PRIVACY POLICY
TCM Capital Privacy Policy
This page is used to inform visitors about our policies with the collection use, and disclosure of information.
About Us
We have assigned a Data Protection Officer (DPO) in the UK. Should you have any enquiries regarding this notice or our data protection procedures, please reach out to the DPO:
Legal Entity
TCM Capital Limited
ICO Registration
ZB291671
Address
16 High Holborn, London, WC1V 6BX
DPO Email
dpo@tcmcapital.co.uk
Telephone
020 8068 0371
We adhere to data protection laws and principles, ensuring your data is:
The Data We Collect
According to the UK-GDPR, personal data is any information that relates to an identified or identifiable individual. This information might include identifiers like those listed below, or other factors specific to an individual’s physical, physiological, genetic, mental, economic, or cultural identity.
We may collect, use, store, and transfer various types of personal data, including:
Basic Identity Data
Such as your first name, last name, date of birth, tax status, marital status, nationality, educational background, and academic qualifications.
Employment Data
Including your employment history, job title, professional details, position within your organisation, national insurance number, salary, benefits, expenses claimed, training, and payroll information.
Contact Data
Comprising your phone number(s), postal address (including work address), and personal or work email address.
Financial Data
Including bank account information, payment details, liabilities, loans, and assets.
Transaction Data
Typically including details about the services you have requested from us.
Profile and Usage Data
Including information about your marketing preferences, details of marketing campaigns you have participated in, your communication preferences, login details, and interaction with our online solutions.
Technical Data
Such as your IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access our website or online solutions.
How We Collect Your Data
We gather data through various methods. Typically, this information is provided directly by you during your interactions with us, whether through our website, mailing lists, marketing initiatives, or events (hosted solely by us or in collaboration with others).
Additionally, we may acquire your personal data from third-party sources, including public repositories and databases (such as Red Flag Alert, Zint and Lusha), social media platforms (like LinkedIn), or third parties where you have given consent for your personal data to be shared (for instance, through lead generation suppliers or partnerships for marketing and business development purposes).
To meet our anti-money laundering obligations upon client inception, we use an automated solution from CreditSafe. However, depending on the circumstances, we may need further information from you. This could include passport details, driver’s license details, or other identification and address verification documents, as well as information regarding sanctions, embargoes, enforcement actions, or adverse media about you.
If it is mandatory for us to collect personal data by law or under the terms of a contract we have with you and you do not provide that data when requested, we may be unable to perform the contract we have or are attempting to enter into with you (for example, to provide you with goods or services). In such cases, we may have to cancel a product or service you have with us, but we will inform you if this occurs.
Lawful Basis For Processing
We will process your personal data only when we have a lawful basis for doing so. This will typically be because one or more of the following reasons apply:
How We Use Personal Data
We utilise personal data strictly for the purposes for which it was gathered. This includes:
We will use your personal data only for the purposes for which it was collected unless we reasonably deem it necessary for another purpose that is compatible with the original one. We may process your personal data without your knowledge or consent only in compliance with the above rules or as required or permitted by law.
Security Measures
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised manner, altered, or disclosed. Additionally, we limit access to your personal information to employees, agents, contractors, and other third parties who have a business need to know. They will process your personal information only on our instructions and are bound by confidentiality obligations.
We have procedures in place to address any suspected data security breaches and will notify you and any relevant regulator of a breach where we are legally required to do so.
Sharing Your Personal Data
In compliance with legal requirements (such as fraud and crime prevention), we may share your personal data and other related information about you and your business or organisation with law enforcement agencies or regulatory bodies (like the National Crime Agency and HM Revenue and Customs).
Beyond TCM, we may share your personal data with third parties under the following circumstances:
If necessary, we may share your personal data with third-party service providers, ensuring appropriate security measures are in place to protect your personal data. These providers are not permitted to use your personal data for their own purposes and may only process your data for specified purposes in accordance with our instructions.
Retention Period
We retain personal data following a Retention Schedule that evaluates the nature of the personal data, its processing purpose, and the reasonableness of its retention. Personal data will not be kept longer than necessary to fulfil its collection purpose. Where personal data must be held in a dormant state to satisfy legal or regulatory obligations, it will be minimised.
Your Legal Rights
Under certain conditions provided by law, you have specific rights regarding your personal information:
Request Access
You have the right to ask for a copy of the personal data we hold about you and to check that we are processing it lawfully.
Request Correction
If the information we hold about you is incomplete or inaccurate, you can request its correction.
Request Erasure
You can ask us to delete or remove your personal information where there is no valid reason for us to continue processing it. This right also applies if you have successfully exercised your right to object to processing (see below).
Object to Processing
If we are processing your personal information based on legitimate interests (or those of a third party), you may object to this processing. You also have the right to object to our processing your personal information for direct marketing purposes.
Request Restriction
You can ask us to suspend the processing of your personal information, for example, if you want us to verify its accuracy or our reasons for processing it.
Request Transfer
You can request the transfer of your personal information to another party.
Please note that the right of access and the right to erasure may not apply when we are processing your data for specific obligations, such as tax purposes or management forecasting and planning. Exemptions are outlined in Schedule 2 of the Data Protection Act 2018. If you wish to review, verify, correct, or request the erasure of your personal
information, object to its processing, or request its transfer to another party, please contact our DPO or email dpm@tcmcapital.co.uk.
Should you wish to make a complaint about how your data is being handled, we encourage you to raise this with our DPO initially. Ultimately, you can lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s regulator for data protection, at www.ico.org.uk or Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.