1.3 We have appointed our Data Protection Officer (DPO) to provide help and guidance and monitor that we are applying good practice standards in protecting personal information. Our DPO can be reached by email at firstname.lastname@example.org if you have any questions about how we use personal information.
1.5 All information will only be used for legitimate business purposes. We will not transmit information to other parties unless it is required to fulfil contracted works. All data disclosures will only be relevant to the particular requirements of the contract works. This information will be handled in accordance with the guidelines of the GDPR and again will only be relevant to the requirements of providing our services.
1.6 We will never sell any personnel information to third parties.
1.7 We will hold the digital and physical files on record as required by the relevant contracts, which may be up to 40 years with regards to exposure records. These are stored on secure servers and in secure on-site archive store.
2. About us
2.1 We are what is known as the “controller” of the personal information which we gather and use from both our employees and client base. When we say “we” or “us” in this Privacy Notice, we mean T & S Environmental Limited. We are registered with the Information Commissioners Office (ICO) registration number ZA338283.
3 What kinds of personal information we use
3.1 We use a variety of personal information depending on the circumstances under which personal information is made available to us.
3.2 We may use personal information in the following circumstances:
(a) Business Contacts: We hold the names, job titles, employer details and professional contact details for various business contacts, including client contacts, supplier contacts and interested parties who may require our company assistance;
(b) Clients: Most of our clients are incorporated entities, however in the course of conducting audits and completing on site records, we may collect and use personal information of individuals that work for our clients. This can include names, contact details and information about an individual’s work role on the site; and
(c) Employees/temporary employee: If you are an employee/temporary employee, we will process your name and personal contact details including next of kin, previous working background, payment details and information about the work you complete for us. We may also collect and use some special categories of personal data such as health surveillance records, driving licence abilities or disabilities in relation to those that may affect your ability to undertake your work safely; and
(d ) Consultants: If you are a consultant that assists with our company undertakings, we will process your name, professional and personal contact details, CV and professional background and information about the work you undertake for us; and
(e) Job Applicants: Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. This will ordinarily include your name, personal contact details, work history, training and qualifications and references. We may also collect and use some special categories of personal data about job applicants, such as information about an applicant’s racial or ethnic origin and some health information regarding any medical conditions or disabilities.
4. How we gather your personal information
4.2 Personal Information is gathered in the following ways:
(a) Business Contacts: These may be collected via forms on our website, or in the course of business as usual correspondence with business contacts, such as emails, telephone calls and general enquiries;
(b) Clients: We may collect personal information held by our clients in the course of conducting our works. Personal information may be included in documentation we are required to assess as part of our works, and will ordinarily be provided or made available to us by our client; and
(c) Employees/temporary employee: Personal information will be gathered directly from you or from your third-party references. You are required to provide applicable information to ensure compliance with the Control of Asbestos Regulations with regards to health records and maintaining records of the works in progress through to completion. Supervisors are required to work on our behalf
when maintaining documentation on site ensuring that data is protected.
5. Why we use personal information
5.1 We will use personal information for the following purposes:
(a)Business Contacts: We process the personal information of our business contacts as necessary for the legitimate interests of managing the day-to-day operation of our business, including correspondence, engaging suppliers, and promoting our services to business contacts;
(b)Clients: We process the personal information of individuals that work for our incorporated clients in the course of maintaining contact details and those that may be used for references for works undertaken. Such processing is also required for the legitimate interests of our clients with regards to maintaining documentation for the projects undertaken;
(c)Employees/temporary employee: We process the personal information of Employees/temporary employee for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation. Where we engage Employees/temporary employee, we process their personal information for the purposes of entering into and performing our legal requirements with regards to maintaining records, such as health information and exposure records; and
(d)Job Applicants: We process the personal information of job applicants for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation. Where we decide to employ a job applicant, we process their personal information for the purposes of entering into and performing our employment contract with the applicant. We will process racial and ethnic origin and health information of job applicants for the purposes of meeting our legal obligations under employment and other regulation requirements.
5.2 If we are not provided with access to personal information for the purposes outlined in above in section 5, we may not be able to offer or provider certain services, or we may not be able to complete job applications or continue to employ our existing employees.
6. How long we keep personal information
6.1 We will never retain personal information for any longer than is necessary for the purposes we need to use it for.
6.2 Generally, in respect of personal information gathered in the undertaking of a contract, we will retain personal information for the duration of the contract and a period of up to five years after the contract has been completed, other than in the case of such personal health surveillance information that is required to be maintained for 40 years minimum.
6.3 We may also retain personal information for as long as required by law or regulation or instruction of a relevant accreditation body such as the HSE or EA.
6.4 Unsuccessful job applicant information is retained for a period of 12 months after the position has been filled.
6.5 We will retain the personal information of business contacts that receive our emails until they opt-out or unsubscribe from further contact.
7. Sharing personal information with third parties
7.1 We only share personal information with selected third parties:
(a)to the extent necessary for fulfilling the purposes outlined in paragraph 5, including where necessary for the provision of our services;
(b)where we are under a legal or contractual obligation to do so; or
(c)where it is fair and reasonable for us to do so in the circumstances required.
7.2 We may share personal information with the following third parties:
(a)Corporate companies / agencies / clients: We may sometimes need to share personal information with our wider client base where required for the legitimate interests of operating our day-to-day operations, and also where required for independent review of audits, pre-qualification questionnaires, DBS checks and assessments. As they are their own corporations, they will also be required to comply with GDPR and protect any personal data we send to them;
(b)Suppliers: We use a number of different suppliers, including IT suppliers, payment processors and consultants, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them;
(c)Accreditation Bodies: We may be required to share personal information with accreditation and regulatory bodies (such as UKAS, UKATA, IATP, RoSPA, CHAS, Safecontractor, Exor, SMAS, Achilles, Constructionline, Acclaim, ISO auditors and other such parties that will be checked for their GDPR policy before sharing. These various bodies monitor our company compliance and audit services to ensure that we are compliant with their rules and requirements when awarding certifications; and
(d)Government bodies: We may be required by law to share personal information with government bodies and regulators such as HMRC, HSE and the EA.
8. Sending personal information overseas
8.1 We do not identify this as a requirement for our company at this present time, if circumstances should change we will review accordingly.
9. Privacy rights
9.1 Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information:
(a)Access: Individuals can request access to a copy of their personal information
held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.
(b)Rectification: Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
(c)Erasure: Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it. This allows persons to ask us to delete or remove personal data where there is no valid reason for us continuing to process it. They also have the right to ask us to delete or remove their personal data where they have successfully exercised their right to object to processing, where we may have processed the information unlawfully or where we are required to erase the personal data to comply with local law. Note, however, that we may not always be able to comply with the request of erasure for specific legal reasons which will be notified, if applicable, at the time of the request.
(d)Restriction: Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information, only where legal requirements do not require the processing of such information.
(e)Object: Individuals can object to our processing of their personal information only where legal requirements do not require the processing of such information.
(f)Portability: Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.
(g)Withdraw Consent: Generally, we do not require consent to process personal information and so we do not ordinarily ask for it. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time, only where legal requirements do not require the processing of such information to be maintained.
9.2 Please make all requests to exercise privacy rights or the removing of personnel data in writing to email@example.com
9.3 We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.
9.4 We will not make any charge for responding to any reasonable request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under dataprotection laws. Where unreasonable requests are made for large amounts of information then a small charge may be administered.
9.5 Individuals can make a complaint about how we have used their personal information to us by contacting us as noted above, or directly to the ICO (https://ico.org.uk/concerns/).
10. Online activities
10.2 Cookies are a small file which is sent to your browser and stored on your computer’s hard drive. Cookies help us understand and track your use of our websites and help us identify where we can improve the information and services provided via our website.
10.3 We use the following categories of cookies on our website:
(a)Strictly necessary: These cookies are essential for certain features of our websites to work (for example, making payments online). These cookies do not record personally identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services on our website cannot be provided and certain parts of our website cannot be accessed.
(b)Performance: These cookies are used to collect anonymous information about how you use our website. This information is used to help us improve our website and understand how effective our website is. In some cases, we use trusted third parties to collect this information for us, but they only use the information for the purposes explained.
(c)Functionality: These cookies are used to provide services or remember settings to enhance your visit, for example by using your IP address. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
(d)Targeting and Advertising: These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and does not contain personal information. To find out more about cookies used for targeting and advertising follow www.youronlinechoices.com and www.networkadvertising.org or contact us for further information about the trusted third parties we use.
10.4 If you would prefer to restrict, block or delete cookies from us and our third-party advertisers, or any other website, you can use your browser to do this. Each browser is different, so check the “Help” menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected.