Your Privacy is Important to us

Protecting the security and privacy of personal information for all individuals is important to us at and to the way we conduct our business in compliance with laws on privacy, data protection and data security. The purpose of this policy is to summarise what information we may collect, how we use and protect that information and with whom we may share it.

We are committed to maintaining the highest standards of integrity in our business and for our employees, customers, service providers and partners. At times, it may be necessary to obtain, handle, process, disclose, transfer and store information about our employees and clients. We take these activities seriously and seek to provide fair, secure and appropriate methods, that are consistent with both generally accepted privacy ethics and standard business practices.

If you have any questions or comments about our Data Protection and Privacy Policy, please contact

Our Privacy Policy should be read by anyone concerned or interested in how TheEngagementWorks uses and/or protects personal information.

Data Protection Act 1998

TheEngagementWorks may process information relating to you (including personal data as defined under the Data Protection Act 1998), including holding such information in a manual format or electronic database, to satisfy contractual, regulatory or statutory requirements we may have. Unless we receive specific written instructions to the contrary you agree that we may process this information to fulfil such obligations.
We are also fully committed to protecting the data privacy rights of all individuals as covered under the General Data Protection Regulation (GDPR) effective from 25th May 2018.

Personably Identifiable Information

Through our root website, we will not collect any Personally Identifiable Information about you (e.g. your name, address, telephone number or e-mail address (“Personal Information”)), unless you voluntarily provide it (e.g. by registration, email enquiry, survey etc.)). If you do not want your personal information collected, please do not submit it.
By using our website, submitting your Personal Information or using our services, you consent to us using your Personal Information as described below. You also consent to us transferring your Personal Information outside the European Economic Area (“EEA”) where it is done in connection with us providing services to you or where it is necessary for us to fulfil our legal obligations.

How do we use your information?

We may use your information for any one or more of the following purposes:

  • to confirm your identity and maintain your personal profile with accurate and current data
  • to manage your account and keep you updated on account related matters
  • to provide the services to you that you have requested including processing transactions
  • to contact you when necessary or appropriate in relation to the services being provided to you
  • provide you with information about our products and services and provide you with information or opportunities that we believe might be relevant
  • to you to tailor the website or other service we provide to you to your needs and interests


We do not now (and do not intend to in the future) sell, rent or otherwise disclose or market your Personal Information to third parties.

Non-Personal Information Collected Automatically

When you access website, we may automatically (not by registration) collect statistical information that is not personally identifiable (e.g. type of Internet browser type of device and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed). We may use this information and share it with our affiliates and partners to measure the use of its website and improve its content.

Who we may disclose your Personal Information to

Your Personal Information may be disclosed to:

  • the Financial Conduct Authority and other regulatory authorities, governmental bodies or authorities whom we are required to disclose by law;
  • financial institutions and other similar organisations that we deal with in our business;
  • service providers and specialist advisers who have been contracted to provide us with administrative, financial, insurance, research or other services;
  • any third parties where this is necessary to process a transaction or provide services which you have requested;
  • credit providers, courts, tribunals and law enforcement agencies;
    credit reporting or reference agencies;
  • or anyone authorised by you (such as your financial adviser, broker, solicitor or accountant).


Generally, we require any third-party service provider that we share Personal Information with, to undertake to respect any individual’s right to privacy and comply with the Data Protection Principles.

Retention of records

TheEngagementWorks will keep Personal Information only so long as it is necessary as required by law. When the Personal Information is no longer required, it will be destroyed either by shredding or other approved destruction methods to prevent unauthorised parties from gaining access to the information during and after the process. We will safeguard information in our custody.


We take precautions to ensure the security of your personal information and strive to keep it accurate. We diligently protect your personal information from loss, destruction, falsification, manipulation, and unauthorised access or unauthorised disclosure and have developed and will maintain security procedures to safeguard Personal Information against loss, theft, copying, and unauthorised disclosure, use or modification. Access to Personal Information is restricted to employees and authorised service providers who need it to perform their work.

Access to your Personal Information held by us

Under the UK Data Protection Act, you have the right to obtain a copy of any Personal Information which we hold about you and to advise us of any perceived inaccuracy.

If you wish to make an access request, please contact us verifying your identity and specifying what information you require. We may charge a fee to cover the cost of verifying the application and locating and retrieving, reviewing and copying any material requested.

As a company handling personal data, we are also committed to meeting the General Data Protection Regulations effective from the 25th May 2018. Under this regulation you also have the right to be forgotten, the right to restriction of processing and the right to data portability and we will support these rights providing there is no overriding legal reason preventing these rights.

Customer Personal Data we collect

Where we have entered into an agreement with a customer, for the purpose of the Data Protection Act 1998, the customer is the ‘Controller’ for all Personal Data uploaded to Engage and TheEngagementWorks is the ‘Processor’.

In order for Participants, Leaders or Admin users to have access to the Engage platform, your name and email address as a bare minimum will be required. Any additional Personal Data uploaded to the platform is controlled and at the discretion of the customer administration users, but may include data such as; role, department, business function, salary range, length of service, level of seniority, main location of work, age bracket. Participants can view data held about them on the My Bio screen and request data to be updated or deleted via their employer.
Each customer instance has its own discreet database held on The Cloud, hosted in the UK, and protected by industry standard security data encryption.

How we use your Personal Data

Your Personal Data to personalise your access to Engage, to filter reporting and to target specific email and Push Notifications. No automated decisions are made based upon your Personal Data and you have the option of providing detailed feedback anonymously. You can set the anonymous feature at any time from the Bio screen on either the web or mobile app.

Disclosure of your Personal Information

Your personal data is kept secure at all times and is not divulged to third parties’ other than where needed to provide technical support. In such instances where third parties may need access to Personal Data, we ensure such third parties have signed a Processor Agreement agreeing to handling Personal Data with the same stringent privacy and security regulations as we do. Third parties we may need to share Personal Data with include:

  • Database hosting company
  • Technical support service providers
  • Google or other Search Engines
  • Local or Lead Supervisory Authorities
  • Other legal authorities in connection with suspected unlawful activities


Under no circumstances we will ever sell Personal Data or unlawfully or immorally share.

Data Breach Procedures

All data security breaches will be fully disclosed to the Lead Supervisory Authority and to all individuals whose data has been breached within 72 hours of the data breach first being known to TheEngagementWorks.

Your rights in accordance with your Personal Data

You have the following rights in accordance with your Personal Data and all such requests should be made to your employer in the first instance:

  • Your right to be informed
  • Your right to access
  • Your right to rectification
  • Your right to erasure
  • Your right to be forgotten
  • Your right for data portability
  • Your right to object
  • Rights related to automated decision making and profiling


TheEngagementWorks supports your employer with executing these rights, and should manual intervention be required, within 20 working days of the initial request. The exception to this is where there are an excessive number of requests requiring manual intervention.


Cookies are small pieces of data sent from a website and stored in a user’s web browser whilst the user is browsing that website.

How we use Cookies and what Information we collect

We may use cookies to improve your experience on our website as the data from cookies enables us to determine the type of browser and settings you are using, where you have been on our website, when you return to the website, where you came from and to ensure your information is secure. We do not link the information we store in cookies to any Personally Identifiable Information you submit while on our site. If you choose to opt out of cookies you may still use our site, but your ability to use some areas or features may be limited.

We recommend that you allow cookies on our website to ensure you have the best possible experience. Turning off cookies may result in reduced performance of our website, however if you would still like to opt out of cookies, you can do this through your website browser.

International data transfers

TheEngagementWorks will not transfer customer data either within or outside the EU in either a transient or non-transient way. However, should the customer view or transfer data for their organisation outside of the EU, it is the customers responsibility to put adequate controls around this process.

How to Contact Us

You may wish to contact us with queries on this policy or around Personally Identifiable Information we hold about you. In which case please email or call +44 33 3014 3238