The personal information we hold includes:
TfL and the companies that process data on its behalf, will use your personal information for the purposes of human resource administration (i.e. managing TfL's employment relationship with you). The information provided will be used to:
Your information will only be accessed and processed by authorised personnel (i.e. line managers, HR professionals, occupational health professionals and pensions administrators) who are directly involved in the management and administration of your employment and have a legitimate need to access your information.
Most of your personal information will be retained by TfL for the duration of your employment plus an additional seven years from the date on which you cease to be an employee.
Please note that personal information included in occupational health and pension administration records will normally need to be retained for much longer periods.
TfL takes the privacy of our employees very seriously and has a range of robust policies, processes and technical measures in place to safeguard their personal information.
Access to systems that hold employment related information is restricted to authorised personnel through the use of unique identifiers and passwords. Your information is stored on systems that are protected by secure network architectures and are backed-up on a regular basis (to a second secure location) for disaster recovery and business continuity purposes; and to avoid the risk of inadvertent erasure or destruction.
TfL has contracts with a number of third party service providers, who provide specialist services such as our Employee Assistance Programme and various employee benefits schemes. These third parties will process applicant information in accordance with TfL's instructions and make decisions regarding the information as part of the delivery of their services; they are also required to put in place appropriate security measures that ensure an adequate level of protection for personal information.
In some circumstances, disclosures of employee personal information to the police (and other law enforcement agencies) are permitted by the Data Protection Act 1998, if they are necessary for the prevention or detection of crime and/or the apprehension or prosecution of offenders. Each police request to TfL is dealt with on a strictly case by case basis to ensure that any such disclosure is lawful and proportionate.
TfL may also disclose your personal information to a third party:
TfL has a contract with a third party service provider which supports the operation of our HR and payroll systems. Some of the associated technical support services are provided from outside of the UK.
While all of our employee data is physically stored in UK data centres, in the event of technical problems arising with our IT systems, some of your personal information may need to be processed by our service provider from operations centres based in the Philippines and India.
Any such processing will be carried out in strict accordance with UK and EU privacy legislation and the appropriate contractual safeguards which TfL has put in place.
For more information about how to access your personal information please see the section on subject access requests in Access your data.