TP Group PLC is a public limited company, registered in England and Wales (number 03152034) whose registered office is at A2/1064 Cody Technology Park, Old Ively Road, Farnborough, Hampshire, England, GU14 0LX.
TP Group PLC takes the privacy of its clients, suppliers, and shareholders very seriously. This policy relates to all personal data (i.e. information from which a living individual can be identified, either on its own or when combined with other information) which is requested, collected, stored, used or otherwise processed by TP Group PLC and its subsidiaries in the pursuance of its activities. TP Group PLC takes reasonable care of all personal data, ensuring it is kept secure and preventing any unauthorised access or unlawful use of it. All information is processed in accordance with the applicable UK data protection legislation and The General Data Protection Regulation (GDPR).
The GDPR states that personal data may only be collected for specified, explicit and legitimate purposes. TP Group PLC collects personal data from clients, suppliers and shareholders as follows:
- Where a client contracts with us for the provision of any goods or services, we will collect contact details about the individuals within the client organisation, e.g. names, email addresses and telephone numbers.
- If you contact us for any other purpose, for example prospective sales enquiries, responses to job advertisements, shareholder enquiries, general company information requests and/or marketing enquiries, we may keep a record of that contact and the information you provide us with at that time including your name, e-mail address, correspondence address and telephone number).
- If you ask to be added to our marketing database, we will collect your name, the name of your company/organisation (if any), email address and your preferences as to the types of marketing information you would like to receive from us.
- If your personal data is on publicly available sources (such as LinkedIn and Companies House) then we may collect your personal data that is available on these sources including your name, the name of your company/organisation (if any), the name of any former company/organisations you have worked for or have connections with (if any) and details of your job history and/or qualifications.
The GDPR states that personal data must be processed lawfully, fairly and transparently. The personal data collected by TP Group PLC may be used for a number of different purposes as follows:
- Where a client contracts with us for the provision of any goods or services, we will use the contact details about the individuals within the client organisation to perform our contractual obligations and for ancillary internal management purposes which are compatible with the original purpose.
- If you contact us for with a prospective sales enquiry, we will use the information provided to deal with that enquiry, on the basis that we have a legitimate interest to do so (e.g. to follow up prospective sales leads and support tendering activities as well as for ancillary record keeping and internal management purposes).
- If you contact use to make a complaint, we will use the information provided to respond to the complaint, on the basis that we have a legitimate interest to do so (e.g. to enable us to ensure that you are satisfied with our services and to ensure that our business remains competitive in the market).
- If you ask to be added to our marketing database, we will use your details on the basis of your consent to send marketing information to you in accordance with your stated preferences (as you may update them from time to time).
- Information which we collect from publicly available sources (such as LinkedIn and Companies House) will be used for assessing the legitimacy of your enquiries (for example that you are a director of a company seeking to enter into a contract with TP Group), and verifying that any key information you provide to us (for example employment history) is accurate.
- We may use information which is provided to us to fulfil our legal obligations, e.g. making HMRC payments, complying with AIM market and Market Abuse Regulation requirements.
- If you visit our website we may also collect personal data about your visit through the use of website cookies (for more information see the section below entitled Cookies).
TP Group PLC stores the personal data that it holds electronically and in some cases in paper copy format. All electronic data is held in a secure manner. Access to this data is strictly controlled and in many cases is anonymised and/or encrypted in accordance with GDPR good practice guidelines. Electronic data which is lost or corrupted following an IT related incident is recoverable from daily backup tapes. If there are any paper copies of any data this is held in a secure place and access is restricted only to the manager of the relevant business area requiring the information. TP Group PLC has gained a Cyber Essentials accreditation following its participation in the UK Government-backed Cyber Essentials scheme, which assists organisations in protecting themselves against common online threats.
Any personal data you provide to us will be treated in the strictest confidence. However, please be aware that despite the security measures we have in place, no computer system is completely secure and there is always some degree of risk whenever personal data is transferred by electronic means.
Most information you provide to us is stored on our secure servers located in the United Kingdom.
We may occasionally send personal data overseas, including to third parties operating outside of the EU. This will primarily be to support client requirements, to arrange travel and to support visa or overseas security clearance applications. Prior to sending any personal data to overseas third parties TP Group PLC will ensure that all appropriate agreements and safeguards are in place to protect personal data by putting into place one of the various safeguard mechanisms recognised by the Information Commissioner’s Office before it is transferred.
From time to time, TP Group PLC will require third parties to process to personal data on its behalf, either pursuant to a contractual obligation or because it has a legal obligation or legitimate interest to do so.
Roles performed by third parties may include managing shareholder registers, transacting with financial institutions, processing security clearance applications and supporting client tenders.
TP Group PLC takes reasonable steps, in accordance with the GDPR’s requirements for controller/processor contracts, to control any third party processing and to ensure that the third party processors have appropriate procedures and systems in place to safeguard the security and integrity of the personal data they are processing.
From time to time third parties processing personal data on behalf of TP Group PLC may contact you directly.
In the event that there is a change to any of the personal data that we hold about you, please inform us of these changes in writing. To do this, please contact us by any of the means referred to below (under the section entitled Contacting Us).
We will only retain personal data for as long as is necessary having regard to the purpose for which it was collected. As a general rule, we will keep information for no longer than 10 years. This is to ensure compliance with tax, security, contract specific requirements and to ensure we have relevant information the event of a historic employment or warranty claim.
When TP Group PLC disposes of any personal data, it does so securely and permanently.
If you visit our website, we may collect information about your visit, namely IP address, traffic data, location data and the resources that you access.
Your Rights in relation to the Personal Data we hold
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. To do this, please contact us by any of the means referred to below (under the section entitled Contacting Us). Your personal data will be provided free of charge (unless the request is unreasonable or excessive in which case a small fee may be charged or we may limit the level of information provided) and within 30 days in accordance with the GDPR requirements.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your Personal data in the following scenarios:
- (a) if you want us to establish the data's accuracy;
- (b) where our use of the data is unlawful but you do not want us to erase it;
- (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have any queries about this privacy statement or any complaints about the way in which we handle your personal data, please contact us using one of the following options:
- Website: www.tpgroup.uk.com
- E-mail: firstname.lastname@example.org
- Post: Company Secretary, TP Group PLC, A2/1064 Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX
- Telephone: 01753 285800
We will investigate any complaint promptly with a view to resolving the matter as swiftly as possible.
You have the right to complain to the Information Commissioner about the way in which we collect and use your personal data: www.ico.org.uk/concerns or telephone 0303 123 1113.
This policy is effective from 25 May 2018. We aim to meet high standards and our policies and procedures are, therefore, constantly under review. From time to time we may change our security and privacy policies. Accordingly we recommend that you check this page periodically in order to review our current policy.