TPC COLLECTIVE PRIVACY NOTICE
TPC Collective Ltd. and The Production Club Ltd (referred to together below as the 'Company', with 'we', 'our' or 'us' being interpreted accordingly) are committed to working in accordance with applicable law. This includes, without limitation, the EU General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018 together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').
What Personal Data do we collect and use?
The Company collects and processes the following Personal Data:
· - Name, address, phone number
· - Personal email
· - Job role, employer and work experience
· - Details of our previous contact with you, including
· - Banking details for the purposes of payment
· - Passport and immigration information for the purposes of Visa Sponsorship (when applicable)
· - National Insurance / Social Security / Tax ID number (if applicable)
· - Other Tax information
· - Emergency contact information (if applicable)
as well as any other Personal Data that you may provide to us from time to time. If you do not provide personal information we ask for, it may delay or prevent us from providing information and/ or services to you.
How your Personal Data is collected
We collect most this Personal Data directly from you – in person, by phone, text or email. However, we may also collect information from publicly accessible sources e.g. from your personal or employer's website, or LinkedIn, or may receive your information from your employer or from a business contact.
Information about third parties
Please ensure that any Personal Data you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their Personal Data.
What we use your Personal Data for
Other than as stated above, we may use your Personal Data for one or more of the following purposes:
(a) to provide you with information and services, and respond to queries about our work and services;
(b) to keep records of our activities;
(c) to monitor compliance with our internal policies and standards, assess service performance and plan improvements;
(d) to provide you with direct marketing communications about what we are doing as well as products, services and/or campaigns which may be of interest to you by post or phone. If required under applicable law, where we contact you by SMS, email, social media and/or any other electronic communication channels for direct marketing purposes, this will be subject to you providing your express consent. You can object or withdraw your consent to receive direct marketing from us at any time, by contacting us using the email address below;
(e) to enforce and/or defend any of our legal claims or rights; and/or
(f) for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.
The lawful grounds on which we collect and process your Personal Data
We process your Personal Data for the above purposes relying on one or more of the following lawful grounds:
(g) where you have freely provided your specific, informed and unambiguous consent for particular purposes;
(h) where we agree to provide products and/or services to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
(i) where we need to use your Personal Data for legitimate purposes relevant to us being able to keep records of our work and activities, operate our business day to day, ensure compliance with internal standards and legal obligations, and promote our business. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy;
(j) where we need to protect your vital interests or those of someone else (such as in a medical emergency) and/or
(k) where we need to collect, process or hold your Personal Data to comply with a legal obligation.
If we process 'special category' or 'sensitive' data (such as data concerning your health, religious beliefs, or ethnic origin) we will only do this with your explicit consent; or, where needed to comply with applicable social security or social protection laws; or, to protect your vital interests (or those of someone else) in an emergency; or, where you have already publicised such information; or, where we need to use such sensitive data in connection with a legal claim that we have or may be subject to.
Who we share your Personal Data with
We routinely share Personal Data with:
(a) companies within our group;
(b) third parties we use to help deliver our services to you, e.g. payment service providers, project managers, logistics providers;
(c) other third parties we use to help us run our business, e.g. website hosts;
(d) third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers; and
(e) our insurers.
We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers relating to ensure they can only use your Personal Data to provide services to us and to you. We may also share personal information with external auditors.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the Personal Data will be bound by confidentiality obligations.
To deliver our services, it is sometimes necessary for us to share your Personal Data outside the European Economic Area (EEA), e.g. with your and our service providers located outside the EEA, if you are based outside the EEA or where there is an international dimension to the services we are providing.
Where this means that we may need to transfer your Personal Data to a territory whose laws are currently not considered to meet the same legal standards of protection for Personal Data as set out under Data Protection Law, in order to safeguard your Personal Data, we only conduct such a transfer under a contract or another appropriate mechanism which is authorised under Data Protection Law. This is to make sure that your Personal Data is safeguarded in accordance with the same legal standards that apply to us in the United Kingdom.
Security of Data
The Company is committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through employing appropriate technical and organisational security measures, including the continual monitoring of our security systems and by regular training and awareness raising.
The Company is committed to ensuring that Personal Data is kept for no longer than necessary and only kept as long as it’s relevant and necessary for legitimate purposes.
The Company does not intentionally keep Personal Data longer than necessary and when data is no longer required, the Company is committed to securely deleting it as soon as possible.
For more information and our retention guidelines, please refer to our Data Retention Policy (which we may make available on request).
Your Personal Data rights
Individuals have the right to access to Personal Data stored about them. You may can ask for access to your own personal details held electronically or held manually by sending an email to firstname.lastname@example.org. The Company has up to 1 month to provide the information following the subject access request, which it will usually do in electronic format.
In complex cases, or where there are numerous related requests, the Company will liaise with the individual to inform them of progress, and if it is not possible to complete the request within 1 month, the Company will inform the individual of the delay, the reasons for the delay and reserves the right to extend the timescale for completion by up to a further 2 months.
In the event that data is retained with third parties, the Company will ensure that the request is communicated and actioned by the third party in line with the timescales outlined above, unless impossible or would require disproportionate effort.
The Company reserves the right to refuse to a respond to a request if it is manifestly unfounded or excessive. Similarly, the Company reserves the right to withhold Personal Data if disclosing it would adversely affect the rights and freedoms of others, or where otherwise permitted or required by law.
Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
(a) that we correct Personal Data that we hold about you which is inaccurate or incomplete;
(b) that we erase your Personal Data without undue delay if we no longer need to hold or process it;
(c) to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
(d) to object to our use of your Personal Data for direct marketing;
(e) to object and/or to restrict the use of your Personal Data for purpose other than those set out above unless we have a legitimate reason for continuing to use it; or
(f) that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carries out by automated means.
All of these requests may also be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please send an email to email@example.com.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see https://ico.org.uk/.
We are committed to monitoring this policy and will update it as appropriate, on an annual basis or more frequently if necessary.
Any queries or concerns can be addressed to firstname.lastname@example.org
Last updated: 28 June 2018