Privacy notice
At Capita, we’re committed to ensuring that your personal information is protected. Your privacy is important to us and right at the heart of our business.
Please note, Capita handles Health Assessment Advisory Service (HAAS) under contract to the Department of Work and Pensions (DWP). All information processed relating to HAAS is owned and controlled by the DWP and is covered by the DWP’s Personal Information Charter. Any requests to exercise your GDPR rights or request a subject access request for data processed under HAAS, should be directed to the DWP in the first instance.
Capita’s privacy notice explains the use of the Capita website and other Capita Controlled data but not HAAS.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Data Controller of your personal information
The Privacy Notice set out below is issued by Capita Plc so when we mention “Company”, “we”, “us”, “our” or “Capita” in this privacy notice, we are referring to Capita Plc who is the controller of your personal data and responsible for how we hold and use personal information about you.
Data Protection Officer and ICO details
Capita’s Data Protection Officer (DPO) is Elvira English who can be contacted at privacy@capita.com. Capita’s registered address is 65 Gresham Street, London, EC2V 7NQ.
The Supervisory Authority is the UK Information Commissioner’s Office (ICO) www.ico.org.uk and you have the right to make a complaint to them for data protection issues at any time. However, we respectfully request that you raise any concerns or complaints with our DPO in the first instance.
PRIVACY NOTICE
Welcome to Capita’s Privacy Notice.
To make the contents easily accessible and digestible, we have set out this Privacy Notice in a layered format so you can click through to the specific areas set out below.
Please also use the Glossary terms in section 19 to understand the meanings of some of the terms used in this Privacy Notice.
This Privacy Notice describes how we process i.e. collect, organise, host, structure, store, modify, use, combine, handle, share, access, and look after your personal data when you use our website, apply for a role within Capita or request further information about our services or proposed events. This Privacy Notice also tells you about how to exercise your rights in relation to your personal data.
When using the term “personal data” or “personal information” in this Privacy Notice, we mean information that relates to you and from which you could be identified, either directly or indirectly in combination with other information which we may have in our possession.
As a website user, job applicant, supplier, client or prospect of Capita we may process different kinds of personal data about you which we have grouped together as follows:
- Your basic identification and contact details: includes your name, marital status, company address, telephone number, email address, company name, job title/position and any other personal information that you provide to us.
- Career history and qualification, training and education history: if you submit an application for a role at Capita, we will collect employment history, schools and universities attended and employer feedback.
- Technical personal data - includes information about your computer, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access this website.
- Profile personal data - includes information about your previous purchases of our products and services, your interests, preferences and information about events you have attended, feedback you have given us and survey responses.
- Details of your visits to our website, the pages you view and resources you access or download. Please see our section 14 on Google Analytics below and our separate cookie policy for more information.
- Information that you choose to provide by filling in a form on our website, including subscribing to newsletters and alerts, registering for a conference, or requesting content, such as a white paper.
- Marketing and communications data: consents, permissions, or preferences that you have specified, such as whether you wish to receive direct marketing by subscribing to receive Capita news and media alerts, or when you agree to the terms and conditions for submitting your application for employment.
- Contacting us for an enquiry - if you contact us with an enquiry, or for information, we may keep a record of that correspondence.
- Completing surveys - we may ask you to complete surveys that we use for research purposes, although you are not obliged to complete them.
- General meetings - we may collect personal information when we meet you face to face or when you contact us either on the telephone or in writing
To help you understand how we handle your personal information, below is a summary of the data protection principles which guide how we use your personal information. These principles provide that personal data should be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
We have put policies, procedures and standards in place to seek to adopt these principles in our everyday processing activities set out in this Privacy Notice.
We use different methods to collect personal data from and about you including through:
- Direct interactions. You may give us your identity, contact, financial and other personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- enquire about our products or services;
- discuss the products or services that you may offer to us;
- subscribe to marketing communications or events;
- attend events run or sponsored by Capita;
- enter a competition, promotion or survey;
- provide feedback;
- view certain content, such as white papers; and/or
- apply for a job (including records of your communications with us or reports from your job interviews).
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Identification and technical personal data from the following parties: social media channels such as LinkedIn.
- Identification and contact details personal data from publicly availably sources such as Companies House and the Electoral Register.
- Your named referees
- Recruitment agencies, your former employer, law enforcement agencies, disclosure and barring services;
- Automated technologies or interactions. As you interact with our website (including using the careers portal, subscribing to marketing) we may automatically collect technical personal data about your equipment, browsing actions and patterns which might be used with other identifying data to establish other personal information about you. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical personal data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.
- We will only process your personal information where we are satisfied that we have an appropriate lawful basis to do so.
- We rely upon different lawful bases for the processing of your personal information according to our relationship with you and the purpose for which it is collected as explained in the table below.
- Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data and therefore there may be several grounds which justify our use of your personal information.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To contact you for marketing purposes, to send you information about our offers, news and events, surveys, and polls (newsletters, white papers, invitations, and other publications). | (a) Identity; (b) Contact and (c) Marketing and Communications. | (a) Your explicit consent given by taking a positive step during your registration to receive this information or subscribe to these services and (b) Capita has a legitimate interest in publicising its products or services and those of its Group companies. |
To process and deliver your order including: (a) Manage payments, fees and charges and (b) Collect and recover money owed to us. | (a) Identity; (b) Contact; (c) Financial; (d) Transaction and (e) Marketing and Communications. | (a) Performance of a contract with you; (b) Necessary for our legitimate interests (to recover debts due to us). |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Privacy Notice and (b) Asking you to leave a review, take part in research questionnaires or take a survey. (c) To enable you to partake in a prize draw, competition or complete a survey. | (a) Identity; (b) Contact; (c) Profile and (d) Marketing and Communications. | (a) Performance of a contract with you; (b) Necessary to comply with a legal obligation and (c) Necessary for our legitimate interests (to help improve our content or services to you, to keep our records updated and to study how customers use our products/services). |
(a) To process your online job application and complete our onboarding processes should you go on to be employed by us. (b) To enter into an employment contract with you and to meet our obligations under your employment contract. (c) To check an employee’s entitlement to work in the UK; (d) to allow effective workforce management and to support business and administrative functions of the business; | (a) Identity; (b) Contact; (c) Career history and qualification, training and education history. | (a) Performance of a contract with you and (b) Necessary to comply with a legal obligation. (c) Necessary for our legitimate interests (for running our business effectively and to permit workforce planning). |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of personal data). | (a) Identity; (b) Contact and (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) and (b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | (a) Identity; (b) Contact; (c) Profile; (d) Usage; (e) Marketing and Communications and (f) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy). |
To use data analytics to understand how you and other people use the features and functions of our website so that we can improve our website, products/services, marketing, customer relationships and experiences. | (a) Technical and (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). |
To make suggestions and recommendations to you about goods or services that may be of interest to you. | (a) Identity; (b) Contact; (c) Technical; (d) Usage; (e) Profile and (f) Marketing and Communications | Necessary for our legitimate interests (to develop our products/services and grow our business). |
We may use your personal information to contact you if you subscribed and consented to receive Capita news and media alerts, or job alerts about future employment opportunities with Capita.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at marketing@capita.com
Third-party marketing
We will not share your personal data with any company outside the Capita group of companies for their marketing purposes without your permission.
You have the following legal rights in connection with your personal information:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you as well as information about how your personal data will be processed and the legal basis for the processing.
- Request correction of the personal data that we hold about you. You can request to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.
- Request deletion of your personal data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), or automated decision making and you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) If you want us to establish the data's accuracy.
(b) Where our use of the data is unlawful but you do not want us to erase it.
(c) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
(d) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you want to exercise any of these rights, please contact Capita’s Data Protection Team, Capita Plc 65 Gresham Street, London, EC2V 7NQ or email privacy@capita.com.
Please note that exemptions set out in the Data Protection Act 2018 may apply meaning that we do not have to grant your request in full. However, we will always meet your request as far as we are able.
We will only disclose personal information to a third party in very limited circumstances, or where we are permitted to do so by law, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice. The third parties to whom we provide your personal data include:
Internal third parties
- Other organisations within the Capita group of companies, where such disclosure is necessary to provide you with our services or to manage our business (e.g. the purposes of recruitment or any request or enquiry you make).
External third parties
- Banks and payment providers to authorise and complete payments.
- Credit reference agencies and organisations involved in the prevention of fraud.
- Capita’s third-party providers including information technology suppliers to provide support and administration assistance for the internal operations of our websites and infrastructure support services, and other third party suppliers/partner organisations.
- Third parties which perform the pre-employment checks, including relevant vetting services.
- Prospective seller or buyer -in the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets
- Government, regulatory and law enforcement bodies where we are required in order:
a. To comply with our legal obligations;
b. To exercise our legal rights (e.g. pursue or defend a claim); and
Our external service providers such as Salesforce (customer relationship management solution) have been specifically authorised to store you personal data. You can access Salesforce’s certifications standards and regulations which contain Salesforce’s personal data protection policy here.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We operate on a global basis. Accordingly, we may transfer the personal information we collect about you to the following countries outside the UK, or EU and EEA which are subject to different standards of data protection:
- India
- United States
Your personal data may also be processed by staff operating outside the UK or EU and EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, processing personal information linked to your browsing experience, the fulfilment of orders, the processing of payment details or the provision of support services. By submitting your personal data to us, you agree to this transfer, storing or processing of your personal data. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice.
We will take appropriate steps to ensure that such transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests. To achieve this, we will:
- Ensure transfers within the Capita Group are covered by an intra-group data sharing agreement entered into by all relevant entities within the Capita Group, which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection.
- When transferring personal data to third parties outside the UK and EU/EEA:
- Put in place International Data Transfer Agreement (IDTA) or Standard Contractual Clauses plus UK Addendum, to ensure that your information is safeguarded; or
- Ensure that the country in which your personal data will be handled has been deemed ‘adequate’ by the European Commission/ICO.
Capita has a Data Retention Standard which mandates how long records, including personal data, must be retained.
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
We use Google Analytics which is a web analytics service provided by Google Inc. to understand how people are using our website. Google Analytics stores information about what pages you visit, how long you are on the site, how people are moving from one link to another and if they get error messages from certain pages.
The cookies do not gather any information that identifies you. The information these cookies collect is grouped together with information from other people’s use of our website on an anonymous basis. Overall, these cookies provide us with analytical information about how our website is performing and how we can improve our website.
You can opt out of Google Analytics without affecting your use of our website – for more information on opting out of being tracked by Google Analytics across all websites you use, visit https://tools.google.com/dlpage/gaoptout.
We have also implemented Google Analytics tracking and Google Analytics Demographics and Interest Reporting. This is used to gain an insight into the age, gender and interests of our users to help us make decisions on how to improve the website in the future. Users can opt out of this reporting by visiting Google Ads Settings. You can find out more about Google’s position on privacy as regards its analytics service at Google support.
Visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on. You may also disable tracking cookies by clicking the privacy settings link in the bottom right of the any website page.
We use cookies on our website. Cookies are small text files that are downloaded onto your device when you visit a website. The cookies on our website records minimal personal data for the purposes of analysis, to help us understand of how people use our website. Please refer to our cookies policy - Cookies | Capita for further information about our use of cookies.
It is important to us that the personal information we hold about you is accurate and current. Please keep us informed of any changes at privacy@capita.com.
Our website may provide links to third party websites. Capita is not responsible for the conduct of non-Capita companies linked to the site and you should refer to the privacy notices of these third parties as to how they may handle your personal information.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Privacy Notice.
If you have any concerns or complaints regarding the processing of your personal data, or our compliance with the UK GDPR and Data Protection 2018, you should contact Capita’s Data Protection Officer at privacy@capita.com.
You also have the right to lodge a complaint with the Supervisory Authority
Their contact details in the UK are: -
- Website: www.ico.org.uk
- Telephone: 0303 123 1113
- Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
This Privacy Notice was last reviewed and updated on March 2023. We may amend this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version of this Privacy Notice.
If you can’t find what you’re looking for here, or have a concern about our use of your personal data, please contact by submitting a General Enquiry on our website or by contacting privacy@capita.com
- Explicit consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.