Serco Employment, Skills and Enterprise

Privacy Policy

See here Inspiring Families Privacy Policy

See here Work Programme Privacy Policy 

1) Introduction

Serco Limited (“Serco”, “we” or “us”) takes its data protection and privacy responsibilities seriously. This Serco ESE Website Privacy Policy will help you understand how Serco collects, uses, discloses, holds and safeguards your personal information when you visit our website (https://www.serco-ese.com) and/or submit a query to us.

2) Personal Data Collected 

We may collect information directly from you in various ways, including: over the phone, via email or
otherwise in writing or via our IT systems. The personal information collected may include the following:

  • Personal Details: full name, title, contact address, telephone numbers, email addresses.
  • IT Details: information about the browser or device you used and the date and time you accessed our IT systems
  • Communication details including details of your query.  

Special Category and Sensitive Data
We will not intentionally or systematically seek to collect, store or otherwise use information about you classed as ‘special categories of data' or 'sensitive data' (for example, information relating to your ethnic origin, health or sexual orientation, criminal history). 

3) How And Why We Use Your Personal Data

We will process your personal information where necessary for our legitimate interests, as listed below, and where such interests are not overridden by your data protection rights:

  • To contact you and manage any enquiries, complaints and feedback, including sharing with relevant ESE business units. 

  • To protect our legal rights and manage the security of our IT networks; 
  • For research purposes;
  • Sale or reorganisation of the business; and
  • For staff training purposes. 

Serco sometimes handles personal information based on you providing your consent, for purposes which are required by law. We may also rely on exemptions under the applicable data protection law and any such exemption will take priority over this ESE Website Privacy Policy to the extent of any inconsistency.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We undertake balancing tests (also known as legitimate interest assessments) in relations to data processing activities which we carry out on the basis of legitimate interests and believe that such activities are justified and not overridden by your data protection rights. 

If you have any queries about our use of your personal information please contact our DPO using the details set out in section 8. 

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

4    Data Sharing

We will only share your personal information with third parties for the purposes stated above, including: 

  • The Operator of the relevant ESE business unit you submitted your query about. Please refer to the ESE Privacy Charter for more details [URL]
  • our external service providers that process your data for us on our behalf, including our IT service providers.
  • other organisations within the Serco group of companies, where such disclosure is necessary for our business;  
  • professional advisors (e.g. law firms, insurers, auditors); and
  • Government, regulatory and law enforcement bodies as required. 

We may disclose your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets. Less commonly, we may process and share your personal data with third parties where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.

Transferring your personal information outside the European Economic Area 

Serco operates on a global basis and accordingly we may share personal information with other companies within Serco Group located outside the European Economic Area, but we will ensure such transfers are covered by our intra-group data sharing agreement entered into by all relevant entities.

We may disclose your personal information to third parties outside the European Economic Area. Where we transfer your personal data outside of the European Economic Area, we will do so on the basis of: (i) European Commission adequacy decisions; or (ii) binding contractual commitments, which will include the European Commission’s standard contractual clauses. 

5)  Data Security

Serco takes precautions including administrative, technical and physical measures to safeguard your personal information, including documented employee procedures, internal monitoring and training to help ensure that your personal information is protected and secure. Our employees and contractors are bound by confidentiality obligations and we only allow access to employees and contractors who need it to conduct their business responsibilities. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6)    Data Retention

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

Generally, we will retain your personal data in accordance with any applicable limitation period (as set out in any applicable law), which will usually be six (6) years following the expiry of our business relationship with you.  

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. When no longer necessary to retain your personal information, we will delete or anonymise it.

7) Your Legal Rights 

You have legal rights in connection with your personal information. Under certain circumstances, by law you have the right to:

  • Right to object: Data subjects have a right to object to our processing of their personal data.
  • Access to their personal data: Data subjects can request access to a copy of their personal data which we hold, along with information on what personal data we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. Request for access can generally be made free of charge.   
  • Right to withdraw consent: Where we are relying on the consent of the data subject (often in the context of marketing emails), the data subjects are entitled to withdraw their consent at any time. 
  • Rectification: Data subjects can ask us to change or complete any inaccurate or incomplete personal data which Serco holds about them. 
  • Erasure: Data subjects can ask us to delete their personal data where it is no longer necessary for Serco to use it, they have withdrawn their consent (where consent is the legal basis relied upon), or where we have no lawful basis for keeping it.
  • Portability: Data subjects can ask us to provide them or a third party with some of the personal data that we hold about them in a structured, commonly used, electronic form, so it can be easily transferred.
  • Restriction: Data subjects can ask us to restrict the personal data we use about them where they have asked for it to be erased or where they have objected to our use of it.
  • Transfers outside of EU: Data subjects have the right to obtain a copy, or reference to, the personal data safeguards used for transfers outside the European Union. We may redact data transfer agreements to protect commercial terms.

If you want to exercise any of the rights above, please submit your requests in writing to dpo@serco.com 

We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. 

8) Data Protection Contacts

We have appointed a Data Protection Officer (DPO) to oversee compliance with this ESE Privacy Policy. If you have any questions about this ESE Website Privacy Policy or how we handle your personal information, please address these to:  
Data Protection Officer 
Serco Limited  
Enterprise House                                                                                                                  
11 Bartley Wood Business Park                                                                                   
Bartley Way                                                                                                                    
RG27 9XB 
Alternatively, please email dpo@serco.com or call +44 (0)1256 745900.

Supervisory authority
We would be happy to address any concerns you have about your data privacy directly, and we encourage you to contact us in the first instance with your queries. However, you have a right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/ or telephone: 0303 123 1113) who will then investigate your complaint accordingly.

9) Changes to this ESE Website Privacy Policy

This ESE Website Privacy Policy was first published on 22.02.19

We may amend this ESE Website Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check our website for the latest version of this ESE Website Privacy Policy. On some occasions, we may also actively advise you of specific data handling activities or significant change to this ESE Website Privacy Policy as required by applicable law.