This privacy statement explains how and why the Advisory, Conciliation and Arbitration Service (Acas) processes your personal data under the ‘General Data Protection Regulations’ (GDPR) and the Data Protection Act 2018.
If you have a query about this Privacy Statement please contact the Data Protection Officer at the contact details below.
How we use your personal data
Acas collects personal data about you to fulfil the legal functions it is charged to deliver under the Trade Union and Labour Relations (Consolidated) Act 1992.
What we collect about you and how we do this depends on what Acas services you might use, and how much personal data about you we need to provide these services. These are explained below.
1. Acas helpline
If you call our helpline, the telephone number you use to make the call will be automatically recorded and retained by us for a maximum of eighteen months. At this point your phone number will be deleted from our helpline database.
We retain your phone number for this period to uniquely identify your call from others that we receive, in order to monitor the volume and nature of helpline calls we get.
Your call to our helpline may be recorded and used for training purposes. You will be informed of this via an automated voice message before you speak to a helpline adviser. We retain recordings for training purposes for up to six weeks, at which point they are destroyed.
Your call to our helpline may also be recorded and used by Acas staff to check that our wider services meet our customers' needs. If so, the recording will first have its associated telephone number deleted. This makes it impossible for Acas staff to know who made a recorded helpline call when using it for this purpose.
Your call(s) to the helpline may lead to your query being referred to another part of Acas (for example, to our conciliators). If so the helpline may pass on relevant personal details about you (including name, contact details, and details about your workplace) internally to other Acas staff that will deal with your case.
2. Conciliation services
If you choose to use Acas' Early Conciliation or conciliation services, either as a 'claimant' making a claim, or as a 'respondent' - that is, an employer responding to a claim - we collect and use personal data to provide this service to you.
This personal data will include your name, address, and workplace details. Acas may also collect and use further personal data required for your case, including sensitive personal data (for example medical information, trade union membership, or racial/ethnic origin) if this is needed.
Acas uses this personal data to contact claimants and respondents, and to conciliate in cases as part of its statutory duty to help resolve employment disputes. Your personal data may also be used by Acas staff, and external organisations that it employs for the additional purpose of checking that our service meets customer needs.
Information you provide during your conciliation case is regarded as protected by 'legal privilege'. This means we will not share your comments made during the case with the other side in your dispute, unless you give us your clear permission to do so.
Personal data from a conciliation case is kept for six months after last contact with either a claimant or respondent, or six months from when the case is closed, whichever comes first. We keep this as, following the end of conciliation efforts, cases can still be taken forward to an Employment Tribunal within six months of this point.
A claimant's name, employer's name and conciliation case number are kept for a further six months before being deleted.
Telephone calls relating to conciliation services are not recorded. This is in order that conciliation cases remain as confidential as possible.
3. Training services
If you choose to book onto or arrange a training course, workshop or project offered by Acas trainers, we collect and use personal data to provide this service to you.
When you make a booking we collect your name, address, telephone number, e-mail address and workplace details in order to process your request. You may also volunteer any special needs you may have (such as dietary requirements if food is required for a training course). As Acas charges for its training services, we may retain personal data collected for this purpose for up to seven years.
If you choose to create an online Acas training account in order to book training, personal details collected via this will be stored for as long as you keep your account. This is to ensure that a history of provided training is available to you.
Acas may use the personal data collected for the provision of training services, to also provide you with Acas mailings for marketing purposes, to check that our services meet our customers' needs, or to inform you of changes to our services.
4. Use of personal data for internal Acas research
We may use personal data collected as part of the services we offer, to also conduct research into employment trends and on the performance of Acas in meeting user's needs. You will be informed of this when signing up to use our services.
If you use our helpline or use our website, we may additionally ask if you are willing to take part in Acas research, for example as part of a user survey. If you agree we will collect personal data from you e.g. contact details, for this purpose.
Where we do use personal data for research purposes, as far as possible we will try to make this unidentifiable before we use it. This is to help ensure that your privacy is respected when personal data is used by Acas staff for research purposes, or by those providing research services to us.
We may share personal data to be used for research purposes, such as email addresses, with external research companies that have been employed by Acas to carry out research and analysis on our behalf. Where this happens, we will ensure that use of your personal data complies with the law and is kept secure at all times.
5. Making a Freedom of Information (FOI) or Subject Access Request
If you wish to make an FOI or Subject Access Request, your contact details and case history will be collected to process your request and will be kept for two years.
If you wish to make a complaint to the Information Commissioner's Office (ICO) regarding a decision on a FOI or Subject Access Request, Acas is legally obliged to share your case records, which includes personal data, with the ICO in order to progress your complaint. You may withdraw your complaint at any time.
Sensitive personal information
Some of the information you provide to us may be sensitive personal data, such as medical history, criminal convictions, trade union membership or racial/ethnic origin.
We will only ever use sensitive personal data where this is essential to provide advice or to provide one of our statutory services such as conciliation. We may also use medical information you provide to make reasonable adjustments to help you access our services, or to ensure dietary requirements can be met where needed.
Confidentiality, storage and security of personal data
Acas views the confidentiality and privacy of those using its services as paramount. Any personal information you provide will be held securely, and your personal information will not be sold or traded to another organisation or company.
In order to carry out our functions and respond to enquiries effectively, we may sometimes need to share information with Government Departments, the emergency services, law enforcement agencies, and public authorities (such as the Employment Tribunals Service). However, we will only do this where it is permitted by law.
Where Acas might share personal data with an external company or service that we employ as part of our work, we ensure that personal data that we may pass on to them will be held securely, and used by them only to provide the services or information that you have requested.
Acas safeguards the information you provide to us using physical, electronic and management procedures on use of personal data. Industry-standard Secure Sockets Layer (SSL) encryption is used on web pages where we collect personal information electronically over an internet connection.
We manage risks around use of personal data using the '10 Steps to Cyber Security' framework, managed by The National Cyber Security Centre (a part of the Government). Security of our Information Technology (IT) systems are evaluated using Her Majesty's Government (HMG) Security Policy Framework.
Customer, claimant and respondent data is held in a Government secure data centre in the UK. Back-up services are also provided in a separate Government secure data centre in the UK.
Lawful basis for processing
Under data protection law, Acas must have a 'lawful basis' to justify our collection, storage and use of your personal data. Where sensitive personal data is used, we also need to have a second lawful basis to justify our use of your sensitive data.
The purpose of most activities where Acas processes personal data, relates to our legal duties under the Trade Union and Labour Relations (Consolidated) Act 1992.
Our lawful basis for processing of personal data, including for marketing of our charged-for training services, is therefore that it is necessary:
"for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller" (Article 6(1)(e) of the GDPR).
Where we process sensitive personal data, our additional lawful basis to do this depends on the service that Acas requires this for.
For sensitive personal data that may be processed as part of our helpline, conciliation and arbitration services, and to respond to FOI and Subject Access Requests, our lawful basis is where:
"processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity" (Article 9(2)(f) of the GDPR).
Where sensitive personal data may be processed for research and analysis purposes, our lawful basis is where:
"processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes" (Article 9(2)(j) of the GDPR).
Your rights under data protection law
You have a right to request a copy of the information that Acas holds about you.
You have the right to have any inaccuracies corrected.
You may have the right to have your personal information erased:
- to restrict our use of your personal data
- to object to our processing of your personal data;
- to obtain and reuse your personal data for your own purposes across different services ('data portability').
You may have rights in relation to automated decision making and profiling.
You have the right to complain to the national authority on the use of information, which in the UK is the Information Commissioner's Office.
You can send any requests, or any queries about this privacy statement to firstname.lastname@example.org.
You can also write to us at this address:
The Data Protection Officer
22nd & 23rd Floor, Euston Tower
Use of our website and social networking
When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier. We also collect the following:
- data about how you use the Acas website
- information about your computer (including your IP address and browser type)
- demographic data
- if you visited the website by clicking on a link from a different website, we collect the URL of that website
- information about your online activity, such as the pages you have viewed and the purchases you have made.
Our website offers you the opportunity to 'like' or 'share' information about Acas on your social media networks. We also maintain pages on some of the largest social media networks.
Sharing your personal data with a social media network may result in that information being collected by the social network provider or result in that information being made publically available.
Cookies are small pieces of data sent to your computer when you visit the website and which enable us to collect information about you. They are stored in the cookie directory of your hard-drive, and do not necessarily expire at the end of your session. Session cookies are automatically deleted when you close your browser.
The Acas website contains links to other websites, mainly other government departments, but also to those of other third parties. These websites are not covered by this privacy statement and Acas is not responsible for the privacy practices within any of these other websites. You should be aware of this when you leave the website and we encourage you to read the privacy statements of other websites.
Territories outside the European Economic Area (EEA) may not have laws which provide the same level of protection for personal information as those inside the EEA. However, if we process your personal information on servers or use third party service providers based in such territories, we will endeavour to ensure that your personal information is afforded the same level of protection as in the EEA.
Changes to this privacy statement
If this privacy statement changes in any way, we will place an updated version on this web page. If you do not agree with the changes we make please do not continue to use the website. Regularly reviewing this web page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.
Last updated 26 June 2018