Privacy Notice – Coronavirus – Track and Trace
Responding to the Coronavirus advice from the Government is an obligation on all employers in England. The development of the NHS ‘Track and Trace’ scheme is a key part of the government plan to manage Coronavirus. Read more...
The Futures Group is committed to protecting your privacy when you use our services.
This privacy statement explains the types of personal information we collect about you when you interact with us. It also explains how we use information about you and how we protect your privacy.
From 25 May 2018, your personal information will be processed, held and/or controlled in accordance with the General Data Protection Regulations (2016/679).
We hope the following information will answer any questions you have but if not, please do get in touch with us. We’ve broken it up into sections so it’s easy for you to access.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes when you visit our website.
The Futures Group – which we’ll refer to as ‘Futures’ in this information – is made up of a number of related brands and businesses: Futures for You, Futures for Business and Futures Employment Solutions.
To keep things simple throughout this notice, ‘we’ and ‘us’ means the Group and its brands.
We have a Data Protection Office, which makes sure we respect your rights and follow the law. You may contact us at any time to discuss any concerns or ask any questions about how we look after your personal information.
Please contact the Data Protection Office at DataProtect@the-futures-group.com or by writing to:
Data Protection Office
The Futures Group
Fifth Floor, Pearl House
Nottingham NG1 6BT
Tel: 08000 85 85 20
Do you know what personal information is?
This can be anything that identifies and relates to a living person and can include information that when put together with other information can then identify the person. For example, this could be your name, date of birth, contact details, email address and/or telephone number or could include other identifiers such as an IP address or a cookie identifier.
Did you know that some of your personal information might be ‘special’?
Some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
- sexuality and sexual health
- religious or philosophical beliefs
- physical or mental health
- trade union membership
- political opinion
- genetic/biometric data
- criminal history
What data do we collect?
We may collect personal information about you including audio and video recordings.
- Information you have given us on an action plan, management information (MI), enrolment or application form when accessing the services we provide.
- Information you have provided to set up a web account, web pages you visit and how and when you contact us. For your security, we’ll also keep an encrypted record of your login password.
- Details of your interactions with us through our contact centre, for example, we collect notes from our conversations with you, details of any complaints or comments you make, details of your satisfaction levels.
- Copies of documents you provide to prove your age or identity where the law requires this. (including your passport and driver's licence). For example, when we’re checking your eligibility for one of our services.
- Personal details which help us to recommend items of interest, it’s always your choice whether you share your details with us for this purpose.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and IP address where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered. We use Google analytics so this information is aggregated.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
- Your image may be recorded on CCTV when you visit an office with this in place.
We may need to use some information about you to:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help investigate any worries or complaints you have about your services and to answer your questions and enquiries
- allow you to participate in online training and interactive features of our services if you choose to
- check and improve the quality of our services
- help with research and planning of new services
- send you information which we think might be of interest to you if you have agreed to this
- give to third parties where we have retained them to provide services that we, you or our client have requested, such as referral to support services.
- monitor compliance with our equal opportunities policy
- carry out our obligations arising from any contracts entered into between you and us
- market our related products and services to you, where you have given your consent for us to do so
- to protect our customers, premises, assets and staff we operate CCTV systems in some of our premises, which record images
- to develop, test and improve systems, services and products we provide to you.
- To comply with our legal obligations to share data with law enforcement
- To send you survey and feedback requests to help improve the service
- To process your booking/appointment requests
- When you visit any of our websites, and use your account to apply for a job.
- When you create an account with us.
- When you purchase a product or service or by phone but don't have (or don't use) an account.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you ask one of the Group to email you information about a product or service.
- When you enter prize draws or competitions.
- When you book any kind of appointment with us or book to attend an event, for example a careers advice session.
- When you choose to complete any surveys we send you.
- When you fill in any forms. For example, if an accident happens in one of our offices.
- When you've given a third party permission to share with us the information they hold about you.
- When you use our offices which have CCTV systems operating for the security of both customers and colleagues. These systems may record your image during your visit.
The Futures Group processes personal data, both as a Data Controller and as a Data Processor, as defined by relevant Data Protection Legislation:
- the General Data Protection Regulations 2016/679,
- the Data Protection Act 2018,
- the EU Data Protection Directive 95/46/EC,
- the Regulation of Investigatory Powers Act 2000,
- the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699),
- the Electronic Communications Data Protection Directive 2002/58/EC,
- the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner.
There are a number of legal reasons why we need to collect and use your personal information. Generally, we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is required by law
- it is necessary for employment purposes
- you have made your information publicly available
- it is necessary for legal cases
- to pursue our legitimate business interest where it does not materially impact your rights
- it is to the benefit of society as a whole
- it is necessary for archiving, research, or statistical purposes
The legal basis for collecting and retaining the information for services we provide for the local Authority, DWP and ESFA is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) and Recital 45, GDPR).
If we have consent to use your personal information, rather than legal or contractual reasons, you have the right to remove it at any time. If you want to remove your consent, please contact and tell us which service you’re using so we can deal with your request. However, if you chose not to share your personal details with us, or refuse certain contact permissions, we might not be able to provide some of the services you have asked for.
We only use what we need.
We’ll only collect and use personal information if we need it to deliver a service or meet a requirement.
If we don’t need personal information we’ll either keep you anonymous if we already have it for something else or we won’t ask you for it. For example, in a survey we may not need your contact details we’ll only collect your survey responses.
If we use your personal information for research and analysis, we’ll always keep you anonymous or use a different name unless you’ve agreed that your personal information can be used for that research.
We don’t sell your personal information to anyone else.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements, there is always an agreement in in place to make sure that the organisation complies with data protection law.
We also need to share information if it is part of our contractual obligations with a funder such as Department for Work and Pensions (DWP), Education and Skills Funding Agency (ESFA), European Social Fund (ESF), Local Authority.
Examples of the kinds of third parties we work with are:
- Where you have asked us to make a referral to another service provider or specialist organisation.
- IT companies who support our website and other business systems
- Direct marketing companies who help us manage our electronic communications with you (with your consent).
Sometimes we have a legal duty to provide personal information to other organisations. This may be because we need to give that data to the courts.
We may also share your personal information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t happen often, but we may share your information:
- to find and stop crime and fraud; or
- if there are serious risks to the public, our staff or to other professionals;
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can override your right to privacy.
If we’re worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we’ll discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away. If this is the case, we’ll make sure that we record what information we share and our reasons for doing so. We’ll let you know what we’ve done and why if we think it is safe to do so.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’
- We secure access to all transactional areas of our websites and apps using ‘https’ technology. Access to your personal data is password-protected.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
Where in the world is your information?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system inside the EU.
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We’ll take all practical steps to make sure your personal information is not sent to a country that is not seen as ‘safe’ either by the UK or EU Governments.
Whenever we collect or process your personal data, we'll only keep it for as long as is necessary for the purpose for which it was collected. All MODX (what we use to host our website) cookies expire after 7 days. Other cookies such as google analytics (what we use to measure the impact of our marketing) last for 2 years.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
|Programme||Retention Period||Data Controller|
|National Careers Service||6 years||Education and Skills Funding Agency|
|Young People Service||7 years||Local Authority|
|IASS (ASK)||6 years||Nottingham City and Nottingham County Council|
Where a service is funded under European Social Fund (ESF) the European commission requires that we retain the information until 31 December 2030 for the ESF Programme 2014-2020 or until we are advised, further. Customers are notified at enrolment on a programme whether it is part funded by the European Social Fund and all paperwork provided contains the ESF logo.
Some examples of where this is applicable are:
|Programme||Retention Period||Data Controller|
|Adult Education Budget||Year 2030||Education and Skills Funding Agency|
|Community Grants||Year 2030||Education and Skills Funding Agency|
|Apprenticeship Service||Year 2030||Education and Skills Funding Agency|
|Get Ahead||Year 2030||Department For Work and Pensions|
|Move Ahead||Year 2030||Department For Work and Pensions|
|Stay Ahead||Year 2030||Department For Work and Pensions|
The law gives you a number of rights to control what personal information we use and how it is used by us. In certain cases, this will mean that we can comply with your request directly or we will need to pass your request onto the Data Controller who funds the service. Examples of this is where you have accessed services from us, which are funded by the Department for Work and Pensions or the Education and Skills Funding Agency.
This applies to personal information that is in both paper and electronic records.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you have any queries about access to your information please contact DataProtect@the-futures-group.com
The right to access - You have the right to request Futures for copies of your personal data. We would normally expect to share what we record about you with you, whenever we assess your needs or provide you with services.
However, you also have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you, we must give you access to everything we’ve recorded about you free of charge in most cases.
However, we can’t let you see any parts of your record which contain:
- Confidential information about other people; or
- Data a professional advisor thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or
- If we think that giving you the information may stop us from preventing or detecting a crime
The right to rectification - You have the right to request that Futures correct any information you believe is inaccurate. You also have the right to request Futures to complete information you believe is incomplete.
The right to erasure - You have the right to request that Futures erase your personal data, under certain conditions.
The right to restrict processing - You have the right to request that Futures restrict the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to Futures processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that Futures transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have 30 days to respond to you. If you would like to exercise any of these rights, please contact us at our email: DataProtect@the-futures-group.com
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data, for example, you continue to access our services.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit www.allaboutcookies.org
- Keeping you signed in
- Understanding how you use our website
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Functionality - Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Advertising - Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Privacy policies of other websites
There are several ways you can stop direct marketing communications from us:
Click the 'unsubscribe' link in any email communication that we send you. We will then stop any further emails from that particular division.
The Futures Group,
Marketing and Communications Team,
Fifth Floor, Pearl House,
Nottingham NG1 6BT.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
If you would like:
- more information about how we process your personal information or your data protection rights
- to make a request about your information – for example to request a copy of your information or to ask for your information to be changed
- to contact our Data Protection Office
You can contact us using our attached forms and email to DataProtect@the-futures-group.com or by writing to:
Data Protection Office
The Futures Group
Fifth Floor, Pearl House
Nottingham NG1 6BT
Tel: 08000 85 85 20
For independent advice about data protection, privacy and data sharing issues or if you would like to make a complaint if you think we have done something wrong with the data we hold about you, you can contact the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven't been covered, please contact our Data Protection Officer who will be pleased to help you.