Privacy notice

This privacy notice explains how and why the Advisory, Conciliation and Arbitration Service (Acas) processes your personal data under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

It tells you what Acas may do with your personal information when you contact us or use one of our services.

If you have a query about this privacy notice, please contact our data protection officer by emailing dataprotection@acas.org.uk or calling 0330 109 7208.

Most of the personal information we process is provided to us directly by you when you:

  • make a complaint or enquiry
  • make an information request (under the Freedom of Information Act, the Environmental Information Regulations or the Data Protection Act)
  • book or attend an event
  • subscribe to email updates
  • apply for a job with us

How we use your personal data

What we collect about you and how we do this depends on:

  • what Acas services you use
  • how much personal data we need to provide these services

1. Acas helpline

If you call our helpline, the number you use to call will be automatically recorded and kept by us for up to 18 months. After this it will be deleted from our helpline database.

We keep your phone number for this period to help us distinguish your call from others. This means we can monitor how many helpline calls we get and what they're about.

Your call to our helpline may be recorded and used:

  • for training purposes – you'll be told this by automated voice message before you speak to a helpline adviser
  • by Acas staff to check that our wider services meet our customers' needs – the recording will be anonymised so staff will not know who made the call

We keep recordings for up to 6 weeks, after which they're deleted.

Your call may lead to your query being referred to another part of Acas, for example to our conciliators. If so, the helpline may pass on relevant personal details about you to other Acas staff who will deal with your case. These details include your name, contact details, and details about your workplace.

2. Conciliation services

If you choose to use Acas's early conciliation or conciliation services – either as a 'claimant' (someone making a claim) or as a 'respondent' (someone responding to a claim) – we'll collect and use personal data to provide this service to you. This is required under the Trade Union and Labour Relations (Consolidation) Act 1992.

This personal data will include your:

  • name
  • address
  • workplace details

Acas may also collect and use other personal data we need for your case, including sensitive personal data. For example, your medical information, trade union membership, racial or ethnic origin.

Acas uses this personal data to:

  • contact claimants and respondents
  • conciliate in cases as part of its legal duty to help resolve employment disputes

Your personal data may also be used by Acas staff and external organisations that it employs for checking that our service meets customer needs.

Information you give during your conciliation case is protected by 'legal privilege'. This means we will not share anything you say in conciliation with the other side in the dispute, unless you give us your clear permission to do so.

How long we keep your data

Personal data from a conciliation case is kept for whichever of the following comes first:

  • 6 months after our last contact with either a claimant or respondent
  • 6 months from when the case is closed

We do this because cases can still be taken forward to an employment tribunal up to 6 months after conciliation has ended.

The claimant's name, employer's name and conciliation case number are kept for a further 6 months before being deleted.

To make sure conciliation cases are confidential, calls relating to conciliation services are not recorded.

3. Training services

When you book or arrange a training course, workshop or project offered by Acas trainers, we collect and use personal data to provide this service to you.

In order to process your request when you make a booking we collect your:

  • name
  • address
  • telephone number
  • email address
  • workplace details

You may also tell us about any special needs you have, such as dietary requirements if food is needed for a training course.

Where Acas charges for its training services, we can keep personal data collected for this purpose for up to 7 years.

Creating an online training account

If you create an online Acas training account to book training, any personal details we collect using this will be stored for as long as you keep your account. This is so you can see your training history.

Acas may use this personal data:

  • for marketing
  • to check our services meet our users' needs
  • to tell you about changes to our services

4. Use of personal data for internal Acas research

We may use personal data we collect as part of the services we offer, to carry out research into employment trends and how well Acas is meeting its users' needs. We'll tell you about this when you sign up to use our services.

If you use our helpline or use our website, we may also ask if you're willing to take part in Acas research, for example a user survey. If you agree, we'll collect personal data – such as contact details – from you for this purpose.

When we do this, we'll do our best to make sure you cannot be recognised from the data before we use it.

We may share personal data, such as your email address. This is for research purposes with external companies that Acas employs to do research and analysis. When we do this, we'll make sure that the external companies only use your personal data in a way that's secure and follows the law.

Confidentiality, storage and security of personal data

We're committed to the confidentiality and privacy of our users. Any personal information you give us will be held securely. It will not be sold or traded to another organisation or company.

We may sometimes need to share information with government departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service).

If we share personal data with an external company or service we employ as part of our work, we make sure:

  • it will be held securely
  • they'll only use it to provide the services or information you've asked for

How we protect your data

We protect the information you give us using physical, electronic and management procedures on use of personal data. Industry-standard secure sockets layer (SSL) encryption is used on web pages where we collect personal information electronically.

We manage risks around use of personal data using the '10 Steps to Cyber Security' framework, managed by The National Cyber Security Centre (a part of the government). Security of our information technology (IT) systems are evaluated using Her Majesty's Government (HMG) Security Policy Framework.

Customer, claimant and respondent data is held in a government secure data centre in the UK. Back-up services are also provided in a separate government secure data centre in the UK.

Legal basis for processing your personal data

Under data protection law, we must have a legal basis to collect, store and use your personal data. If we also use sensitive personal data, we need a second legal basis.

The legal basis for processing most of the personal data we use is that it's necessary:

  • to perform a task in the public interest
  • in the exercise of our legal duties
  • when you have given consent

  • when we make a contract with you

  • to protect your (or someone else's) interests

  • to protect our legitimate corporate interests

Your rights under data protection law

You may have a right to request:

  • a copy of the information that Acas holds about you ('subject access request' (SAR) in the GDPR)
  • that anything inaccurate in your personal data is corrected ('rectification' in the GDPR)
  • that we remove your personal data ('right to erasure' in the GDPR)
  • that we use your personal data only in specific circumstances ('restriction' in the GDPR)
  • that we stop processing your personal data ('object' in the GDPR)
  • to get your personal data so you can reuse it across different services ('data portability' in the GDPR)

You may also have rights in relation to automated decision-making and profiling.

Make a request under data protection law

During the coronavirus (COVID-19) pandemic, we are unable to answer any letters sent through the post, so please email us. There may be a delay responding to you, but we'll try to get back to you as quickly as we can.

You can send a personal data request to dataprotection@acas.org.uk or call 0330 109 7208.

If you're not happy with how Acas has dealt with your request

If you feel there's a problem with your request to Acas you have the right to complain to the Information Commissioner's Office (ICO), the UK's authority on data protection.

You can:

Use of our website and social networking

When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier. We also collect the following:

  • data about how you use the Acas website
  • information about your computer (including your IP address and browser type)
  • demographic data
  • if you visited the website by clicking on a link from a different website, we collect the URL of that website
  • information about your online activity, such as the pages you have viewed and the purchases you have made

Our website offers you the opportunity to 'share' information about Acas on your social media networks. We also maintain pages on some of the largest social media networks.

Sharing your personal data with a social media network may result in the social network provider collecting that information. They may also make the information you share visible to the public.

Acas cannot control or endorse any policies or practices of external social media networks whose functionality you may access through our website. You should always read the privacy policy, and check your privacy settings on any social media network through which you might share information over.

Hotjar on the Acas website

We use Hotjar in order to understand our users' needs. Hotjar is a technology service that helps us better understand how users interact with our website, for example how much time they spend on which pages and which links they choose to click. This enables us to identify areas we can improve.

Hotjar uses cookies and other technologies to collect data on our users' behaviour and their devices, in particular the:

  • device's IP address (captured and stored only in anonymised form)
  • device screen size
  • device type (unique device identifiers)
  • browser information
  • geographic location (country only)
  • preferred language used to display our website

Hotjar stores this information in an anonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar's privacy policy.

You can opt out of Hotjar. This will stop Hotjar from creating a user profile and storing data about you using our site. This will also prevent tracking cookies being created on other websites.

How we use cookies

Cookies are small pieces of data sent to your computer when you visit the website. They help us to collect information about you.

Cookies are stored in the cookie directory of your hard drive, and do not necessarily expire at the end of your session. Session cookies are automatically deleted when you close your browser.

Our use of cookies also allows registered users of the website to be presented with a personalised version of the website, to:

  • carry out transactions
  • have access to information about their account

Email digital@acas.org.uk for more information on how we use cookies.

If you leave the Acas website

The Acas website contains links to other websites. These links are mainly to other government departments, but also to third parties. These websites are not covered by this privacy notice and Acas is not responsible for how they manage privacy.

Data transfers

If we process your personal information on servers or use third-party service providers outside the European Economic Area (EEA), we'll try to ensure your personal information gets the same level of protection as in the EEA.

Changes to this privacy notice

We regularly review this page so you're always aware of:

  • what information we collect
  • how we use it
  • what circumstances, if any, we will share it with other parties.

If this privacy notice changes, we'll update this page.

Last updated 15 June 2020