Privacy Policy

Last updated: 13/10/2017

Best Companies is committed to protecting your privacy. This Privacy Policy (“Policy”) applies to those who visit the Websites owned and operated by Best Companies as well as users of our Service(s). Please note that in this privacy policy, “we” or “us” refers to Best Companies Limited.  This Privacy Policy describes how we collect, use, share and secure the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. The capitalised terms used in this Policy but not defined herein shall have the same meaning as defined in our Terms of Service which are available upon request.

We will never sell your information to anyone.

Best Companies never sells PERSONAL DATA and carries out all processing operations in strict compliance with European privacy laws. Our CLIENT data will not be transmitted or stored outside of the EU/EEA.

How do we collect, use and share your personal information and other information?

Our websites

Like most websites, each time you visit our site(s) we automatically collect certain data relating to your browsing behaviour on the site including, but not limited to, the webpage from which you came from and your IP address. Best Companies uses third party software for analytics. All metrics information collected from your usage of the Service(s) shall be transmitted to the analytics provider. The analysis tools measure and observe your behaviour (what you do) while the feedback tools allow us to hear what you have to say. This information is then used to evaluate how users use Best Companies websites, and to compile statistical reports on activity for us. We will use this information so our websites can be improved, by making them more user-friendly, more valuable and simpler to use. Third party analytics software will not share your Personally identifiable information (PII) or associate your PII with any other data held by them.

Links to third party sites

Our Websites may contain links to other websites that are not owned or controlled by Best Companies. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of each and every website that collects personal information.

Website registration and web forms

When you register to the site, you may be asked to submit personal information about yourself in order to register and/or download content. This information may include, but is not limited to, your name, the company you work for, email address and telephone number. We will only collect information that is necessary for us to provide you with any services or assistance connected with that content. If you would like more information on our services, do get in touch by completing our online enquiry form https://www.b.co.uk/contact/.

Have you been invited to complete a SURVEY?

We collect employee names and e-mail addresses from employers so that we can send out an EMPLOYEE SURVEY.  If you have received a SURVEY, this is how we obtained your contact details.  Email surveys are sent from survey@b.co.uk. As part of this process other details will be submitted which may include, but not limited to, gender, job grade, years of service and other employment information. If you’ve received a login code by post and you’re ready to start your SURVEY, please go to https://www.b.co.uk/survey and enter your code for our b-Heard survey. All pre-populated demographics we have received from your employer will be hidden. Any demographics that we are missing will be displayed for you complete. The main purpose for our SURVEYs are for employers to measure the engagement of their workforce.

The employer benefits of which are:

  1. Understand how your people honestly feel about their work
  2. Discover opportunities for improvement and gain the knowledge and tools you need to make it happen
  3. Support your staff to become happier and more productive
  4. Improve staff retention
  5. Create an environment that attracts top talent
  6. Give your organisation structural clarity and a stronger reason for being
  7. Generate unique PR and marketing opportunities on a national stage

How will we use any personal information we collect?

Where we collect personal information, we will use it for administration and to tailor our service and/or products to match your needs.  For example, to create your account and provide the services you request, to respond to any feedback you send us and to use your email address to communicate with you.

For the purposes of the service(s) we provide our CLIENTS, information collected via our SURVEY will be aggregated and anonymised before being provided to the employer, and before being served as benchmark data or used in any publically available sources.

We retain ownership on all IN-PUT MATERIAL and for the purposes of the Data Protection Act and GDPR General Data Protection Regulation we are the Data Controller. As a duty of care to every respondent, responses provided to us remain confidential, as the data owner we are not obliged to provide an employer with this information if requested. This in turn gives the responder full confidence to provide an honest response without the fear of a reprisal. As Data Controller, we use the data in the creation of benchmark results, where we take groups of organisations data, creating list, sector and ACCREDITATION star benchmarks, to allow organisations to compare. We also process the data for future improvement of our service(s), historical and statistical purposes. The privacy of respondents will always be upheld by Best Companies.

How do we store and protect your personal information

Best Companies has implemented various measures to ensure that all information held by us is adequately protected against unauthorised access, use, disclosure and destruction.  We take the security of the site and the information you provide very seriously.  We use all appropriate technical measures utilising recognised security procedures and tools in accordance with good industry practice to protect your personal information. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which we have taken significantly reduce the risk. Best Companies shall not be held liable by any Third Party, including you, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to Gross Negligence, wilful misconduct, fraud or bad faith by Best Companies.

Security measures

We have taken a number of security measures to protect the data we hold, including but not limited to:

  • All data is only accessible by AUTHORISED PERSONNEL. Restrictions apply to Best Companies employees and to users designated on our Customer’s accounts and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality and a need to know basis
  • All files are stored on secure, private, dedicated, servers with transfers using 256-bit SSL encryption
  • CLIENT data is stored in a single physical SQL database, data is logically isolated at the record level using a client id field
  • Best Companies servers are protected by:
    a) firewalls establishing a barrier between our trusted, secure internal network and the Internet
    b) IP restrictions, limiting access to whitelisted IPs for administration protection
  • Data from our on premise server cluster, is replicated to an on-site Barracuda NAS device, it is then replicated securely to the Barracuda data centre which is located in the UK
  • Each CLIENT may only access the information pertaining to its data on our hosted website(s) and to the specific responders visiting our website such as for SURVEY participation
  • Our live websites are hosted on servers in the cloud with Microsoft Azure, the main data centre we use is called UK South (situated in the UK)
  • We us https for all our websites to ensure secure transfer of data
  • All laptop (PCs) with Windows OS are Microsoft BitLocker encrypted, with TPM
  • We periodically review our data collection and processing process and will review and amend this privacy policy accordingly
  • Data Privacy Impact Assessments (DPIAs) are created when there is a material change or as dictated as a requirement under GDPR

No CLIENT data will be transmitted or stored outside of the EU/EEA.

Transferring data to and from Best Companies:

At times it may be necessary for our CLIENT or Best Companies to transfer large files or PERSONAL DATA. Sensitive and confidential documents are sent securely using Data Send UK. All files are stored on Data Send UK secure, private, dedicated, servers with transfers using SSL encryption. The files are automatically deleted from Data Send UK servers after 7 days. This provides a much higher level of security than standard email for transferring files and in most cases FTP. For more information on Datasend please visit their website. https://www.datasend.co.uk/about.html

For further information on our systems please contact support@b.co.uk or speak to your account manager.

Retention

Three years after the termination of the CLIENT, all personal identifiers such as the employee name, email address, and any data that could potentially identify a specific individual is anonymised and replaced by a random unique identifier. This is in line with the Information Commissioners Office (ICO) Anonymisation code of practice. The employee responses which are attached to employee demographical data would not be removed as this would result in the inability to perform any future engagement reporting. It would also similarly affect benchmark data and where organisations are being assessed for ACCREDITATION or a place on the LISTS. The Data Protection Act and General Data Protection Regulation (GDPR) does not apply to data rendered anonymous in such a way that the data subject is no longer identifiable. (This is as referred to in our Terms of Service – Clause 25. Anonymity, d).

Having a three year retention period allows CLIENTs to receive annual or bi-annual analysis reporting subject to their service contract.

Individual’s rights

  • Your employer should inform you by email, usually from your CEO or person in charge of the organisation that they will be participating in the SURVEY of which you have been selected as a participant
  • Participation in the SURVEY is optional and you should not be put under any type of pressure to complete the SURVEY
  • Your responses will remain completely confidential and any comments will be reported to your employer anonymously
  • You have the right to ask what information we are holding about you
  • You have the right to rectify any PERSONAL DATA provided by your employer if found incorrect at any point before, during or after this process
  • You have the right to request for your PERSONAL DATA to be removed from our systems, we do this by anonymisation removing your details and replacing with a random unique identifier

Should you want to act upon any of these rights we would encourage you to communicate your request through your employer.

Billing

Best Companies uses a third-party service provider for managing credit card processing. The service provider does not store, retain, or use Billing Information except for the purpose of credit card processing on the Company’s behalf.

Compelled Disclosure

Best Companies reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

Contact

If you have a question regarding our Privacy Policy, you can email privacy@b.co.uk.  Please allow up to 72 hours for a response.

How it works

See how a typical engagement journey takes shape

Find out more

Product bundles

Begin your engagement journey with one of our ready made product bundles

Find out more