GENERAL DATA PROTECTION REGULATIONS (GDPR) & DATA PROTECTION ACT 2018 (DPA)
This document demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will;
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the purpose of our business relationship
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)
Sky Scaffolding Midlands Ltd. is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU
The list below identifies the kind of data that we will hold about you:
- company name, address and site addresses, contact names, telephone numbers and email addresses
- trading history
- credit checking
- bank account details
- documentation with regard to capability procedures and appraisal forms
The following list identifies the kind of data that we will process and which falls within the scope of “special categories” of more sensitive personal information:
- we do not envisage any reason to maintain any data with regard to special circumstances
METHOD OF COLLECTION OF PERSONAL INFORMATION
We collect information of Suppliers and Customers (Contractors) through the enquiry process, either directly from the data subject by email, phone call or face to face contact or through a 3rd party, e.g Architect. We may collect additional personal information from 3rd parties including credit check agencies.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- vital interests: the processing is necessary to protect someone’s life.
- public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- legitimate interests: the processing is necessary for our legitimate trading interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data is necessary for the performance of the contract we have with you and to enable us to comply with our legal obligations.
There may be more than one reason to validate the reason for processing your personal information.
LAWFUL BASIS FOR PROCESSING “SPECIAL CATEGORIES” OF SENSITIVE DATA
We do not envisage any reason to maintain any data with regard to special circumstances in regard to our customers or suppliers
INFORMATION ABOUT CRIMINAL CONVICTIONS
Information regarding criminal convictions may be processed in accordance with our legal obligations.
We do not envisage that we will hold information about criminal convictions in regard to our customers or suppliers.
Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. We will not share your data with anyone else other than what is intended for the interests of the business.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We do not anticipate that we will transfer data to other countries.
As part of our commitment to protecting the security of any data we process, we have put the following measures in place
Firewall Protected Servers
Dual Path Signalling and Off-Site Monitoring
Our server is internal only, is not accessible over the internet, is username and password protected by our internal firewalls.
If you would like further details please contact DPO – Data Protection Officer, Jayne Foster.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised.
Updated Shredder – to comply with GDPR
Systems to ensure any data stored in office files are locked
In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.
We anticipate that we will retain your data for as long as we need it but for no longer than is necessary for the purpose for which it was collected.
We have given consideration to the following in order to decide the appropriate retention period:
- risk of harm
- purpose for processing
- legal obligations
At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it.
We may occasionally use data for marketing purposes but only between ourselves and our customers or suppliers. You can opt out of this service at any time by writing to us directly at our Head Office address.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the;
- Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
- Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- Right to portability. You may transfer the data that we hold on you for your own purposes.
- Right to request the transfer. You have the right to request the transfer of your personal information to another party.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact Jayne Foster
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into or continue our contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section – lawful basis for processing your personal information).
QUESTIONS OR COMPLAINTS
Our Data Protection Officer is Jayne Foster.
Should you have any questions regarding this statement, please by phone 01926 400900.
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.