PRIVACY NOTICE

Sprinks Construction Ltd Privacy Notice

European Data Protection law (GDPR) changed on 25 May 2018. Most organisations use your personal information but at Sprinks Construction we take a minimum amount of data and, refreshingly, we only use it for its intended purpose! To make it clear, Sprinks Construction Ltd is committed to protecting and respecting the privacy of its clients, suppliers and employees.

We can provide more information about the purposes for which we use your personal data, the rights you have over it and what that means in practice under Article 15 (‘Rights of Access by the Data Subject’). So we’ve taken the opportunity to update our Privacy Policy in line with the new GDPR regulations. The way we use your data hasn’t changed, and we still treat it with the same level of care and protection. We hope our policy is clear and simple, but it you want to find out in more detail about the new data protection regulation and lawful processing, refer to the ICO website. Privacy notice under the GDPR (May 2018). Articles 12, 13 and 14 of the GDPR outline the requirements on giving privacy information to data subjects. These are more detailed and specific than in the UK Data Protection Act 1998 (DPA).

Sprinks Construction values its long-standing reputation and trusted relationship with the local community. We will collect certain personal data that is necessary to carry out our work and nothing more. Under the regulations set for GDPR (effective 25th May, 2018), Sprinks Construction Ltd is following the guidelines published for collecting our customers’ personal data.

Our GDPR principles:

  • We will only collect the necessary personal data from our customers
  • We will process all personal data lawfully and only use it for lawful purposes
  • We will keep all personal data secure
  • We will only share the personal data of our customers with sub-contractors (or another similar third party) when necessary and with the permission of the customer
  • We will not keep personal data for longer than necessary
  • We do not engage in sharing personal data whatsoever for marketing purposes

What information do we collect?

We typically collect the following:

  • A name, address, phone number and email address
  • Details offered by the client with regards to the property/site
  • A supplier or sub-contractor may pass on the details of a potential customer (with permission)
  • We do not collect data
  • We do not process sensitive personal data or financial information of our customers

How are we meeting the new compliance guidelines for GDPR? In line with the new GDPR regulations, we are reviewing and updating our internal processes and how we deal with the personal data of our employees, suppliers, fellow companies and customers. All members of our office and site teams are aware of GDPR and our collective responsibilities.

How do we use personal information?

  • for estimating, sales and purchase of materials
  • administration and monitoring within the business
  • providing goods and services
  • internal research and development purposes
  • legal obligations (e.g. prevention of fraud)
  • meeting internal audit requirements
  • we do not deliver marketing and events communication
  • we do not carry out polls and surveys

What legal basis do we have for processing your personal data? For our projects to be carried out, we rely on the consent of the customer to access their property and to share certain personal details with sub-contractors. Customers may manage individual consent or withdraw it if they wish.

If we have a need to process special category personal data, it will be to satisfy at least one of the six processing conditions contained within the GDPR, as well as additional requirements for processing under the GDPR, the grounds of such collection can be provided upon request.

When do we share personal data? We treat personal data confidentially and only disclose or share it with sub-contractors who will be working on the site. Personal data is not stored with any other third party, nor do we transfer personal data of our customers.

Where do we store and process personal data? Personal data is stored on our accounts management system and in a customer/project file. Nowhere else. Our UK systems provider is fully compliant with the GDPR regulations. Data on the system is password protected and project files are kept securely. It allows us to safely store the data saved on our system and takes care of its security and accidental loss with secure back-ups.

How long do we keep your personal data for? Our customers’ personal data is only stored for as long as necessary (no longer than seven years in archives). If not, refreshed as a returning client, the information is archived and then securely disposed of.

Your rights in relation to personal data. Under the GDPR, we respect your rights (as the data subjects) to access and control your personal data. In this privacy notice, we would like to outline our customers’ rights in respect of:

  • access to personal information
  • correction and deletion
  • withdrawal of consent (if processing data on condition of consent)
  • data portability
  • restriction of processing and objection
  • lodging a complaint with the Information Commissioner’s Office. You may exercise your rights (listed above), and we will respond to any requests made.
  •  
  • You may exercise your rights (listed above), and we will respond to any requests made.You are entitled to request us to erase any personal data we hold about you under EU General Data Protection Regulation (GDPR). We will do our best to respond promptly and in any event within one month of the following:
    • Our receipt of your written request; or
    • Our receipt of any further information we may ask you to provide to enable us to comply with your request, whichever happens to be later.

    An erasure request must be made in writing, which includes email correspondence provided that the request gives sufficient information so as to remove the details of the correct person(s).

Our progress within the GDPR guidelines to date: 

  • We have appointed a Data Protection Officer
  • We are reviewing and updating our company policies and handbook
  • We are undertaking a systematic review of the personal data we store, manage, maintain, collect, process and control
  • We have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently
  • We are raising the awareness and importance of GDPR to our employees and their individual responsibilities when dealing with our customers and their personal data (such as addresses and phone numbers)
  • We will continue to look at ways to maintain the lawful standards of GDPR and to comply within the realms of best practice
  • We will log any breaches of personal data

 

  • How to contact us? Customers can get in touch if they have questions or concerns about our privacy practices, their personal information, or if they wish to file a complaint. Contact can be made by email or in writing.
  • Email: admin@sprinksconstruction.co.uk
  • Postal address: Sprinks Construction, 2 Park Road, Hythe, Kent, CT21 6DH

 

Updated September 2022