top of page

Privacy Notice for Employees – Tickets2Train

 

 

Department Responsible: Human Resources
Revision Schedule: Annually
Issue Date: 03/03/2024
Review Date: 03/03/2025

 

1. Introduction

In accordance with the UK General Data Protection Regulation (UK GDPR), this privacy notice outlines the types of personal data we process about you as a current or former employee of Tickets2Train, our reasons for processing it, the lawful basis for doing so, how long we retain it, and your rights regarding your data.

 

2. Data Protection Principles

We are committed to complying with data protection law and the following principles:

  • Data must be processed lawfully, fairly and transparently

  • It must be collected for specified, explicit and legitimate purposes

  • It must be adequate, relevant, and limited to what is necessary

  • It must be accurate and kept up to date

  • It must not be retained for longer than necessary

  • It must be kept secure and protected from unauthorised access or disclosure

  • It must be transferred internationally only with appropriate safeguards

 

3. Types of Data Held

We maintain various categories of personal data to manage your employment effectively, including:

  • Personal contact details (name, address, phone number, email)

  • Next of kin information

  • Proof of identity and right to work

  • Equality and diversity data (e.g. race, religion, gender, disability)

  • Recruitment data (CVs, application forms, references)

  • Employment details (job title, salary, contract terms, working hours)

  • Tax and payroll information (bank account, NI number, tax code, student loan)

  • Leave and absence records

  • Disciplinary, grievance, appraisal and performance records

  • Training and development records

  • Sickness and medical information

  • Use of IT systems, phone, internet access

  • CCTV and access control logs

  • Criminal conviction or DBS check data (where relevant)

 

4. Collecting Your Data

Data is collected from you directly during recruitment and onboarding, and also from third parties (e.g. referees, DBS check services, recruitment agencies). It is stored securely in personnel files and IT systems.

 

5. Lawful Basis for Processing

We process your personal data primarily under:

  • Performance of a contract (e.g. employment contract)

  • Legal obligations (e.g. payroll, right to work checks)

  • Legitimate interests (e.g. workforce management, IT security)

  • Consent (e.g. equality monitoring, where applicable)

Examples of processing activities:

Activity Lawful Basis

Paying your salary: Contract

Reporting to HMRC: Legal obligation

Monitoring performance or timekeeping: Legitimate interest

Adjusting for disability needs: Legal obligation

Providing references: Legitimate interest (with your consent)

6. Special Categories of Data

We may process sensitive data relating to:

  • Health or disability

  • Racial or ethnic origin

  • Religious or philosophical beliefs

  • Trade union membership

  • Sexual orientation

Processing occurs only when:

  • You have provided explicit consent

  • We need to carry out legal obligations (e.g. health and safety)

  • It is for equality monitoring or safeguarding reasons

 

7. Criminal Conviction Data

Where necessary for your role, we may process criminal records data (e.g. DBS checks). This is based on legal obligations or legitimate interests to ensure suitability for working with learners or vulnerable groups.

 

8. Failure to Provide Data

If you fail to provide required data (e.g. proof of ID or bank details), we may not be able to enter into or continue the employment relationship.

 

9. Sharing Your Data

We may share your data with:

  • Payroll providers

  • Pension schemes

  • HMRC and other legal bodies

  • DBS services

  • IT system providers

  • External auditors, regulators, or funders

  • Legal advisers or insurers

  • Prospective employers (with your permission)

Where we share data outside the UK/EEA, appropriate safeguards are in place.

 

10. Data Protection and Security

We implement security measures to protect your data against loss, unauthorised access, misuse, or destruction, including password protection, encryption, and restricted access controls.

 

11. Data Retention

We retain your personal data for as long as necessary to meet legal, contractual, and operational requirements. For example:

Record Retention Period

Payroll records: 6 years from tax year end

Personnel files: 6 years after employment ends

DBS data: Up to 6 months, unless required longer

Right to work records: 2 years after employment ends

12. Automated Decision-Making

We do not use your personal data to make decisions using automated processes that have a significant legal or similar impact on you.

 

13. Your Rights

Under GDPR, you have the right to:

  • Be informed about how your data is used

  • Access the personal data we hold about you

  • Request corrections of inaccurate data

  • Request deletion of data (in certain circumstances)

  • Restrict processing

  • Data portability (in applicable cases)

  • Object to data use

  • Withdraw consent (where applicable)

To make a request, contact the Data Protection Officer below.

 

14. Complaints

If you believe your data rights have been violated, you may raise a complaint with the Information Commissioner's Office (ICO):

ICO Contact Details
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

 

15. Data Protection Contact

Organisation: Tickets2Train
Data Protection Officer
Email: info@tickets2train.co.uk
Phone: 07931254647

bottom of page