This privacy notice explains how and why the Advisory, Conciliation and Arbitration Service (Acas) processes your personal data under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.
If you have a query about this privacy notice, please contact our data protection officer by emailing firstname.lastname@example.org.
How we use your personal data
Under the Trade Union and Labour Relations (Consolidation) Act 1992, Acas must collect personal data about you.
What we collect about you and how we do this depends on:
- what Acas services you use
- how much personal data we need to provide these services
1. Acas helpline
If you call our helpline, the number you use to call will be automatically recorded and kept by us for up to 18 months. After this it will be deleted from our helpline database.
We keep your phone number for this period to help us distinguish your call from others. This means we can monitor how many helpline calls we get and what they're about.
Your call to our helpline may be recorded and used:
- for training purposes – you'll be told this by automated voice message before you speak to a helpline adviser
- by Acas staff to check that our wider services meet our customers' needs – the recording will be anonymised so staff will not know who made the call
We keep recordings for up to 6 weeks, after which they're deleted.
Your call may lead to your query being referred to another part of Acas, for example to our conciliators. If so, the helpline may pass on relevant personal details about you to other Acas staff who will deal with your case. These details include your name, contact details, and details about your workplace.
2. Conciliation services
If you choose to use Acas's early conciliation or conciliation services – either as a 'claimant' (someone making a claim) or as a 'respondent' (someone responding to a claim) – we'll collect and use personal data to provide this service to you.
This personal data will include your:
- workplace details
Acas may also collect and use other personal data we need for your case, including sensitive personal data. For example, your medical information, trade union membership, racial or ethnic origin.
Acas uses this personal data to:
- contact claimants and respondents
- conciliate in cases as part of its legal duty to help resolve employment disputes
Your personal data may also be used by Acas staff and external organisations that it employs for checking that our service meets customer needs.
Information you give during your conciliation case is protected by 'legal privilege'. This means we will not share anything you say in conciliation with the other side in the dispute, unless you give us your clear permission to do so.
How long we keep your data
Personal data from a conciliation case is kept for whichever of the following comes first:
- 6 months after our last contact with either a claimant or respondent
- 6 months from when the case is closed
We do this because cases can still be taken forward to an employment tribunal up to 6 months after conciliation has ended.
The claimant's name, employer's name and conciliation case number are kept for a further 6 months before being deleted.
To make sure conciliation cases are confidential, calls relating to conciliation services are not recorded.
3. Training services
When you book or arrange a training course, workshop or project offered by Acas trainers, we collect and use personal data to provide this service to you.
In order to process your request when you make a booking we collect your:
- telephone number
- email address
- workplace details
You may also tell us about any special needs you have, such as dietary requirements if food is needed for a training course. As Acas charges for its training services, we can keep personal data collected for this purpose for up to 7 years.
Creating an online training account
If you create an online Acas training account to book training, any personal details we collect using this will be stored for as long as you keep your account. This is so you can see your training history.
Acas may use this personal data:
- for marketing
- to check our services meet our users' needs
- to tell you about changes to our services
4. Use of personal data for internal Acas research
We may use personal data we collect as part of the services we offer, to carry out research into employment trends and how well Acas is meeting its users' needs. We'll tell you about this when you sign up to use our services.
If you use our helpline or use our website, we may also ask if you're willing to take part in Acas research, for example a user survey. If you agree, we'll collect personal data – such as contact details – from you for this purpose.
When we do this, we'll do our best to make sure you cannot be recognised from the data before we use it.
We may share personal data, such as your email address. This is for research purposes with external companies that Acas employs to do research and analysis. When we do this, we'll make sure that the external companies only use your personal data in a way that's secure and follows the law.
Sensitive personal information
Some of the information you give us may be sensitive personal data, such as:
- medical history
- criminal convictions
- trade union membership
- racial or ethnic origin
We'll only ever use sensitive personal data when we have to – to provide advice or one of our statutory services, such as conciliation.
We may also use medical information you give us to make sure:
- you can access our services
- your dietary needs are met, for example if you have an allergy
Confidentiality, storage and security of personal data
We're committed to the confidentiality and privacy of our users. Any personal information you give us will be held securely. It will not be sold or traded to another organisation or company.
We may sometimes need to share information with government departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service).
If we share personal data with an external company or service we employ as part of our work, we make sure:
- it will be held securely
- they'll only use it to provide the services or information you've asked for
How we protect your data
We protect the information you give us using physical, electronic and management procedures on use of personal data. Industry-standard secure sockets layer (SSL) encryption is used on web pages where we collect personal information electronically.
We manage risks around use of personal data using the '10 Steps to Cyber Security' framework, managed by The National Cyber Security Centre (a part of the government). Security of our information technology (IT) systems are evaluated using Her Majesty's Government (HMG) Security Policy Framework.
Customer, claimant and respondent data is held in a government secure data centre in the UK. Back-up services are also provided in a separate government secure data centre in the UK.
Lawful basis for processing
Under data protection law, we must have a legal basis to collect, store and use your personal data. If we also use sensitive personal data, we need a second legal basis.
The legal basis for processing most of the personal data we use is that it's necessary:
- to perform a task in the public interest
- in the exercise of our legal duties
Processing sensitive personal data
The legal basis we use to process sensitive personal data depends on what we need the data for.
If we process it as part of our helpline, conciliation and arbitration services, our legal basis is that it's necessary to 'establish, exercise or defend legal claims or where courts are acting in their judicial capacity'.
If we process sensitive personal data for research and analysis our legal basis is that it's necessary for 'archiving purposes in the public interest, scientific or historical research purposes or statistical purposes'.
Where sensitive personal data may be processed for research and analysis purposes, our lawful basis is where it's necessary 'for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes'.
Your rights under data protection law
You may have a right to request:
- a copy of the information that Acas holds about you ('access' in the GDPR)
- that anything inaccurate in your personal data is corrected ('rectification' in the GDPR)
- that we remove your personal data ('right to erasure' in the GDPR)
- that we use your personal data only in specific circumstances ('restriction' in the GDPR)
- that we stop processing your personal data ('object' in the GDPR)
- to get your personal data so you can reuse it across different services ('data portability' in the GDPR)
You may also have rights in relation to automated decision-making and profiling.
Make a request under data protection law
You can send a personal data request to email@example.com.
If you’re not happy with how Acas has dealt with your request
If you feel there's a problem with your request to Acas you have the right to complain to the Information Commissioner's Office (ICO), the UK's authority on data protection.
You can make a complaint on the ICO website.
Telephone: 0303 123 1113
Use of our website and social networking
When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier. We also collect the following:
- data about how you use the Acas website
- information about your computer (including your IP address and browser type)
- demographic data
- if you visited the website by clicking on a link from a different website, we collect the URL of that website
- information about your online activity, such as the pages you have viewed and the purchases you have made
Our website offers you the opportunity to 'share' information about Acas on your social media networks. We also maintain pages on some of the largest social media networks.
Sharing your personal data with a social media network may result in the social network provider collecting that information. They may also make the information you share visible to the public.
Hotjar on the Acas website
We use Hotjar in order to understand our users' needs. Hotjar is a technology service that helps us better understand how users interact with our website, for example how much time they spend on which pages and which links they choose to click. This enables us to identify areas we can improve.
- device's IP address (captured and stored only in anonymised form)
- device screen size
- device type (unique device identifiers)
- browser information
- geographic location (country only)
- preferred language used to display our website
You can opt out of Hotjar. This will stop Hotjar from creating a user profile and storing data about you using our site. This will also prevent tracking cookies being created on other websites.
Cookies are small pieces of data sent to your computer when you visit the website. They help us to collect information about you.
Cookies are stored in the cookie directory of your hard drive, and do not necessarily expire at the end of your session. Session cookies are automatically deleted when you close your browser.
- carry out transactions
- have access to information about their account
If you leave the Acas website
The Acas website contains links to other websites. These links are mainly to other government departments, but also to third parties. These websites are not covered by this privacy notice and Acas is not responsible for how they manage privacy.
If we process your personal information on servers or use third-party service providers outside the European Economic Area (EEA), we'll try to ensure your personal information gets the same level of protection as in the EEA.
Changes to this privacy notice
We regularly review this page so you're always aware of:
- what information we collect
- how we use it
- what circumstances, if any, we will share it with other parties.
If this privacy notice changes, we'll update this page.
Last updated 27 March 2020