This document demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we (Recoup Group Limited, trading as TTE Associates) collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will;
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for carrying out our business relationship with you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have not consented to (as appropriate)
Recoup Group TTE Ltd t/as TTE Associates is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
DETAILS OF INFORMATION WE MAY HOLD ABOUT YOU
The list below identifies the kind of data that we may hold about you:
- personal contact details such as name, title, address, email address, phone number
- Date of Birth
- NI number
- employment or workplace details
- Tax code
- Business mileage records
- Payslip details
METHOD OF COLLECTION OF PERSONAL INFORMATION
Your personal information will be collected primarily through our website enquiry and claim forms system and process but may also be obtained via social media platforms and other third parties. Personal data is kept in our secure website database.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful basis for processing. At least one of the following will apply when we process personal data:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process personal information is that it is necessary for the performance of our services to which you consent and/or in the legitimate interest of offering and delivering our services on your behalf.
We do not anticipate that any of our decisions will occur without human involvement.
Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties and deliver the services we offer to you.
It may be necessary for us to share your personal data with a third party or third party service provider within or outside of the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
Data may be shared with third parties in the following circumstances:
- as part of the performance of our services (e.g. HMRC)
- in relation to the maintenance support and/or hosting of data
- to adhere with a legal obligation
- in the process of obtaining advice and help in order to adhere with legal obligations
- to gain feedback from you on the performance of our services (e.g. Trustpilot)
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We will not be transferring your data to other countries.
As part of our commitment to protecting the security of any data we process, we have put the following measures in place:
- A fully encrypted and secure website and database
- Employees and third party stakeholders understand their responsibilities for the protection and security of personal data
In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.
We anticipate that we will retain your data as part of the process of delivering our services and for no longer than is necessary, with consideration to the following:
- risk of harm
- purpose for processing
- legal obligations
At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information. In some situations, you may have the;
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. You have the right to request the transfer of your personal information to another party.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. If you wish to exercise any of the rights explained above, please contact email@example.com.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
QUESTIONS OR COMPLAINTS
It is the responsibility of our Data Representative to oversee compliance with this statement. Should you have any questions regarding this statement, or how we process your personal information, please contact firstname.lastname@example.org.
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.