Data Protection Policy

CONTENTS

1. THE DATA CONTROLLER

2. CONTACT DETAILS

3. HOW WE COLLECT YOUR PERSONAL DATA

4. THE TYPES OF PERSONAL DATA WE MAY COLLECT

5. HOW WE USE YOUR PERSONAL DATA

6. OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA

7. SHARING YOUR INFORMATION

8. RETENTION OF YOUR PERSONAL DATA

9. DATA SECURITY

10. EXERCISING YOUR DATA PROTECTION RIGHTS

11. UPDATE OF THIS POLICY

INTRODUCTION
 

Worker Info Exchange is committed to protecting the privacy and data protection rights of everyone who shares their personal data with us.  This policy replaces our previous policy dated April 2021.
 

Platform Info Exchange Ltd., publicly known as Worker Info Exchange (WIE), is a non-profit organisation dedicated to helping workers access and gain insight from data collected about them at work. We are a company registered in England & Wales with the company number 11891546. For the purposes of this policy the data controller will be referred to as “WIE”, “we”, “us”, “our” here after.
 

Whether you are an Uber driver or a Deliveroo rider, WIE aims to tilt the balance away from big platforms in favour of the people who make these companies so successful every day – the workers. By working together to collect and pool our data as workers we can begin to demand a better deal at work.
 

We will never sell your data to third parties or share it for any commercial purposes such as advertising or marketing.

 

1. THE DATA CONTROLLER
 

Platform Info Exchange Limited is the data controller for all the personal data we process and retain. We are registered with the Information Commissioner as a data controller with registration number ZB297201.

 

2. CONTACT DETAILS

 

The address of our registered head office is Broxhead House, 60 Barbados Road, Bordon GU35 0FX, United Kingdom. You can contact us by email at office@workerinfoexchange.org.

 

3. HOW WE COLLECT YOUR PERSONAL DATA
 

We may collect information from you when you communicate with us via our website, email, telephone, or text service. Some of the data we collect may be considered special category data.  We will not collect data for anyone below the age of 18 years.

We may collect data from you when you:
 

I. Apply to us to make a data subject access request on your behalf

II. Provide us with personal data relating to your work

III. Visit our website

IV. Visit our social media pages

V. Contact us directly by email, phone or message service

 

4. THE TYPES OF PERSONAL DATA WE MAY COLLECT
 

In this section we describe the data we collect concerning three main categories of data subjects including:
 

  • clients we serve,

  • people who work for us and

  • people who visit our website.

 

Clients we serve
 

When you make a data subject access request using our online service, we may collect the following information from you:
 

I. Your name

II. Your home address

III. Your email address

IV. Your phone number

V. Who your employer is

VI. Your ethnicity
 

It is necessary to collect this information so that we can securely authenticate your identity to your employer. Documents such as driver license & passport ID is immediately deleted and not held after your identify has been authenticated.
 

When you provide us the results of a data subject access request from your employer or if you instruct your employer to port your personal data to us directly, we may receive from you different types of personal data relating to your activity at work.
 

Data you may have provided the employer including:
 

I. Vehicle details including registration, serial number, fuel type, make and model

II. Device details including IP address, IMEI numbers and ad services identifiers

 

Data the employer observed about you at work including:
 

III. GPS data including time, location, speed and direction of travel

IV. Trip/task data including duration, dispatches, cancellations, GPS data, fares/fees and deductions

V. Performance ratings data assigned by customers to you or by you to customers

VI. Fraud and security events data including biometric, location and other forms of identity checks

VII. Telematics data including braking and acceleration data

VIII. Audio recordings of phone calls with you made by the employer

IX. Messages and notifications sent by the employer to you and vice versa

X. Complaints and compliments made by customers to the employer about you

XI. Restrictions on app services made by the employer effecting you

 

Data created by employer based on inferences about you including:
 

XII. Performance profiles including earnings, acceptance rates, customer service interactions

XII. Profiles about you used in automated decision making at work

XIV. Profiles relating to fraud and security including fraud probability scores


 

People who work for us
 

I. If you work or volunteer for us, we may use information necessary for us to process your application and assess your suitability (such as employment status, previous experience, unspent criminal convictions)

 

Personal data collected includes: 
 

  • your name, address and contact details, including email address and telephone number

  • details of your qualifications, skills, experience and employment history 

  • information about your current level of remuneration, including benefit entitlements 

  • whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process 

  • information about your entitlement to work in our office locations

  • equality and diversity personal data. 
     

We may collect this information in a variety of ways. For example, application forms, CVs or resumes, obtained from your passport or other identity documents provided by you, or collected through interviews or other forms of assessment. 
 

Your information may be shared internally for the purposes of the recruitment process. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, where it is necessary for the performance of their roles.
 

Equality and diversity personal data is for independent monitoring purposes only.

We will inform you prior to seeking your personal data from third parties, such as references supplied by former employers. 
 

Data will be stored securely on your application record and on other IT systems (including email).

If your application for employment is unsuccessful, the organisation will hold your data on file for 6 (six) months after the end of the relevant recruitment process. 
 

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment.

 

People who visit our website

 

When you visit our website, we may create cookies which can then be transmitted to your device so that when you visit our website in future we may be better able to serve you. These cookies are generally used created by the website hosting service.  The main categories of cookies created include:

 

  • Essential Cookies: These cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled.
     

  • Marketing Cookies: These cookies are used to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests.
     

  • Functional Cookies: These cookies collect data to remember choices users make to improve and give a more personalised experience.
     

  • Analytics Cookies: These cookies help us to understand how visitors interact with our website and discover errors.
    ​ 

You can use your browser settings to manage cookie preferences. Each browser is different, so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. It is not possible to opt-out of cookies that are strictly necessary as this would impact the website’s functionality.

 

5. HOW WE USE YOUR PERSONAL DATA
 

We only process your personal data where necessary and then only in accordance with our charitable mission in support of workers. We will never sell your data to third parties or share it for any commercial purposes such as advertising or marketing.

In the following we describe how the purposes for which we use your data:
 

II. To deliver our contractual agreement with you to make a detailed subject access or portability request on your behalf.
 

III. To conduct an identity check before we make the subject access request on your behalf. The identity information collected from you by our third party on demand service provider, Onfido, is deleted after your identification has been verified.
 

IV. To investigate your work related data in order to advise you and support you in any potential dispute with the employer or regulatory authority including dismissal appeals and court proceedings.
 

V. To aggregate your data with the data of other workers so that we can provide workers and their unions collectively insight on working conditions including pay, working time, time utilisation, quality of work offered over time.
 

VI. To communicate with you via phone, email or messaging for the purposes of sharing knowledge and news about our work and key events.

 

 

6. OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA

 

To protect your interests, we must have an identifiable and justified legal basis for collecting and using your personal data. The legal basis we rely upon varies according to the circumstances in which collect and use your personal information and they fall into the following categories:

 

I. Consent – for example, where you have given us your consent to collect your and use your personal data
 

II. Performance of a contract – for example, when you visit our website and fill in our request data application which creates an agreement for us to make a data subject access request on your behalf
 

III. Legitimate interests – for example, where we believe it is in our legitimate interests as a digital rights NGO to use your data, in a fair and proportionate manner, to further our organisational objectives. This may include processing your data for the purposes of administration, communication, marketing and regulatory compliance.
 

IV. Regulatory compliance – for example, where we need to process your data in order to comply with the law.

 

 

7. SHARING YOUR INFORMATION
 

We do not share your personal data with any third party for commercial reasons. From time to time we may sub-contract processing of your data with other specialist partners for the purposes of storage and analytics services.
 

Your work-related data may be shared with selected academic and public interest research groups to advance our work in advocating for the rights of workers and for improved working conditions. Any such sharing would be subject to a strict sub-processing agreement.    
 

Your data will be stored on servers located in the UK or European Economic Area (EEA).

 

8. RETENTION OF YOUR PERSONAL DATA
 

We retain the work-related data you have given us for as long as necessary to support the purposes set out above in section 5.   
 

You may request the deletion of your personal data at any time by emailing us at office@workerinfoexchange.org.

 

9. DATA SECURITY
 

We adopt strict data security protocols and use secure technologies to safeguard the use of your data. Unfortunately, the transmission of data via the internet is not 100% secure and we cannot accept responsibility where data has been illegally intercepted.

 

10. EXERCISING YOUR DATA PROTECTION RIGHTS
 

You always have the right to exercise control over any of your personal data that we may collect and use. Most importantly of all, at any time, you can request that we stop using your data and to request that we provide a copy of the information we hold about you.

In addition:
 

  • Where we process your data under your consent, you have the right to withdraw that consent at any time.

  • You have the right to rectify your data if it is inaccurate or incomplete.

  • You have the right to request the deletion of your personal data.

  • You have the right to restrict our processing of your data if there is disagreement about its accuracy or legitimate use of it.

  • You have the right to copy or transfer your data to another data controller.

  • You have the right to object to our processing of your data based on legitimate interests as described above.
     

 To exercise any of these rights or if you have any questions please contact us at: office@workerinfoexchange.org
 

 If you would like to make a complaint to the governing regulatory authority, you can contact the Information Commissioner’s Office by accessing their website or by phoning: +44 303 123 1113.

 

11. UPDATE OF THIS POLICY
 

We may occasionally update this policy in order to better serve and protect the interests of our stakeholders. This policy was last updated on April 15, 2022.