This privacy notice explains how and why the Advisory, Conciliation and Arbitration Service (Acas) processes your personal data under the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
It tells you what Acas may do with your personal information when you contact us or use one of our services.
If you have a query about this privacy notice, please contact our data protection officer by emailing firstname.lastname@example.org.
Most of the personal information we process is provided to us directly by you when you:
- make a complaint or enquiry
- make an information request (under the Freedom of Information Act, the Environmental Information Regulations or the Data Protection Act)
- book or attend an event
- subscribe to email updates
- apply for a job with us
How we use your personal data
What we collect about you and how we do this depends on:
- what Acas services you use
- how much personal data we need to provide these services
1. Acas helpline
If you call our helpline, the number you use to call will be automatically recorded and kept by us for up to 18 months. After this it will be deleted from our helpline database.
We keep your phone number for this period to help us distinguish your call from others. This means we can monitor how many helpline calls we get and what they're about.
Your call to our helpline may be recorded and used:
- for training purposes – you'll be told this by automated voice message before you speak to a helpline adviser
- by Acas staff to check that our wider services meet our customers' needs – the recording will be anonymised so staff will not know who made the call
We keep recordings for 30 days, after which they're deleted.
You may ask for more information to be sent to you or for your call to be referred to another part of Acas, for example to our conciliators. If so, the helpline may pass on relevant personal details about you to other Acas staff who will deal with your case. These details include your name, contact details, and details about your workplace.
2. Conciliation services
If you choose to use Acas's early conciliation or conciliation services – either as a 'claimant' (someone making a claim) or as a 'respondent' (someone responding to a claim) – we'll collect and use personal data to provide this service to you. This is required under the Trade Union and Labour Relations (Consolidation) Act 1992.
This personal data will include your:
- workplace details
Acas may also collect and use other personal data we need for your case, including sensitive personal data. For example, your medical information, trade union membership, racial or ethnic origin.
Acas uses this personal data to:
- contact claimants and respondents
- conciliate in cases as part of its legal duty to help resolve employment disputes
Your personal data may also be used by Acas staff and external organisations that it employs for checking that our service meets customer needs.
Information you give during your conciliation case is protected by 'legal privilege'. This means we will not share anything you say in conciliation with the other side in the dispute, unless you give us your clear permission to do so.
How long we keep your data
Personal data from a conciliation case is kept for whichever of the following comes first:
- 6 months after our last contact with either a claimant or respondent
- 6 months from when the case is closed
We do this because cases can still be taken forward to an employment tribunal up to 6 months after conciliation has ended.
The claimant's name, employer's name and conciliation case number are kept for a further 6 months before being deleted.
To make sure conciliation cases are confidential, calls relating to conciliation services are not recorded.
3. Training services
When you book or arrange a training course, workshop or project offered by Acas trainers, we collect and use personal data to provide this service to you.
In order to process your request when you make a booking we collect your:
- telephone number
- email address
- workplace details
You may also tell us about any special needs you have, such as dietary requirements if food is needed for a training course.
Where Acas charges for its training services, we can keep personal data collected for this purpose for up to 7 years.
Creating an online training account
If you create an online Acas training account to book training, any personal details we collect using this will be stored for as long as you keep your account. This is so you can see your training history.
Acas may use this personal data:
- for marketing
- to check our services meet our users' needs
- to tell you about changes to our services
4. Use of personal data for internal Acas research
We may use personal data we collect as part of the services we offer, to carry out research into employment trends and how well Acas is meeting its users' needs. We'll tell you about this when you sign up to use our services.
If you use our helpline or use our website, we may also ask if you're willing to take part in Acas research, for example a user survey. If you agree, we'll collect personal data – such as contact details – from you for this purpose.
When we do this, we'll do our best to make sure you cannot be recognised from the data before we use it.
We may share personal data, such as your email address. This is for research purposes with external companies that Acas employs to do research and analysis. When we do this, we'll make sure that the external companies only use your personal data in a way that's secure and follows the law.
Confidentiality, storage and security of personal data
We're committed to the confidentiality and privacy of our users. Any personal information you give us will be held securely. It will not be sold or traded to another organisation or company.
We may sometimes need to share information with government departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service).
If we share personal data with an external company or service we employ as part of our work, we make sure:
- it will be held securely
- they'll only use it to provide the services or information you've asked for
How we protect your data
We protect the information you give us using physical, electronic and management procedures on use of personal data. Industry-standard secure sockets layer (SSL) encryption is used on web pages where we collect personal information electronically.
We manage risks around use of personal data using the '10 Steps to Cyber Security' framework, managed by The National Cyber Security Centre (a part of the government). Security of our information technology (IT) systems are evaluated using Her Majesty's Government (HMG) Security Policy Framework.
Customer, claimant and respondent data is held in a government secure data centre in the UK. Back-up services are also provided in a separate government secure data centre in the UK.
Legal basis for processing your personal data
Under data protection law, we must have a legal basis to collect, store and use your personal data. If we also use sensitive personal data, we need a second legal basis.
The legal basis for processing most of the personal data we use is that it's necessary:
- to perform a task in the public interest
- in the exercise of our legal duties
when you have given consent
when we make a contract with you
to protect your (or someone else's) interests
to protect our legitimate corporate interests (to develop our products or services and grow our business)
Your rights under data protection law
You may have a right to request:
- a copy of the information that Acas holds about you ('subject access request' (SAR) in the UK GDPR)
- that anything inaccurate in your personal data is corrected ('rectification' in the UK GDPR)
- that we remove your personal data ('right to erasure' in the UK GDPR)
- that we use your personal data only in specific circumstances ('restriction' in the UK GDPR)
- that we stop processing your personal data ('object' in the UK GDPR)
- to get your personal data so you can reuse it across different services ('data portability' in the UK GDPR)
You may also have rights in relation to automated decision-making and profiling.
Make a request under data protection law
You can send a personal data request to email@example.com.
If you're not happy with how Acas has dealt with your request
If you feel there's a problem with your request to Acas you have the right to complain to the Information Commissioner's Office (ICO), the UK's authority on data protection.
- make a complaint on the ICO website
- call ICO on 0303 123 1113
Use of our website and social networking
When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier. We also collect the following:
- data about how you use the Acas website
- information about your computer (including your IP address and browser type)
- demographic data
- if you visited the website by clicking on a link from a different website, we collect the URL of that website
- information about your online activity, such as the pages you have viewed and the purchases you have made
Our website offers you the opportunity to 'share' information about Acas on your social media networks. We also maintain pages on some of the largest social media networks.
Sharing your personal data with a social media network may result in the social network provider collecting that information. They may also make the information you share visible to the public.
Hotjar on the Acas website
We use Hotjar in order to understand our users' needs. Hotjar is a technology service that helps us better understand how users interact with our website, for example how much time they spend on which pages and which links they choose to click. This enables us to identify areas we can improve.
- device's IP address (captured and stored only in anonymised form)
- device screen size
- device type (unique device identifiers)
- browser information
- geographic location (country only)
- preferred language used to display our website
You can opt out of Hotjar. This will stop Hotjar from creating a user profile and storing data about you using our site. This will also prevent tracking cookies being created on other websites.
Cookies are small pieces of data sent to your computer when you visit the website. They help us to collect information about you.
Cookies are stored in the cookie directory of your hard drive, and do not necessarily expire at the end of your session. Session cookies are automatically deleted when you close your browser.
- carry out transactions
- have access to information about their account
If you leave the Acas website
The Acas website contains links to other websites. These links are mainly to other government departments, but also to third parties. These websites are not covered by this privacy notice and Acas is not responsible for how they manage privacy.
If we process your personal information on servers or use third-party service providers outside the European Economic Area (EEA), we'll try to ensure your personal information gets the same level of protection as in the EEA.
Changes to this privacy notice
We regularly review this page so you're always aware of:
- what information we collect
- how we use it
- what circumstances, if any, we will share it with other parties.
If this privacy notice changes, we'll update this page.
Last updated 2 September 2021