TDA Group (“We”) are committed to protecting and respecting your privacy. We promise to keep your data safe and private, not to sell your data, to give you ways to manage and review your data.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
For the purpose of the Data Protection Act 2018 and General Data Protection Regulation (GDPR Regulation EU 2016/679) (“the Act”) we are registered as a Data Controller with the Information Commissioner’s Office (TDA Registration Reference No ZA175198 – subsidiary companies owned by TDA are also registered and have their own Registration Reference Numbers) and a description of how we use personal information is included in our entry on the data protection register which is maintained by the Information Commissioner’s Office.
Information we may collect from you
Under the Act we have a legal duty to protect any information we collect from you. We have procedures and security features in place that aim to keep your data secure once we receive it. We may collect and process the following data about you:
- Information you give us. You may give us information by paper, corresponding with us via email, social media, phone, by contacting our staff, one of our partners or via CCTV or otherwise. This includes information you provide when you visit our websites, use our services, and correspond with us. The information you give us may include your name, address, email contact details, phone number(s), and other information required by us to deliver our services.
- Information we collect about you. With regard to each of your visits to our websites we may automatically collect the following information:
o Information about your visit to our websites – products you viewed or searched for, page response times, download errors, and length of visit
Legal Basis we rely on
The Act sets out a number of different reasons for which a company may collect and process your personal data including:
Based on your Consent:
(a) In specific situations, we can collect and process your data with your consent e.g when you tick a box to receive email newsletters and agree to receive marketing communications.
(b) When you request us to disclose your personal data to other people or organisations, such as a company handling another service you use, or otherwise agree to disclosure.
You are free at any time to change your mind and withdraw your consent. The consequence of this may be that we cannot perform certain contractual functions
Performance of a Contract with you to deliver our services:
(a) To decide whether to enter into it
(b) To manage and perform that contract; and
(c) To update our records
(a) When you exercise your rights under data protection law and make request;
(b) For compliance with legal and regulatory requirements and related disclosures;
(c) For establishment and defence of legal rights
(d) For activities relating to the prevention, detection and investigation of crime
(e) If the law requires us to, we may need to collect and process your data – e.g HMRC
In specific situations, we require your data to pursue our legitimate interest in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests’ e.g to carry out our marketing activities and seeking your consent when we need to contact you
Why do we collect information about you?
We need to collect and hold information about you, for a variety of reasons including:
▪ the delivery of TDA Group services
▪ confirming your identify to provide some services
▪ contacting you by post, email or telephone
▪ understanding your needs to provide the services that you request
▪ understanding what we can do for you and inform you of other relevant services and benefits
▪ obtaining your opinion about our services
▪ updating your customer record
▪ helping us to build up a picture of how we are performing at delivering services to you and what services are needed
▪ Providing information on TDA Group services by way of a newsletter
▪ processing financial transactions
▪ preventing and detecting fraud and corruption in the use of funds
▪ making sure we meet our statutory obligations including those related to diversity and equalities
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information.
How we use your information
We will use the information you provide in a manner that conforms to the Act. We will endeavour to keep your information accurate, up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept.
We will process your information for the following purposes:
▪ to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us
▪ to monitor and improve TDA Group performance in responding to your request
▪ to allow us to be able to communicate with you and provide services and benefits appropriate to your needs
▪ to ensure that we meet our legal obligations
▪ where necessary for the law enforcement functions
▪ to prevent and detect fraud or crime
▪ to process financial transactions including payments, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions
▪ to collect tax and monies owed to us
▪ where necessary to protect individuals from harm or injury
▪ to allow the statistical analysis of data so we can plan the provision of services
▪ for other legitimate business purposes
How we protect your information
Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it.
We will not disclose your personal information that you provide to us, to anyone else without your permission, except in the few situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put someone else at risk. You will be told about this.
We will not keep your information longer than it is needed taking into account the following:
• Whether we have any legal obligations to continue to process your information (imposed by relevant law or regulations)
• The purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information so we can continue to perform our obligations under a contract with you or a contract in the future)
• Where we have a legal basis to continue to process information (such as your consent)
• How difficult it is to ensure that the information can be kept up to date and accurate – and –
• Any relevant surrounding circumstances (such as the nature and status of our relationship with you)
We will always dispose of paper records or delete any electronic personal information in a secure way.
Ways in which we collect and use information
Generally, we will use your information within TDA Group and will only share it outside TDA Group where we need to perform our service, you have requested it or given your consent.
Subject to applicable data protection law, we may share your personal data with:
• Sub-contractors, sub-processors and other persons who help provide our services
• Trusted third parties – for example IT companies who support our websites, HM Revenue & Customs, to administer our mailing list for e-newsletters (provided by Mail Chimp)
• Government bodies and agencies in the UK where the law requires
• Courts, to comply with legal requirements, and for the administration of justice
• If you have purchased from us and used a credit or debit card with us, we will share transaction details with companies which help us to provide this service (such as Visa and Mastercard)
• To protect the security or integrity of our business operations
• Others if we were to restructure, or have a merger, or re-organise our business
• Anyone else where we have your consent, or as required by law
If we use products or services which process personal information, we will only use compliant companies to help deliver our services, we will only provide information they need to perform their specific service and we will work closely with them to ensure your privacy is respected at all times. These providers are obliged to keep your details securely, and use them only to fulfill your request. Wherever possible we select service providers who hold data within the UK. If we do transfer any information outside the European Economic Area (EEA) we will ensure the following safeguards:
• Transfer to a non-EEA country with privacy laws that give the same protection as the EEA
• Put in place a contract with the recipient that means they must protect the data to the same standards as in the EEA
• Transfer to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used in the EU. You can find out more about data protection on the European Commission Justice website.
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under the Act. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to.
We may disclose information when necessary to prevent risk of harm to an individual. At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your permission.
We do not currently record or monitor calls, but should that change we will inform you if we record or monitor any telephone calls you make to us and obtain your consent to do so. This will only be used, to increase your security, for our record keeping of the transaction and for our staff training purposes.
Please remember that transmission of information over the internet is not secure and if you submit any information to us over the internet (such as emails, or via our website(s) or by any other means you do so at your own risk.
If you email us we may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you. We would also suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online services or post.
CCTV systems are installed in some of our areas and these areas are used by members of the public. We monitor these, for the purposes of public/ staff safety and crime prevention and detection.
In our locations, signs are displayed notifying you that CCTV is in operation and should you have any issues please contact TDA Group Data Protection Manager.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. Should you wish to do this please contact TDA Group’s Data Protection Manager.
We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Home Office.
When will we contact you?
We may contact you:
· In relation to any service or activity in order to ensure TDA Group can deliver our services
· In relation to any correspondence we receive from you
· To invite you to participate in surveys about our service so we can make improvements if necessary
· For marketing purposes – we will only send you marketing emails or contact you for marketing purposes if you have agreed for us to do so
· We offer regular emails and newsletters to let you know about our services and you can opt in to receive these
Your rights are as follows (noting that these rights don’t apply in all circumstances):
The right to be informed & the right to request access
You have the right to see what information we hold about you and/or how we process this information, subject to certain conditions.
If you want to exercise these rights, you should make an application to us in writing. We may ask you to provide us with sufficient information so that we can be sure of your identity. We also reserve the right to make a charge of a reasonable fee for providing you with the information you are requesting if a request is excessive or repetitive.
If you would like to proceed with a request to see what data we hold about you and/or how it is processed, please write to TDA Group Data Protection Manager.
The right of rectification
You have a right to request the rectification of information we hold about you if it is inaccurate, subject to certain conditions.
If you want to exercise this right, you should make an application to us in writing. We may ask you to provide us with sufficient information so that we can be sure of your identity. This request will be actioned within one month, or up to two months if the request is complex in nature.
If action is not taken in response to a request for rectification, we will explain why this is the case. If you are unsatisfied with our response, you then have the right to complain to the supervisory authority and to a judicial remedy.
The right to object
You have a right to object to the processing of some or all information we hold about you, subject to certain conditions, listed below.
Individuals have the right to object to:
• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority – including profiling
• Direct marketing – including profiling
• Processing for purposes of scientific/historical research and statistics
TDA Group will stop processing personal information with immediate effect if the right to object is invoked unless:
• TDA Group can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual.
• The processing is for the establishment, exercise or defence of legal claims.
The right to restrict processing
You have a right to request the restriction of processing of some or all information we hold about you, subject to certain conditions, listed below:
• When an individual contests the accuracy of the personal data, the processing will be restricted until the accuracy of the personal data has been verified.
• Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and TDA Group is considering if legitimate grounds exist to override the request of the individual.
• When processing is unlawful and the individual opposes erasure and requests restriction instead.
• If we no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim
If TDA Group have disclosed the personal data in question to third parties, we will inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so
The right of erasure
You have a right to request the erasure of some or all information we hold about you, subject to certain conditions, listed below:
• Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
• When the individual withdraws consent
• When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing
• The personal data was unlawfully processed (ie otherwise in breach of the Act).
• The personal data must be erased to comply with a legal obligation
If you would like to proceed with a request for the erasure of some or all of your data, please write to us at the address within the ‘TDA Group contact’ section of this policy. In some circumstances, we may refuse to comply with the erasure request.
The right to move, copy or transfer your personal data
You have a right to request the movement, copying or transfer of information we hold about you, subject to certain conditions.
TDA Group will move, copy or transfer the data in a format reasonably requested. If the data requires hardware to be moved, copied or transferred, this must be provided.
If you want to exercise this right, you should make an application to us in writing. We may ask you to provide us with sufficient information so that we can be sure of your identity. This request will be actioned within one month, or up to two months if the request is complex in nature
Automated decision making and processing
Automated decision making involves processing your personal data without human intervention. TDA Group do not undertake any automated decision making with our personal data.
Breach Management Identification and Classification
We have put in place procedures that will allow any staff member to report any information surrounding a data security breach to TDA Group Data Protection Manager. We ensure:
• That all staff are aware to whom they should report such a breach
• Having such a procedure in place will allow for early recognition of the breach so that it can be dealt with in the most appropriate manner
• Details of the breach will be recorded accurately according to procedure, including the date and time the breach occurred, the date and time it was detected, who/ what reported the breach, description of the breach, details of any ICT systems involved, any corroborating material such as log files, etc
• In this respect, staff are made fully aware as to what constitutes a breach. In respect of this policy a breach maybe defined as the unintentional release of customer confidential or personal information/data to unauthorised persons, either through the accidental disclosure, loss or theft of the information/data.
Please contact us if you have a complaint about how your information has been used by TDA Group. We will need to record your personal contact details to be able to respond to, and track the progress of, your request. Where you request access to your information we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information and to reduce risk of identity fraud, identity theft or unauthorised access to your information.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (this opens in a new window, please note we can’t be responsible for the content of external websites).
TDA Group Data Protection Manager
TDA, Tor Hill House, Torquay TQ2 5QW
Last modified: 16th March 2021
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them.