top of page

Privacy Notice for Contractors – Tickets2Train

 

Department Responsible: Human Resources
Revision Schedule: Annually
Issue Date: 03/03/2024
Review Date: 03/03/2025

 

1. Introduction

In accordance with the UK General Data Protection Regulation (GDPR), this privacy notice informs you, as a contractor working with Tickets2Train, of the types of personal data we collect, the lawful basis for processing, how long we retain your data, and your rights in relation to your personal information.

 

2. Data Protection Principles

We comply with the core principles of data protection by ensuring your data is:

  • Processed fairly, lawfully, and transparently

  • Collected for specified, legitimate purposes

  • Adequate, relevant and limited to what is necessary

  • Accurate and kept up to date

  • Retained only as long as necessary

  • Securely processed and protected from unauthorised access or loss

  • Transferred internationally only with adequate safeguards

 

3. Types of Data Held

We collect and store the following types of data relevant to your engagement as a contractor:

  • Personal contact details (name, address, phone, email)

  • Proof of ID and address

  • Education and employment history

  • CV, cover letters, and references

  • DBS number and, where applicable, certificates

  • Criminal conviction declarations

  • Gender and disability information

  • Emergency contact details

  • UTR number and right to work documentation

  • Bank account details and agreed payment rates

  • Building access logs and CCTV footage

This information is stored securely in HR files and our IT systems.

 

4. Collecting Your Data

We collect data directly from you during contract negotiations and onboarding. We may also receive data from third parties such as recruitment agencies or introducers.

 

5. Lawful Basis for Processing

Your data is processed based on one or more of the following lawful bases:

ActivityLawful Basis

Managing your contract, contact details, payments: Performance of contract

Right to work checks: Legal obligation

Business planning and fraud prevention: Legitimate interests

IT and system security: Legitimate interests

Providing data to HMRC, auditors, or funders: Legal obligation

6. Special Categories of Data

We may collect and process sensitive data related to:

  • Health or disability

  • Ethnic origin, race, religion, or gender

  • Trade union membership

Such data will only be processed when:

  • You give explicit consent

  • It’s necessary to meet legal obligations (e.g., equality monitoring)

  • It's needed for safeguarding or substantial public interest

  • You've made it public yourself

You can withdraw consent at any time without consequence.

 

7. Failure to Provide Data

Without the necessary data, we may be unable to enter into or fulfil our contractual agreement with you.

 

8. Criminal Conviction Data

Where relevant to your role, we may process criminal conviction data (e.g., via DBS checks) to determine your suitability for working with learners. This is based on our legitimate interests and any legal obligations.

 

9. Who We Share Your Data With

Your data may be shared with:

  • Internal staff managing HR, payments, and compliance

  • Payroll/accounting services

  • HMRC and legal authorities

  • Auditors and funding partners

  • IT system providers

  • Legal and insurance advisers

Any external parties handling your data must comply with GDPR through signed data processing agreements. International transfers are safeguarded through legal mechanisms.

 

10. Data Security

We protect your data through:

  • Password-protected systems

  • Secure servers

  • Restricted staff access

  • Data protection training for employees

 

11. Retention Periods

We only keep your data for as long as necessary. Typical retention periods include:

Record Type: Retention Period

Payment records: 6 years after tax year ends

Personnel files and training records: 6 years after engagement ends

Subject Access Requests: 1 year after closure

Right to work checks: 2 years after engagement ends

Contractual terms or variations: 6 years after engagement ends

12. Automated Decision-Making

We do not make significant decisions about you solely through automated processes.

 

13. Your Rights

You have the right to:

  • Be informed about how your data is used

  • Request access to your personal data

  • Request correction of incorrect or incomplete data

  • Request deletion of data (in certain cases)

  • Restrict or object to certain types of processing

  • Transfer data to another service provider (where applicable)

  • Withdraw consent at any time

  • Object to automated profiling or decision-making

To make a request, contact the Data Protection Officer.

 

14. Making a Complaint

If you believe your data rights have been breached, you can contact:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

 

15. Data Protection Contact

Organisation: Tickets2Train
Data Protection Officer
Email: info@tickets2train.co.uk
Phone: 07931254647

bottom of page