigChange job management platform, and the BigChange webservices URL. This data is stored until you delete it by signing out of the add-in or clearing the browser’s stored data. Auto-logon access tokens for the BigChange job management platform expire after 7 days. These are necessary cookies and support the functionality of the BigChange job management platform.
BigChange will not allow any third party to use the statistical analytics tool to track or collect any personally identifiable information about users of our sites, and will not associate any data gathered by means of the Google statistical tool with any personally identifying information.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt out.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
CHANGE YOUR CONSENT
You can change your consent to our cookies at any time using the button below.Update cookie consent
The cookies that are used by BigChange are set to automatically expire 6 months after you visited the website. You can amend your preferences at any time by selecting ‘decline’ on the cookie banner on the website. If you have any concerns then please contact us.
TRANSFER AND USE OF INFORMATION INSIDE AND OUTSIDE THE UK AND EUROPEAN ECONOMIC AREA
BigChange continually strives to maintain a high level of compliance with all applicable data privacy legislation and regulation in the United Kingdom, the European Economic Area and beyond
As we have partners and services providers based outside of the UK, personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we put in place Standard Contractual Clauses that are approved by the ICO, the EU or the UK Government after carrying out a detailed assessment to ensure the companies receiving your data can comply with these Clauses. Please contact us if you wish to know more.
In light of the recent changes following the Schrems II ruling and the UK’s departure from the European Union, we have standard contract clauses in place with our partners in Europe and undertake data transfer impact assessments to ensure that privacy rights continue to be respected.
As an internet based platform, customers may also access our services and products while visiting countries outside of the EEA. In accordance with our contractual obligations to deliver service, we interpret this as an instruction to export the data. The data protection and other laws of countries outside the EEA may not be as protective of your information as those in the UK or the European Union.
Data processed by BigChange is subject to data retention policy and processes which where practicable minimize the retention of data. We retain data to comply with contractual, legislative and regulatory obligations. In order that we are able to provide the best possible service to you, we have agreed and documented retention schedules that we consider to be relevant and proportionate to the service we are providing. If you would like more information on our retention periods, then please contact us at the addresses below.
Our Data Protection Officer can be contacted via [email protected]. Our address is: 3150 Century Way, Thorpe Park, Leeds LS15 8ZB.
Follow the UK’s departure from the European Union, BigChange has appointed an Representative within the EU for queries related to data privacy and to support the fulfilment of data subject rights. If you are an EU resident, and do not have a business contract with BigChange, then please contact [email protected] for advice or write to: BigChange, Legalim, 9 rue Pierre Le Grand, F-75008 Paris.
You have the right to complain about BigChange’s You have the right to complain about BigChange’s personal data management to your country’s data protection regulator; in the UK this is the Information Commissioner’s Office (www.ico.org.uk). The regulator in France can be contacted at www.cnil.fr , and in Cyprus at https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/ . A full list of the data protection regulators in Europe is available at https://edpb.europa.eu/about-edpb/board/members_en
DOWNLOAD THIS DOCUMENT AS A PDF