|Rev||Date||Nature of Change||Approved By||Integrity Checked|
|01||July 2018||Original Issue||T. Cooper|
This is the Privacy Notice for TC Carpentry Contractors Ltd issued in accordance with the General Data Protection Regulation (GDPR) – please read it carefully.
This Privacy Notice is to let you know how we handle your personal data. This includes what you tell us about yourself and your choices about what information you want to receive from us. This Privacy Notice explains our approach, your privacy rights and how the law protects you.
Your personal data is any information relating to you from which you can be identified.
This notice sets out:
- How we will process any personal data that we collect from you and what it will be used for; the information that you are entitled to receive from us when we collect your personal data; and your rights under the General Data Protection Regulation (GDPR) in connection with the way we handle your personal data.
- Where you provide personal data about another person, this Privacy Notice will also apply to that data so please share it with that person. This Privacy Notice applies to any personal data which you may provide to us in person, over the telephone, by email, on our website and/or by post. This Privacy Notice also applies to any personal data which we may collect from third parties about you and/or which we may collect when you access our website and/or in the course of our relationship.
You can choose not to give personal data. We may need to collect personal data by law, or under the terms of a contract and/or relationship that we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services so we cancel a product or service you have with us.
Wherever we refer to “processing” of personal data in this Privacy Notice this includes any combination of the following activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This Privacy Notice only applies to personal data collected by or on behalf of TC Carpentry Contractors Ltd via the company’s email/ website or by any other means. The company’s website may from time to time contain links to and from other websites (partner networks, advertisers and affiliates). If you follow a link to any external website or alternatively reach our website from a third party website, please be aware that these websites will have their own privacy policies, separate from ours, and we therefore do not accept any responsibility or liability for these policies. Please check their policies before you submit any personal data to these websites.
2. Our commitment
We commit to:
- keeping your personal data safe and only processing it on a valid legal basis;
- keeping our records up-to-date and deleting or correcting inaccurate personal data;
- deleting your personal data after it is no longer needed for the purpose you collected it for;
- not selling your personal data; and
- giving you ways to manage and review your marketing choices at any time.
3. Who we are
TC Carpentry Contractors Ltd is responsible for your personal data, and information is managed by the Managing Director Toby Cooper which act as the company Data Controller.
You can contact our Data Protection Officer (DPO) at:
The Data Protection Officer,
c/o TC Carpentry Contractors Ltd
2 Victoria Square,
or by email to firstname.lastname@example.org
4. Legal basis for processing your personal data
We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others outside of TC Carpentry Contractors Ltd. These reasons are:
- to fulfil a contract we have with you or to take steps at your request prior to entering into a contract with you;
- when it is our legal duty;
- when it is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms; or
- when you consent to it.
A legitimate interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is.
In the section below this one is a list of all the ways that we may process your personal data, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
Unless we have your explicit consent to do so, we will not process special categories of personal data revealing any of the following information about you: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation.
5. Information we collect and how we collect it
We may collect personal data from you in the following ways:
- when you make an enquiry,
- when you contact us in person, over the telephone, by email, by post or social media;
- when you apply for our products and services;
- in customer surveys;
- when you use our services; or
- payment and transaction data.
We may collect your personal data from third parties we work with including:
- companies that introduce you to us;
- suppliers of materials and equipment;
- trade contractors;
- social networks;
- payroll service providers;
- analytics providers;
- public information sources such as Companies House;
- agents working on our behalf;
- market researchers; and government and law enforcement agencies.
The type of information we may ask you to provide about yourself and therefore collect includes, but is not limited to:
- contact details such as your name, address, contact telephone number (mobile and landline) and email address;
- contractual details about the products or services we provide to you;
- documentary data details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.
- Training Certificates including copies of CSCS Cards
- Bank Account Details for payroll
You can however at any time tell us to change or remove any personal data or to stop or restrict the processing of your personal data.
6. How we use your personal data
We may use the personal data collected/provided by you to:
- respond to your enquiry;
- process payroll for employees
- send you information about services;
- notify you about changes to our service;
- carry out analysis to make improvements to our website and/or services;
- measure or understand the effectiveness of advertising we deliver to you and others;
- monitor customer service including processing customer satisfaction surveys;
- keep our records up to date;
- develop and manage products and services, and what we charge for them;
- define types of customers for new products or services;
- develop and manage our brand;
- manage how we work with other companies that provide services to us and our customers;
- make and manage customer payments;
- collect and recover money that is owed to us;
- comply with laws and regulations that apply to us;
- detect, investigate, report, and seek to prevent financial crime and fraud;
- manage risk for us and our customers;
- respond to complaints and seek to resolve them; and to
- run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.
Where we have stated above that our grounds are that we have your consent, we will understand your consent to have been given when you expressly accept these terms. You can withhold or withdraw your consent at any time using the contact details for the DPO or the Company Secretary in this notice.
Where we don’t have your express consent we may base our processing of your personal data on any other basis that applies.
If we intend to use your personal data for any purpose not stated above we will first notify you of the intended use and the legal grounds.
7. Sharing your personal data
We may disclose your personal data to third parties in certain circumstances but we will not sell, rent or trade your personal data.
Where relevant, we may give third party providers who supply services to us, or who process personal data on our behalf, access to your personal data in order to help us to process it for the purposes set out above. When doing so, we will ask them to confirm that their security measures are adequate to protect your personal data.
Within the purposes set out above we may share your personal data with the following third parties:
- With your consent, we will also pass your personal data on to third parties, for example if you ask us to put you in contact with professional advisors.
- We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contracts with you, or to protect our rights, property, or our safety and/or the safety of our customers, or others.
- We may need to confirm your identity before we provide products or services to you or your business. We may also share your personal information as needed to help detect fraud and money-laundering risks. We may use solicitors and other advisers for these purposes. We may allow law enforcement agencies to access your personal data. This is to support their duty to detect, investigate, prevent and prosecute crime.
- We may disclose your personal data to third parties in the event that we sell any part of our business, in which case we may disclose your personal data to the prospective buyer of such business or assets. If any part of our business is acquired by a third party, personal data held by us may be transferred.
8. Protecting your information
We will seek to keep your personal data secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Only authorised personnel and third parties will have access to your personal data.
We will retain your personal data for no longer than the period of time needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the processing but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.
9. Changes to this Privacy Notice
Any changes we may make to this Privacy Notice in the future will be posted on this website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Privacy Notice.
10. Your right of access to your Personal Data
You have the right to access your personal data including us providing to you, without charge, a copy (which may be in electronic form) of any of your personal data that we are processing or that third parties are processing on our behalf.
We will also provide to you, if you request it, the following information:
- (a) the purposes of the processing;
- (b) the categories of personal data concerned;
- (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, including recipients in countries outside the UK or international organisations;
- (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- (e) if the personal data was not collected from you, any information available to us as to the source of it;
- (f) whether the personal data has been subject to automated decision-making, including profiling, and, if so, information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Requests for this information or a copy of your personal data should be in writing, enclosing proof of identification such as a copy of your passport, driving licence or other documentation confirming your name and address (for example a utility bill). A Subject Access Request Form will be sent which needs to be completed. This can then be returned to:
The Data Protection Officer,
c/o TC Carpentry Contractors Ltd
2 Victoria Square,
or by email to email@example.com
11. Your right to removal or correction of personal data and to restriction of processing
You have the following rights under GDPR:
- a right to request that we correct inaccurate or incomplete data (“Right to rectification”);
- a right to request that we delete any of your personal data. In certain circumstances we may wish to retain data and if GDPR allows us to do so we will inform you of our grounds (“Right to erasure” or “Right to be forgotten”); and
- a right to request that we stop or restrict any aspect of the processing of your personal data. In certain circumstances we may wish to continue and if GDPR allows us to do so we will inform you of our grounds (“Right to restriction of processing”).
In each case we will tell you what action we are taking and we will also notify any third party to whom the data has been disclosed. Your request should be made to the address above
12. Your rights concerning automated processing and profiling
13. Your right to data portability
You have the right to receive from us the personal data that you have given us in a structured, commonly used and machine-readable format (“Right to data portability”) and/or to have the data sent by us directly to another party. Please note that this right only applies in certain circumstances, which is when we held the data on grounds of your consent or to perform a contract with you or for steps preparatory to such a contract and we were processing that data by automated means.
Your request should be made to the address above
14. Your right to complain to the regulator
Please let us know if you are unhappy with how we have processed your personal data. You can contact us by writing to the Managing Directors Toby Cooper at the address given above.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the UK supervisory authority for the processing of personal data. Further details are available on the ICO’s website.
15. Enquiries and to exercise your rights
If you have any questions, or want more details about how we process your personal data or if you wish to exercise any of your rights, you can contact us by writing to the Data Protection Officer at the address given above.
Please note: The Original document, signed, dated and subject to regular review will be held in the head office.