Employee Privacy Policy

• If you require a visa to work for TrueLayer, we or our appointed representatives may be legally required to obtain a great deal of information about you, about which you will be notified separately.
• Copies of right to work verification details, including Passport details and work permits provided by you to us.
• Other recruitment information (including third party references and other information held on CV or your cover sheet).
• Previous employment history, including education background information.
• Personal contact details such as name, title, address, telephone numbers, and personal email address.
• Your date of birth, gender, marital status and details of dependants.
• Next of kin and emergency contact information.
• Your bank account details, payroll records, tax status information and your National Insurance number.
• Salary, annual leave, pension and benefits information.
• Copy of your driving licence.
• Current employment records (including job titles, work history, working hours, place of work, start date, training records, qualifications and professional memberships and professional body membership numbers).
• History of pay, bonus, LTIP information, student loan information, other benefits.
• Details of performance and appraisals and where applicable, disciplinary and grievance information.
• CCTV footage and other information obtained through electronic means such as swipecard records.
• Information about your use of our information and communications systems.
• Photographs and biographies.
• Reason for leaving and confidential references provided by us, alongside information required in order to provide reference information.
• Details of any payments made on termination.

• Information about your race or ethnicity, religious beliefs and sexual orientation.
• Information about your health, including any medical condition, health and sickness records.
• Information about criminal convictions and offences including CRB Check information.
• Information about political party membership or political affiliations.
• Information about your trade union membership or that of a companion at a disciplinary/grievance meeting.

• Where we have your consent to do so.
• Where we need to perform our obligations under the employment contract we have entered into with you.
• Where we need to comply with a legal obligation.
• Where the processing is necessary to perform a task in the public interest.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We are required to specify what the legitimate interests are (see below for further details).

• Profile Photographs of you on internal facing and external facing systems (e.g. on the Company Website).
• Biographies of you on external facing systems (e.g. on the Company Website).

Necessary for the performance of a contract with you

• Ensuring you are paid and that you have the correct tax and NICs and any other appropriate deductions (season ticket loans, student loans etc) deducted from any payments.
• Management and planning, including accounting and auditing.
• Administering your contract (eg by reviewing your working hours to check holiday and rest break entitlement, checking your start date for eligibility for age-related benefits).
• Making decisions about salary and other payment reviews.
• Assessing your suitability for the role, including decisions about promotions or other role changes.
• Where applicable, providing you with benefits including holiday, pension (including liaising with your pension provider/administrator), private medical insurance (for yourself and/or family members, as applicable), life assurance and season ticket loans, where such benefits form part of your contract.
• Ensuring (as far as possible) that your wishes are met regarding death in service payments and that your next of kin are contacted in the event of an emergency (hence the need for third party information, usually comprising details of partners and/or dependants).
• For enabling you to apply for flexible working or other family rights (such as maternity, paternity, parental leave) – this requires details of your partner/dependants.

Necessary to comply with a legal obligation

• Checking that you are legally entitled to work in the UK. – your nationality and immigration status and information from related documents, such as your passport and other identification such as driving licence and immigration documentation.
• Handling any legal disputes involving you or third parties, including accidents at work.
• To prevent fraud.

Necessary to perform public interest task

• The completion of equality and diversity monitoring forms in order to redress diversity imbalance in the workplace.

Necessary for our legitimate interests or those of a third party

• Provision of benefits that may not be deemed to be contractual, such as LTIP awards.
• The legitimate interest is to ensure you receive and we administer benefits which are not necessary for the performance of your contract.

• Personal data provided by you on training forms, book request forms, graduate forms, conference application forms, high performance forms, various study and exam booking forms, supplier forms – the legitimate interest is to ensure your continuing learning and development needs are addressed and documented.

• Personal data provided by you on new starter forms or temporary new starter forms, specifically your gender, mobile phone number, next of kin details – the legitimate interests are: for identity and reporting, for emergency contact/disaster recovery.
• Personal data provided by you on your CV and cover sheet – the legitimate interests are: to ascertain your suitability for employment/engagement.

• Personal data obtained through our external background screening providers (which may include address history, employment history, education background, criminal records information (see below for more details), credit history and employment history – the legitimate interests are: for verifying the information provided by you on your CV, to verify the relevant qualifications/requirements for the role, to verify your employee declaration and as necessary for compliance and as required by regulatory bodies, and to ensure that there are no issues with your credit history that could place unnecessary risks on TrueLayer or third parties.
• Personal data obtained in relation to grievance and disciplinary issues – the legitimate interest is to address issues and concerns from either side in the employment relationship.
• Personal data obtained in relation to performance and appraisal processes – the legitimate interest is to ensure your performance is assessed so that if there are improvements required they can be addressed and all levels of performance can be identified and, if appropriate, rewarded.
• Personal data obtained in relation to the monitoring of our IT systems – the legitimate interest is to ensure compliance with our IT policies and to ensure the integrity of our IT systems, to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
• Personal data obtained through CCTV – the legitimate interest is the protection of health and safety (including the identification of individuals on premises in the event of a fire or other serious incident) and the prevention and detection of criminal acts.
• Personal data obtained through swipecard technology – the legitimate interest is to ensure only authorised members of staff or authorised visitors are on site, thereby safeguarding systems and property from unauthorised access, destruction or theft. This information may also be used to provide evidence in relation to any issues regarding timekeeping and attendance.
• Reference information – it is our normal policy to provide only basic factual information about ex-employees (or departing employees) to prospective new employers. However, where we have legitimate concerns which, if not disclosed to a prospective new employer, could place TrueLayer in breach of its duty of care to that prospective new employer, such information as TrueLayer reasonably considers necessary will be disclosed in order to satisfy that duty.

• In limited circumstances, with your explicit written consent.
• Where we need to carry out our legal obligations and in line with our data protection policy and related policies (such as managing sickness absence, complying with health and safety obligations).
• Where it is needed in the public interest, such as for equal opportunities monitoring (where such information is provided by you).
• Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

• We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
• We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and the health and safety of others and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits. We may obtain information relating to your physical and mental health from medical and occupational health professionals we engage and from our insurance benefit administrators.
• We will use information about your race or national or ethnic origin, religious or other beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Your duty to inform us of changes

Your rights in connection with personal data

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data, but only where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.

No fee usually required

What we may need from you