Share

Introduction

TCC is the controller of personal data for its employees, and prospective employees, for the purposes of managing the employment or prospective employment relationship. TCC is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

This privacy statement explains what personal data TCC collects from you through our interactions with you, and sets out how we use that data. This statement also explains how TCC protects any personal data that we obtain directly or passively from you, or which we obtain indirectly from other sources. You can be assured that it will only be used in accordance with this privacy statement.

Data Controller:
HR, TCC
18C Joseph’s Well
Hanover Walk
Leeds
LS3 1ABEmail: hr@tcc.groupTelephone: 0113 261 5860

How do we collect your data?

TCC collects your personal data in a variety of ways directly from you, or indirectly for the purposes of recruitment and employment.

What information do we collect?

TCC collects and processes a range of information about you. This may include:

  • Your name, address and contact details, including email address and telephone number, date of birth and gender;
  • The terms and conditions of your employment;
  • Details of your qualifications, skills, experience and employment history, including start and end dates (with previous employers and within TCC) and documents relating to gaps in employment;
  • Information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
  • Information with respect to credit inconsistencies, for example county court judgements;
  • Information with respect to previously committed fraudulent acts;
  • Information with respect to sanction checks where applicable;
  • Information about any criminal record where applicable;
  • Information about your nationality and entitlement to work in the UK;
  • Details of your bank account and national insurance number;
  • Information about your marital status, next of kin, dependants and emergency contacts;
  • Details of your schedule (days of work and working hours) and attendance at work;
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave;
  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • Assessments of your performance, including: appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
  • Information about medical or health conditions, including whether or not you have a disability for which TCC needs to make reasonable adjustments; and
  • Information about why you left TCC, for example exit interview and resignation confirmation letter.

Data is stored in your personnel file within the HR database and in other IT systems, including TCC email.

Why and how does TCC process your personal data?

Our basis for processing your personal data may rely upon our Legitimate Interest, Legal obligation, or Contractual obligation.

TCC needs to process your data to complete the recruitment process with the objective of entering into an employment contract. The data is collected on the basis of legitimate interest so that we can ascertain whether you are the most appropriate individual for the position. This will involve pre-vetting checks in accordance with TCC’s Recruitment Policy. Processing this data allows TCC to provide you with an offer of employment.

TCC has a contractual requirement to process data to enter into an employment contract with you and to meet its obligations under this contract. For example, to pay you in accordance with your employment contract and to administer employee benefits, including your pension.

In addition, TCC needs to process data to ensure it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.

In other cases, TCC has a legitimate interest in processing personal data in respect of employees before, during and after the end of the employment relationship. Processing employee data allows TCC to:

  • Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency) including employee contractual and statutory rights;
  • Operate and keep a record of disciplinary and grievance processes, or a change in your criminal record, to ensure acceptable conduct within the workplace;
  • Operate and keep a record of employee performance and related processes, to plan for career development and for succession planning and workforce management purposes;
  • Run recruitment and client promotion processes;
  • Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
  • Obtain occupational health advice, to ensure it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law and ensure employees are receiving the pay or other benefits to which they are entitled;
  • Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave) to allow effective workforce management, to ensure TCC complies with its duties in relation to leave entitlement and to ensure that employees are receiving the pay or other benefits to which they are entitled;
  • Ensure effective general HR and business administration;
  • Provide references on request for current or former employees; and
  • Respond to and defend against legal claims.

Where TCC relies on legitimate interest as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded they are not.

Your rights

Whenever we process your personal data, we take reasonable steps to ensure your data is kept accurate and up-to date for the purposes for which it was collected. As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request;
  • Require TCC to change incorrect or incomplete data;
  • Require TCC to delete or stop processing your data where the data is no longer necessary for the purposes of processing;
  • Object to the processing of your data where TCC is relying on its legitimate interests as the legal ground for processing; and
  • Ask TCC to stop processing data for a period if the data is inaccurate or there is a dispute about whether or not your interests override TCC’s legitimate grounds for processing data.

Should you wish to obtain a copy (free of charge) of the personal data being processed, TCC is required to respond to your request within one month from receipt of the request. For added security, we may ask you to provide proof of your identity before releasing any data. All requests must be sent to the following address:

TCC
6th Floor
10 Lower Thames Street
London
EC3R 6EN

Email: dataprotection@tcc.group
Telephone: 0203 772 7230

What if you do not provide personal data?

You have some obligations under your employment contract to provide TCC with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide TCC with data in order to exercise your statutory rights (statutory leave entitlements, for example). Failing to provide the data may mean you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK, criminal record check, fraud check and payment details have to be provided to enable TCC to enter into a contract of employment with you. If you do not provide other information, this will hinder TCC’s ability to efficiently administer the rights and obligations arising as a result of the employment relationship.

Who has access to your data?

Where necessary, your information will be shared internally with Finance, your line manager, managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles. The information shared is limited to that required for the purposes of the processing.

TCC shares your data with third parties as part of the recruitment process and to obtain pre-employment references from other employers and providers, and to obtain necessary criminal records checks from the Disclosure and Barring Service. These companies are:

  • Thomas International: profiling;
  • Verifile: Disclosure and Barring Service check (Criminal Record check) and credit check;
  • Cifas: Fraud check. Cifas will use the data to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found in TCC’s Fraud Policy.

TCC may use the following third-party providers to process your data on our behalf:

  • Focal Point: Timesheet information for recording activity and costing;
  • Just Payroll: Payroll processing;
  • Royal London: Pension Provider;
  • Rixons: Death in Service benefits;
  • Axa (through Arthur J Gallagher): Private Medical Insurance;
  • Health Shield: Health Cash Plan;
  • Eden Red: Discount, Holiday Trading, Cycle to Work;
  • Camino HR: HR support and legal advice;
  • Timestastic: Holiday Booking;
  • Open Plan Law: HR legal eadvice;
  • Cifas: If fraud was committed whilst under TCC contract; and
  • Pardot: Internal communication and surveys.

TCC may also share limited data about you on TCC’s website and with prospective clients for the purposes of tendering for new contracts and marketing.

TCC will ensure that any third-party processor has adequate data protection measures in place that align with GDPR requirements by conducting periodic due diligence.

TCC will not use any third-party processor outside of the UK, EU or USA. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.

TCC does not sell your personal data or other information to any third party.

Retention period

TCC will only keep your personal data for as long as necessary for the purposes for which it was collected. This varies depending on the nature of your relationship with TCC:

  • Prospective employees. TCC will hold your personal data for the purposes of the recruitment process, and where this does not result in employment your data will be held for up to 12 months for future employment in line with TCC’s Data Controls Policy. At the 12 month period your data will be deleted.
  • Employees. TCC will hold your personal data for six years after the end of your employment contract in line with the Data Control Policy unless a variation is required for legal reasons for example health and safety.

If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our Data Protection Policy. If during your employment we become aware your data has become inaccurate, we will update it accordingly.

How do we protect your data?

TCC takes the security of your data seriously. TCC has internal policies and controls in place to try to ensure your data is kept securely to protect against accidental or unlawful destruction, loss, alteration, disclosure or access and is not accessed except by its employees in the performance of their duties.

  • Anti-virus controls and firewalls;
  • Back up and Recovery Policy;
  • Cryptographic Policy;
  • Disposal of Media Policy;
  • Risk Management Framework;
  • Data Loss Prevention, Cloud App Security alert and enforcing policies.

Where TCC engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data.

Automated decision making

Employment and recruitment decisions may incorporate, but are not based solely on, automated decision making.

If you wish to complain

TCC will be more than happy to help you should you have any complaints about the processing of your personal data. If you have any queries about this privacy notice, or should you wish to make a complaint, please email dataprotection@tcc.group. In addition, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the national authority responsible for the protection of personal data. A complaint can be made to the ICO via its website: ico.org.uk or through its helpline: 0303 123 1113.

Changes to this Privacy Notice

We reserve the right to change this Privacy Notice. The up-to-date version will be on Sharepoint and TCC’s website. Previous versions will continue to be available here. We recommend that you check this notice regularly, so that you are informed of any changes.

Version 2.0 | February 2019 

Latest Insights

Subscribe

The latest insights and regulatory analysis straight into your inbox

Find out more

How can we help?

Speak to a culture and conduct risk expert today

Contact us

Find out more about our unique RegTech solution at recordsure.com