WE ARE COMMITTED TO RESPECTING YOUR PRIVACY
AND COMPLYING WITH DATA PROTECTION LAW.
We want to help you make informed decisions, so please take a few moments to read this policy.
WHO ARE WE? AND WHY DO WE PROCESS PERSONAL DATA?
We are BigChange Group Limited a mobile workforce management technology company based in Leeds, UK;
Contracts with BigChange constitute written instructions to process the data that you send to us or arrange for others to send to us.
If you do not have a direct contract with BigChange, and you do have a direct relationship with one of our business customers, then you should review their data privacy information; it is likely that they are the Data Controller and will be best placed to help you.
WHAT CUSTOMER DATA DO WE PROCESS?
Where we are processing personal data to fulfil our legal obligations to our business customers, the data that we process and store are determined by our business customers. Typically, business customers process:
In addition, we will process information for business administration purposes e.g. invoicing, shipping and installation of products and delivery of services.
PROCESSING OF YOUR INFORMATION
If you are an employee, subcontractor or supplier with BigChange, you may contact firstname.lastname@example.org to make a Data Subject Access Request, or to ask us to rectify, restrict or stop processing your information at any time.
If you have been invited by one of our BigChange customers to use our learning management system, then please contact their Data Protection Officer for guidance on how to exercise your data privacy rights.
If BigChange are marketing to you directly, and you wish to withdraw consent to our marketing emails, then please contact us at email@example.com.
We will respond to your request promptly and comply with your wishes subject to applicable privacy and other legislation, and any relevant contractual terms and conditions.
If your primary contact is not with us, and is with a BigChange business customer, please contact that business.
Applying to join BigChange
If you have applied for a position with BigChange, we need to process certain information about you. We only ask for details that will genuinely help us to consider you for a role, such as: –
- Contact details including telephone numbers, email address and postal address
- CV / Work History
- Work preferences including role, geographical area, salary
- Publicly available information, or information provided by you, in relation to professional history, educational background, employment history, skills and experience, professional certifications and affiliations, educational and professional qualifications
With your permission, we may ask you to provide information asking for information relating to your gender, ethnicity, sexual orientation, disability, religion and belief. By collecting and Version 4.0 17th November 2021 Page 3 of 6
analysing equality and diversity data, we are able to ensure our recruitment practices are providing fair access and opportunities for all and that we are able to meet our obligations under the Equality Act 2010.
We will store your personal data in our applicant tracking system for 12 months from the date of your initial application/ submission. After the 12 months has expired, your data will automatically be deleted from our records except in circumstances where you are part of a live application process or you have updated your details, in these instances the retention period will be extended by a further 3 months. You have the right to delete your personal information at any time.
DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
We may disclose your information to BigChange Group Limited, its subsidiaries, and other third parties we engage to enable us to provide services to you. A list of current sub-processor categories is available to parties with whom we have contracts to protect confidentiality. You can email firstname.lastname@example.org to request a list of sub-processor categories. We will introduce new sub-processors or retire existing sub-processors in order to deliver and optimise the service we provide to you; it is not practicable for us to consult with you on each appointment. We ensure that our contracts with sub-processors have adequate safeguards to:
Examples of third party providers are Amazon and Microsoft.
BigChange business customers may purchase our integration products or services with third party providers such as Microsoft, Sage and Xero. By ordering these services and using these products we understand that you are instructing us as a Data Processor to pass personal data to/from the third party provider. BigChange is not responsible for the data processing practices of third party providers. We encourage you to review your third party providers’ respective privacy notices before connecting.
BigChange does not sell, trade or rent your information, or use or disclose it for marketing purposes without your prior consent, and does not give or distribute it to any third parties except as described above.
For our general day to day data processing activities, we use third party organisations to help us administer and monitor the services that we provide. Examples of such third parties include our accountants and external auditors.
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
BigChange understands the importance of good information security management and is certified to ISO 27001 to demonstrate this commitment. We identify, develop, implement, maintain and continuously improve a wide range of policies, processes, procedures and technical controls to keep your data secure.
Please be aware that communications over the internet, such as emails and webmails, are not secure unless they have been encrypted. Browser access to BigChange websites and applications that process personal data is encrypted.
Despite the encryption described above, your communications may route through a number of countries before being delivered – this is the nature of the internet – and BigChange is therefore unable to guarantee the security of any information you transmit to or via our website.
BigChange has appropriate organisational and technical measures in place to protect the personal information that we have under our control. These include policies, education & training as well as security controls. We are audited on a regular basis to ensure that these controls continue to meet the requirements of ISO27001.
BigChange websites use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session id), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. Functional cookies are cookies that ensure the proper functioning of the Website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission. Non-functional cookies are cookies that can be set for statistical, social, targeting and commercial purposes.
When you use the BigChange websites, we will set and access cookies on your computer as described below to enhance your user experience and for your convenience in using the site.
MICROSOFT ADD-IN ‘COOKIES’
BigChange Word for Templates and BigChange for Email are integrations between JobWatch and Microsoft Office. We use local storage (similar to Cookies) to hold the users’ email addresses, names, user IDs, an auto-logon access token for JobWatch, and the BigChange webservices URL. This data is stored until you delete it by signing out of the add-in or clearing the browser’s stored data. Auto-logon access tokens for JobWatch expire after 7 days. These are necessary cookies and support the functionality of JobWatch.
GOOGLE ANALYTICS COOKIES
In addition, BigChange uses Google Analytics to help analyse how users use our sites. This analytical tool uses a cookie set by Google to collect standard internet log information and visitor behavior information in an anonymous form. The information generated by the Google analytics cookie about your use of the Websites is transmitted to Google, and used to evaluate and compile statistical reports about this use for BigChange. This information is used by us to improve the user experience.
BigChange will not (and will not allow any third party to) use the statistical analytics tool to track or collect any personally identifiable information about users of our sites, and will not associate any data gathered by means of the Google statistical tool with any personally identifying information.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt out.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
CHANGE YOUR CONSENT
You can change your consent to our cookies at any time using the button below.Update cookie consent
The cookies that are used by BigChange are set to automatically expire 6 months after you visited the website. You can amend your preferences at any time by selecting ‘decline’ on the cookie banner on the website. If you have any concerns then please contact us.
TRANSFER AND USE OF INFORMATION INSIDE AND OUTSIDE THE UK AND EUROPEAN ECONOMIC AREA
BigChange continually improves to maintain a high level of compliance with all applicable data privacy legislation and regulation in the United Kingdom and European Economic Area.
BigChange does not transfer data outside of the combined European Economic Area (EEA) and UK except where sub processors are located in other geographies. In these instances, we will conduct a Data Transfer Impact Assessment to evaluate any risk.
We may export data where customers or other users may access our services and products while visiting countries outside of the EEA. In accordance with our contractual obligations to deliver service, we interpret this as an instruction to export the data. The data protection and other laws of countries outside the EEA may not be as protective of your information as those in the UK or the European Union – in these instances we will take reasonable steps to ensure that your privacy rights are respected, and your personal information adequately protected as required by applicable law.
In light of the recent changes following the Schrems II ruling and the UK’s departure from the European Union, we have standard contract clauses in place with our partners in Europe and undertake transfer assessments to ensure that privacy rights continue to be respected.
Data processed by BigChange is subject to data retention policy and processes which where practicable minimize the retention of data. We retain data to comply with contractual, legislative and regulatory obligations.In order that we are able to provide the best possible service to you, we have agreed and documented retention schedules that we consider to be relevant and proportionate to the service we are providing. If you would like more information on our retention periods, then please contact us at the addresses below.
Our Data Protection Officer can be contacted via email@example.com. Our address is: 3150 Century Way, Thorpe Park, Leeds LS15 8ZB.
Follow the UK’s departure from the European Union, BigChange has appointed an Representative within the EU for queries related to data privacy and to support the fulfilment of data subject rights. If you are an EU resident, and do not have a business contract with BigChange, then please contact RGDP@bigchange.com for advice or write to: BigChange, Legalim, 9 rue Pierre Le Grand, F-75008 Paris.
You have the right to complain about BigChange’s You have the right to complain about BigChange’s personal data management to your country’s data protection regulator; in the UK this is the Information Commissioner’s Office (www.ico.org.uk). The regulator in France can be contacted at www.cnil.fr , and in Cyprus at http://www.dataprotection.gov.cy/ . A full list of the data protection regulators in Europe is available at https://edpb.europa.eu/about-edpb/board/members_en
DOWNLOAD THIS DOCUMENT AS A PDF