General Data Protection Regulation (GDPR) compliance at My People Strategy

Effective from January 1st 2021.

How data is collected, processed, retained, and stored.

The General Data Protection Regulation (GDPR) provides a single set of rules to protect European citizens.

NineteenMinutes Ltd, trading as My People Strategy and People Strategy is committed to complying with GDPR and ensuring the security and privacy of our customers data and information.

For full details on the measures we take to protect our customer data, please review our Privacy Policy and our Terms of Use.

Data collection

We collect data in four areas; employee information, customer information, including details of their staff and employees, other collected information and information given to us by other sources.

  • Employees provide information when they complete a review.
  • Employers provide information about their employees such as their start date, date of birth, department or job role, whether they work part or full time, etc. They also provide their work e-mail address so we can send review invitations, where appropriate, to allow them to complete a review.
  • We may also automatically collect information when a school registers to use the My People Strategy platform, when we administer the system on behalf of a client school, and to ensure the right access is given to users.
  • We also collect aggregate and summary information relating to employee engagement and wellbeing from freely available resources.

How My People Strategy uses data

Information provided by employers and employees is used to analyse and report on reviews carried out by employees in client schools. Information is summarised and aggregated with that of all employees and employers. It may be compared with benchmarks and with past or future data at a summary level.

Information will never be used to identify individuals, except in providing necessary information to schools.

My People Strategy shares product information with clients and users, including new features and benefits. We ask clients to share feedback on how we might improve our products and services and may also use information to effectively manage any questions or complaints.

How My People Strategy Retains Your Data

We will store school data for as long as the school remains a client. In the event that your school stops using My People Strategy we will not maintain data, unless it is anonymous beyond a further period of 12 months.

We will not store any personal data unless it is necessary and will only use it in accordance with our Privacy Policy, or any contractual agreement to provide reviews and analysis for our client schools.

In addition any employee has the right to request to see the data we hold about them and to erase it. As a first step you should ask your employer to make this request on your behalf.

All users also have the right not to undertake any review where they are invited to participate.

Where is My People Strategy Data Stored and How is it Protected

We follow a rigorous development process which places the security of personal information at its core. Our website and application are hosted using a GDPR compliant cloud data provider within the EU. All of our services run over HTTPS using TLS, ensuring data transmitted between the application/website and our servers is secure.

We ensure the network environment in which the application/website is hosted is kept secure by following best practices and ensuring that security updates are applied as needed. We take appropriate measures to mitigate against data loss or destruction, accidents, alteration, disclosure or unauthorised access to personal data.

Data is backed up appropriately, encrypted and stored confidentially. We have a recovery plan in place and maintain the integrity of our IT infrastructure through regular evaluation and testing.


If you have any questions about GDPR and My People Strategy, please contact us at