Privacy Policy

Privacy Notice

This Privacy Notice explains how TC Group collects, uses and protects your personal data when you visit our website, when we provide you with our services or we engage in marketing activities, and when you apply for a role at TC Group (e.g. via our careers or jobs website pages). It also sets out your rights in relation to your information and who you can contact for more information or queries.

TC Group (including TC Group Holdings Limited and its subsidiaries, together ‘TC Group’, ‘we’, ‘us’ and ‘our’) is the controller and responsible for your personal data (which entity is the controller will depend on which of our companies you contract with).  For a full list of TC Group subsidiaries, please see here.

In some instances we act as a processor where we process personal data to provide certain services to our clients, e.g. where we process our clients’ employee data to provide them with payroll services. In such case, you should refer to the privacy policy of the client (e.g. your employer who will be the data controller).

CONTACT DETAILS

If you have any questions about this Privacy Notice or the way your personal data is processed by us, or would like to exercise one of your rights explained within, please contact the Data Privacy Officer, by one of the following means:

Email: dataprotection@tc-group.com

Post: Data Privacy Officer, TC Group, 3 Acorn Business Centre, Northarbour Road, Cosham, Portsmouth PO6 3TH

 

TYPES OF PERSONAL DATA PROCESSED

We may collect, use, store and transfer different kinds of personal data about you as follows:

  • Identity Data includes name, date of birth, passport information, nationality or other identity document information.
  • Contact Data includes name, job title, company, email address and telephone number, address.
  • Professional and Employment Data includes any personal data we process for the purposes of recruitment, i.e. when you apply for a role at TC Group. This would include employment history, education, professional qualifications, memberships of professional bodies, role, seniority and employer details, and right to/eligibility to work data. Depending on the role applied for, it may also include criminal convictions or offences data and regulatory information for employment checks, and special category personal data, such as race or ethnic origin, sexual and gender orientation, religious beliefs.
  • Financial Data includes billing, bank account and payment card details, as well as details about payments to and from you and other details of services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID, other technology on the devices you use to access our website and information collected through cookies and similar technologies.
  • Usage Data includes information about how you interact with and use our website, communications, and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third-parties and your communication preferences.
  • Client Data includes any personal data we process for the purposes of providing our business and private client services. This would include personal data of you as a client (as an individual, with respect to our private client services), but also personal data of individuals associated with a client (such as employees of a client company, with respect to our business services, and where we act as a controller). The personal data that we process will depend on the nature of the services provided, but may include:
    • Financial information;
    • Tax details and national insurance;
    • Information about your family (spouse and/or dependents);
    • Employment status and other employment related information;
    • Criminal convictions or offences data and regulatory information where a client discloses such matter; and
    • Special category personal data, such as race or ethnic origin, sexual and gender orientation, religious beliefs or health data.

Although you do not have to provide any of your personal data to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.

 

DATA SOURCES

We use different methods to collect data from and about you including through:

  • Your interactions with us. You may give us your personal data by interacting with us or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • Contact us (via our website form or otherwise);
    • Contract or intend to contract with us for the provision of our services;
    • Search for and subscribe to our services;
    • Use our client portal service (‘OneClick’);
    • Participate in social media functions on our website or enter a competition, promotion or survey;
    • Participate in meetings, seminars or other events we arrange; and
    • Apply for a job with us, such as via our careers or jobs website.
  • Automated technologies and interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.  For further details, please see the section regarding “Use of Cookies” below.
  • Third-parties or publicly available sources. We may receive personal data about you from various third-parties and public sources including public company registers, credit reference agencies, analytics providers, search engine providers and marketing partners. In relation to our business services, we may receive information about you from our clients (e.g. from your employer).

PURPOSE OF DATA PROCESSING AND LEGAL BASIS

We collect and use personal data about you for the following purposes:

Purpose/Use Type of data Legal basis
To carry out client due diligence checks. This includes verifying your identity, necessary AML/background checks and/or credit risk checks.

 

 

 · Identity Data

· Contact Data

· Financial Data

 · Necessary to comply with our legal obligation to conduct client due diligence.

· Necessary for our legitimate interests in complying with our regulatory requirements and protecting our business.
To provide our services to our clients. · Identity Data

· Contact Data

· Financial Data

· Client Data

 

 · Performance of a contract with you (where we contract with individuals directly).

· Necessary for our legitimate interests in being able to provide our services to clients.

 

 
To manage our relationship with you including:

· Managing payments, fees and charges.

· Notifying you of changes to our terms or this privacy notice.

· Dealing with your requests, complaints or queries.

 · Identity Data

· Contact Data

· Financial Data

· Client Data

 

 · Performance of a contract with you (where we contract with individuals directly).

· Necessary to comply with a legal obligation (in limited circumstances such as where you make a rights request).

· Necessary for our legitimate interests to keep our records updated and manage our relationship with you.
To deliver relevant website content to you. · Technical Data

· Usage Data

 · Necessary for our legitimate interests in providing and tailoring our website in order to grow our business and provide you with the best customer experience.
To enable you to take part in competitions, promotions or surveys. · Identity Data

· Contact Data

· Usage Data

· Marketing and Communications

 · Necessary for our legitimate interests to study how customers use our services, to develop them and grow our business.
To send you marketing communications. · Contact Data

· Marketing and Communications

 · With your consent (where we are required to obtain your consent).

· Necessary for our legitimate interests to develop our business and promote our services, where we are not required to obtain your consent.
To improve our website, services, customer relationships and experiences and to measure the effectiveness of our communications and marketing. · Technical Data

· Usage Data

· Client Data

 · Necessary for our legitimate interests to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To comply with our legal and regulatory obligations as an accountancy business. This includes conducting quality and risk management procedures in accordance with our legal obligations. · Client Data

· Contact Data

· Financial Data

· Identity Data

 · Necessary to comply with a legal obligation.
To cooperate with law enforcement authorities. · Any data legally required to provide · Necessary to comply with legal obligations.

· Necessary for our legitimate interests (or the legitimate interests of others) in complying with law enforcement requests.
Recruitment · Identity Data

· Contact Data

· Professional and Employment Data

 

 · Necessary to perform a contract with you, or to take steps at your request to enter into a contract with you.

· Necessary for our legitimate interests in operating our recruitment processes

· Necessary to comply with a legal, regulatory and professional obligations (eg positions requiring a regulator’s approval or specific qualifications).

 

If we process any special categories of data, we must have a further lawful basis for the processing. This may include:

  • Where you have given us your explicit consent to do so;
  • Where the processing is necessary for the purposes of carrying out the obligations under employment law;
  • Where the processing is necessary to protect your vital interests or someone else’s vital interests;
  • Where you have made the information public;
  • Where the processing is necessary for the establishment, exercise or defence of legal claims; or
  • The processing being necessary for reasons of substantial public interest e.g. to undertake activities in relation to the prevention or detection of fraud or other unlawful or dishonest activities.

 

DATA SHARING AND SUBPROCESSORS

We may share your personal data where necessary with the parties set out below for the purposes set out in the table above:

  • Entities that are part of our group of companies. TC Group is a group of subsidiaries headed by TC Group Holdings Limited, which act together to provide the engaged services to you as a firm of Accountants, by utilising the same IT environment and software platforms across the group. Within our IT environment, personal data will therefore be accessed, transferred and shared by the companies within TC Group for the purposes of delivering services, managing client relationships, risk management, compliance and internal reporting. Such access may occur on a cross-border basis, subject to appropriate safeguards.
  • Third-parties who help us deliver our products and services and improve your experience with us. TC Group utilises a number of contractors, agencies and suppliers to provide us with IT and other associated services for the delivery of our business and services to you. In many cases, the suppliers we use will be granted access to the data we are processing to provide us with technical assistance. This includes services such as IT support, data entry, client management and billing. We may also share your data with marketing and advertising partners.
  • Third parties that assist us with carrying out client due diligence and AML checks. In order to comply with our legal and regulatory obligations, we are required to carry out client due diligence checks. As part of this process, we may use an external provider, to verify identity and other details. Information provided may be disclosed to a credit reference agency, which may keep a record of that information and disclose it (and the fact that a search was made) to its other customers, including for the purposes of assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors. This search will leave a ‘soft footprint’ on the searched credit file. Where a search is made by TransUnion the search footprint retained by TransUnion for the search will read as having been made by TransUnion’s agent (and its clients generically) rather than naming the specific end-user.
  • Relevant third-parties, public agencies, regulatory bodies and authorities when we are under a legal obligation or it is in our legitimate interest to do so. As a firm of Accountants certain statutory obligations apply to us which require us to process personal data and in some circumstances to provide it to third parties such as law enforcement authorities.
  • Professional advisers. We may share personal data with our professional advisers, including lawyers, auditors, insurers and other advisers, where necessary to obtain advice, exercise or defend legal claims, or comply with our professional obligations.
  • Third-parties to whom we may choose to sell, transfer or merge parts of our business or our assets. We may share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. This may include sharing data as part of any due diligence, restructuring, financing, acquisition or disposal process. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Privacy Notice.

 

INTERNATIONAL DATA TRANSFERS

As a modern and international firm of Accountants, our staff need to be able to work from anywhere in the world using our IT services and systems. From time to time be necessary for our staff and group companies to access TC Group systems, both inside and outside of the UK and EU.

In addition, some of the third-party service providers we engage (including IT and cloud based service providers) may operate outside the UK and EU. Where your personal data is transferred or accessed outside the UK and EU, appropriate safeguards are in place to protect your personal data and data subject rights and freedoms. These safeguards may include the use of UK and/or EU standard contractual clauses, reliance on adequacy regulations where applicable, and the implementation of appropriate technical and organisational measures. TC Group is a member of BOKS International, a global alliance of independent accountancy and legal professional firms. The other members of BOKS International do not have access to your personal data and we will never transfer your personal data to other members of BOKS International unless you have specifically requested us to do so.

 

DATA SECURITY

TC Group has put appropriate technical and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Only authorised persons are provided access to personal data we have collected and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.  Conditions to protect data are cascaded to all our suppliers and service providers.

We carry out regular monitoring of our security defences for effectiveness against threats. Data transferred over our client portals is protected using encryption technologies for security.

Please note that no communications over the internet can be guaranteed as secure.  Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit.  Once data reaches your network it is your responsibility to ensure it remains secure.

Controls put in place by TC Group also apply to all subsidiaries of the group headed by TC Group Holdings Limited.

 

DATA RETENTION

We will retain your personal data only for as long as we need it, given the purposes for which it was collected, or as required to by law.

The timescales for the retention of personal data for the different activities we undertake in relation to our services are governed by various legislation (e.g. in relation to our accounting services).  For most accounting and professional services, retention periods are typically 7 years, subject to legal and regulatory requirements.

 

YOUR DATA SUBJECT RIGHTS

Under applicable data protection law, you have a number of rights, including the right to:

  • Request a copy of the personal data we hold about you.
  • Ask us to correct any of your personal data which contains mistakes or is inaccurate.
  • Request to have your personal data deleted.
  • Put in place restrictions on our processing of your personal data.
  • Ask us to transfer your personal data to you or another controller.
  • Object to the processing of your personal data (in particular for direct marketing purposes).
  • Where we process your personal data based on consent, the right to withdraw that consent at any time. Such withdrawal of consent shall not affect the lawfulness of processing your personal data prior to that withdrawal.

These rights are not absolute and there may be circumstances where we are entitled to refuse your request.

If you wish to exercise any of the rights set out above, please send your request in writing to our Data Privacy Officer using the contact details set out above.

 

COMPLAINTS

If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you have a right to take your complaint to the Information Commissioner’s Office.  Further details can be found via their website at www.ico.org.uk.

 

CHILDREN AND OUR WEBSITE

TC Group does not collect data regarding children except as part of engagements in which it provides professional advice (e.g. tax planning).TC Group understands the importance of protecting children’s privacy, especially in an online environment. Our sites are not intentionally designed for, or directed at, children 13 years of age or younger. It is our policy never to knowingly collect or maintain information about anyone under the age of 13 through our websites. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our site.   Please ask them to review this information before you communicate with us.

 

USE OF COOKIES

A cookie is a tiny element of data that a website can send to a visitor’s computer’s browser so that this computer will be recognised by the website on their return. We use cookies on our website for the following purposes:

  • Necessary. Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Preferences. Preference cookies enable our website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Statistics. Statistic cookies help us to establish statistics about the use of our website by internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, website performance, etc. By collecting and using such data, we hope to improve the quality of our website.
  • Marketing. Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether you open, read, or delete the message and any interaction you make with links contained therein.  When you click on a link in a marketing email you receive from us we may also use cookies to log what pages you view, in accordance with our cookies policy.

The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above.

For all non-essential cookies (preference, statistics and marketing), you are able to control whether these cookies are placed on your device within our cookie consent management tool. You can also make changes to your selection by reopening this banner here.

A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on our website. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer’s hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of our website, we recommend that visitors do not block the recording of cookies on their computer.

 

CHANGES TO THIS STATEMENT

We recommend you check this statement on a regular basis to ensure you are familiar with the activities we carry out in respect of processing personal data. We regularly review this Privacy Notice and will post any updates to it on this webpage.

This notice was last updated on 21 April 2026.