TCC’s Privacy Policy

 

The Campaign Company (TCC) is committed to protecting the privacy and security of the people we have, or plan to have, a working relationship with. TCC understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end, we comply fully with the data protection law in force in the UK and operate fully within the guidelines of the General Data Protection Regulations effective May 2018.

This privacy policy describes how we collect and use personal information about you during and after your working relationship with us. It applies to current and former employees, freelance consultants and associates, suppliers and clients. This notice does not form part of any contract of employment or other contracts to provide services. We may update this notice at any time. Information about how we collect and use information from members of the public is found in our privacy notice.

For the purpose of the Data Protection Act 1998 (the Act), The Campaign Company, Second Floor, Suffolk House, George Street, Croydon, CR0 1PE is the “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are aware of how and why we are using such information.

 

Data Protection Principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those.
  • Relevant to the purposes we have told you about and limited only to those.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

 

The kind of information we hold about you

When we refer to personal data in this policy we mean information that can or has the potential to identify you as an individual. It does not include data where the identity has been removed (anonymous data).

 Clients

We only collect and store the full names and contact details of our clients. At a minimum this will include the ‘contract manager’ for a given piece work and the names and contact details of any other client colleagues who are involved in the project. These are only used by TCC employees and not shared with anyone outside the organisation unless permission is given by the client.

Suppliers

We collect and store full names, contact details and business account details of people who supply goods and services to TCC. These are stored on Xero (a third party online accounting system). Xero’s privacy policy can be found here.

Employees

We will collect (through the recruitment and application process), store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email.
  • Date of birth (excluding the year of birth).
  • Marital status and dependants.
  • Next of kin and emergency contact.
  • National Insurance number.
  • Bank account details, payroll records and tax status.
  • Salary, annual leave, pension and benefits.
  • Start date.
  • Location of employment or workplace
  • Copy of passport.
  • Recruitment information (including copies of the right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships).
  • Performance information.
  • Disciplinary and grievance information.
  • Information about your use of our information and communications systems.
  • Photographs.

We may also collect, store and use the following “special categories” of more sensitive personal information which require a higher level of protection:

  • Information about your race or ethnicity, sexual orientation
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences

We may also collect additional personal information to allow DRB background checks to be completed.

Personal information in hard copy is kept in a locked cupboard and in electronic form in password protected folders only accessible by those responsible for HR and payroll.

 

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you
  • Where we need to comply with a legal obligation
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those
  • For the fulfilment of goods or services requested.

 

Our obligations as an employer

We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations under the relevant employment laws.

In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below.

  • Determining the terms on which you work for/with us.
  • Checking you are legally entitled to work in the UK.
  • Administering the employment contract we have entered into with you.
  • Business management, planning, and auditing.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Education, training and development requirements.
  • Dealing with legal disputes involving you, or other employees, including accidents at work.
  • Complying with health and safety obligations.
  • Preventing fraud.
  • Monitoring your use of our information and communication systems to ensure compliance with our IT policies.
  • Ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • Conducting data analytics studies to review and better understand employee retention and attrition rates.
  • Equal opportunities monitoring.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

We will use your particularly sensitive personal information in the following ways:

  • we will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws
  • we will use information about your physical or mental health, or disability status, to ensure you are fully supported in the workplace
  • we will use information about your race or national or ethnic origin, and religious philosophical or moral beliefs to ensure meaningful equal opportunity monitoring and reporting

We do not need your consent if we use your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the fields of employment law and contract law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee or contractor of the company we will retain and securely destroy your personal information in accordance with our data protection policy.

 

Your rights in connection with personal information

Under certain circumstances, by law, you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process (note that employment legislation may prevent us from complying with this request under certain circumstances). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you e.g. if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Aline Delawa (Managing Director) in writing.