The companies within TMG, which includes the companies listed below (collectively referred to as “us”, “we”, “our” or “the Group”) are committed to protecting the privacy and security of your personal information.
If you have any questions about how we may use your personal information you can contact us using the details below or speak to your manager.
HR Manager TMG Think Park Mosley Road Trafford Park Manchester M17 1FQ
Email: [email protected]
Date last updated: 27/11/2019
We will collect, store, and use the following categories of personal information about you:
We may also collect, store and use the following “special categories” of more sensitive personal information:
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out obligations and provided we do so in line with our data protection policy.
We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.
We are allowed to use your personal information in this way to carry out our legal obligations for employee vetting requirements. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.
We can only use your personal information where it falls into one or more of the following categories:
The table below sets out how we will use your personal information and under what lawful basis.
This processing is required to enable you and us to enter into an employment or service contract and to fulfil the contractual obligations.
We also have a legal and regulatory obligation to carry out certain vetting checks prior to an employment position being offered and during the course of your employment.
To allow us to comply with a legal or regulatory obligation.
We have a legal obligation to meet our statutory automatic enrolment duties and for any other pension administration requirements.
Training will be provided to meet certain legal and regulatory obligations.
Training, development and analysis is also required to pursue our legitimate interest in developing our staff and business.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our employees).
We will use special categories of personal information in the following ways:
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest or legal obligation to do so. This may include the following types of organisations:
These organisations help us to provide our services to you and to assist us an employer. We will have a contract in place with any provider who directly provides us with such services to ensure that they comply with their data protection obligations and ensure that they have appropriate security measures in place.
We may also share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making returns to HMRC, disclosures to our regulators such as the Financial Conduct authority or the Information Commissioner’s Office, assisting the police with any criminal investigations or other police matters, and disclosures to shareholders such as directors’ remuneration reporting requirements.
An automated decision is one which we rely on a computer or system to assess the information you provide to us to make a decision about you. This may include:
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.
When you apply for a roles with the Group, and during the course of your employment we carry out identity checks, and for some roles within the Group we also carry out credit checks. We will share your personal information with Credit Reference Agencies (CRAs) and they will give us information about you. The data we may exchange can include:
This information will be used to verify your identity and assess your suitability for the role.
For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – TransUnion UK (formally Callcredit); Equifax; and Experian.
We will only share your personal information outside the UK or the European Economic Area (EEA), where we have your consent; to comply with a legal obligation; or where we work with a business partner who provides services to us, and they process information outside of the UK or the EEA.
If we do share your information outside of the UK or the EEA, we will make sure that it is protected in the same way as if it was being used within the UK or in the EEA to ensure appropriate safeguards are in place. This may include putting in place a contract with the business partner that means they must protect the personal data to the same standards as it would within the UK or the EEA (this may include defined model clauses), or only share the data to a business partner outside the UK or in a non-EEA country where the privacy laws provide the same protection as within the UK or the EEA or where they are part of a Privacy Shield.
More information on this can be found on the European Commission Justice Website or the Information Commissioner’s website.
We take the protection of personal information very seriously, and we will maintain appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided. Such measures include:
You have the right to request from us a copy of the personal information that we may hold about you. This is often called a “Data Subject Access Request”. You can request this information by contacting us as set out below.
Before providing this information to you or to another person or company where you have requested this personal information to be sent to, we may ask for proof of identity or ask sufficient questions to enable us to locate the information and ensure that we’re only providing it where you have given your agreement.
If the personal information we hold about you is incorrect, you have the right to request that we correct this.
You may request that we stop processing the information if we’re no longer entitled to process it. There may be occasions where we are unable to delete the information due to our legal or regulatory obligations. We will, however, discuss this with you if you request for your information to be deleted.
You have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
In some circumstances you may request for us to delete or remove personal information where there is no good reason for us to continue to process it, for example, we have no legal or regulatory requirement to keep the information.
In some cases, you may be able to request for your information to be provided to yourself or another party in a format that can be processed electronically by yourself or the other party. If you want to request this, you’ll need to contact us.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
If you apply for a role within the Group but were either unsuccessful or decided not to take the position, in most cases your personal information will be retained for at least six months from when the application was made, unless you agree for us to keep this information for longer.
If you become an employee, worker or contractor of the Group your personal information will be retained for at least six years, starting from the date your employment ceases. You can find more information on the retention and deletion of personal data in our Data Retention Standards which is available on the Group Intranet.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
We will record any telephone calls made to or from the Group, which may include calls you make in the course of your employment. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.
We may keep a copy of the telephone calls for at least six years from the date the telephone call was made.
If you have any questions or queries about how we use your personal information you can contact us or our Data Protection Officer using the address or email below:
Data Protection Officer Think Park Mosley Road Trafford Park Manchester M17 1FQ
Email: [email protected]
If you are not happy with how we process your personal information you should contact us. If you’re not happy with how we have dealt with your complaint, you have the right to make a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/.