Privacy Notice

Who we are

PPL is a specialist independent consultancy and social enterprise supporting the development of public services, focusing on improving outcomes for people living in communities across the UK: http://ppl.org.uk/

Registered Company Name: Private Public Ltd. Company Number 6405704.

ICO notification number Z1199536. Registered Office: 23 Jacob Street, London SE1 2BG.

Our privacy notice

PPL is committed to protecting and respecting your privacy. Under data protections laws, we are a data controller in relation to personal information. This means we are responsible for deciding what information to collect and how it is used. Our contact details are set out in the Contacting PPL section of this privacy notice.

This notice explains what personal information we collect, how and why we use it, who we disclose it to, and how we protect it.

Our website is intended for use by, our current clients, prospective clients and professional and business contacts. It contains information about joining PPL, please note that we have a dedicated “Join us” section on this site which has its own Job Applicant Privacy Notice (GDPR).

What are the Data Protection laws?

The Data Protection Act 2018 contains most of the rules about how personal information should be collected and processed. It is replaced on 25th May 2018 by the EU General Data Protection Regulation (GDPR). Other rules exist which govern things like email direct marketing.

This privacy notice takes into account of all of the rules, including GDPR.

What personal information do we collect?

PPL will always try to keep the amount of personal information we collect to the minimum needed.

How will we use the information we collect about you and why?

At PPL, we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in our Master Service Agreement, Statement of Works and supporting Schedules and as we have identified above. We will use this information subject to your instructions and in accordance with data protection legislation requirements and our duties related to confidentiality.

For business with our Clients our lawful reason for processing personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.

Our work for you may require us to pass your information to our third-party service providers / sub-contractors for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

We will never share your information for marketing purposes with companies so that they may offer you their services.

What is the lawful basis for processing?

In general, we do not require your consent to process your personal information because the processing is necessary:

However, you do have the right to object to how we process your personal information, or ask us to restrict processing.

We do not generally collect “sensitive personal data” or “special categories of data” where the rules about how we process it are stricter.

If you object to or ask us to restrict the processing of your personal information, this won’t affect the lawfulness of the processing we’ve already carried out.

Please see the below for Your Rights section for more details.

How we protect your personal information

PPL ensures an appropriate level of security to protect your personal information, including protection against unauthorised disclosure or unlawful processing and against accidental or intentional loss, destruction or damage.

We employ up to date technologies and systems to protect your personal information from unauthorised disclosure or damage or misuse. We ensure that our staff receive regulation training about information security and data protection.

We meet the ISO/IEC 27001:2017 standard for information security management systems.

We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal information.

How long will we keep your personal information

We will keep your personal information for as long as is required for the purpose explained in this notice. When we no longer need it, we will archive your personal information, then after twelve (12) months, this will be deleted permanently. We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.

Your rights in relation to your personal data

You have a number of rights under data protections laws. These are:

You also have the right to:

How do I exercise my rights?

If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time using the details set out in the Contacting PPL section below.

We will respond to any request received from you within 30 days from the day we receive your request.

Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.

To find out how to make a complaint to the Information Commissioner’s Office, see Contacting the Information Commissioner’s Office.

Contacting PPL

If you have any queries about how we use your personal information you can contact the Data Protection Officer through any of the following means:

By Post: PPL, 23 Jacob Street. London. SE1 2BG.

By Email: info@ppl.org.uk

By Phone: 020 7692 4851

Contacting the Information Commissioner’s Office (ICO)

The ICO is the UK’s independent body set to uphold information rights. You can fine more about the ICO on their website here. The ICO can also be contacted by post, email and by phone.

Changes to this privacy notice

This privacy notice is current as at 4th October 2019. We make changes from time to time and you should regularly check for updates.