Privacy Policy

Privacy Notice

This Privacy Notice explains what information TC Group (including all of the subsidiaries of TC Group headed by TC Group Holdings Limited, together ‘TC Group’, ‘we’, ‘us’ and ‘our’) gather about you, what we use that information for and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.

We take data protection very seriously and we are committed to protecting your personal information. This Privacy Notice describes how we handle personal information collected through www.tc-group.com, ‘OneClick’ our client portal service, phone, email and by any other means.

It is our policy to collect only the minimum information we require from you. If you believe we hold more information about you than is required, or if you have any queries about how we handle your personal data, please contact our Data Privacy Officer.

In this Privacy Notice your personal information is sometimes called “personal data”. Personal data is information that can be used to identify a living individual, such as name, address, phone number or email address. It includes information you provide when you contract or, intend to contract, with us to provide a product or service, subscribe to our services, search for a service, participate in other social media functions on our site or enter a competition, promotion or survey and when you report a problem with our site. You might also give us personal data when you participate in meetings, seminars or other events we arrange. The information you give us may include, for example, your name, address, e-mail address, phone number and financial information. Personal data also includes information about your health and other ‘sensitive personal data’.  We ask that you do not provide us with ‘special category personal information’ unless we have specifically requested it. ‘Sensitive personal data’ and ‘special category personal information’ are as defined by data protection legislation.

In this Privacy Notice we sometimes collectively refer to handling, collecting, protecting or storing your personal information as ‘processing’.

Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.

Contact details

If you have any questions about this Privacy Notice or the way your personal information is processed by us, or would like to exercise one of your rights explained within, please contact the Data Privacy Officer, by one of the following means:

Email: dataprotection@tc-group.com

Post: Data Privacy Officer, TC Group, 3 Acorn Business Centre, Northarbour Road, Cosham, Portsmouth PO6 3TH.

This Privacy Notice contains the following three sections, which should be read in conjunction with each other, and the above:

  • Privacy Notice – TC Group Clients. As referred to within our Letters of Engagement with clients, this section provides details regarding the collection and use of personal data in performing the services we are engaged to provide.
  • Privacy Notice – Website. This section relates to the practices we follow to respect the privacy of all visitors to our website.
  • Privacy Notice – TC Group Prospects. This section provides details regarding the collection and use of personal data in regards to our external marketing and prospecting activities.

Privacy Notice – TC Group Clients

TC Group takes the security of, and our legal responsibilities around, your personal data very seriously. The following information applies to those who receive services from us or who are seeking to do so.

Types of Personal Data Processed

The types of personal data processed will vary depending on the data you require us to process in order to deliver to you the requested service(s) and in accordance with our engagement terms with you (as specified within the Letter of Engagement). You may ask us to process both ‘personal data’ as defined in Article 4(1) of the EU General Data Protection Regulation (‘GDPR’) and or ‘Special category Personal Data’ as defined in Article 9(1) GDPR.

Categories of Data Subjects

Personal data we process for our own purposes and on your behalf may include, but may not be limited to, client data, staff data, contractor data and supplier data.

Categories of data subjects will, for so far as we act as a data processor, be determined by you and as contemplated by our engagement terms with you.  Normally, we will only require limited aspects of your staff data for our own purposes and will advise you should it become necessary for us to process any other categories for our own purposes.

Legal Basis for Data Processing

Generally, it will be your responsibility as the Data Controller to ensure you provide us with data for processing activities for which you have identified a legal basis for such processing.  We will not accept responsibility for your providing us data without a legal basis for doing so.

Where we require personal data from you for our own purposes, we do so on the following legal bases as defined under GDPR:

  • Contract entry and performance: To provide our services to you in performing our contractual obligations to you in accordance with our Letter of Engagement. In order to commence working with you as a client we are legally required to take certain steps, such as assuring ourselves of your identity.  In order to do so we require some personal data from you.  During the course of our engagement with you we are required to continue processing personal data about you to enable us to deliver the service(s) to you.
  • Our legitimate interests: To develop our businesses and services by the effective delivery of information and services to you in the lawful operation of our business (provided these do not interfere with your rights). We may also use your personal data on the basis of our own legitimate interests in promoting our services and developing our services and assessing our performance. Activities promoting our services include business to business marketing which you may opt-out of at any time.  Opt-out can be achieved by using the unsubscribe options contained within the information you have received or by emailing our Data Privacy Officer.
  • Legal obligations: To conduct quality and risk management procedures in satisfying any legal and regulatory obligations to which we are subject. As a firm of Accountants certain statutory obligations apply to us which require us to process personal data and in some circumstances to provide it to third parties such as law enforcement authorities.  Where such obligations arise we will, insofar as is possible without breaching any other duty we owe to those authorities, advise you of our intention to process your data for their purposes.
  • Where we have your consent to do so: For any other purposes for which you provided the information to us and where there is no other condition for processing available, if you have agreed to us processing your personal information.

Duration of Processing

We will process personal data on your behalf for so long as you instruct us to do so.  At the cessation of our processing activities on your behalf it is your choice as to what happens to the personal data you have provided to us.  We will work with you to carry out your reasonable instructions.

Personal data we collect for our own purposes will be managed in accordance with our Data Retention Policy which will reflect our legal obligations.

Use of sub-processors

As part of our service delivery it is necessary for us to use sub-processors.

Our IT is largely provided by parties external to TC Group.  Some solutions we utilise are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.

All sub-processors are bound by contracts with TC Group to provide at least the same level of protection for your data as we do.

Most sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process.  Unless we have otherwise expressly agreed conditions with them, sub-processors are prohibited from using your personal data for their own purposes.

Data Transfers

TC Group is a group of subsidiaries headed by TC Group Holdings Limited, which act together to provide the engaged services to you as a firm of Accountants, by utilising the same IT environment and software platforms across the group. Within this secure IT environment, for which we hold Cyber Essentials Certification, personal data will therefore be accessed, transferred and shared by the companies within TC Group.

TC Group utilises a number of suppliers to provide us with IT and other associated services for the delivery of our business and services to you.  In many cases, the suppliers we use will be granted access to the data we are processing in order to provide us with technical assistance.  Such processing activities are not directly related to our principal services to you and are considered ancillary to our own internal activities.

As a modern and international firm of  Accountants, our staff need to be able to work from anywhere in the world using our IT services. Although your data will be securely stored within our IT environment and the aforementioned cloud solutions at all times, it will from time to time be necessary for our staff to access these systems, both inside and outside of the EEA.

To assist in providing some of the engaged services to you, TC Group may utilise external subcontractors to process your personal data.  The processing activities which may be undertaken by subcontractors includes, but is not limited to, data entry processing on engaged services, client management and billing.  These subcontractors may operate outside the European Economic Area (‘EEA’) and from countries that do not have laws that provide specific protection for personal information. To minimise the transferring of personal data, these subcontractors are provided direct access to the IT environment and software platform, in which to perform the processing activities.  Appropriate IT security controls are in place at all times and all subcontractors are bound by contracts (e.g. the standard (model) contractual clauses issued by the EU for the transfer of personal data to data processors or data controllers outside the EEA) which require your personal data to be safeguarded and which provide at least the same level of protection for your data as we do.

TC Group is a member of BOKS International, a global alliance of independent accountancy and legal professional firms. The other members of BOKS International do not have access to your personal data and we will never transfer your personal data to other members of BOKS International unless you have specifically requested us to do so. If your personal data does need to be transferred outside the EEA, we ensure appropriate safeguards are in place, via the use of EU standard contractual clauses, to protect your data and data subject rights and freedoms.

By asking us to act as a Data Processor on your behalf you permit us to use EU standard contractual clause agreements with our chosen sub-processors and subcontactors on your behalf.  All such agreements will be in our name and you may enforce rights against the sub-processor(s) directly through us.

Data Security

TC Group has put technological and organisational controls, including policies and procedures, in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Only authorised persons are provided access to personally identifiable information we have collected and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.  Conditions to protect data to at least the same standard as we do are cascaded to all our subcontractors, sub-processors and suppliers.

We carry out regular monitoring of our security defences to ensure they continue to be effective against the latest threats.

Data transferred over our client portals are protected using encryption technologies to ensure they remain secure.

Please note that no communications over the internet can be guaranteed as secure.  Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit.  Once data reaches your network it is your responsibility to ensure it remains secure.

Controls put in place by TC Group also apply to all subsidiaries of the group headed by TC Group Holdings Limited.

Data Retention Policies

We will retain your personal information only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. The timescales for the retention of personal data for the different activities we undertake are governed by various legislation. The most common retention period is 7 years.

We continue to look at ways to minimise the personal data we request or hold.  This may mean that some data we receive but do not require is returned or deleted.

Your Data Subject Rights

Where we act as a Data Controller for your data you may exercise a number of rights.

You may:

–  Request access to the personal data we hold about you.

–  Ask us to correct any data which is inaccurate.

–  Request to have your personal data deleted.

–  Put in place restrictions on our processing of your data.

–  Ask us to transfer your data to another controller (data portability).

We will handle all exercise of your data subject rights in accordance with the requirements of GDPR and any national laws at the time of your request.  Should you need to exercise any of your data subject rights please set out your request in writing to our Data Privacy Officer.

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office.  Further details can be found via their website at www.ico.org.uk.

Should we receive a request from one of your staff, clients, customer, contractors or prospects to exercise data subject rights, but we are only acting as a Data Processor, we will forward your request to you as Data Controller to process.  Unless you explicitly instruct us not to we will advise the data subject that we have passed their request to you.

Marketing emails

Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether you open, read, or delete the message and any interaction you make with links contained therein.  When you click on a link in a marketing email you receive from us we may also use cookies to log what pages you view, in accordance with our cookies policy.

Targeted emails from us may include additional data privacy information as required by applicable privacy laws.

Changes to this Statement

We recommend you check this statement on a regular basis to ensure you remain in agreement with the activities we carry out in respect of processing personal data.

Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.

Privacy Notice – Website

TC Group takes the security of and our legal responsibilities around your personal data very seriously. This statement explains relevant information about our processing of your personal data collected via our website.

The personal data we process as a result of your visiting our website depends on the data you provide to us.  If you access our website but do not interact further with us, we will only process the data contained in cookies (see ‘Use of Cookies’ for more information).  Should you decide to interact with us by, for example, submitting a request form, we will process the data you provide for the purposes stated on the form.  Some fields are mandatory as without them we will be unable to make further contact with you to answer your request.

By providing us with your personal data you give us your consent to use it to provide you with the requested service(s). Should you provide us with business contact details we may also use those contact details in pursuit of our legitimate interests in promoting and developing our business.

All personal data submitted through our website may be used by us in an anonymised form to assess and improve the services delivered herein and for our wider business development

TC Group is the Data Controller for all personal data you provide us with via our website.

We do not share your personal data collected through our website with organisations outside of TC Group.  Please review the relevant privacy statement if you are an existing client of our services.  We do not sell or rent your personal data for any purpose.

For any questions, queries or other data protection matters, please contact our Data Privacy Officer.

Use of Cookies

A cookie is a tiny element of data that a website can send to a visitor’s computer’s browser so that this computer will be recognised by the website on their return. Cookies allow our web server to recognise a computer on connection to our website, which in turn allows the server to make downloading of pages faster than on first viewing. In addition, cookies may also be used by us to establish statistics about the use of our website by Internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, website performance, etc. By collecting and using such data, we hope to improve the quality of our website.

The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above.

Navigation data about website viewers is automatically collected by our servers. If you do not wish to have this navigation data collected, we recommend that you do not use our website. A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on our website. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer’s hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of our website, we recommend that visitors do not block the recording of cookies on their computer.

TC Group’s IT environment, servers, computers and software platforms are protected from outside intrusions. As a result, all data that may be collected about our website viewers through the use of cookies will be protected from unauthorised access.

We may use cookies to identify users when they visit our website to use personalised services. In such circumstances these cookies may be kept on the hard drive of their computer following closure of the web browser. Cookies used in connection with such services enable us to build up a profile of our users and to develop personalised versions of our website.

For more information about cookies, please see the Information Commissioner’s website home page or the Interactive Advertising Bureau.

Data Subject Rights

TC Group acts as the Data Controller for all personal data submitted through our website. Accordingly you may exercise a number of rights over your data including:

–   Accessing the personal data we hold about you.

–   Asking us to correct any of your personal data we hold which are inaccurate.

–   Request to have your personal data deleted.

–   Put in place restrictions on our processing of your data.

–   Asking us to transfer your data to another controller (data portability).

We will handle all exercise of your data subject rights in accordance with the requirements of the GDPR and any national laws. Should you need to exercise any of your data subject rights please set out your request in writing to our Data Privacy Officer.

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may take the matter to the Information Commissioner’s Office.  Further details can be found via their website at www.ico.org.uk.

Data Transfers

TC Group is the trading name of TC Group Holdings Limited and its subsidary entities, which act together to provide services to clients as a firm of Accountants, by utilising the same IT environment and software platforms across the group. Within this secure IT environment, for which we hold Cyber Essentials Certification, personal data will therefore be accessed, transferred and shared within TC Group.

Duration of Processing

We retain and manage all information submitted through this website in accordance with our Data Retention Policy and only hold it for as long is necessary.

Data Security

Please note that communications over the internet cannot be guaranteed as secure.  Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit.  Once data reaches your network it is your responsibility to ensure it remains secure.

Children and our website

TC Group understands the importance of protecting children’s privacy, especially in an online environment. Our sites are not intentionally designed for, or directed at, children 13 years of age or younger. It is our policy never to knowingly collect or maintain information about anyone under the age of 13 through our websites. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our site.   Please ask them to review this information before you communicate with us.

Privacy Notice – TC Group Prospects

TC Group takes the security of, and our legal responsibilities around, your personal data seriously. The following information applies to those who receive marketing communications and other contact from our central marketing team.

Types of Personal Data Processed

The personal data processed as part of our marketing strategy is limited to ‘personal data’ as defined in Article 4(1) of the EU General Data Protection Regulation (‘GDPR’). We take every effort to minimise the personal data we collect and its processing to what are essential for the purposes of marketing to you. The personal data we store is limited to First Name, Last Name, Job Title, Age, Company shareholding, and email address. These are publicly available details that are used to identify an individual and their relationship to a company.

Legal Basis for Data Processing

Where we collect and store your personal data for our own purposes, we believe legitimate interests to be the most appropriate lawful basis for doing so.

We will have a legitimate interest in processing your data for the purposes of Direct Marketing in such a circumstance that your data profile, as available in the public domain, matches what we would expect based on an analysis of our typical client. Our services include a wide range of accountancy, audit and tax related services and you will be in a Senior or financial role within an organisation, identified by job title which will include, but not be limited to: Partner, CEO, Director, Finance Manager and Finance Controller.

Legitimate interest assessment

We have carried out a Legitimate Interest Assessment (LIA) as recommended by the ICO. The data we collect is not of a sensitive nature and is limited only to that which is essential for our purposes in conducting direct marketing activities. The data we procure is available in the public domain, through Companies House submissions and it is therefore reasonable to assume that you, the subject, would expect some degree of marketing communications from relevant potential suppliers. The impact of any communications we send to you, the subject, is in our opinion minimal, and you have every right and opportunity to restrict this.

DATA SOURCES

At TC Group, we source marketing and prospect data from a range of direct and indirect sources. The direct sources are communications with you, either over the phone, by email, or through form submissions on our website. The indirect sources are portals to Companies House which provide information in the public domain; web searches for details of appropriate contacts within organisations and referrals from your colleagues or acquaintances. In all cases we will do so based on the understanding that accounting functions are integral to any business or organisation, and someone in a senior or financial role will have both knowledge and a legitimate interest in related services.

Use of sub-processors

The solutions we utilise are cloud based. Our sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process. In addition, sub-processors are strictly prohibited from using your personal data for their own purposes.

Data Transfers

TC Group is the trading name of TC Group Holdings Limited and its subsidary entities, which act together to provide services as a firm of Accountants, by utilising the same IT environment and software platforms across the group. Within this secure IT environment, for which we hold Cyber Essentials Certification, personal data will therefore be accessed, transferred and shared within the entities of TC Group where necessary to provide progress reports and to pursue opportunities.

As a modern and international firm of  Accountants, our staff need to be able to work from anywhere in the world using our IT services. Although your data will be securely stored within our IT environment and the aforementioned cloud solutions at all times, it will from time to time be necessary for our staff to access these systems, both inside and outside of the EEA.

Data Security

TC Group has put technological and organisational controls, including policies and procedures, in place to protect your personally identifiable information from loss, misuse, alteration or unintentional destruction. Only authorised persons are provided access to personally identifiable information we have collected, and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.

We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.

Controls put in place by TC Group also apply to all subsidiaries of the group headed by TC Group Holdings Limited.

Data Retention Policies

TC Group carries out frequent updates to our prospecting data. Any information or company associations which are found to be out of date are deleted. If we deem you to have a legitimate interest, we will store your data for a period of no longer than 3 years before reviewing this. If we have your informed consent to maintain contact, we will store this for no longer than 5 years before requesting it anew.

We actively minimise the personal data we request or hold, which means unless you seek to engage us, we will store only that which is absolutely necessary for us to make and maintain contact with you.

Your Data Subject Rights

Where we act as a Data Controller for your data you may exercise a number of rights.

You may:

–   Request access to the personal data we hold about you.

–   Ask us to correct any data which is inaccurate.

–   Request to have your personal data deleted.

–   Put in place restrictions on our processing of your data.

–   Ask us to transfer your data to another controller (data portability).

We will handle all exercise of your data subject rights in accordance with the requirements of GDPR and any national laws at the time of your request. Should you need to exercise any of your data subject rights please set out your request in writing to our Data Privacy Officer.

It is important to note that there is a significant difference between a request to restrict the processing of your personal data and a request to delete it. If you request that we delete your personal data this will be adhered to, however this will mean that your information is also removed from our suppression records, which may mean that data is re-added to our database under the same legitimate business interest. If you wish to request that we stop contacting you, we recommend that you request restriction on processing rather than deletion.

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.

Marketing emails

Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether you open, read, or delete the message and any interaction you make with links contained therein. When you click on a link in a marketing email you receive from us we may also use cookies to log what pages you view, in accordance with our cookies policy.

Changes to this Statement

We recommend you check this statement on a regular basis to ensure you remain in agreement with the activities we carry out in respect of processing personal data.

—————————————————————————————————————————

This Website is designed and hosted on behalf of TC Group by realityhouse Limited (“realityhouse”) Registered Company Number: 4950745. Who may provide some of the information which is on this Website.