Privacy Notice

Last updated: 24/05/2018

Best Companies Limited is committed to protecting your privacy. This privacy notice applies to those who visit the Websites owned and operated by Best Companies as well as users of our Service(s). Please note that in this privacy notice, “we” or “us” refers to Best Companies. This privacy notice describes how we collect, use, share and secure the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. The capitalised terms used in this Notice but not defined herein shall have the same meaning as defined in our Terms of Service, which are available upon request.

We will never sell your information to anyone.

Best Companies never sells PERSONAL DATA and carries out all processing operations in strict compliance with European privacy laws. CLIENT data is not transferred or stored outside of the EEA.

Have you been invited to complete a SURVEY?

We collect employee names and e-mail addresses from employers so that we can send out an EMPLOYEE SURVEY. If you have received a SURVEY, this is how we obtained your contact details. Email surveys are sent from As part of this process other details will be submitted which may include, but not limited to, gender, job grade, years of service and other employment information. If you have received a login code by post and you are ready to start your SURVEY, please go to and enter your code for our b-Heard survey. All pre-populated demographics we have received from your employer will be hidden. Any demographics that we are missing will be displayed for you complete. The main purpose for our SURVEYs are for employers to measure the engagement of their workforce.

The employer benefits of which are:

  1. Understand how your people honestly feel about their work
  2. Discover opportunities for improvement and gain the knowledge and tools you need to make it happen
  3. Support your staff to become happier and more productive
  4. Improve staff retention
  5. Create an environment that attracts top talent
  6. Give your organisation structural clarity and a stronger reason for being
  7. Generate unique PR and marketing opportunities on a national stage

The PERSONAL DATA provided to us by your employer is the minimum necessary for Best Companies to accurately process the contractual services agreement between your Employer and Best Companies. The legal basis for sharing is in the legitimate interest of your Employer, this does not affect your individual rights and freedoms, you may object to this processing at any time. The GDPR acknowledges that companies may have a legitimate interest in processing data as long as the processing does not have a disproportionate impact on the individual. On balance, the legal basis of legitimate interest against the individual impact: our services are reasonable, the company’s interests in our services appear compelling, with there being little impact on the individual.

It is reasonable to expect that the reporting data that we provide to your employer based on the collective individual responses should benefit not only your employer but also every employee in the company. To raise an objection, to the processing, you may raise the request through your Employer or by contacting Best Companies directly using the contact details at the end of this Privacy notice.

What Personal Information do we hold?

If you are taking part in a survey, we need to ensure we can identify whom a survey relates to; we do this by linking an individual to a survey number. This way we will never ask or need you to ever write your name on a survey.

Your employer may share with us some or all of the below personal data in order for us to provide accurate, unique, data insights and organisational reporting to them.

The data they share with us may include:
Your full name
Your email address
Your date of birth
Survey delivery location
Location of work
Payroll number
Employment Group
Job Role
Manager name
Job Grade/ Level
Salary Band
Start date of employment with the organisation
Contracted weekly hours

Sensitive Data

If your employer has selected to take part in our diversity questionnaire, this will involve you providing responses that are referred to as Special Categories of Data. Your employer will have a lawful purpose in order to collect this type of information. From the 25th May 2018, in order for us to collect this type of data from you and report it anonymously back to your employer we require your consent.

When you complete a diversity questionnaire, we will ask you to tick a box consenting to our processing and reporting of this data. In order to keep your survey anonymous the tick you provide will be equivalent to your signature.

The Special categories of data we collect may relate to:

Racial or Ethnic Origin
Religious or Philosophical Beliefs
Sexual Orientation

We will never identify you with your individual responses to your employer or anyone else. The data insight we provide to your employer will always be reported back to them anonymously.

Information regarding our MC3 Product

MC3  is intended as a development tool for organisations to reflect on what they are getting from their managers and their relationship with their team. MC³ should be used and considered as a resource, and when reviewing data the organisation should also consider the wider context of the team. The purpose for MC3 is to help focus managers on those areas to make them great people-managers.

The GDPR advises that you can carry out this type of decision-making when it is necessary for the performance of a contract. Your organisation will have a contract of employment with the individual MC3 is reporting on, which will include clauses or can reasonably be referred to one or more of: a) managing a team b) completing the job function to a certain standard c) personal development. On balance, we have reasonably determined MC3 benefits the individual by identifying what they are good at (which should be celebrated) and it identifies areas where they can focus on to improve. This level of insight not only will benefit the organisation for meaningful conversations but can also really help the manager with their own personal development and becoming a better manager.

The hierarchy provided by the organisation, will have been reviewed for accuracy by your project lead(s) within the organisation, to ensure individuals are aligned correctly to the reporting manager. Should an individual disagree with the results we have the ability to review the result manually. We recommend organisations to actively inform their managers, that they are using our MC3 product, to understand the benefits further please review our website at: We also contractually oblige the organisations surveying with us to assist with the delivery of our privacy notice so individuals can understand how we process their data. To ensure individuals can respond honestly, all individuals responses are reported back anonymously. We also require a minimum quantity of responses in order to provide MC3 reporting.

How do we collect, use and share your personal information and other information?

Our websites

Like most websites, each time you visit our site(s) we automatically collect certain data relating to your browsing behaviour on the site including, but not limited to, the webpage from which you came from and your IP address. Best Companies uses third party software for analytics. All metrics information collected from your usage of the Service(s) shall be transmitted to the analytics provider. The analysis tools measure and observe your behaviour (what you do) while the feedback tools allow us to hear what you have to say. This information is then used to evaluate how users use Best Companies websites, and to compile statistical reports on activity for us. We will use this information so our websites can be improved, by making them more user-friendly, more valuable and simpler to use. Third party analytics software will not share your PERSONAL DATA or associate your PERSONAL DATA with any other data held by them.


Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. For more information on how we use cookies, please view our Cookie Policy.

Links to third party sites

Our Websites may contain links to other websites that are not owned or controlled by Best Companies. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of each and every website that collects personal information.

Website registration and web forms

When you register to the site, you may be asked to submit personal information about yourself in order to register and/or download content. This information may include, but is not limited to, your name, the company you work for, email address and telephone number. We will only collect information that is necessary for us to provide you with any services or assistance connected with that content. If you would like more information on our services, do get in touch by completing our online enquiry form

How will we use any personal information we collect?

Where we collect personal information, we will use it for administration and to tailor our service and/or products to match your needs. For example, to create your account and provide the services you request, to respond to any feedback you send us and to use your email address to communicate with you.

For the purposes of the service(s) we provide our CLIENTs, information collected via our SURVEYs will be aggregated and anonymised before being provided to the employer, and before being served as benchmark data or used in any publically available sources.

We retain ownership on all IN-PUT MATERIAL and for the purposes of the General Data Protection Regulation we are the Data Controller. As a duty of care to every respondent, responses provided to us remain confidential, as the data owner we are not obliged to provide an employer with this information if requested. This in turn gives the responder full confidence to provide an honest response without the fear of a reprisal. As Data Controller, we use the data in the creation of benchmark results, where we take groups of organisations data, creating list, sector and ACCREDITATION star benchmarks, to allow organisations to compare. We also process the data for future improvement of our service(s), historical and statistical purposes. The privacy of respondents will always be upheld by Best Companies.

How do we store and protect your personal information

Best Companies has implemented various measures to ensure that all information held by us is adequately protected against unauthorised access, use, disclosure and destruction. We take the security of the site and the information you provide very seriously. We use all appropriate technical measures utilising recognised security procedures and tools in accordance with good industry practice to protect your personal information. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which we have taken significantly reduce the risk. Best Companies shall not be held liable by any Third Party, including you, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to Gross Negligence, wilful misconduct, fraud or bad faith by Best Companies.

Contact by Marketing and Publishing Partners

As per our contractual terms of service, we will share your Companies Organisational Lead contact detail, to our Publishing Partners and our internal Sales and Marketing teams. This will only extend to the detail necessary to contact you, Your Name, Company Name, Phone Number, Email Address and if required Company Address. They will contact you where our contractual obligations with you require them to and when additional information is required for creation of company profiles and case studies. Our Publishing Partners may also contact you for additional information regarding the Awards, Awards evening and opportunities for advertising in their publications. Best Companies may also contact you regarding items we believe would be of interest to you including future invitations to participate in our surveys and the option to participate in additional services that we supply.

Security measures
We have taken a number of security measures to protect the data we hold, including but not limited to:

  1. All data is only accessible by AUTHORISED PERSONNEL. Restrictions apply to Best Companies employees and to users designated on our Customer’s accounts and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality and a need to know basis
  2. All files are stored on secure, private, dedicated, servers with transfers using 256-bit SSL encryption
  3. CLIENT data is stored in a single physical SQL database, data is logically isolated at the record level using a client id field
  4. Best Companies servers are protected by: firewalls establishing a barrier between our trusted, secure internal network and the Internet; IP restrictions, limiting access to whitelisted IPs for administration protection; Physical Onsite Security including but not limited to CCTV, Electrified Fencing, Alarm System and individual key card entry system
  5. Data from our on premise server cluster, is replicated to an on-site Barracuda NAS device, it is then replicated securely to the Barracuda data centre which is located in the UK
  6. Each CLIENT may only access the information pertaining to its data on our hosted website(s) and to the specific responders visiting our website such as for SURVEY participation
  7. Our live websites are hosted on servers in the cloud with Microsoft Azure, the main data centre we use is called UK South (situated in the UK)
  8. We us https for all our websites to ensure secure transfer of data
  9. All laptop (PCs) with Windows OS are Microsoft BitLocker encrypted, with TPM
  10. We periodically review our data collection and processing process and will review and amend this privacy notice accordingly
  11. Data Protection Impact Assessments (DPIAs) are created when there is a material change or as dictated as a requirement under GDPR

No CLIENT, PERSONAL DATA will be transferred or stored outside of the EEA.

Transferring data to and from Best Companies:

At times it may be necessary for our CLIENT or Best Companies to transfer large files or PERSONAL DATA. Sensitive and confidential documents are sent securely using Data Send UK. All files are stored on Data Send UK secure, private, dedicated, servers with transfers using SSL encryption. The files are automatically deleted from Data Send UK servers after 7 days. This provides a much higher level of security than standard email for transferring files and in most cases FTP. For more information on Datasend please visit their website.

For further information on our systems, please contact or speak to your account manager.

Three years after the termination of the CLIENT, all personal data such as the employee name, email address, and any data that could potentially identify a specific individual, is removed from our system, by anonymisation. Anonymisation means you replace the PERSONAL DATA with replaced by a random unique identifier. This is in line with the Information Commissioners Office (ICO) Anonymisation code of practice. The employee responses, which are attached to employee demographical data, would not be removed, as this would result in the inability to perform any future engagement reporting. It would also similarly affect benchmark data and where organisations are being assessed for ACCREDITATION or a place on the LISTS. The Data Protection Act and General Data Protection Regulation (GDPR) does not apply to data rendered anonymous in such a way that the data subject is no longer identifiable. (This is as referred to in our Terms of Service – Clause 25. Anonymity, d).

Having a three year retention period allows CLIENTs to receive annual or bi-annual analysis reporting subject to their service contract.

Individual’s rights

  1. Your employer should inform you by email, usually from your CEO or person in charge of the organisation that the company will be participating in the SURVEY of which you have been selected as a participant
  2. Participation in the SURVEY is optional and you should not be put under any type of pressure to complete the SURVEY
  3. Your responses will remain completely confidential and any comments will be reported to your employer anonymously
  4. You have the right to ask what information we are holding about you
  5. You have the right to rectify any PERSONAL DATA provided by your employer if found incorrect at any point before, during or after this process
  6. You have the right to request for your PERSONAL DATA to be removed from our systems, we do this by anonymisation removing your details and replacing with a random unique identifier

Should you want to act upon any of these rights we would encourage you to communicate your request through your employer. You may contact us directly via our contact details below, however we will still make your employer aware of your request.


Best Companies uses a third-party service provider for managing credit card processing. The service provider does not store, retain, or use Billing Information except for the purpose of credit card processing on the Company’s behalf.

Compelled Disclosure

Best Companies reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.


If you have a question regarding our Privacy notice, or should you want to contact us regarding your individual rights, you can write or email your request marked for the attention of the Data Protection and Security Specialist as below.

Address for posting your requests:

The Data Protection and Security Specialist
Best Companies Ltd
Hamilton House
Rackery Lane
Llay, Wrexham
United Kingdom
LL12 0PB

Please allow up to 72 hours for a response.

How it works

See how a typical engagement journey takes shape

Find out more

Product bundles

Begin your engagement journey with one of our ready made product bundles

Find out more