People Perform Consulting Limited is a UK-based talent consultancy specialising in talent management and leadership development.
Our approach to privacy
People Perform places a high priority on safeguarding confidential information and processing personal data in an ethical manner, and we take our responsibility for the security of customer and employee data very seriously. To help us continue to achieve this, we have embedded privacy by design and by default within our operating procedures and service delivery. This means that privacy and data protection is taken into consideration and implemented in the design and delivery of our business services, marketing functions, IT systems and overall business practices so that our clients, employees and service users’ right to data privacy and data protection is our default position when processing data.
This ensures that no additional actions are required by you to ensure your privacy is honoured and protected. It also means we will not share your data with third parties for marketing purposes and will only do so when necessary to provide a business service you have requested, or if legally obligated to do so.
In order to carry out other business functions and to deliver our services, we rely on the following lawful conditions for processing personal data:
We will be clear and transparent with you about which lawful basis is used when processing your personal data.
Collecting personal data
In order to deliver our services and to carry out necessary business functions, we may collect certain personal data from you in a variety of ways, such as, through our website, via email, an online portal, or verbally. These details may include (where applicable), names, contact information and basic employment details. Depending on the service we are delivering to you or your company, we may also ask for more detailed information about your employment such as the department or team you work in, your length of employment and professional goals. When receiving coaching from People Perform, information considered sensitive may emerge during the course of discussions with your assigned coach. These relationships are bound by strict confidence, and any notes collated by your coach are treated accordingly.
Personal data we obtain is collected in a few key ways:
Where your data is provided to us by an authorised third party such as your employer (i.e. in the form of course delegate lists), it is the third party’s responsibility to ensure they have the correct lawful basis in place to share this data with People Perform.
The purposes of processing personal data
Your data may be used for a number of purposes including, but not limited to: to provide all the elements of the talent, learning & development services we have been contracted to provide by yourself or your employers contacting you in the event of a workshop time change or cancellation, to assess the quality of our services, administrative activities, crime prevention/detection (i.e. fraud), legal obligations of the business, statistical and marketing analysis, customer surveys, customer relations communications and offering you services and products we believe may interest you.
You will always be told what we intend to do with any personal data we collect from you, however the principal reasons are to:
More specifically, these may take the form of the below likely scenarios:
Individuals engaged with a People Perform service as part of a development programme we are contracted to deliver.
When taking part in a service (e.g. diagnostic, survey, workshop) as part of a programme we are contracted to deliver, the information you provide will only be used for the stated purposes and/or those you consented to. This may include product research & development, administrative and legal purposes, statistical analysis, systems testing, or service maintenance and development. In this scenario, we would be relying on contractual necessity as the primary legal basis for processing personal data. The personal data you provide here will either be anonymised or deleted after 2 years.
We may need to provide your personal data to an Approved Practitioner (an associate or independent practitioner authorised to deliver People Performs solutions), or a Client Practitioner (a colleague in your organisation authorised to deliver People Perform solutions) if you are enrolled on a programme delivered by either party for talent, learning & development. Please see the section titled “cross-border transfers of personal data” for more information on when it may be necessary to transfer your data to another country or out of the EEA.
User interactions with online services and resources such as our website, webinar registrations, or downloading white papers.
We may collect information to better understand how visitors use our website and interact with our marketing content, so we can offer timely and relevant information. When using our website to register for a webinar, or download a white paper, your data may be used for the following:
In this scenario, we would be relying on legitimate interests and where required, consent, as the primary legal bases for processing personal data. People Perform will only keep data for as long as is necessary to meet these purposes. We will never share, sell, or rent individual personal information to an external party without your advance permission, or unless ordered by a court of law. The personal data you provide to us is only available to relevant employees and contracted service providers. If required by law, People Perform may disclose data to government and/or enforcement agencies.
If we intend to use your data for a new purpose outside of those detailed in this Policy, this policy will be updated to keep you informed of the same; should consent be required from affected individuals, then it will be sought. People Perform will never supply your data to third parties for marketing purposes.
Cross-border transfers of personal data
If you are based in the UK, People Perform will not ordinarily transfer your data outside of the UK. In some cases, however, it may be necessary to do so for example if as part of an online assessment where you are part of an international organisation and your team is based in multiple countries. In these instances, we may need to share data with your line manager who may be located outside of the UK, or with an Approved Practitioner to deliver our services to you if you are located outside of the UK.
Where it is necessary to transfer your data outside of the UK in the delivery of services to meet our contractual requirements to you, we will ensure an adequate level of protection is in place to safeguard your data. We understand that some countries may not have data privacy laws as strong as those in force in the UK, however we will ensure that the data protection standards employed in the UK are observed by our delivery partners with whom we need to share information in all of the countries they operate. International recipients will be required to demonstrate compliance and adhere to defined protocols via a Data Processor Agreement, Code of Conduct, and/or a relevant recognised data protection or security certification. These safeguards are intended to ensure that, post-transfer, your data is subject to security measures no less rigorous than those required by data protection legislation in force in the UK.
In some instances, we may seek authorisation from the Information Commissioner’s Office (ICO) prior to a cross-border data transfer.
Keeping personal data secure
Our website, emails and online services are protected by firewalls and we have implemented security policies, rules and technical measures to protect the data in our control. These security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
Any information you provide us with when using our services is stored centrally on secure cloud-based systems. Direct access to these databases are restricted to authorised personnel and their appointed agents only. We have taken every reasonable step to ensure that your personal data is held securely at all times, and that access to these are closely monitored. We use security measures to protect against the loss, misuse and alteration of data within our systems.
Please be aware however, that no internet or email transmission is ever fully secure or error free. You should take special care in deciding what personal data you send to us via email and keep this in mind when disclosing any personal data to us via the internet.
Controlling your personal data
Any personal data we collect from you or we generate as a result of your interaction with our systems and services belongs to you. Under the data protection laws in the UK you therefore have the right to know if your data is being processed, why and for how long. This will include details of what categories of data we process (e.g. storing your name and contact details in a CRM system), whether your data has been disclosed to third parties and their identities, and how to raise a complaint with the Information Commissioner’s Office (ICO).
In addition to your right of access to data we process, People Perform will uphold other rights afforded to you under the applicable data protection laws in the UK, namely:
If you believe that any information we are holding about you is incorrect or incomplete or wish to exercise any of your rights in relation to your personal data, please advise us by email at email@example.com ‘Personal Data Request’ headed in the subject bar. We aim to respond promptly to any requests.
However, please note that depending on the complexity and scope of your request, it may take up to 30 days for us to provide you with an adequate response.
Please contact firstname.lastname@example.org to query any aspect of our data processing activities if you have completed (or are about to complete) a diagnostic or psychometric survey with us.
We have in place a procedure if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service occurs. We will assess the scope and impact of the breach. Based on the assessment of the likely risks to individuals, we will notify the individuals and/or their connected organisations that a data breach has occurred where this may result in a significant risk to the rights and freedoms of individuals, or where we may be in breach of a contractual obligation. Any such notification to individuals will be carried out as soon as reasonably possible and will include information on the nature of the breach, the name and contact details of our Data Protection Officer, the likely consequences of the breach, measures taken or proposed by People Perform to address it, and recommendations for affected individuals to mitigate any potential adverse effects. Such individuals will also be provided advice on how to make a complaint to the ICO.
If, due to the nature of the breach that People Perform is required to inform the ICO, we will do so within 72 hours of becoming aware of the essential facts of the breach. Such notification must include at least: your name and contact details; the date and time of the breach (or an estimate); the date and time we detected it; basic information about the type of breach; and basic information about the personal data concerned.
You may also contact the ICO directly if you have a serious concern about how your data was handled via the following link: https://ico.org.uk/concerns/
Who has access to your personal data?
The data we collect about you is generally accessed only by authorised People Perform employees for legitimate business purposes and providing services as part of a contract. However, if we work with partners or contractors, they may have limited access to your personal data but only so much to do their job.
If for example, a delegate has completed a development or personality diagnostic, the profile produced from this data will only be provided to the delegate and will not be shared with anyone else without their prior consent. If the delegate attends a People Perform workshop, we would not share his or her profile with a group of their peers. During a workshop, an individual may be invited by the People Perform facilitator leading the session to share some information from their profile with the group, however this is their personal choice and done at their own discretion.
The following outlines who has access to your personal data, and under what circumstances:
How long we hold data
It is People Performs practice that personal data is retained only for the appropriate period of time – neither too long nor too short. We have in place internal guidelines for employees on how long data should be retained detailed in a Data Retention policy. This specifies that we will need to keep certain information about employees, clients, suppliers and other individuals or organisations we interact with over the course of business to carry out certain business functions for up to 6 years to monitor and improve the quality of our service, for our records and to meet certain legal and compliance requirements.
In summary, client personal data will be held for as long as the individual or their employer is in receipt of services from People Perform, plus up to a maximum of 6 years. Where a client makes a specific request for their data to be deleted sooner and it does not conflict with any legal or compliance requirement to hold data for longer, we will honour the request. Employee personal data will be held for the duration of employment and then for 6 years after the last day of contractual employment. Employee contracts will be held for 6 years after last day of contractual employment.
Where data is held by third parties in support of the services we provide to you, the third parties are contractually bound to either delete data upon our request, delete data at the end of our supplier contract with them, or to anonymise data after 2 years of receipt.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us. Cookies can also be controlled by the functions within your browser, so do consider changing as you see fit.
Links from our website
Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over the other websites and are not responsible for the privacy practices of such other websites.
If you submit personal data and other information to a website to which we link, we are not responsible for its protection and privacy. Always exercise caution when submitting data to websites. Read the site’s data protection and privacy policies fully.
If we make substantive changes to this Policy, we will announce it on our website to ensure that you are aware of the information we collect and how we use it at all times.
If you have any questions regarding this Policy or wish to contact us, please get in touch by using the details below.
People Perform Consulting Limited
Telephone: 0333 577 1319
Last updated June 2018, in accordance with the requirements of the General Data Protection Regulation (GDPR).
If we make substantive changes to this policy, we will announce it on our website to ensure that you are aware of the relevant changes.
How to contact us
If you have any questions regarding this policy or how we manage your privacy overall, please contact us at email@example.com.