We take your privacy seriously. This is how we gather and use your data.
At Futures Advice, Skills and Employment Ltd (“FASE”) we respect your privacy and we are committed to processing personal information securely and in a way that is compliant with our legal obligations.
In order to provide our services FASE sometimes needs to collect information about you. This notice explains how FASE collects, uses and shares any personal information that we may collect about you and your rights in relation to the personal data we hold.
FASE is subject to the Data Protection Act 2018 (‘DPA’) and the UK General Data Protection Regulation (the ‘GDPR’). FASE is registered with the Information Commissioner’s Office (‘ICO’) and its registration number is ZA806349.
We hope the following information will answer any questions you have but if not, please do get in touch with us. We’ve broken it up into sections so it’s easy for you to access.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes to our processing when you visit our website.
We have a Data Protection Officer who is contactable on the details below. You may contact us at any time to discuss any concerns or ask any questions about how we look after your personal information.
Data Protection Office
The Futures Group
57 Maid Marian Way
Nottingham NG1 6GE
Tel: 08000 85 85 20
FASE is a public authority that provides support services for the general public in a wide variety of areas from education and training to careers and justice on behalf of government agencies.
The government agencies are the data controllers for these processing activities and FASE is the data processor. Accordingly, for each service that FASE provides, the relevant government agency is responsible for providing the privacy notice to the service users (which we refer to in this privacy notice as our customers).
This privacy notice covers the processing that FASE completes in the capacity of a data controller which is limited to the processing it completes in relation to its suppliers, subcontractors and visitors to its website and premises.
This can be anything that identifies and relates to a living person and can include information that when put together with other information can then identify the person. For example, this could be your name, date of birth, contact details, email address and/or telephone number or could include other identifiers such as an IP address or a cookie identifier.
General enquiries (by telephone, email, social media or the website): your name and the enquiry
Supplier personnel: your name, email address and telephone number
Subcontractor personnel: your name, email address and telephone number
Third party company personnel: your name, email address and telephone number
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and IP address where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered. We use Google analytics so this information is aggregated.
- When you visit any of our websites
- When you use our offices which have CCTV systems operating for the security of both customers and colleagues. These systems may record your image during your visit.
- From the supplier, subcontractor or third party company we are working with
Visitors to our offices: Your image may be recorded on CCTV when you visit an office with this in place.
Purpose and lawful bases for processing
Categories of personal data
Lawful basis for processing
General enquiries (name and enquiry)
To deal with the enquiry
Legitimate interests – it is in your legitimate interests for FASE to respond to your enquiry
Supplier personnel contact information
To receive goods or services to fulfil business need
Contract - we need to process your data to receive the goods or services in accordance with that contract.
Subcontractor personnel contact information
To receive the services and perform our obligations in our contracts with government agencies
Contract - we need to process your data to receive the services in accordance with that contract.
Third party company personnel contact information
To perform our obligations in our contracts with government agencies
Contract or legitimate interests – it is in the legitimate interests of FASE and the third partycompany as there will be an identified mutual benefit in working together
Website visitors technical information
To improve your experience on our website and enhance the functionality on our website
Legitimate interests – it is in both FASE and the website user’s interests for FASE to improve its website and enhance functionality
Visitors to our premises (image)
To protect our customers, premises, assets and staff in our premises
Legitimate interests – it is in both FASE and the visitor’s interests to maintain the safety and well-being of the people in our premises
How do we collect your data?
Who we share your data with?
We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us without our permission. They will hold it securely and retain it for the period we instruct.
We may share your data with technology service providers, our partners who provide IT, applications and website services.
We may also share it with other third parties (including the police, law enforcement agencies, credit reference and fraud prevention agencies and other bodies) to protect our or another person’s rights, property, or safety, in connection with the prevention and detection of crime. In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with a regulator undertaking an investigation into complaints or criminal conduct. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.
We don’t sell your personal information.
We are a UK based business with data centres in the UK.
If we transfer your personal data out of the EEA and/or the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (in the case of transfers out of the EEA) or the United Kingdom Government (in the case of transfers out of the United Kingdom); and/or
- where we use certain service providers, we may use specific contracts approved by the European Commission (in the case of transfers out of the EEA) and/or the United Kingdom Government (in the case of transfers out of the United Kingdom), in both cases which give personal data the same protection it has within the EEA and/or United Kingdom as applicable.
We do not conduct any form of direct marketing and we will not share personal data with any third parties for this purpose.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the ICO of a breach where we are legally required to do so.
Whenever we process your personal data, we'll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, FASE may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect on you.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help it confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How can you exercise your legal rights?
If you wish to exercise any of your legal rights, please contact us on the details at the top of this notice.
If you have any concerns or would like to make a complaint about our processing of your personal data, you may do so via the ICO however we would encourage you to contact us on the details above in the first instance as we aim to promptly and satisfactorily resolve any concerns or complaints you may have in relation to our processing of your personal data.
ICO contact details: 0303 123 1113 or https://ico.org.uk/make-a-complaint/
Information Commissioner's Office
If you would like:
- more information about how we process your personal information or your data protection rights
- to make a request about your information – for example to request a copy of your information or to ask for your information to be changed
- to contact our Data Protection Office
You can contact us using our attached forms and email to DataProtect@the-futures-group.com or by writing to:
Data Protection Office
The Futures Group
57 Maid Marian Way
Nottingham NG1 6GE
Tel: 08000 85 85 20
For independent advice about data protection, privacy and data sharing issues or if you would like to make a complaint if you think we have done something wrong with the data we hold about you, you can contact the Information Commissioner’s Office (ICO) at: www.ico.org.uk.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven't been covered, please contact our Data Protection Officer who will be pleased to help you.