Privacy policy
We are committed to respecting your privacy and complying with data protection law.
This privacy policy aims to help you understand how we collect, use, and protect your information.
We want to help you make informed decisions, so please take a few moments to read this policy.
Who are we and why do we process personal data?
We are BigChange Group Limited a mobile workforce management technology company based in Leeds, United Kingdom and will process your data in one of the following ways:
• you are a BigChange customer and are already using our workforce management services.
• you are an employee, former employee or have applied for a role with us.
• you are a supplier to BigChange.
• you are a prospective customer and are exploring the products and services that BigChange can deliver to your organisation.
We’ve provided more detail in the sections below on how we use and manage your information.
However, if you do not have a direct contract with BigChange, and you do have a direct relationship with one of our business customers (e.g. As an employee of the business customer, or as a customer of that business), then you should review their data privacy information and contact them in the first instance. It is likely that they are the data controller and will be best placed to help you. The contact information is typically contained in their privacy policy, which is usually provided on their website.
You are a customer with BigChange:
As a business customer, we will process data that you input about your prospects, customers, suppliers, and employees. In some instances, you may arrange for others to input data on your behalf. Our role therefore is that of a data processor.
The data is collected from you via our websites, mobile apps, trackers, import services, system integrations and webservices API via our integration products. Contracts with BigChange constitute written instructions to process the data that you send to us or arrange for others to send to us.
What customer data do we process?
If you are a customer of BigChange, then we process two types of data:
• data that you provide to us about your customers, enabling you to deliver products and services to your customers.
• data that is required for us to deliver our contract to you, for example, contact information of your employees.
Where we are processing personal data to fulfil our legal obligations to our business customers, the data that we process and store on your behalf has determined them. Typically, our business customers process:
• name, and other identity data.
• address and contact details.
• timesheets and expenses.
• skills, qualifications and driving licence details.
• personal or business vehicle details.
• locations and journeys collected via vehicle tracking and other mobile devices.
• driving events and behaviour scores calculated using business customer configured algorithms.
• signatures.
• job-related photographs which typically would not include images of people or identity documents.
• phone call recordings and meeting videos.
• other business, personal and possibly sensitive personal data as determined by our business customers.
To deliver our contract to you, we will process information for business administration purposes e.g. Invoicing, shipping and installation of products and delivery of services. Information about you is collected when calls are made to the support helpdesk eg. Name, contact telephone numbers, email address. We may use this information for credit checking.
Like many organisations, we utilise technology to deliver great service to all our customers, in a sustainable way that is timelier and more accessible than if we had to visit everyone in person. e.g. Through products such as Zoom, Fireflies or Microsoft Teams. In some instances, we will record telephone conversations and web-based meetings for quality and training purposes. If you would prefer this information not to be collated, please inform your host at the beginning of any call.
Customer use of our integration products
If you are a BigChange business customer, you may purchase our integration products or services with third party providers such as Microsoft, Sage and Xero. By ordering these services and using these products we understand that you are instructing us as a data processor to pass personal data to/from your third party provider. In these instances, BigChange is not responsible for the data processing practices of third party providers. We encourage you to review your third party providers’ respective privacy notices before connecting.
You are an employee or a former employee at BigChange:
If you are an employee or former employee, then we are defined as the data controller. If you would like to understand more about how your data is processed, then please refer to the employee privacy handbook. This document provides further detail on how your information is collected and used.
If you are unable to find or access this information, or have queries then please contact dpo@bigchange.com
You are a prospective employee at BigChange:
If you have applied for a position with BigChange, we need to process certain information about you. We only ask for details that will genuinely help us to consider you for a role, such as:
• name
• contact details including telephone numbers, email address and postal address
• CV / work history
• work preferences including role, geographical area, salary
• publicly available information, or information provided by you, in relation to professional history, educational background, employment history, skills and experience, professional certifications and affiliations, educational and professional qualifications
With your permission, we may ask you to provide information relating to your gender, ethnicity, sexual orientation, disability, religion, and belief. By collecting and analysing equality and diversity data, we can ensure our recruitment practices are providing fair access and opportunities for all, and that we are able to meet our obligations under the equality act 2010.
We will store your personal data in our applicant tracking system for 12 months from the date of your initial application/submission. After the 12 months has expired, your data will automatically be deleted from our records except in circumstances where you are part of a live application process or you have updated your details, or you have asked to be considered for future opportunities with the organisation. In these instances, the retention period will be extended by a further 3 months. You have the right to delete your personal information at any time.
More information is available for you in our Employee Privacy Handbook or you may contact dpo@bigchange.com for further assistance or write to the address below.
You are a supplier to BigChange:
If you are a supplier to BigChange, then we will hold information that allows us to administer our contract with you. This will include contact details such as your email address, a contact telephone number and banking details to ensure that we can pay you for the goods or services that we receive.
If you are a subcontractor or supplier with BigChange, you may contact dpo@bigchange.com for further assistance or write to the address below.
You are a prospective BigChange customer
We maintain a marketing database of prospective and current customer data where consent has been given, and not withdrawn or expired, or where we have reason to believe there is legitimate business interest in us keeping potential prospects and existing customers informed of our company, products, and services.
This information can be collected directly from our website when a visitor signs up to hear more about our products and services, or from other publicly available sources such as LinkedIn, or from referrals or from events that we may attend or host.
We may record calls that we make to prospective customers for quality and training purposes. We believe that we have a legitimate interest to do this in order to monitor and improve the content of the calls that are made to prospects. Our call recordings are retained for no longer than 12 months.
If you would like a transcript of any calls that are made to you, then please contact us at the details below.
Our approach to the processing of your data
Regardless of whether you are a customer, an employee, or a supplier, we are custodians of your data. We are committed to maintaining the confidentiality, integrity and availability of your data. The following sections outline our approach to keeping your information safe.
Disclosure of your information to third parties
We may disclose your information to our subsidiaries, and other third parties we engage to enable us to provide services to you. We use third parties to help us host our infrastructure and applications, communicate with customers, power our emails, support our business office activities as we believe they are the best in their field at what they do. An example of our third-party providers includes Amazon Web Services (AWS) and Microsoft. Any personal data is shared only when strictly necessary and according to the safeguards and good practices detailed in this privacy policy.
A list of current sub-processor categories is available to parties with whom we either have contracts or are in discussions with. You can email dpo@bigchange.com to request a list of sub-processor categories. We will introduce new sub-processors or retire existing sub-processors in order to deliver and optimise the service we provide to you. Details of how we manage transfer of personal data outside of the UK and EEA is detailed in the section below.
Transfer and use of information inside and outside the UK and European Economic Area
BigChange continually strives to maintain a high level of compliance with all applicable data privacy legislation and regulation in the united kingdom, the European Economic Area and beyond.
As we have partners and services providers based outside of the UK, your personal data may be accessed or otherwise processed in other countries. We have implemented measures and safeguards to ensure that any transfer of data is compliant with our data protection laws. For example, we have implemented appropriate transfer mechanisms, such as standard contractual clauses, that are approved by the ICO and / or the EU. Prior to the appointment of any new third party, we perform a detailed privacy impact assessments and data transfer risk assessments to ensure the companies receiving your data can comply with these obligations. We continue to assess our suppliers and are mindful of the recent changes introduced by the EU and the UK with regards to data transfers to the USA. Please contact us if you wish to know more.
As an internet-based platform, our customers may also access our services and products while visiting countries outside of the EEA. In accordance with our contractual obligations to deliver service, we interpret this as an instruction to export the data. The data protection and other laws of countries outside the EEA may not be as protective of your information as those in the UK or the European Union.
Retention periods
Data processed by BigChange is subject to data retention policy and processes which, where practicable, minimize the retention of data. We retain your data to comply with contractual, legislative, and regulatory obligations.
We will typically retain data on our systems for 12 months after the end of a contract with our customers unless they have requested that the data be held for a longer or shorter period of time. At the end of this period, the data will be removed from our systems.
In order that we can provide the best possible service to you, we have agreed and documented retention schedules that we consider to be relevant and proportionate to the service we are providing. If you would like more information on our retention periods, then please contact us at the addresses below.
Information security
BigChange understands the importance of good information security management and is certified to ISO 27001 to demonstrate this commitment. We identify, develop, implement, maintain, and continuously improve a wide range of policies, processes, procedures, organisational and technical controls to maintain the confidentiality, integrity and availability of your data. We are audited on a regular basis to ensure that these controls continue to meet the requirements of ISO 27001.
Please be aware that communications over the internet, such as emails and file transfers, are not secure unless they have been encrypted. Browser access to BigChange websites and applications that process personal data is encrypted.
Despite the encryption described above, your communications may route through several countries before being delivered – this is the nature of the internet – and BigChange is therefore unable to guarantee the security of any information you transmit to or via our website.
Marketing & website activities
BigChange does not sell, trade, or rent your information, and does not give or distribute it to any third parties except as described above.
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
If BigChange are marketing or contacting you directly, whether by email, telephone call or post, and you wish to be removed from our marketing database, then please contact us at dpo@bigchange.com
BigChange’s use of cookies and similar technologies
BigChange websites use a mechanism called “cookies”. A cookie is a small amount of data, that includes an anonymous unique identifier (session ID), that is sent to your browser from a website’s computers and stored on your computer’s hard drive, if your browser settings permit it. In simple terms, there are two types of cookies:
• functional cookies are cookies that ensure the proper functioning of the website (e.g. cookies for login or registration, language preferences) and their installation does not require your permission.
• non-functional cookies are cookies that can be set for statistical, social, targeting, and commercial purposes. Installation of these cookies on your devices requires your permission and will only be applied once your permission has been provided via the cookie banner.
We also use technologies similar to cookies, called pixels, that perform a similar function to non-functional cookies. When you use the BigChange websites, we will set and access cookies on your computer as described below to enhance your user experience and for your convenience in using the site. You can change your preferences at any time by following the link on the website to amend your cookie settings.
Microsoft add-in ‘cookies’
BigChange Word for Templates and BigChange for Email are integrations between the BigChange job management platform and Microsoft Office. We use local storage (like cookies) to hold the users’ email addresses, names, user ids, an auto-logon access token for the BigChange job management platform, and the BigChange webservices url. This data is stored until you delete it by signing out of the add-in or clearing the browser’s stored data. Auto-logon access tokens for the BigChange job management platform expire after 7 days. These are necessary cookies and support the functionality of the BigChange job management platform.
Analytics cookies
In addition, we use analytics tools to help understand how users use our sites. This information is used by us to improve your user experience and to identify potential new customers.
We use the following cookies on our website:
• Hotjar – for understanding how users navigate the site. No personal identifiable information collected. Anonymous user sessions are recorded.
• LinkedIn insight tag – for the purposes of running LinkedIn campaigns – and tracking conversions.
• Google tag manager (which enables Google Analytics and Google AdWords – see below)
• Google AdWords and DoubleClick – for tracking the conversion of Google AdWords pay per click ads and for re-targeting activities.
• Google Analytics – for the purposes of understanding visitor traffic metrics and behaviour
• Lead Forensics – our sales representatives receive an alert when a known contact revisits the website.
• Facebook Ads - allows us to measure the effectiveness of our advertising.
The information generated by the Google Analytics cookie about your use of the websites is transmitted to google, and used to evaluate and compile statistical reports about this use for BigChange.
We will not apply analytics cookies or pixels without your permission, which is managed through the cookie banner on the website.
To opt out of being tracked by Google Analytics across all websites, visit Google Analytics opt out.
To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
• Opera
To find information relating to other browsers, visit the browser developer’s website.
Change your consent
You can change your consent or amend your preferences at any time using the cookie button on the website. If you have any concerns, then please contact us.
Privacy support
We regularly review our privacy policy to reflect our changing business and evolving best practice. We reserve the right to amend or modify this privacy policy at any time, please check for the latest version on our website at www.bigchange.com.
Our data protection officer can be contacted via dpo@bigchange.com.
Our address is: 3175 Century Way, Thorpe Park, Leeds LS15 8ZB.
We will respond to your request promptly and comply with your wishes subject to applicable privacy and other legislation, and any relevant contractual terms and conditions.
If your primary contact is not with us, and is with a BigChange business customer, please contact that business.
EU representation
Following the UK's departure from the European Union, BigChange has appointed a representative within the EU for queries related to data privacy and to support the fulfilment of data subject rights. If you are an EU resident, and do not have a business contract with BigChange, then please contact rgdp@bigchange.com for advice or write to: BigChange, Legalim, 9 rue Pierre Le Grand, F-75008 Paris.
You have the right to complain about BigChange’s personal data management to your country’s data protection regulator; in the UK this is the information commissioner’s office (www.ico.org.uk). The regulator in France can be contacted at www.cnil.fr, and in Cyprus at https://www.dataprotection.gov.cy.
A full list of the data protection regulators in Europe is available at https://edpb.europa.eu/about-edpb/board/members_en.
Download our privacy policy as a pdf
If you wish, you can download our privacy policy as a pdf