Introduction
Thank you for visiting The Contact Company website and for taking the time to read this Privacy Policy.
We are a contact centre supporting high-profile clients through various industry sectors including retail, finance, and technology. During your time here, there will be occasions in which we will receive your personal information.
We recognise the trust you place in us when you share your personal information with us and are committed to operating with openness, honesty, and transparency.
In this notice, we will provide you with details of:
- The personal information we will collect when we engage with you.
- How we will use and look after your personal information.
- Your privacy rights and how the law protects you.
Who we are
Launched in 2006, CEO Asif Hamid MBE formed the company to provide exceptional service and drive cost efficiencies for businesses seeking a UK-based outsourced customer service facility. As the largest privately-owned contact centre in the country, The Contact Company delivers economies of scale for all clients, whilst sharing best practice, to ensure it, and its clients, remain at the forefront of the customer service industry.
The business grew exponentially in its first ten years: from a small start-up employing just six people, to a large, private sector employer. The quality of service and value delivered by The Contact Company has been one of the catalysts for the growing number of organisations bringing their outsourced business to the UK from overseas.
From the start, the company has consistently invested 25% of its annual profits into staff training and development. We provide the highest quality candidates with access to comprehensive training, leading technology, and purpose-built facilities to deliver an unrivalled level of service in our industry, meaning our customers benefit from the best.
Types of Personal Information we collect about you
Personal information is any information relating to an identifiable living individual. We may collect, use, store and transfer various kinds of personal information about you whenever we engage with you, examples of information we may collect are:
- Identity information including your name and date of birth.
- Contact information including your address, email address and telephone number.
- Reference information including previous employers and character references.
- Emergency contact information including next of kin.
- Vehicle information if you require access to the company car park such as your vehicle registration number.
- Financial information to pay wages, including bank account number, sort code and national insurance number.
- Consent preferences about certain additional optional processing activities such as using your photograph or video footage in promotional materials.
- CCTV
Types of Personal Information we generate for you
During your time in The Contact Company, we will create new data for you that may be considered your personal information:
- Usernames and temporary passwords to grant access the company systems if required.
- Employee ID required to clock in and out at the beginning and end of your shifts and to help us identify you within the company, if required.
- Performance statistics, such as Average Call Durations, if required.
- Attendance statistics, such as Bradford Score.
- Employment data such as job role, campaign, rates of pay and shift plans.
- Investigative/Evidential data in relation to disciplinary matters or suspected criminal actions or activity.
Special Category Data we may collect about you
Special Category Data is personal data that is more sensitive. We will only collect special category data where necessary, such as:
- Medical data to ensure we are providing you with the tools you need where you have a disability, or to provide support when returning to work after an illness.
- Criminal Offence data collected as part of vetting procedures required for certain clients.
- Credit Reference data collected as part of vetting procedures required for certain clients.
- Biometric data in the form of fingerprints converted to digital algorithms which are used to clock in and out at the beginning and end of shifts to ensure you are paid accurately.
Technological Data
For technological data such as cookies, please see the Privacy Policy in the footer of our website.
Changes to your personal information
The Information Commissioners Office, who enforces your rights under the Data Protection Act 2018, requires that your information be kept up to date and is always accurate. You have the right to have us correct any information that you feel is inaccurate and non-current. For the most part, you can update your basic information yourself via the Mitrefinch platform, but for any other information, please speak to your line manager in the first instance.
Referencing Personal Data in this Privacy Notice
Where we refer to personal information in this notice, it may include any or all the personal data listed above.
How we collect your Personal Data
We collect your information in the following ways:
- We will normally collect your information directly from you. This will usually done using your application form. If you are employed by an agency, they will provide us with your information on your behalf.
- Special category data may be provided to us by third party organisations that specialise in the service required (CRB checks and credit checks) and who have been thoroughly vetted to ensure quality of practice. You may also provide some of this information yourself.
Lawful basis for processing your personal information.
UK data protection law requires us to have a lawful basis for processing your personal data. The legal bases we rely on are:
- Legitimate Interests: Where we process your personal information for our legitimate interests (see paragraph 9).
- Contractual Obligation: Where the processing of personal information is necessary to perform a contract with you or our clients.
- Legal Obligation: Where the processing of personal information is necessary to comply with a legal or regulatory obligation that applies to us.
- Consent: Where we have your specific consent to use your personal information for a specific purpose.
Legitimate Interests
When we use our legitimate interests as the lawful basis for processing your personal information, we will consider and balance any potential impact on you and your rights before we process your personal information. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the interests of our organisation in conducting and managing our operations to enable us to give you the best service and the best and most secure experience. Specific examples of this include:
- Analysis of performance.
- Monitor attendance.
- Create relevant user accounts and have our clients do the same.
Consent
For any personal data that we process under the lawful basis of consent, we ensure that you are able to freely give your response and change that response at any time, with no inherent detriment to you by declining to grant consent.
Please note that withdrawing consent does not affect the lawfulness of any processing that has taken place during the period between you first giving consent and subsequently withdrawing it. Withdrawing consent means that we will no longer process those data in that way. If you find that your data is still being processed after withdrawing consent, you must let us know.
How we will use your information
We will not sell your personal information (nor will we purchase additional information). We do not use automated profiling for marketing purposes, nor will we use it for any other marketing purposes without your consent. We will only contact you in a way that is consistent with our relationship with you (how you would usually expect to be contacted and for reasons you might expect in accordance with your relationship, and with materials you would expect to receive from us).
We will use your personal information to:
- To contact you by phone.
- To provide information to you by email.
- To ensure you have the tools required to work comfortably.
- To provide relevant training.
- To create required user accounts and system profiles.
- To analyse your performance.
- To record and analyse your attendance.
- To notify you about changes to our services.
- To invite you to interview for roles for which you have applied.
- Internal record keeping.
- To pay your wages.
- To ensure your income tax is paid.
Building our understanding
We may use your information to help us understand your skills, motivations and needs to ensure that you find yourself in the most suitable position and that we provide you with the correct tools and technologies for you to complete your role and do so comfortably.
Children
If you are sixteen or younger, we will require a parent or guardian to accompany you before we engage with you and we will ask such parent or guardian to verify in writing that we may engage with you.
Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The business is certified for information security under ISO27001 and Cyber Essentials Plus.
Data Retention – How long we will keep your data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and to enable us to continue to tell our story (which will include reference to archive material).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
At the end of an agreed retention period your information will either be securely and confidentially destroyed or anonymised. Anonymisation is the process of altering personal information within data sets such that it is not possible to identify individuals from the data any longer.
If you would like any more specific information, ask your line manager to log an ARC Helpdesk ticket and we will endeavour to answer your questions.
Your rights to your personal information
Under certain circumstances, you have rights under data protection laws in relation to your personal information:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information in certain circumstances e.g., where it is no longer necessary for us to retain it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on the legitimate interest basis (or those of a third party) or where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which overrides your rights and freedoms.
- Request restriction of processing of your personal information in certain circumstances.
- Request the portability of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Exercising your rights
In order to exercise any of these rights you will need to make a request using the ARC Helpdesk accessible via The Contact Company Intranet (or ask your line manager to do so if you do not have access), or by emailing GDPR@tcc.co.uk.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Upon making your request we will respond to you within one calendar month. If one calendar month ends on a Saturday, Sunday, or Bank Holiday, then the end of the calendar month will be considered close of business of the next available working day.
Disclosure of your personal information
Your personal information may be shared with the following:
Third Party | Description |
Mitrefinch | We employ a supplier of time management systems, Mitrefinch, for employee clock in and clock out times as well as ensuring payroll is accurate. We will share some of your information to set up your accounts. |
Disclosure Services & Credit Reference Agencies | We will share some of your information with Disclosure and Barring Services as well as a credit referencing agency as part of our contractual requirements with some clients, where required. |
Government Bodies | Where we are under a legal obligation to share information with government bodies or regulators, we will share the required information with them. |
Clients | If you work on behalf of one of our clients, we will share the necessary information to create your user accounts on their systems. In addition, where the client requires certain security checks, results of criminal record and credit checks will be shared. |
360 eLearning | We use a third-party e-learning (internet-based training) provider for our training purposes. We share some of your personal information with this provider to create your account. |
Accountants | We employ a firm of accounting experts to expedite payments of your salary into your bank accounts. We therefore share the relevant information to make this possible. |
Agencies | We may share information with your employment agency in relation to your employment, performance, attendance, or employability. |
TCC Website & Social Media | We will share, only with your consent, some personal information via TCC’s website, Facebook, Twitter, or LinkedIn pages. |
Wagestream | We will share your personal information with a third-party organisation named Wagestream. Wagestream is one of our company benefits that allows you to withdraw portions of your wages before payday when you really need the money sooner. |
Competent Authorities/Law Enforcement Authorities | For a full list of competent authorities, see here.
We may disclose your information to law enforcement authorities where: We want to proactively share personal data; for example, to report a crime to the police and provide relevant personal data we hold; We receive a request from a law enforcement authority for personal data we hold; for example, the police may request personal data from us to help them investigate a crime; or A court order or another legal obligation compels us to share personal data with a law enforcement authority. Such disclosures will be processed under Article 6(1)(f) – ‘legitimate interests’ of UK GDPR and Schedule 1, Part 2, Paragraph 10 – ‘Preventing or detecting unlawful acts’ of the Data Protection Act 2018. |
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
As part of our assurance of third parties, we ensure that they do not perform their operations outside of the EEA to ensure GDPR compliance. If, for any reason, we find a need to employ a supplier that performs any processing operations outside of the EEA, in countries whose data protection laws differ from those of GDPR and the Data Protection Act 2018, we will always take steps to make sure appropriate protections are in place (in accordance with UK data protection law) and that your information is safeguarded.
Contact Details
Our full contact details if you wish to contact us are:
Address: Kingsgate, 1 Tower Wharf, Birkenhead
Post Code: CH41 1LH
Phone: 0151 363 5000
Email: enquiries@tcc.co.uk
The Data Protection Officer
Data Protection Officer
The Contact Company, Kingsgate, 1 Tower Wharf, Birkenhead
CH41 1LH
Right to Complain
You have the right to make a complaint or raise any concerns that you have relating to our approach to your personal information to the Information Commissioner’s Office (the regulatory authority for data protection issues in the UK (www.ico.org.uk)). We would appreciate it if you could let us know if you contact the ICO. If you feel able to contact us before making contact with the ICO, we will take your concerns seriously and we promise to work with you to resolve any issues that you have (noting that we will tell you if you should refer the issue to the ICO and that we may also need to tell the ICO).