Introduction
Positive Change Group is a global coalition of like-minded specialist agencies bound together by the shared ambition and objective of creating positive impact and change. Positive Change Group is the trading name for The Positive Change Group Limited.
Positive Change Group ("PCG", "we", "us", or "our") is strongly committed to protecting Personal Data. This notice describes why and how we collect and use Personal Data and provides information about individual's rights.
It applies to Personal Data provided to us, both by individuals themselves and by others. We may use Personal Data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
Personal Data is any information relating to an identified or identifiable living person. PCG processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using Personal Data, our Notice is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this notice.
Security
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to confidential data is independently certified as complying with the requirements of ISO/IEC 27001:2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Purposes of Processing
We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.
In most cases, we process your Personal Data for all the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services), or the legitimate interests of third parties with whom we share your data, to carry out these activities.
Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).
Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.
1. Visitors to our websites
Collection of Personal Data
Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data, such as name, title, company address, email address, and telephone numbers, from website visitors; for example, when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email to us through our website. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.
Cookies
We use small text files called ‘cookies’ which are placed on your hard drive. The use of cookies is now standard operating procedure for most websites. However, if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies to register on our websites. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our websites, you can always delete the cookie from your system if you wish. You can find out more details regarding our use of cookies in our Cookie policy.
Use of Personal Data
When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected to:
- evaluate your registration or application for our products and services.
- deliver the services you request, manage your account, or to communicate with you regarding your account.
- send you our newsletters or research materials when you have expressly consented to this.
- personalise your repeat visits to our website.
- register for events.
- subscribe to updates.
- aggregate data for website analytics and improvements.
- monitor and enforce compliance with our terms and conditions for use of our websites.
- as we believe necessary or appropriate to comply with legal requirements.
Third Party Websites
Our websites may contain links to third party websites and features. This Notice does not cover the privacy practices of such third parties. These third parties have their own privacy policies, and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages through widgets, or we may provide links to industry reports.
Data retention
Personal Data collected via our website will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual). Once the period above has concluded, we will either:
- permanently delete or destroy the relevant Personal Data;
- archive your Personal Data so that it is beyond use; or
- anonymise the relevant Personal Data.
2. Visitors to our offices
We have security measures in place at our offices, including sign in procedures and building access controls. We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to investigate an incident). Once the period above has concluded, we will permanently destroy the relevant Personal Data.
3. Business contacts
Collection of Personal Data
PCG processes Personal Data about contacts (existing and potential PCG clients and/or individuals associated with them) using a customer relationship management system (the “PCG CRM”).
The collection of Personal Data about contacts and the addition of that Personal Data to the PCG CRM is initiated by a PCG user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the PCG CRM may collect data from PCG email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between PCG users and contacts or third parties.
Use of Personal Data
Personal Data relating to business contacts may be visible to and used by PCG users to learn more about an account, client or opportunity they have an interest in, and may be used for the following purposes:
- administering, managing and developing our businesses and services.
- providing information about us and our range of services.
- making contact information available to PCG users.
- identifying clients/contacts with similar needs.
- describing the nature of a contact’s relationship with PCG.
- with your consent, to send you marketing e-mails about upcoming promotions, newsletters, new products, services, webinars, events and other news. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out,” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails regarding our business dealings with you; and
- performing analytics, including producing metrics for PCG leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals.
PCG does not sell or otherwise release Personal Data contained in the PCG CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.
Data retention
Personal Data will be retained on the PCG CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact). Once the period above has concluded, we will either:
- permanently delete or destroy the relevant Personal Data.
- archive your Personal Data so that it is beyond use.
- anonymise the relevant Personal Data.
4. Suppliers
Collection of Personal Data
We collect and process Personal Data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
Use of Personal Data
We use Personal Data for the following purposes:
- receiving services.
- providing professional services to clients.
- administering, managing and developing our businesses and services.
- security, quality and risk management activities.
- providing information about us and our range of services.
- as we believe necessary or appropriate to comply with legal requirements.
Data retention
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal Data may be held for longer periods where extended retention periods are required by law or regulation and to establish, exercise or defend our legal rights. Once the period above has concluded, we will either:
- permanently delete or destroy the relevant Personal Data.
- archive your Personal Data so that it is beyond use.
- anonymise the relevant Personal Data.
5. Recruitment Applicants
Collection of Personal Data
When applying online for jobs at PCG, any Personal Data provided by you to us will only be used to facilitate the transfer of information for recruitment purposes.
We usually collect Personal Data directly from you when you apply for a role with us, such as your name, address, contact information, work and educational history, achievements, desired salary expectations, and test results.
Use of Personal Data
We use Personal Data for the following purposes:
- identifying and evaluating candidates for potential employment, as well as for future roles that may become available.
- recordkeeping in relation to recruiting and hiring.
- ensuring compliance with legal requirements, including diversity and inclusion requirements and practices.
- protecting our legal rights to the extent authorised or permitted by law.
We may also analyse your Personal Data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We process your Personal Data for the purposes described above when:
- we have your consent to do so.
- necessary to enter an employment contract with you.
- necessary for us to comply with a legal obligation.
- necessary for the purposes of our legitimate interests.
Data retention
We retain job applications for a period of 12 months; however, we may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of one of our recruiting programmes. Once the period above has concluded, we will either:
- permanently delete or destroy the relevant Personal Data.
- archive your Personal Data so that it is beyond use.
- anonymise the relevant Personal Data.
If you submit your application for one of our roles, but subsequently wish to withdraw your application, please contact us at [email protected]
How we share your Personal Data
Third Parties Designated by You: We may share your Personal Data with third parties where you have provided your consent to do so.
Our Third-Party Service Providers: We may share your Personal Data with our third-party service providers who provide services such as data analysis, distribution partners, resellers, HR services, information technology and related infrastructure provision (such as Amazon Web Services), customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.
Corporate Restructuring: We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Other Disclosures: We may share Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Notice; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
To provide you with the best possible service and to improve our offerings, we may share your personal data with other companies that form part of our corporate group. These companies are bound by the same privacy obligations and data protection standards outlined in this policy. The sharing of your data within the group is conducted to ensure consistency in service, enhance our products and services, and to carry out internal administrative functions.
International Data Transfer: We may be required to transfer your information, including Personal Data that we collect from you, outside the country in which you reside where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. To ensure that your Personal Data receives an adequate level of protection and is treated securely, we will put appropriate safeguards in place to protect the privacy and integrity of such Personal Data.
Individuals’ rights and how to exercise them
Individuals have certain rights over their Personal Data and data controllers are responsible for fulfilling these rights. Where we decide how and why Personal Data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
The right to be informed
This privacy notice is our way of informing you of your rights and of how we process information.
The right of access
You have the right to confirm whether we are processing your data, and the right to obtain a copy of
the data that we hold, also known as a “Data Subject Access Request”.
To obtain this, you may contact us at [email protected]
The right to rectification
If any information we hold is inaccurate or incomplete, you have the right to have that information amended.
The right to erasure
You have the right to have your information deleted. We will endeavour to fulfil this without undue delay if
we are not obliged to keep the information to comply with any other legislation.
The right to restrict or object to processing
You have the right to block or restrict our processing of your data; on receipt of this objection, we will stop processing your data, but this will not affect any processing done so far.
The right to data portability
You have the right for your information to be provided in a machine-readable format to enable easy transfer between processors. This right is available to any personal data provided by you.
The right not to be subject to automated decision making
If we use automated decision making, we will let you know how, where, and why this will happen.
The right to withdraw consent
If you provide data to us, you may withdraw consent to processing of said data at any time.
The right to complain
If you wish to complain about our use of Personal Data, please send an email with the details of your complaint to us at [email protected]. You also have the right to lodge a formal complaint with a data protection authority.
For further information, refer to the UK data protection regulator (Information Commissioner’s Office/ICO) website: https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint.
Changes to this Privacy Notice
We recognise that transparency is an ongoing responsibility so we will keep it under regular review.
All changes we make will be described on this page.
This Privacy Notice was last updated on 10th August 2024.
The Positive Change Group Ltd, registered in England, Registered number: 14327942
Registered office: Fulham Palace, Bishops Avenue, London SW6 6EA