This information should be read together with your contract of employment and replaces any contractual data protection provisions issued prior to May 2018. It may be updated from time to time.
Personal information we hold
The personal information we hold includes:
- Name, address, telephone number(s), email address
- Proof of your right to work in the UK (such as a copy of a passport and/or visa)
- Employment history, other relevant experience, achievements, skills and qualifications
- Employment references and the results of any pre-employment screening
- The notes and outcome of any interviews or tests which formed part of the recruitment process
- Terms and conditions of employment, contract variations, current employment history
- Information about your conduct, performance, training and development
- Correspondence and call recordings relating to your employment
- Pay and pension details, national insurance number, tax coding and details of the bank or building society account into which your salary is paid
- Details of salary deductions such as trades union membership, student loan repayments, Give As You Earn donations or Attachment of Earnings Orders
- Details of your employee benefits (eg membership of private medical insurance or childcare voucher schemes)
- The reasons for any periods of absence (eg annual leave, maternity/paternity leave, sickness absence, quarantine or self-isolation)
- Details of household members (e.g. emergency contacts, caring responsibilities, next of kin and nominee travel pass holders)
- Birth certificate/adoption certificate of your children (if provided, eg for parental leave purposes)
- Information about your health and how it may affect your ability to carry out your duties
- Journey history associated with your staff and nominee travel passes
- IT systems and building access history
- Equalities monitoring information (if provided - see information on 'special categories' below)
Legal basis for using your information
Under privacy and data protection legislation, TfL is only allowed to use personal information if we have a proper reason or 'legal basis' to do so. In the case of your employment with TfL, there are a number of these 'legal grounds' we rely on, which are:
- For the 'performance of a contract', for example:
- to comply with the obligations contained in your contract of employment and TfL's HR policies
- Legal obligations, for example:
- In some circumstances we are obliged to handle your information in a certain way, for example, to provide salary information to HMRC for tax purposes or to provide information to the National Fraud Initiative, run by the Cabinet Office, every two years
- Where you have given your consent to TfL, for example:
- You have asked us to give a reference to a financial institution regarding an application you have made for a mortgage, personal loan, etc.
- Where it forms part of TfL's public functions, for example:
- The publication of salary information under TfL's transparency obligations
- When passing information to the Information Commissioner's Office, which regulates data protection and freedom of information
- In your capacity as an official representative of TfL in the performance of your role
Sometimes we also need to collect or store information that is called 'special category personal data', which is defined as the following:
- race and ethnic origin
- politics and religion
- trade union membership
- genetics and biometrics (where used for ID purposes)
- health (physical or mental)
- sex life or sexual orientation
As before, there are a number of 'legal grounds' we rely on when handling this kind of information, depending on the circumstances, which are:
- Where we have your explicit consent to do so for a particular purpose
- Where it's necessary for carrying out the obligations and exercising specific rights of TfL or you in the field of employment and social security and social protection law
- For the establishment, exercise or defence of legal claims
- Where it is necessary for occupational health purposes (including counselling)
- Where it is necessary for the purpose of administering your occupational pension
- Where's it's necessary for equality of opportunity or treatment
- Where it's necessary for the prevention and detection of crime or fraud
In addition, UK privacy legislation has added information about criminal allegations, proceedings or convictions to the list of special categories compiled under EU law. TfL may process this data in connection with the above legal grounds, or where necessary as part of our statutory duty to provide safe transport services.
Obtaining and using your information
The personal information we hold about you comes from the following places:
- your recruitment application and the supporting information you included with it
- pre employment checks, vetting and references from external parties
- information you provide when you start employment, (such as emergency contacts and bank account information)
- information created, or received, by TfL during the course of your employment, such as performance or pay reviews, disciplinary records or occupational health information
TfL and the companies that process data on its behalf, will use your personal information for the purposes of human resource administration (ie managing TfL's employment relationship with you). The information provided will be used to:
- Pay you, administer employee benefits, calculate any tax, NI or statutory payments due (ie sick or maternity pay)
- Administer any absences including sickness and annual leave
- Manage your performance and attendance and make decisions about appropriate training and development
- Manage any employment disputes including disciplinary actions or grievances
- Supply references to prospective employers
- Support organisational change initiatives
Your personal information will be accessed and processed by authorised personnel (ie line managers, HR professionals, occupational health professionals and pensions administrators) who are involved in the management and administration of your employment and have a legitimate need to access your information. Additional authorised personnel may need to access your information on a case by case basis for specific purposes, including the provision of legal advice, or where it is necessary to comply with a legal obligation.
When employed by TfL your use of TfL's IT facilities is logged and monitored for security and audit purposes. This includes whether used for business or limited permitted personal use. IT facilities include, but are not limited to, any computer (including laptops), mobile and handheld devices (eg smart phones and tablets), systems, applications and software, server or network equipment and any telephone handset, switchboard or voice network provided or supported by TfL. To ensure business continuity and meet operational needs, in the case of termination of employment or long-term absence, access to the files stored on your TfL personal drive or emails may be requested by your manager without notice.
TfL is subject to Access to Information legislation (including the Freedom of Information Act 2000 and Environmental Information Regulations 2004). Information disclosed under this legislation will on occasion include TfL employee names and job titles, but will otherwise be limited to information created in the performance of your duties.
TfL may use aggregated or depersonalised employee data for analysis purposes - for example to ensure that we have an efficient and diverse workforce - or for occupational health purposes. Individuals will not be identified using this information.
Length of time we keep information
Most of your personal information will be retained by TfL for the duration of your employment plus an additional seven years from the date on which you cease to be an employee. This is for the following reasons:
- To respond to correspondence, concerns or complaints
- To maintain records according to rules that apply to us (for example employment law, or financial regulations)
- To establish and defend any legal rights
Please note that personal information included in occupational health and pension administration records will normally need to be retained for much longer periods.
Keeping personal information secure
TfL takes the privacy of our employees very seriously and has a range of robust policies, processes and technical measures in place to safeguard their personal information.
Access to systems that hold employment related information is restricted to authorised personnel through the use of unique identifiers and passwords. Your information is stored on systems that are protected by secure network architectures and are backed-up on a regular basis (to a second secure location) for disaster recovery and business continuity purposes; and to avoid the risk of inadvertent erasure or destruction.
Anyone with access to personal information held in TfL's systems is required to complete TfL's privacy and data protection training on an annual basis.
Automated processing and profiling
Under data protection legislation we have to let you know when we use your personal information to do something 'automatically' using our computers or other systems, or use it to make an automated decision (without human intervention) that significantly affects you.
TfL does not make any employment related decisions based solely on the use of automated systems, databases or computer applications.
Sharing personal information
TfL has contracts with a number of third party service providers, who provide specialist services such as our Employee Assistance Programme and various employee benefits schemes. These third parties will process personal information in accordance with TfL's instructions and make decisions regarding the information as part of the delivery of their services; they are also required to put in place appropriate security measures that ensure an adequate level of protection for personal information.
In some circumstances, disclosures of employee personal information to the police (and other law enforcement agencies) are permitted by data protection legislation, if they are necessary for the prevention or detection of crime and/or the apprehension or prosecution of offenders. Each police request to TfL is dealt with on a strictly case by case basis to ensure that any such disclosure is lawful and proportionate.
TfL may also disclose your personal information to a third party in the following circumstances:
- Where we have your explicit consent eg to assist financial institutions regarding an application you have made for a mortgage, personal loan, etc.
- For the purpose of providing employment references
- To the TfL Pension Fund
- To a prospective purchaser of the Employer (or the purchaser's advisers) in connection with a future proposal to sell or transfer the Employer or a Group Company or all or part of their respective businesses
- In an emergency where the health or personal security of an employee is at risk
- Where we are required to do so by law (eg in response to a court order, or to assist with investigations carried out by government departments such as HM Revenue and Customs, the Department for Work and Pensions, Job Centre Plus, the Child Support Agency, or local authorities)
- For the purpose of official inspections or audits, for example in relation to railway safety or national infrastructure security
- In your capacity as a representative of TfL, for example in reports and publications
- In connection with the National Fraud Initiative (NFI) data matching exercise carried out by the Cabinet Office, which is intended to prevent/detect crime and protect public funds
- If it is necessary to do so in order to establish or defend TfL's legal rights (ie in the context of a court case involving TfL)
- Where TfL is otherwise required or permitted by law to make the disclosure
TfL may also receive or disclose personal information about employees in relation to certain emergency situations or other incidents that require an immediate response. Such events may include those involving public health, public safety or national security matters, when access to personal information is necessary to manage the incident. In some situations, we may also be required by law to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests will be assessed on a case-by-case basis and take into account privacy considerations before a disclosure is made.
TfL and its service providers may process your personal information in the UK and in other countries both within, and outside, the European Economic Area (EEA).
Any such processing will be carried out in strict accordance with UK and EU privacy and data protection legislation and the appropriate contractual safeguards which TfL has put in place.
Your information rights
Under data protection legislation you are entitled to ask to see any personal information that we hold about you. For more information about how to access your personal information please see the section on subject access requests in Access your data.
You also have a number of other information rights which include:
- The right to question any information we have about you that you think is wrong or incomplete
- The right to object to how we use your information or to ask us to delete or restrict how we use it
- In some cases, the right to receive a copy of your information in a format that you can easily re-use for your own purpose(s)
- The right to complain to the regulator - the Information Commissioner's Office
The TfL Privacy and Data Protection team considers and coordinate responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies. You can contact the Data Protection Officer by email at firstname.lastname@example.org.
Changes to this page
It's likely that we'll need to update this statement from time to time, so check back here regularly to find out more. This page was last updated in February 2022.