Recordsure white logo with blue favicon ConversationReviewAI
Recordsure white logo with blue favicon ConversationReviewAI
Contact
Book a meeting

Privacy policy: Recordsure employees

Introduction

TCC and Recordsure are the controller of personal data for their employees and prospective employees for the purposes of managing the employment or prospective employment relationship. The company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Data Controller

TCC & Recordsure
10 Lower Thames Street
London
EC3R 6EN

Email: dataprotection@tcc.group Telephone: 020 3772 7230

How do we collect your data?

TCC & Recordsure collects your personal data in a variety of ways, directly from you or indirectly for the purposes of recruitment and employment.

What information do we collect?

TCC & Recordsure collects and processes a range of information about you. This may include:

  • Your name, address and contact details, including email address and telephone number, date of birth and gender.
  • The terms and conditions of your employment.
  • Details of your qualifications, skills, experience and employment history, including start and end dates (with previous employers and within the company) and documents relating to gaps in employment.
  • Information about your remuneration, including entitlement to benefits such as pensions or insurance cover.
  • Information with respect to credit inconsistencies, for example, county court judgements.
  • Information with respect to previously committed fraudulent acts.
  • Information with respect to sanction checks where applicable.
  • Information about any criminal record where applicable.
  • Information about your nationality and entitlement to work in the UK.
  • Details of your bank account and national insurance number.
  • Information about your marital status, next of kin, dependants and emergency contacts.
  • Details of your schedule (days of work and working hours) and attendance at work.
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and the reasons for the leave.
  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
  • Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence.
  • Information about medical or health conditions, including whether or not you have a disability for which the company needs to make reasonable adjustments.
  • Information about why you left the company, for example, exit interview and resignation confirmation letter.
  • Photographs, filming, and any other type of image for marketing purposes, for example, hard copy brochures or for the website.
  • Data is stored in your personnel file within the HR system and in other IT systems, including your company email.

Why and how does TCC & Recordsure process your personal data?

Our basis for processing your personal data may rely upon our legitimate interest, legal obligation, contractual obligation or consent.

The company needs to process your data to complete the recruitment process with the objective of entering into an employment contract. The data is collected on the basis of legitimate interest so that we can ascertain whether you are the most appropriate individual for the position. This will involve pre-vetting checks in accordance with the company’s Recruitment Policy. Processing this data allows the company to provide you with an offer of employment.

The company has a contractual requirement to process data to enter into an employment contract with you and to meet its obligations under this contract. For example, to pay you in accordance with your employment contract and to administer employee benefits, including your pension.

In addition, the company needs to process data to ensure it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled.

In other cases, the company has a legitimate interest in processing personal data in respect of employees before, during and after the end of the employment relationship. Processing employee data allows the company to:

  • Maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), including employee contractual and statutory rights.
  • Operate and keep a record of disciplinary and grievance processes, or a change in your criminal record, to ensure acceptable conduct within the workplace.
  • Operate and keep a record of employee performance and related processes, to plan for career development and for succession planning and workforce management purposes.
  • Run recruitment and client promotion processes.
  • Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled.
  • Obtain occupational health advice, to ensure it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law and ensure employees are receiving the pay or other benefits to which they are entitled.
  • Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave) to allow effective workforce management, to ensure the company complies with its duties in relation to leave entitlement and to ensure that employees are receiving the pay or other benefits to which they are entitled.
  • Ensure effective general HR and business administration.
  • Provide references on request for current or former employees.
  • Respond to and defend against legal claims.

Where the company relies on legitimate interest as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded they are not.

We will always gain your freely given, specific, unambiguous, explicit and informed consent for any sharing of photographs or images on marketing materials (hard copies, soft copies or on the website) or for sharing your personal data with any third-party clients for the purposes of marketing or proposals.

Your rights

Whenever we process your personal data, we take reasonable steps to ensure your data is kept accurate and up-to date for the purposes for which it was collected. As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request.
  • Require the company to change incorrect or incomplete data.
  • Require the company to delete or stop processing your data where the data is no longer necessary for the purposes of processing.
  • Object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing.
  • Withdraw consent on which the processing is based, and where there is no other legal ground for processing.
  • Ask the company to stop processing data for a period if the data is inaccurate or there is a dispute about whether or not your interests override the company’s legitimate grounds for processing data.

Should you wish to obtain a copy (free of charge) of the personal data being processed, the company is required to respond to your request within one month from receipt of the request. For added security, we may ask you to provide proof of your identity before releasing any data. All requests can be sent via email dataprotection@tcc.group or to the following address:

TCC & Recordsure, 6th Floor, 10 Lower Thames Street London, EC3R 6EN

Telephone: 020 3772 7230

What if you do not wish to provide personal data?

You have some obligations under your employment contract to provide the company with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the company with data in order to exercise your statutory rights (statutory leave entitlements, for example). Failing to provide the data may mean you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the UK, criminal record check, fraud check and payment details have to be provided to enable the company to enter into a contract of employment with you. If you do not provide other information, this will hinder the company’s ability to efficiently administer the rights and obligations arising as a result of the employment relationship.

Who has access to your data?

Where necessary, your information will be shared internally with Finance, your line manager, managers in the business area in which you work and IT staff, if access to the data is necessary for performance of their roles. The information shared is limited to that required for the purposes of the processing.

The company shares your data with third parties as part of the recruitment process and to obtain pre- employment references from other employers and providers, and to obtain necessary criminal records checks from the Disclosure and Barring Service. These are:
― Recruitment agencies.
― Disclosure and Barring Service check (Criminal Record check) and credit check.
― Fraud check. Cifas will use the data to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found in the company’s Fraud Policy.

TCC & Recordsure may use the following third-party providers to process your data on our behalf:

  • HR Information System and payroll processing
  • Benefit providers: Pension Provider, Death in Service benefits, Private Medical Insurance, Income Protection Scheme and Health Cash Plan.
  • Vetting check providers with respect to onboarding processing including fraud, right to work and credit check 
  • CRM system providers, such as Salesforce
  • Backup systems provider 
  • Purchasing, invoicing, timesheets and payroll processing providers
  • Accounting and banking providers
  • Email and file storage provider
  • Expenses: Hotel and travel bookings and expense management 
  • Lawyers: Employment legal advice 
  • Company clients: for fulfilling the contractual requirement including billing, workflow systems, systems, access and laptop builds where required. 
  • Third party auditors: Company accountants or auditing for ISO certificates. 
  • Third Party meeting room providers
  • Occupational health consultant(s), GPs and other medical experts: if your health needs to be managed in the context of a return to work or where we need to consider reasonable adjustments to your role.  
  • The UK’s Fit for Work programme, in the event that you become unwell and your health needs to be managed in the context of a return to work. 

TCC & Recordsure may also share limited data about you on the company’s website and with prospective clients for the purposes of tendering for new contracts and marketing.

The company will ensure that any third-party processor has adequate data protection measures in place that align with GDPR requirements by conducting periodic due diligence.

The company will not use any third-party processor outside of the UK, EU or USA. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data, and the data is stored in servers in the UK, EU and USA.

The company does not sell your personal data or other information to any third party.

Retention period

TCC & Recordsure will only keep your personal data for as long as necessary for the purposes for which it was collected. This varies depending on the nature of your relationship with the company:

  • Prospective employees. The company will hold your personal data for the purposes of the recruitment process, and where this does not result in employment your data will be held for up to 12 months for future employment in line with the company’s Data Controls Policy. At the 12-month period your data will be deleted.
  • The company will hold your personal data for six years after the end of your employment contract in line with the Data Control Policy unless a variation is required for legal reasons for example health and safety.

If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our Data Protection Policy. If during your employment we become aware your data has become inaccurate, we will update it accordingly.

How do we protect your data?

The company takes the security of your data seriously. The company has internal policies and controls in place to try to ensure your data is kept securely to protect against accidental or unlawful destruction, loss, alteration, disclosure or access and is not accessed except by its employees in the performance of their duties.

  • Anti-virus controls and firewalls.
  • Backup and Recovery Policy.
  • Cryptographic Policy.
  • Disposal of Media Policy.
  • Risk Management Framework.
  • Data Loss Prevention, Cloud App Security Alert and enforcing policies.

Where the company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data.

Automated decision making

Employment and recruitment decisions may incorporate, but are not based solely on, automated decision making.

If you wish to complain

The company will be more than happy to help you should you have any complaints about the processing of your personal data. If you have any queries about this privacy notice, or should you wish to make a complaint, please email dataprotection@tcc.group. In addition, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the national authority responsible for the protection of personal data. A complaint can be made to the ICO via its website: ico.org.uk or through its helpline: 0303 123 1113.

Do you use the company website and/or receive email communications from the company?

If so, you should read our standard Privacy Statement, which sets out how we will process your data in order to effectively communicate with you and enable you to use our website.

Changes to this privacy notice

We reserve the right to change this Privacy Notice. The up-to-date version will be on SharePoint and the company website. We recommend that you check this notice regularly so that you are informed of any changes.

Version V13.0 | November 2025

Recordsure associates

Privacy Policy

Recordsure

Privacy Policy