People privacy policy

Important information regarding your privacy.

Who We Are

Seccl Technology Limited and Seccl Custody Limited (“Seccl”, “us”, “our”,” we”) process your personal data in line with UK data protection legislation. We are registered with the data regulator, the ICO, and our registration numbers are ZA456343 and ZA243427. We have offices in Bath, Edinburgh and London.

Need to contact us

  • Seccl Technology Limited, 20, Manvers Street, Bath, BA1 1JW
  • email us at compliance@seccl.tech - if you want more information about your personal data, your rights or have any concerns or queries about us processing your personal data

People services

Where your personal data is collected through our third-party systems and services, we are a data controller and this privacy notice and the contractual terms in place between us and our third parties, apply. Third parties act as processors of your personal data, meaning that they only process it on behalf of us.

What personal data do we collect and process?

When you are a prospective or permanent employee and use our recruitment, background screening, human resource (people), payroll and pension systems and services, you provide us and our third parties with the following personal data, where it is processed according to this notice and for the following purposes:

Candidates – applying for a job with us

What personal data do we process? Why do we process this personal data? What is our lawful basis for processing?
Name & contact details
Your name, address, phone number, email address, work email address		 To set up your account in our recruitment system, when you apply for a job with us.

To contact you if you have any problems or queries in relation to the recruitment process or system		 To take steps at your request, before entering a contract and where our third-party system/service is a processor, and we are the controller.

Candidate consent.
Qualification data - CV
This includes details of qualifications you hold, e.g. degrees and diplomas and other exam results you provide.		 This information is collected where you upload a CV, when you apply for a job with us, via our recruitment system. To take steps at your request, before entering a contract and where our third-party system/service is a processor, and we are the controller.

Candidate consent.
Employment history data - CV
This includes organisations and/or businesses you have worked for, job titles you have held, and names or references or referees.		 This information is collected where you upload a CV, when you apply for a job with us, via our recruitment system. To take steps at your request, before entering a contract and where our third-party system/service is a processor, and we are the controller.

Candidate consent.
Usage data
Our third parties may process data regarding your use of the system or service, including how you interact with it.

This may also include technical details such as your IP address, and details of your device (e.g. operating system).		 To identify any problems, defects or issues with the system or service.

To optimise the performance of the system or service to ensure you have the best user experience.

To provide and improve the system or service.		 To fulfil a contractual obligation where our third-party system/service is a processor and we are the controller.

To satisfy our own or third-party legitimate interests.

Successful candidates - onboarding

What personal data do we process? Why do we process this personal data? What is our lawful basis for processing?
Identity data
This includes your full name, date of birth, gender, identity documentation, nationality and country of residence.		 To set up your account in our human resource, background checking service, group life assurance, payroll or pension system or service.

To maintain comprehensive and accurate records.		 To fulfil a contractual obligation with you and where our third-party system/service is a processor, and we are the controller.

To comply with a contractual obligation.
Contact data
This includes your address, phone number, email address, work email address, emergency contact name, phone number and email address and any other contact details you may provide.		 To set up your account in our human resource, background checking service, group life assurance.

To contact you if you have any problems or queries in relation to the service or system.		 To fulfil a contractual obligation with you and where our third-party system/service is a processor, and we are the controller.
Background check status
This includes data regarding the status of any background checks requested by us from our third-party service.		 Our third party or its outsourced providers conduct background checks and share the status (e.g. complete) and a link to a report with us. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a regulatory obligation.
Qualification data
This includes details of qualifications you hold, e.g. degrees and diplomas and other exam results you provide.		 This information is collected where we request details of your qualifications as part of a background check. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a regulatory obligation.
Employee leave data
This may include details about parental leave, holiday locations, bereavement, sickness and medical data, religious leave, which may include ‘special category’ data.		 To help you schedule time of as an employee and for various life events. To fulfil a contractual obligation with you.

To comply with a contractual obligation.
Employment history data
This includes organisations and/or businesses you have worked for, job titles you have held, and references provided by referees.		 Accessing details of your employment history is fundamental to the nature of the background screening service – i.e. to assist us in the verification of your employment history. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a regulatory obligation
Criminal record data
This includes details of any past criminal convictions or offences, this type of data needs extra protections.		 If you apply for a job, we require you to pass a criminal background check. Our third-party service may outsource these types of checks to specialist agencies. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a regulatory obligation

Candidate consent.
Biometric data
This may include images, videos and sound recordings of you.		 If we request certain checks, it may be necessary to verify your identity, for example when checking your right to work status. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller. To comply with a regulatory obligation.

Candidate consent.
Sanctions data
This includes details of any sanctions you may be subject to.		 If you apply for certain jobs, we may require verification that you are not subject to any sanctions. Our background screening service, outsources these types of checks to specialist agencies. To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a regulatory obligation

Candidate consent.
Banking data
This includes employee bank account details.		 To pay your monthly salary into a nominate bank account and to pay expenses. To fulfil a contractual obligation between you and us.

To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a contractual obligation.
Group life assurance data
Name, Date of birth, gender, salary, nominated beneficiary name and contact details.		 To allow us to provide you with life assurance during your employment with us. To provide life assurance.

Legitimate interest.
Employee performance data
Personal details about performance, feedback, reflections and reviews.		 FTo help us support you in your role, and make sure it aligns with daily tasks and our larger vision. To support you and our business objectives.

Legitimate interest.
Benefits data
Employee name, team email and optional employee date of birth.		 To allow staff perks, including benefits, shopping discounts and credits for wellness. To provide employee benefits.

Legitimate interest.
Pension data
Salary and employee pension nomination deduction, nominated beneficiary name and contact details.		 To make monthly payments into you employee pension. To fulfil a contractual obligation between you and us.

To fulfil a contractual obligation where our third-party system/service is a processor, and we are the controller.

To comply with a legal obligation.
Diversity & Inclusion data
This includes information that may also include ‘special categories’ of personal data, including racial and ethnic origin and medical information including medical conditions.		 At onboarding, in our human resource system, to ensure we provide equal opportunities, and are a diverse and inclusive company to work for. To be an inclusive company and support employees who need additional support.

Candidate/Employee consent.
Usage data
We and our third parties may process data regarding your use of the system or service, including how you interact with it.

This may also include technical details such as your IP address, and details of your device (e.g. operating system).		 To identify any problems, defects or issues with the system or service.

To optimise the performance of the system or service to ensure you have the best user experience.

To provide and improve the system or service.		 To fulfil a contractual obligation where our third-party system/service is a processor and we are the controller.

To satisfy our own or third-party legitimate interests.

How we collect and process personal data

We use different methods to collect and process personal data from or about you, including:

Direct interactions

You provide us with your personal data directly when applying for open recruitment positions with us, during employee onboarding and background checking services and during your employment, for payroll and pension purposes, or when corresponding with us by phone, email or other methods.

Cookies

When you browse our website to view our latest roles, we collect data, via cookies, about your browsing actions, equipment, and patterns. Cookies also help us improve your website experience, for more information about cookies, see our Cookie Policy. You can choose not to accept cookies in your browser, but this may affect some website functionality or features.

Third parties or publicly available sources

We may receive personal data about you from third parties or via public sources, including:

  • identity and contact data - data brokers or aggregators,
  • identity and contact data - from publicly available sources,
  • anti-money laundering service providers,
  • credit-checking companies,
  • analytics providers,
  • software providers or payroll providers,
  • regulatory authorities or government departments

How we use your personal data and lawful basis

Our primary purpose for processing your personal data is during recruitment, background screening and throughout employment with us. In line with data protection laws and regulations, we only process personal data where we have a lawful basis for doing so. Our lawful bases for processing are:

  • Where we have a contract with you or before entering a contract with you (contractual basis)
  • Where we have legal or regulatory obligations (legal basis)
  • Where you have given us your explicit consent (consent basis)
  • Where it is in our (or our third party’s) legitimate interests and where those interests do not override your interests, rights, or freedoms (legitimate interests’ basis)

Contractual basis

  • processing your personal data where it is necessary for the performance of a contract, where you are a party or to take steps, before entering an employment contract.
  • to administer and/or manage you as a prospective or contracted employee
  • to contact you with important information regarding your recruitment or employment

Legal and regulatory basis

  • processing your personal data where it is necessary for compliance with legal and regulatory obligations that we are subject to, including HM Revenue & Customs; Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO) and other United Kingdom authorities who require us to report information to them in specific circumstances.

Legal and legitimate interest bases

  • to protect you from fraud and crime, when investigating and/or cooperating with the police, during suspected or actual investigations into fraudulent or other malicious activity, in relation to third party services and/or systems

Consent basis

  • where you consent to us contacting you during recruitment processes and throughout employment
  • where you consent or opt-in to receive communications from us, or a third party, via online, phone, email, or text message.

Consent and legitimate interest bases

  • where you consent to us recording video calls and live chats for internal training purposes.

Changing your mind – (opting-out)

  • if you change your mind and no longer wish to provide consent, you can opt-out (at any time), by simply contacting us

Legitimate interest basis

  • to improve and develop our internal operations, your performance and offer employee benefits.

When processing your personal data, we must consider the following individual rights, that you are granted (as a data subject) under data protection laws.

Right to be informed

  • you have the right to request that we confirm whether we are processing your personal data or not.
  • you have the right to be given our contact details.
  • you have the right to request name and contact details of our representative or data protection officer.
  • you have the right to request the purposes of processing.
  • you have the right to request the lawful basis for processing.

Right of access

  • you have the right to access your personal data – commonly known as a subject access request (SAR)
  • subject access requests can be made by contacting us verbally, or in writing (email, letter)
  • we cannot charge a fee to deal with a request in most circumstances.

Right to rectification

  • you have the right to have inaccurate personal data corrected or completed, where it is incomplete.
  • you can make a request for a rectification or correction by contacting us verbally, or in writing (email, letter)
  • there are some limited circumstances, where we can refuse a request for rectification or correction.

Right to erasure (or the right to be forgotten)

  • you have the right to have your personal data erased or deleted - also known as ‘the right to be forgotten’.
  • right to erasure requests, include circumstances where you successfully exercised your “right to object.”
  • you have the right to request your personal data is erased or deleted - where your personal data is no longer necessary for the purpose it was originally collected or processed for
  • you have the right to request your personal data is erased or deleted – where we are relying on consent as our lawful basis for holding your data and you withdraw consent
  • you have the right to request your personal data is erased or deleted – where we are relying on legitimate interests as our lawful basis for processing, where you object to the processing and there is no overriding legitimate interest to continue processing
  • you have the right to request your personal data is erased or deleted – where we are processing your personal data for direct marketing purposes and you object to that processing
  • you have the right to request your personal data is erased or deleted – where we have processed your personal data unlawfully (i.e. in breach of the lawfulness requirement)
  • you have the right to request your personal data is erased or deleted – where we have to comply with a legal obligation
  • you can make a request for erasure by contacting us verbally, or in writing (email, letter)
  • BUT the right is not absolute and only applies in certain circumstances, i.e., legal, or regulatory requirements may override your request.

Right to restrict processing

  • you have the right to request a restriction or suppression to processing your personal data.
  • when processing is restricted, we are permitted to store the personal data, but not use it.
  • right to restrict processing requests, include cases where:
    • you ask us to establish the accuracy of personal data.
    • we may have used your personal data unlawfully, but you do not want it to be erased.
    • you want us to hold the personal data, where there is no longer a requirement for us to process it i.e., where you need to establish, exercise or defend a legal claim OR where you have objected to processing, and we need to verify whether there are overriding legitimate grounds.
  • you can make a request to restrict processing by contacting us verbally, or in writing (email, letter)
  • BUT this is not an absolute right and only applies in certain circumstances.

Right to data portability

  • you have the right to data portability, where you request to obtain and reuse your personal data, for your own purpose, across different services, which includes history of website usage or search activities and/or location data.
  • BUT this right only applies to information you provide us, where we are considered a data controller.

Right to object

  • you have the right to object to us processing your personal data in certain circumstances – where we are relying on a legitimate interest (or those of a third party).
  • you have an absolute right to object and stop your personal data being used for direct marketing.
  • you can make a right to object request by contacting us verbally, or in writing (email, letter)
  • BUT in certain cases, where the right to object applies, we may be able to continue processing if we can show that we have a legitimate reason for doing so, that does not conflict with your rights, interests, or freedoms.

Automated decision making and profiling

  • you have the right not to be subject to automated decision making (deciding something solely by automated means without human involvement), including profiling, where it results in a legal or significant negative impact on you.
  • you have the right to request an explanation of any logic, where automated decisions are made about you.

Right to complain

  • You have the right to complain to us, or against us to the ICO, at any time. In the first instance, we would like to be given the chance to deal with your concerns, before you approach the ICO, by contacting, compliance@seccl.tech.
  • Alternatively, you can contact the Information Commissioner’s Office (ICO), the UK’s supervisory, regulatory authority, for any concerns you have over our handling of your personal data

Responding to your requests (subject access requests - SARs)

  • We have one calendar month to respond to your request, but we may extend the time by a further two months if your request is complex, or we have multiple requests from you. However, we will always let you know within one month and explain why any extension may be necessary.
  • If you need more information about the personal data we process, your rights or have any concerns about your personal data or our processing, please contact us at compliance@seccl.tech.
  • In most cases there is no fee applicable to personal data or rights requests, however, we reserve the right to charge a reasonable fee to cover any administrative burden, where your request is unfounded, overly excessive, or duplicates information previously received.

Disclosure to third parties (sub-processors)

We disclose your personal data to third-party sub-processors where we cannot reasonably perform the processing activity ourselves, or where we have made a business decision to do so. Where a sub-processor is used, we always perform due-diligence and/or define contractual clauses to ensure they adhere to our data protection, security and data privacy requirements.

Our third-party systems – sub-processors and locations

  • human resource software – EU
  • background screening service – UK
  • employee document files - UK
  • employee payroll – UK
  • employee pension provider – UK
  • employee survey and performance – UK
  • employee compliance training - UK
  • employee UK
  • interview scheduling – US
  • security awareness training – UK
  • recruitment system - UK

Third-party links

Our third-party systems and services may include other third-party links or associations to applications, contributors, plug-ins and/or other websites. Clicking on these links or enabling connections may allow other third parties to collect or process personal data about you. We do not control third-party websites and are not responsible for their privacy statements. Please ensure you review and consider any third-party privacy policies.

International transfers

On occasions where we process your personal data outside the UK, we take appropriate measures to ensure that your personal data and rights are given equivalent levels of protections, granted under UK data protection laws. In these cases, we consider the following:

  • is the transfer to another country or territory covered by adequacy regulations?
  • is the transfer to the US under the UK Extension to the EU-US Data Privacy Framework?
  • are we relying on transfer mechanisms and transfer risk assessment (TRA) under UK GDPR:
    • International Data Transfer Agreement (IDTA) OR
    • International Data Transfer Addendum (Addendum) – under UK GDPR, we cannot rely solely on new EU Standard Contractual Clauses (SCC) and must include the UK Addendum.

Personal data security

The protection and security of your personal data is our priority, where we take a layered approach to our security controls across the following areas: organisation, people, physical, and technology, and we align with international security standards and frameworks.

Storage and retention

We store and retain (keep) your personal data for as long as reasonably necessary to fulfil the purpose it was originally collected. We also keep it for additional purposes, where we are obligated to satisfy accounting, legal, regulatory, reporting and tax requirements. On limited occasions, we may keep personal data longer, where you raise a complaint against us, or where we reasonably believe there is a prospect of litigation.

Privacy notice last update

We aim to keep this privacy notice under regular review in line with our legislation and regulatory requirements. Last review and updated date: 30th April 2025.