This privacy policy applies to the collection and use of client and visitors’ personal data by Public Digital Holdings Ltd (Company Number: 10993674) and its subsidiaries.

As a company processing your personal data, we are regulated by the General Data Protection Regulation (GDPR). This page is intended to keep you informed about what we do with the personal data we process.

What information do we collect?

When you visit our website

Information is collected in these ways:

  • Automatically in our server logs, to help us keep the site reliable and secure. This includes your IP address and browser type, and which pages are visited. We use Solarwinds’ Papertrail to manage those logs, and may keep them for up to a year. Their privacy notice can be read here.

  • We use cookies to record whether you consent to our use of analytics, and if you did consent then cookies are used to gather the data. If you give your consent, we use Google Analytics to help us improve the content and design of the website. This also includes IP address, browser type and pages visited, along with some extra information about the technology you use. We don’t use it to gather demographic information. Their privacy notice can be read here.

  • If you leave a comment on the website we will store your email address and may send you emails about follow-up comments. We store those email addresses in a database service from DigitalOcean. Their privacy notice can be read here. We use Wildbits’ Postmark for those notifications. Their privacy notice can be read here.

  • We may collect your IP address, browser type, operating system, and the page you're visiting and send it to Sentry, which is an application security monitoring service.

The website is managed for us by Fieldwork, hosted by DigitalOcean, with some additional services from Amazon Web Services. Other than the email addresses mentioned above we don’t store any personal information with either DigitalOcean or Amazon Web Services.

When you join our newsletter

When you sign up for our newsletter we collect identity data such as your name and email address, so that we can send you the newsletter.

We also collect analytics on who opens the newsletter and which links they follow. This is used to work out which content is of interest to our subscribers.

That information is managed for us by Mailchimp. You can read their Privacy Policy here.

When you make a nomination or register for the Future of Government Awards

When you make a nomination for the Future of Government Awards we collect identity data such as the name and email address of a person you are nominating. We do this so we can contact them about your nomination or the event. We collect information on the nominee’s place of work. This will be used to work out what content will be of interest for case studies relating to the nominees and their teams.

We also collect/have access to the information you share as part of your nomination. This includes content you have created. That information is managed for us by Kobo. You can read their Privacy Policy here.

We will inform you within 10 UK working days if someone names you as the point of contact when they nominate you.

When you register to attend the online awards ceremony, we collect identity data such as your name, email address and place of work. This will be used to contact you about the event and tailor the event content.

That information is managed for us by Google. You can read their Privacy Policy here.

When we have engaged in a business development conversation with you, 

When you engage with us to discuss a new business opportunity, we will collect, obtain, and hold a range of data about you that may be able to identify you directly or indirectly. We use HubSpot as our customer relationship management (CRM) platform to organise and manage this information. 

This data can include your name, contact information (such as email address and phone number), professional details (such as your job title and the organisation you work for), and any other information relevant to the business development conversation. 

This information is used solely for the purpose of facilitating and maintaining our business relationship, including follow-up communications, project management, and service delivery.

When you are engaged with us as a client

When you engage with us to deliver services for you, we will collect, obtain and hold a range of data about you that may be able to identify you directly or indirectly. We use HubSpot in the same way as described above. 

Registration stage:

  • Name

  • Professional contact details- address, telephone number and email address

  • Potentially personal contact details- address, telephone number and email address

  • Company name

  • Job title

  • Social Media links

Whilst providing services

  • Information relating to your business

  • Personal data relating to your employees

Why do we collect this information?

We collect and process your personal data for the following reasons:

  • Managing our website

  • Recording and managing your professional information we hold

  • Recording, administering and progressing your organisation’s contracted engagement 

  • Determining the terms on which we will provide services to you

  • Generally administering the contract we have entered into with you.

  • If you consent, to sending you Public Digital’s e-newsletter

  • Processing legal claims

  • Respond to comments and enquiries

  • Send you a copy of ‘Signals’ if you request one

  • Inviting you to events

  • Evaluating the effectiveness of Public Digital’s services, either by contacting you directly for feedback or using anonymised or pseudonymised data for analysis.

The legal basis for processing this information

We take our obligations around the handling of data very seriously, and it is therefore, important for you to know the various lawful bases that we rely on under data protection law for the processing of your personal data.

In order to be able to process your data lawfully, we must rely on a specific lawful basis, depending on the main reason why we need the data. Below we will explain these lawful bases:

  • Consent- You have explicitly consented to us processing your personal data, for example to send you our newsletter.

  • Contract- It is necessary for the performance of a service contract with you. This also relates to information that we may need to process prior to entering into the service (e.g. providing a quote).

  • Legal obligation- We may need to process your data to meet legal requirements such as responding to legal requests. Where we process special categories of data, such as information about ethnic origin, health conditions, and religious beliefs, we rely on this basis.

  • Legitimate Interests- We will collect and use your data for our legitimate business interest in delivering services to you, to manage our relationship with you and to evaluate and maintain the efficacy of our services more generally. Where we use this basis we will have ensured your interests and fundamental rights do not override those of ours.

Who do we share your information with?

As a principle, only minimal information will be shared as necessary and only where we have identified a lawful basis or exemption for doing so, and the data is proportionate to the need.

Your information will be shared with the third party providers referred to above that help us operate this website and provide our products and services (these recipients act on our behalf and under our instructions only), we share internally within Public Digital for the purposes of delivering services and managing our relationship with you. It will also be shared as required with our contracted Network Members or Contractors who are supporting to deliver the agreed services to you. 

Transfers to third parties outside the EEA
Where appropriate for certain client matters, we may use service providers located outside the EEA. When we transfer personal data to such service providers it will usually be on an ad hoc basis, and in accordance with instructions from our clients.

To manage our services, we use third party platforms which may transfer your data outside of the EEA. Where the recipient is located in a country which has not been deemed by the European Commission to have adequate laws in place to protect it, we ensure the appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or your consent.

Public Digital is required to share your data with third parties when legally obliged, for example to the police for matters relating to the detection and prevention of crime.

How long do we keep your information?

As a principle, information about you will not be kept for longer than it is needed for the purpose it was collected.

Public Digital has a records retention schedule which documents how long different information is required to be retained. When it is no longer required in line with its retention period, personal information is securely and permanently destroyed.

How do we protect your data?

We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

We ensure that your personal data is processed lawfully and respectfully, ensuring that we are always compliant with data protection laws and information security standards, for example, the General Data Protection Regulation and Data Protection Act 2018. We also have procedures in place to deal with any suspected data security breach.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

What rights do you have in relation to the way we process your data?

As an individual whose data we process (a data subject), you have certain rights in relation to the processing:

The right to Information Access
You have the right to access the information about you that Public Digital holds about you. 

The right to Data Portability
You have the right to move, copy or transfer the Personal Data we hold from one IT environment to another in a safe and secure manner. 

The right to Rectification
You have the right to correct any personal information that we hold that may be incorrect. 

The right to Object to Processing
This right allows to you to stop Public Digital using your Personal Data at any time for purposes such as direct marketing.

The right to Erasure (Right To Be Forgotten)
You can use this right in certain circumstances, to ask us to erase any personal data that Public Digital holds about you. 

The right to Restriction of Processing
You have the right to restrict the processing of your Personal Data. This means you can limit the way we process your information in certain circumstances. 

For more information about these rights please visit the Information Commissioner’s website.

If you would like to exercise any of these rights, please contact the Public Digital Data Protection Officer at [email protected].

Contact us

For any query or request relating to our use of your personal data, or to exercise your rights, you may contact us via [email protected]

If for any reason you're not satisfied with our response you can make a complaint to the UK Information Commissioner  (an independent body set up to advise on information rights for the UK) about the way in which we process your personal data. Details on how you can do this can be found at the Information Commissioner's Office (ICO) website.

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Last updated: 23rd, February, 2024.