Privacy Policy

Last Updated: [10/11/2023]

Introduction

Thank you for choosing The Contact Company Mobile App and for taking the time to read this Privacy Policy. The purpose of this application is to enhance internal communication with informative articles and streamline shift management for employees. We recognise the trust that you place in us whenever you share your personal information with us, and we are committed to operating with openness, honesty, and transparency.

• The personal information we collect when you engage with the application.
• How we will use and take care of your personal information.
• Your privacy rights and how the law protects you.

Types of Personal Information we collect from you

As the application is specifically for employees of the Contact Company, the majority of information is already held by The Contact Company, and the application does not necessarily need to collect additional information other than what is necessary to operate and improve the application.

• Identity Information – such as your name, username, and password. This information is used to log you in and connect you to TCC intranet services.

Types of Information we generate about you

This information will be collected automatically or generated whenever you use the application. This information is used to help our developers better understand how to make improvements to the application.

• Mobile Device Information – such as your device type, operating system, unique device identifiers.

Referencing personal data in this privacy policy

Wherever we refer to ‘personal information’ in this notice, it may include any or all the personal data collected from you or generated about you.

How we collect the personal information

The information highlighted will be collected directly from you, via web forms that allow you to submit the information, or automatically when you connect to the service.

Lawful basis for processing your personal information

The application is not required for employment within The Contact Company and is an optional download. The lawful basis for processing is therefore Consent. Consent is implied when you download and use the application. To withdraw consent, you may uninstall the application at any time and cease its use.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and to enable us to continue to tell our story (which will include reference to archive material). To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. At the end of an agreed retention period your information will either be securely and confidentially destroyed or anonymised. Anonymisation is the process of altering personal information within data sets such that it is not possible to identify individuals from the data any longer. If you would like any more specific information, ask your line manager to log an ARC Helpdesk ticket and we will endeavour to answer your questions.

Your rights to your personal information

Under certain circumstances, you have rights under data protection laws in relation to your personal information:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information in certain circumstances e.g., where it is no longer necessary for us to retain it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal information where we are relying on the legitimate interest basis (or those of a third party) or where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which overrides your rights and freedoms.
• Request restriction of processing of your personal information in certain circumstances.
• Request the portability of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Exercising your rights

In order to exercise any of these rights you will need to make a request using the ARC Helpdesk accessible via The Contact Company Intranet (or ask your line manager to do so if you do not have access), or by emailing GDPR@tcc.co.uk. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Upon making your request we will respond to you within one calendar month. If one calendar month ends on a Saturday, Sunday, or Bank Holiday, then the end of the calendar month will be considered close of business of the next available working day.

Disclosure of personal information

Your information will not be disclosed to any third parties nor transferred or stored outside of the UK.

Contact Details

Right to Complain

You have the right to make a complaint or raise any concerns that you have relating to our approach to your personal information to the Information Commissioner’s Office (the regulatory authority for data protection issues in the UK (www.ico.org.uk)). We would appreciate it if you could let us know if you contact the ICO. If you feel able to contact us before making contact with the ICO, we will take your concerns seriously and we promise to work with you to resolve any issues that you have (noting that we will tell you if you should refer the issue to the ICO and that we may also need to tell the ICO).