Have an Account?

Privacy Policy

Introduction

1.1 Important information and who we are

Welcome to United Workers Alliance’s Privacy and Data Protection Policy (“Privacy Policy”).

At United Workers Alliance (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include:

  • Customers

  • Suppliers

  • Business contacts

  • Employees / Staff Members

  • Third parties connected to your customers

  • Any other people that the organisation has a relationship with or may need to contact.

This Privacy Policy applies to all our employees, contractors and staff members and all Personal Data processed at any time by us.

1.2 Who is Your Data Controller and Data Protection Officer

United Workers Alliance is your Data Controller and responsible for your Personal Data.

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights surrounding your Personal Data, please contact the DPO at DPO@unitedworkersalliance.co.uk 

1.3 Processing data on behalf of a controller and processors’ responsibility to you

In discharging our responsibilities as a Data Controller, United Workers Alliance has employees, consultants, and contractors who will deal with your data on our behalf (known as “Processors”). Therefore, the responsibilities described below may be assigned to an individual or may apply to the organisation as a whole.

The Data Controller and our Processors have the following responsibilities:

  • Ensure that all processing of Personal Data is governed by one of the legal bases laid out in the GDPR (see 2.2 below for more information on those bases);

  • Ensure that Processors authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data;

  • Obtain the prior specific or general authorisation of the Controller before engaging another Processor;

  • Assist the Controller in the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights;

  • Make available to the Controller all information necessary to demonstrate compliance with the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller;

  • Maintain a record of all categories of processing activities carried out on behalf of a Controller;

  • Cooperate, on request, with the supervisory authority in the performance of its tasks;

  • Ensure that any person acting under the authority of the Processor who has access to Personal Data does not process Personal Data except on instructions from the Controller;

  • Notify the Controller without undue delay after becoming aware of a Personal Data Breach;

  • Designate a data protection officer where required by the GDPR, publish their details and communicate them to the supervisory authority; and

  • Support the data protection officer in performing their tasks by providing the resources necessary to carry out those tasks and access to Personal Data and processing operations, and to maintain their expert knowledge.

2. Legal Basis for Data Collection

2.1 Types of data / privacy policy scope

“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“anonymous data”).

United Workers Alliance may collect, use, store and transfer different kinds of Personal Data about you. Not all of the following will necessarily be collected, but this represents the full scope of data we may process:

Profile / Identity Data:
– First name, last name, gender, date of birth.

Contact Data:
– Email address, postal address, phone numbers.

Marketing and Communications Data:
– Your preferences regarding marketing and communications.

Billing Data:
– Payment card information such as the name associated with your payment method and your billing address.

Financial Data:
– Bank account details (e.g., account number and sort code).

Transactional Data:
– Records of payments made for our services or products.

Technical Data:
– IP address, browser type/version, time zone setting, location, operating system, and device information.

Customer Support Data:
– Feedback, survey responses, support interactions.

Usage Data:
– Information on how you use our website, products and services.

Employer Data:
– Details of your employer/ex-employer, and personal data relating to individuals connected to your workplace dispute or case.

Client Case Data:
– Any documents, uploads, statements or materials you send to United Workers Alliance for the purpose of your case or support services.

Other Correspondence:
– Any communication you send to us, including email, attachments, chat messages, or documents.

Anonymised Data:
– Aggregated technical or behavioural data that does not identify you personally (e.g., usage analytics).

We may also collect special category Personal Data, which includes:

  • Racial or ethnic origin

  • Religious or philosophical beliefs

  • Sexual orientation

  • Political opinions

  • Trade union membership

  • Health data (including medical conditions, fit notes, and sickness records)

  • Data relating to criminal convictions or allegations

Because these are sensitive categories of data, we require enhanced legal justification to process them (see 2.2).

We also create and use Aggregated Data for research, service improvement, and analytics. Aggregated Data does not identify individuals unless combined with Personal Data, in which case it is treated as Personal Data.

2.2 Legal basis for collecting and processing data

Under the GDPR, we must rely on a valid legal basis to process your Personal Data. United Workers Alliance relies on the following:

1. Consent

You give clear consent for us to process your data for a specific purpose.
Examples:

  • Opting into marketing communications

  • Providing voluntary information

  • Uploading documents to our system

2. Contractual Obligations

We need to process your data to fulfil a contract with you or take steps at your request before entering into a contract.
Examples:

  • Providing consultancy services

  • Assisting with Employment Tribunal preparation

  • Managing your booking, account, or payment

3. Legal Compliance

We are required by law to process certain data.
Examples:

  • Fraud prevention

  • Record retention obligations

  • Responding to lawful requests or court orders

4. Legitimate Interests

Processing is necessary for our legitimate business interests unless your rights override those interests.
Examples:

  • Improving our services

  • Maintaining website security

  • Analytics and performance improvements

  • Responding to enquiries

For Special Category Data (Sensitive Data)

We rely on:

Explicit Consent

You explicitly authorise us to process sensitive data such as health information, race, union membership, etc., where needed for your case or our services.

3. How We Use Your Personal Data

3.1 Our Uses

We will only use your Personal Data when permitted by law. The table below outlines how United Workers Alliance uses your Personal Data and the legal basis for doing so. (Examples are indicative, not exhaustive.)

Activity:

You visiting the United Workers Alliance website for the first time

Data types:
Technical Data, Usage Data

Legal basis:
Legitimate Interest

Why:
We need to understand how visitors use our website, ensure compatibility with your device, improve user experience, and monitor site performance.

Activity:

You contacting United Workers Alliance via email, website forms, or chat support

Data types:
Profile/Identity Data, Contact Data, Customer Support Data, Other Data

Legal basis:
Consent, Legitimate Interest

Why:
You voluntarily provide this information. We need it to respond effectively to enquiries.

Activity:

Booking a consultation, demo, or asking questions about services

Data types:
Profile/Identity Data, Contact Data, Other Data

Legal basis:
Consent, Legitimate Interest

Why:
To understand your needs and provide preliminary information about our services.

Activity:

Engaging our consultancy services and sharing documents for your case

Data types:
Profile/Identity Data, Contact Data, Usage Data, Case Documents, Employer Data, Special Category Data

Legal basis:
Consent, Contractual Obligations, Legitimate Interest

Why:
We require this information to provide Employment Tribunal support, coaching, document drafting, strategy planning, and other agreed services.

Activity:

Sharing personal information of third parties relating to your case

Data types:
Identity Data, Contact Data, Case Documents

Legal basis:
Legitimate Interest

Why:
Clients often need to share data of respondents, witnesses, or colleagues. We process this solely to assist with your case.

Activity:

Running and supporting our systems (hosting, analytics, security)

Data types:
Identity Data, Technical Data, Usage Data

Legal basis:
Contractual Obligations, Legitimate Interest

Why:
To maintain system security, detect fraud, and improve performance.

Activity:

Analytics and service improvements

Data types:
Technical Data, Usage Data

Legal basis:
Legitimate Interest

Why:
To understand client behaviour, improve services, and develop new features.

Activity:

Cookies and tracking technologies

Data types:
Technical Data, Usage Data, Marketing Data

Legal basis:
Consent

Why:
To analyse website performance, track functionality, and improve user experience.

Activity:

Essential communications and notifications

Data types:
Identity Data, Contact Data, Usage Data

Legal basis:
Consent, Legitimate Interest

Why:
Examples include appointment reminders, password resets, case-related communication, service updates.

Activity:

Marketing communications (only if you opt-in)

Data types:
Identity Data, Contact Data, Marketing Data

Legal basis:
Consent

3.3 Change of Purpose

We will only use your Personal Data for the purpose for which it was collected unless:

  • the new purpose is compatible with the original one; or

  • we obtain your explicit consent; or

  • we are legally required to process it for another purpose.

We may also process your data without your knowledge in circumstances permitted by law.

4. Your Rights and How We Protect Your Data

4.1 What control do I have over United Workers Alliance’s use of my personal data?

You have the right to:

  • Access your Personal Data

  • Request correction of inaccurate data

  • Request erasure of your data

  • Object to processing

  • Request restriction of processing

  • Request transfer of your data to you or another provider

  • Withdraw consent at any time

Your account (if applicable) will be password-protected. You must keep login details confidential and secure.

To delete your account or exercise your rights, you must contact us using the details in the DPO section.

4.2 How does United Workers Alliance protect my data?

We take your data security seriously and use:

  • Secure databases

  • Encrypted data transmission where possible

  • Limited access controls for staff and contractors

  • Internal confidentiality obligations

  • Routine deletion and minimisation procedures

  • External tools and platforms vetted for security

However, no method of internet transmission is 100% secure. While we take all reasonable steps, we cannot guarantee absolute security of data transmitted electronically.

If you believe your interaction with us is no longer secure, please contact us immediately.

4.3 Opting out of marketing

You can opt out of marketing at any time by contacting us.

Opting out of marketing does not affect:

  • Service-related communications

  • Case updates

  • Payments or contractual obligations

4.4 How to request your data

We do not charge a fee to access your Personal Data unless the request is excessive or unfounded.

We may require:

  • ID verification

  • Further information to clarify your request

This ensures we do not disclose Personal Data to someone who has no legal right to receive it.

5. Your Data and Third Parties

5.1 Will we share your data with third parties?

We may share:

Non-personal data:

—for analytics, research, and service improvement.

Personal Data: only when necessary and lawful:

  • Subcontractors who provide IT, hosting, administrative, or case-related services

  • Contractors who assist with coaching or document preparation

  • Payment processors

  • Regulatory or legal authorities where required

  • Third parties involved in a change of business ownership

Any third party receiving your data will be bound by confidentiality and data protection obligations.

If United Workers Alliance is ever sold or undergoes restructuring, we may transfer your Personal Data to the acquiring organisation. Their Privacy Policy would then apply.

We may share data to comply with:

  • Legal obligations

  • Tribunal or court orders

  • Fraud prevention

  • Protection of our legal rights

5.2 Third-party links

Our website may contain links to external websites or tools. When you leave our site:

  • We do not control third-party privacy practices.

  • We encourage you to read their privacy policies.

  • We are not responsible for their content or data handling.

6. Data Retention, Age Limits, International Transfers, Changes, and Interpretation

How long will we retain your data?

We will retain your Personal Data only for as long as necessary, including:

  • For the duration of your case

  • For the duration of your engagement with us

  • To satisfy legal, accounting, or reporting requirements

  • Longer where litigation or disputes are reasonably anticipated

Age limit for our users

You must be 16 or older to use United Workers Alliance services or website.

We do not knowingly collect data from children.
If you are under 16, you must stop using our website and services immediately.

International transfers of data

Your information may be stored or processed:

  • In the UK

  • In the EU

  • In other jurisdictions where our secure service providers operate

By using United Workers Alliance, you consent to the transfer and storage of your data outside of your home country where necessary and lawful.

All transfers comply with GDPR safeguards.

Notification of changes and acceptance of this policy

We keep our Privacy Policy under regular review. Updates will be posted on this webpage.

By continuing to use United Workers Alliance services after any changes:

  • You accept the revised Privacy Policy

  • You consent to the updated data practices

Interpretation

  • “Including” means “including but not limited to.”

  • Email addresses provided in this policy must be used only for their stated purpose.

  • We may not respond to unrelated correspondence or unreasonable requests.

  • Staff of United Workers Alliance are not authorised to make binding legal commitments on behalf of the organisation unless expressly stated in writing.

  • If any communication contradicts this policy, Terms of Use, or an official statement, the official documentation prevails.