The RVU group of companies are a division of ZPG Limited. The group of companies will jointly decide how and why to use your personal data with other companies in the group as follows:

• Confused.com (Inspop Limited)
• Money.co.uk (Dot Zinc Limited)
• Mojo Mortgages (Life’s Great Limited, Life’s Great Group Limited and Life’s Great Tech Limited)
• Tempcover.com (Tempcover Limited
• Uswitch.com (Uswitch Limited)
• ZPG Limited

We respect and protect your privacy

This privacy notice applies to: 

• Former and current employees and non-permanent workers; 
• Family (including but not limited to dependants and spouses), friends, other emergency contacts, next of kin and beneficiaries;
• Executive and non executive directors of the Board;
• Members of the Audit Committee; and
• Investors.

Data you provide, or that is generated during our relationship with you including, but not limited to:

• Name, legal sex, date of birth and photograph or other identifying images;
• Contact information, including name, home address, personal email address, phone number(s), and social media profiles;
• Emergency contact details for those you nominate; 
• Details of the company that employs you, including your work address, your work email address, your work phone number and your department and job title when related to you;
• Copy of your passport, any visa or other immigration permissions relating to your right to work;
• Employee identification number, national insurance number and other staff identifiers;
• Employment history, CV, education records, employment references, including your employment contract, offer letter, start date, details of benefits and working hours;
• Information regarding your usage of ZPG IT systems including login information, access to IT systems (including date and time of access), information regarding online behaviour and usage of internet, telephone and other communications systems;
• Information from monitoring of ZPG devices and accounts (including email) and any personal device to which our corporate device management policy is applied;
• Payroll information including salary, salary sacrifices, payroll number, payslips, tax records, payroll records and bank account details;
• Pension and other life/health insurance details including benefits, next of kin and beneficiary information;
• Membership or positions on boards or committees including financial and non-financial authorities;  
• Transaction history for all share plans operated by the group; 
• Details of any MEP/VIP allocations; 
• Information captured on security systems, including CCTV and key card entry systems.
• Absence records, including but not limited to holiday, time off for dependants, compassionate leave, jury service and sabbaticals;
• Performance reviews, performance improvement plans, and other staff performance, disciplinary, grievance and personal development records including information collected for internal or employment investigations;
• Information about your sexual orientation, neurodiversity, disability status, gender identity, race, ethnicity, political opinions, and beliefs,; 
• Information about your physical and mental health including pregnancy, medical reports, fitness to work notes, occupational health records, return to work meeting notes, accident records and medical insurance arrangements;
• Information about criminal convictions and offences including when collected in background checks; 
• Information relating to any trade union subscriptions and time off for related activities;
• Biometric information (e.g. fingerprint or face ID) used to secure your device.

Where you provide us data you do so on your own behalf, or where providing us with someone else’s data, you must have their permission to do so.

If you fail to provide personal data

If you do not provide your personal data when requested, we may not be able to perform our contract with you (such as paying you or providing a benefit) or we may not be able to comply with our legal obligations (such as to ensure the health and safety of our workers). As such, failure to disclose this data may result in disciplinary action or termination of employment or your engagement with us.

We may collect personal data about you through our application, recruitment, joiners, movers, and leavers processes, as well as during the course of your employment, from the following sources:

• employment agencies and recruitment websites (e.g. Linkedin);
• your referees;
• security clearance and background check providers;
• occupational health and other health providers;
• pension administrators;
• government departments, for example tax details from HMRC;
• your trade union;
• providers of staff benefits;
• colleagues (and employees of partner organisations), regarding job-related and performance management activities;
• our IT systems and your device/s used for work purposes;
• the media, press or social media; 
• authorities, government bodies and regulators; 
• training suppliers; and
• CCTV images from our CCTV systems or any use of biometric recognition used for or to access work areas, devices or systems.

We will use your personal data to:

• operate the business day to day;
• monitor equal opportunities and diversity;
• help ensure we offer safe and secure workplaces;
• ensure compliance with IT policies and network and information security and other staff and compliance policies;
• ensure compliance with regulators such as Companies House, FCA  and HMRC;
• protect the business through security and entry to premises systems and processes;
• carry out right to work checks including your immigration status;
• pay you, deduct tax and National Insurance, and provide staff benefits;
• provide your rights to time off and family and other leave;
• contact you when you are not at work, or your emergency contacts, in an emergency;
• address disciplinary or grievance issues;
• manage your performance, and address training and development needs;
• address fitness to work health related adjustments;
• assist with work related and volunteer testing and trials for the enhancement of our products and services;
• for sending birthday, celebrations, condolences and other well meant wishes and sentiments;
• for processing any personal information of you or others as disclosed by you on work systems or devices as disclosed by you for purposes such as collaboration and staff engagement;
• to monitor usage of work devices, software and internet access for any misuse or inappropriate usage;
• for recording of meeting and other work events - you should be informed of the recording and where feasible given the option to not to be recorded;
• manage and allocate resourcing, including work allocation, promotions and redundancies; and
• build, train, and augment AI models (with appropriate controls) which help us complete any of the activities detailed above, or develop internal or external chatbots.

To use your data, we must have a valid and legal reason (a ‘lawful basis’). 

Sometimes we ask for your consent (e.g., to record your ethnicity or religion) and sometimes, where you would expect us to use your data, we do not need to ask. 

Our reason for using your data is usually one of the following:

Contract

We must use your data to carry out a contract you are party to, or take steps before you enter a contract. For example, to administer your pension and to provide you with employee benefits.

Consent

You have given us consent to use your data for a certain reason (you can withdraw your consent at any time).

Legal obligation

We (or another group company) must use your data to follow the laws or regulations to which we are subject.

Legitimate interests

We have a legitimate interest in using your data. Usually this is to help us run, improve, promote, or protect our services and business.

Examples of these interests include:

• Using images from our events to promote the business internally or externally
• Auditing our processes to help keep our high standards
• Statistical analysis
• Securing our services and keeping them online
• Fraud and data loss prevention
• Sometimes, we may use your data when it is in the interest of another company, such as another ZPG brand, or the wider public good. 

Change of purpose

We will only use your personal data for purposes consistent with the original purpose that we told you about. If we need to use your personal data for an unrelated purpose, we will tell you (usually by updating this notice) and explain the legal basis for doing so.

We may use your personal data without your knowledge or consent where this is required or permitted by law.

We may share your personal data with other group companies for a variety of reasons including:

• As part of our regular reporting activities on company performance;
• In the context of a business reorganisation;
• For system maintenance;
• When organising events;
• Support and hosting of data;
• Your participation in any share plans and the take up of any employee benefits. 

The group operates under central services functions so we will routinely share your personal data with our Finance, HR, Legal and Payroll teams.

There are a variety of circumstances in which we may need to share personal data outside of the group, including:

• As part of the day-to-day operation of the business, for example, simply to pass your business contact details on to someone. 
• Where required by law, for example with HMRC, the Financial Conduct Authority and Companies House; 
• Where it is necessary to administer our working relationship with you;
• With our suppliers, service providers and trusted advisors, such as our IT system providers, payroll provider, benefits providers and legal advisors;
• Your participation in any share plans with third party administrators, nominees, registrars and trustees for the purposes of administering the share plans;
• In the context of the possible sale or restructuring of the business. In this situation we will, so far as reasonably practicable, share anonymised data.
• In response to a request from law enforcement or another regulatory authority
• To enforce our agreements with you or to protect our rights, property, or safety, or that of our users or others. This includes sharing data for security and fraud prevention purposes.
• If we believe someone is in danger, we reserve the right to share data to help protect them.

We take the protection of your data very seriously.

We follow best practices to secure your data, and we only keep it when the law allows and it is needed for the purposes it was collected. The periods we keep it for vary based on the type of data and and the nature of our relationship with you. However, we normally keep it while you are a staff member and for up to 6 years from when you left the business. If necessary, we may retain data longer where such data is required for the resolution of a dispute.

We may store or process your data outside of the United Kingdom, where local privacy laws do not provide as much protection. When we do that, we use approved data transfer safeguards and legal frameworks 

You have data rights granted to you under data protection law which you can exercise at any time. We manage all rights requests raised to us as the law requires. This means there may be legal reasons why we cannot complete all requests. We have one calendar month to fulfill your rights request but can extend this up to a further two months if we decide it is necessary.

Right to be informed: where you have given us your data, you may ask us, for example, about the type of information we hold; how we process your data, including who we have shared it with and how long we will keep your data for.

Right to withdraw consent: where you have given us consent to use your data, you may withdraw your consent at any time. For instance, where you have provided us sexual orientation data, you can log into Workday and remove this data at any time.

Right to erasure: you can ask us to delete the data we have about you. We must comply with this request, unless retaining your data is necessary, for example:

• to comply with a legal, regulatory, or contractual obligation which requires the use or retention of your data under UK law; or
• to exercise or defend legal claims.

Right to rectify: although we make efforts to keep it correct, based on the latest data available to us, you can ask us to amend data that is incorrect or is not complete.

Right to restrict data processing: in some situations, you can ask us to limit the use of your data. For example, if your data is due to be erased from our records as the retention period has expired, you may ask us to retain a copy of that data for a period of time - this may be relevant if you have commenced legal proceedings.

Right to portability: you can ask us to share data you provided to us directly with you or with another company - currently there are no examples of when this might be relevant but we will keep this under review.

Right to object: you can object to our use of your data, when we use it based on our legitimate interests or those of a third-party. If this happens, we will not use your data, unless we can show legitimate reasons and an overriding interest for its use, or for the exercise or defence of legal claims.

Right of access: you may ask us to give you a copy of the data that we hold about you. We will give you a copy of your data if you request it, once we have checked your identity (ID checks will vary based on the data we hold about you).

Right to complain: you can file a complaint with the ICO (Information Commissioner’s Office), the United Kingdom’s data protection regulator. However, we’d prefer it if you first contact us to let us try to solve your problem – you can find our contact details below.

If you want to use one of your personal data rights, please complete the form in our secure portal, or write to us at the address below:

Changes to this notice

This privacy notice was updated on 14 July 2025. We reserve the right to update this notice and will post any changes on this page, so please check back frequently.