Skip to content

Welcome to Please review the region selection dropdown just below to get the most relevant content to your region.

Personal information

This video has sub-titled versions in the following languages:
عربي, 中文, Nederlands, English, Français, Deutsch, Italiano, Español 
Accessible via the 'cc' button in the video player menu once the video starts.

None of us wants to have our privacy invaded or our identity stolen. We don’t want it to happen to the people we work with either.

So, it’s in all our interests to keep personal information safe and secure, and only ever use it for the right purpose.

Serco handles all sorts of personal information about us, and our customers, colleagues, business partners, service users and their employees. Much of it is sensitive – like health details or bank account numbers. Some of it you may need to handle on our behalf.

If we let this information get into the wrong hands or do not process it properly, it can cause huge distress, damage and harm to individuals and expose them to financial scams and identity theft. 

To protect us and ensure we properly protect and only use personal information for the purpose for which it was intended we follow a set of Data Protection Principles and expect you to do the same.

Data Protection Principles:

  • Process personal information fairly and lawfully.

  • Obtain personal information only for specified, explicit and legitimate purposes.

  • Ensure personal information is adequate, relevant, and not excessive.

  • Ensure personal information is accurate and, where necessary, kept up to date.

  • Not keep personal information for longer than is necessary.

  • Process personal information in accordance with rights of the individual.

  • Keep personal information secure.

  • Not transfer personal information unless there is adequate protection in place.

What is personal information?

Personal information is any information capable of identifying a living individual, directly or indirectly, in particular by reference a name, identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

The key point is not just to consider the information itself, but the information plus any other information which Serco has access to (which may include information held by a third party). For instance, a full name obviously identifies someone on its own. An identification number does not identify someone in isolation, but if Serco holds a schedule which associates each identification number with a particular individual, then it will still be personal data. Further, if we could reasonably ask a third party for that identifying "link", then the information should also be considered personal data.

Personal data can take any form (including electronic data, paper documents and disks) - it could include:

  • alphabetic text (i.e. a name, an opinion about someone, a full address)

  • a number (i.e. an employee ID, identification number, telephone number, IP address)

  • images (i.e. CCTV recording, photograph, medical diagram/photograph)

  • audio data (i.e. telephone recording, recording of an HR interview)

  • biometric data (i.e. fingerprint or iris scan data).

What we expect from you 

We expect you to:

  • ensure that all personal information is controlled in accordance with applicable laws and regulations.

  • ensure your data and information systems comply with, applicable laws and regulations.

  • manage personal information in accordance with our Data Protection Principles.

What you can expect from us 

We are committed to:

  • Keeping and managing personal data in accordance with our Data Protection Principles.

  • Speaking up if we become aware that personal data is being used outside the Data Protection Principles and report it.

  • Maintaining the correct privacy standards when dealing with personal data and processing it in accordance with agreed procedures. 

  • Never disclosing personal data to anyone who doesn’t have the right to see it or the need to know it. 

  • Taking extra care when transferring or accessing personal data internationally to ensure we are following the rules for transfer in another jurisdiction. 

  • Securely destroying personal data when it is no longer needed, or when required by Serco’s data retention policy.

  • Ensuring personal data is stored in a protected environment. We never leave personal data on a printer, shared server or publicly accessible computer or website.

Discover more...

A collection of scrapbook illustrations representing keeping confidential information secure

Confidential information

We never let it fall into the wrong hands.