1. ABOUT US
We have assigned a Data Protection Officer (DPO) in the UK. Should you have any inquiries regarding this notice or our data protection procedures, please reach out to the DPO:
•Legal Entity: TCM Capital Limited
•ICO Registration: ZB291671
•Address: 16 High Holborn, London, WC1V 6BX
•DPO Email: dpm@tcmcapital.co.uk
•Telephone: 02081766824
We adhere to data protection laws and principles, ensuring your data is:
•Processed lawfully, fairly, and transparently.
•Collected for specific, clearly stated purposes and not used in a manner incompatible with those purposes.
•Relevant and limited to the purposes we have explained.
•Accurate and kept up to date.
•Retained only as long as necessary for the purposes we have outlined.
•Stored securely.
2. THE DATA WE COLLECT
According to the UK-GDPR, personal data is any information that relates to an identified or identifiable individual. This information might include identifiers like those listed below, or other factors specific to an individual’s physical, physiological, genetic, mental, economic, or cultural identity.
We may collect, use, store, and transfer various types of personal data, including:
•Basic Identity Data: Such as your first name, last name, date of birth, tax status, marital status, nationality, educational background, and academic qualifications.
•Employment Data: Including your employment history, job title, professional details, position within your organization, national insurance number, salary, benefits, expenses claimed, training, and payroll information.
•Contact Data: Comprising your phone number(s), postal address (including work address), and personal or work email address.
•Financial Data: Including bank account information, payment details, liabilities, loans, and assets.
•Transaction Data: Typically including details about the services you have requested from us.
•Profile and Usage Data: Including information about your marketing preferences, details of marketing campaigns you have participated in, your communication preferences, login details, and interaction with our online solutions.
•Technical Data: Such as your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access our website or online solutions.
3. HOW WE COLLECT YOUR DATA
We gather data through various methods. Typically, this information is provided directly by you during your interactions with us, whether through our website, mailing lists, marketing initiatives, or events (hosted solely by us or in collaboration with others).
Additionally, we may acquire your personal data from third-party sources, including public repositories and databases (such as Red Flag Alerts and Zint), social media platforms (like LinkedIn), or third parties where you have given consent for your personal data to be shared (for instance, through lead generation suppliers or partnerships for marketing and business development purposes).
To meet our anti-money laundering obligations upon client inception, we use an automated solution from CreditSafe. However, depending on the circumstances, we may need further information from you. This could include passport details, driver’s license details, or other identification and address verification documents, as well as information regarding sanctions, embargoes, enforcement actions, or adverse media about you.
If it is mandatory for us to collect personal data by law or under the terms of a contract we have with you and you do not provide that data when requested, we may be unable to perform the contract we have or are attempting to enter into with you (for example, to provide you with goods or services). In such cases, we may have to cancel a product or service you have with us, but we will inform you if this occurs.
4. LAWFUL BASIS FOR PROCESSING
We will process your personal data only when we have a lawful basis for doing so. This will typically be because one or more of the following reasons apply:
•You have given us consent to process your personal data.
•The data is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
•We need to use your information to comply with legal or regulatory obligations.
•We have a legitimate interest in using your information, provided that our reasons for doing so do not override your rights and interests.
•The data is necessary for us to defend, prosecute, or make a claim against you, us, or a third party.
•You have given informed consent for the use of your personal data, understanding that you may withdraw this consent at any time.
5. HOW WE USE PERSONAL DATA
We utilize personal data strictly for the purposes for which it was gathered. This includes:
•Registering you as a contact or documenting your involvement with an organization or business that has engaged us for services or is a target for our marketing.
•Negotiating contractual terms and processing and delivering the services specified in the contract.
•Managing our relationship with you and the relationship between us and the business or organization you represent.
•Recommending products or services that might interest you as a representative of a business or organization with which we are contractually involved or wish to communicate our goods and services.
•Administering and protecting our business interests, website, and online functions. This might include using your personal data for insurance purposes, conducting background checks, defending our legal rights, auditing staff performance, and improving communication quality.
•Using data analytics to enhance our website, products and services, marketing efforts, customer relationships, and experiences, and to provide relevant training to our staff.
•Forming a view on what we think you might want or need or what may interest you. This helps us determine which products, services, and offers may be relevant to you. You will receive marketing communications from us if you have requested information or purchased services from us and have not opted out of such marketing. You can opt out of receiving marketing or surveys at any time by emailing dpm@tcmcapital.co.uk.
We will use your personal data only for the purposes for which it was collected unless we reasonably deem it necessary for another purpose that is compatible with the original one. We may process your personal data without your knowledge or consent only in compliance with the above rules or as required or permitted by law.
6. SECURITY MEASURES
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. Additionally, we limit access to your personal information to employees, agents, contractors, and other third parties who have a business need to know. They will process your personal information only on our instructions and are bound by confidentiality obligations.
We have procedures in place to address any suspected data security breaches and will notify you and any relevant regulator of a breach where we are legally required to do so.
7. SHARING YOUR PERSONAL DATA
In compliance with legal requirements (such as fraud and crime prevention), we may share your personal data and other related information about you and your business or organization with law enforcement agencies or regulatory bodies (like the National Crime Agency and HM Revenue and Customs).
Beyond TCM, we may share your personal data with third parties under the following circumstances:
•You have given your consent.
•We are legally or regulatory obligated to do so.
•It is necessary to apply or enforce our terms.
•We have a legitimate interest in doing so, provided it does not override your interests and fundamental rights.
If necessary, we may share your personal data with third-party service providers, ensuring appropriate security measures are in place to protect your personal data. These providers are not permitted to use your personal data for their own purposes and may only process your data for specified purposes in accordance with our instructions.
8. RETENTION PERIOD
We retain personal data following a Retention Schedule that evaluates the nature of the personal data, its processing purpose, and the reasonableness of its retention. Personal data will not be kept longer than necessary to fulfill its collection purpose. Where personal data must be held in a dormant state to satisfy legal or regulatory obligations, it will be minimized.
9. YOUR LEGAL RIGHTS
Under certain conditions provided by law, you have specific rights regarding your personal information:
•Request Access: You have the right to ask for a copy of the personal data we hold about you and to check that we are processing it lawfully.
•Request Correction: If the information we hold about you is incomplete or inaccurate, you can request its correction.
•Request Erasure: You can ask us to delete or remove your personal information where there is no valid reason for us to continue processing it. This right also applies if you have successfully exercised your right to object to processing (see below).
•Object to Processing: If we are processing your personal information based on legitimate interests (or those of a third party), you may object to this processing. You also have the right to object to our processing your personal information for direct marketing purposes.
•Request Restriction: You can ask us to suspend the processing of your personal information, for example, if you want us to verify its accuracy or our reasons for processing it.
•Request Transfer: You can request the transfer of your personal information to another party.
Please note that the right of access and the right to erasure may not apply when we are processing your data for specific obligations, such as tax purposes or management forecasting and planning. Exemptions are outlined in Schedule 2 of the Data Protection Act 2018. If you wish to review, verify, correct, or request the erasure of your personal
information, object to its processing, or request its transfer to another party, please contact our DPO or email dpm@tcmcapital.co.uk.
Should you wish to make a complaint about how your data is being handled, we encourage you to raise this with our DPO initially. Ultimately, you can lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s regulator for data protection, at www.ico.org.uk or Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.