Privacy Notice - Employee

This privacy notice explains how we use any personal information we collect about you.

1.   Introduction

This privacy notice explains how Taylormade Financial Planning LLP collects, uses, stores and protects personal data relating to its employees and workers.

This notice applies to potential, current and former employees, workers, partners, contractors and secondees.

We are committed to protecting your personal data and processing it fairly, lawfully and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2.   Data Controller

Taylormade Financial Planning LLP
Torrington House, 111 Hare Lane, Claygate, KT10 0QY

Please contact us if you have any questions about our privacy policy or information we hold about you by email at info@tmfp.co.uk

3.   Data Protection Principles

We process personal data in accordance with the following principles:

1. personal data is processed lawfully, fairly and transparently
2. data is collected for specified, explicit and legitimate purposes
3. data collected is adequate, relevant and limited to what is necessary
4. data is accurate and kept up to date
5. data is not kept for longer than necessary
6. data is processed securely and protected against unauthorised or unlawful processing, loss or damage
7. We comply with the relevant GDPR procedures for international transferring of personal data.

4. Types of Personal Data We Collect

Personal data is any information about an individual from which that person can be identified. It does not include anonymous data which does not identify the individual.

We collect, store and use several categories of personal data on our employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system. It is your responsibility to keep us up to date with any changes to your personal details so that we can make sure that your personal data is accurate. If your personal details change, you must notify your Line Manager.

We may collect and process the following categories of personal data as appropriate to your role.  The categories of personal data listed below are non-exhaustive and may be updated or supplemented as necessary to support legitimate business, legal or regulatory requirements.

Personal and contact details

1. name, previous names, title, gender, address, telephone number and email address
2. your photograph
3. date of birth and National Insurance number
4. right to work in the UK
5. emergency contact and next of kin details
6. driving licence and insurance details

Employment information

1. job title, role, salary, benefits and pension information
2. contractual details, working hours and start date
3. information gathered during the recruitment process including CV and references from former employers
4. details on your education and employment history etc
5. criminal convictions and financial history
6. information relating to your employment with us including job title, job descriptions, salary, terms and conditions of employment, training modules, time off work details.
7. performance reviews, training records, disciplinary and grievance records

Financial and payroll data

1. bank account details
2. tax codes, National Insurance and pension contribution information

Special category data (where applicable)

1. health information (e.g. sickness absence, medical certificates, reasonable adjustments, information on any disabilities), sex life, sexual orientation
2. equality and diversity monitoring information (e.g. race, religion, ethnic origin, political opinion, genetic and biometric data).

IT and systems data

1. system usernames and access logs
2. use of Company email, Microsoft Teams, telephony and business systems

5.  How We Collect Your Data

We collect personal data:

1. directly from you during recruitment and throughout your employment
2. from third parties such as employment agencies, former employers, payroll providers, pension providers, credit reference agencies, insurers or regulators
3. through your use of Company systems, devices and software
4. Use of AI Tools*

6.   Why We Process Your Data

We process personal data for purposes including:

1. managing the employment relationship
2. paying salary and administering benefits and pensions
3. managing statutory leave and pay systems such as maternity leave and pay etc
4. complying with legal, regulatory and tax obligations
5. carrying out checks in relation to your right to work in the UK
6. making reasonable adjustments for disabled employees
7. making recruitment decisions in relation to both initial and subsequent employment e.g. promotion
8. managing performance, conduct, training and absence
9. gaining expert medical opinion then making decisions about your fitness for work
10. making decisions about salary and other benefits
11. maintaining up to date personnel records to ensure , amongst other things, effective correspondence can be achieved and appropriate contact points in the event of an emergency are maintained
12. implementing grievance procedures
13. Business planning and restructuring exercises
14. Dealing with legal claims made against us
15. ensuring IT security, governance and business continuity
16. preventing fraud and financial crime
17. Providing employment references to prospective employers, when our name has been put forward by the employee/ex-employee, to assist with their effective recruitment decisions

7.  Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

1. performance of an employment contract
2. compliance with a legal obligation
3. legitimate business interests
4. consent, where required (particularly for certain special category data)
5. Where consent is used, it may be withdrawn at any time.

8.  Failure to Provide Data

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment or administer contractual benefits.

9.   Monitoring

The Company may monitor the use of its systems, including email, Microsoft Teams, telephony and IT systems, for legitimate business, security and compliance purposes.

10.   Data Sharing

We may share personal data with:

1. payroll, pension and benefits providers
2. professional advisers such as legal, compliance and accountancy firms
3. IT and cloud service providers
4. regulators, law enforcement or courts where legally required

Before any data is shared with a third party, due diligence is conducted to ensure data is not compromised.  We do not sell employee personal data.

11.   International Transfers

Where personal data is transferred outside the UK, appropriate safeguards will be in place in accordance with data protection legislation.

12.   Data Retention

Personal data is retained only for as long as necessary for employment, legal, regulatory or legitimate business purposes, in line with the Company’s data retention policies.

13.   Automated Decision Making

Automated decision-making means making decisions about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely based on automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

14.   Your Rights

You have the right to:

1. to be informed of the data we hold about you
2. access your personal data
3. request correction of inaccurate data
4. request erasure, where applicable
5. restrict or object to processing
6. request data portability
7. object to the inclusion of any information
8. lodge a complaint with the Information Commissioner’s Office (ICO)

15.   Changes to This Notice

We may update this privacy notice from time to time. Any material changes will be communicated to employees.

*Appendix

Guidance on the use of AI

The Company uses approved artificial intelligence (AI) functionality within Microsoft 365, including Microsoft Teams transcription and AI generated meeting recaps, to support accurate recordkeeping efficiency and compliance.

When enabled, these tools may:

1. transcribe spoken words during meetings into text
2. generate automated summaries, action lists and meeting recaps
3. highlight key topics, decisions and actions

This functionality is used primarily for internal business meetings and may include personal data relating to employees.

Transparency and Notification

Where meeting transcription or AI recap functionality is enabled:

1. participants will be notified that transcription or recording is taking place
2. employees may choose not to participate if they do not consent
3. where consent is required and not given, transcription will not proceed

Human Oversight and Accuracy

AI‑generated meeting notes and summaries:

1. are not treated as final or authoritative records
2. must be reviewed and, where necessary, corrected by a human
3. are used as a support tool alongside professional judgement
4. Employees remain accountable for the accuracy and appropriateness of meeting records.

Storage, Access and Retention

Transcripts and AI‑generated recaps:

1. are stored securely within the Company’s Microsoft 365 environment
2. are accessible only to authorised participants and administrators
3. are retained in accordance with the Company’s data retention policies
4. Meeting data is not used to train public or external AI models.

Restrictions on Use

Employees must not:

1. use AI tools outside approved Company approved systems
2. rely on AI output without appropriate review
3. use AI‑generated minutes as a substitute for formal decision‑making where legal, regulatory or professional judgement is required