We may collect information directly from you in various ways, including: over the phone, via email or
otherwise in writing or via our IT systems. The personal information collected may include the following:
Special Category and Sensitive Data
We will not intentionally or systematically seek to collect, store or otherwise use information about you classed as ‘special categories of data' or 'sensitive data' (for example, information relating to your ethnic origin, health or sexual orientation, criminal history).
We will process your personal information where necessary for our legitimate interests, as listed below, and where such interests are not overridden by your data protection rights:
To contact you and manage any enquiries, complaints and feedback, including sharing with relevant ESE business units.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We undertake balancing tests (also known as legitimate interest assessments) in relations to data processing activities which we carry out on the basis of legitimate interests and believe that such activities are justified and not overridden by your data protection rights.
If you have any queries about our use of your personal information please contact our DPO using the details set out in section 8.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
We will only share your personal information with third parties for the purposes stated above, including:
We may disclose your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition, sale or transfer of assets. Less commonly, we may process and share your personal data with third parties where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent.
Transferring your personal information outside the European Economic Area
Serco operates on a global basis and accordingly we may share personal information with other companies within Serco Group located outside the European Economic Area, but we will ensure such transfers are covered by our intra-group data sharing agreement entered into by all relevant entities.
We may disclose your personal information to third parties outside the European Economic Area. Where we transfer your personal data outside of the European Economic Area, we will do so on the basis of: (i) European Commission adequacy decisions; or (ii) binding contractual commitments, which will include the European Commission’s standard contractual clauses.
Serco takes precautions including administrative, technical and physical measures to safeguard your personal information, including documented employee procedures, internal monitoring and training to help ensure that your personal information is protected and secure. Our employees and contractors are bound by confidentiality obligations and we only allow access to employees and contractors who need it to conduct their business responsibilities. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
Generally, we will retain your personal data in accordance with any applicable limitation period (as set out in any applicable law), which will usually be six (6) years following the expiry of our business relationship with you.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. When no longer necessary to retain your personal information, we will delete or anonymise it.
You have legal rights in connection with your personal information. Under certain circumstances, by law you have the right to:
If you want to exercise any of the rights above, please submit your requests in writing to firstname.lastname@example.org
We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Data Protection Officer
11 Bartley Wood Business Park
Alternatively, please email email@example.com or call +44 (0)1256 745900.
We would be happy to address any concerns you have about your data privacy directly, and we encourage you to contact us in the first instance with your queries. However, you have a right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/ or telephone: 0303 123 1113) who will then investigate your complaint accordingly.