16th May 2018
Who we are
This Policy sets out the obligations of Great British Ground Screw (GBGS), a company registered in England under number 01266432, whose registered office is at Unit 1c Bowden Place, Meadowfield Industrial Estate, Durham, England, DH7 8TB (“the Company”) regarding the privacy of all personal data collected and defined by EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
These 8 principles summarise our commitment to protecting your privacy:
- We only collect and use the personal information we need to provide or improve our products and services
- You can check whatever information we hold about you
- We will keep your personal information safe
- We are fair and open about how we use your details
- We will never sell your details or share it except in the ways mentioned in this policy or unless you ask us
- We will let you know if there are important changes that affect your information or how we use it
- We take responsibility for the information we hold about you
- We only keep your information for as long as necessary.
- Industrial Training Act 1982 and any relevant Levy Order
- Data Protection Act 1998 (DPA)
- EU Data Protection Directive 95/46/EC
- Regulation of Investigatory Powers Act 2000
- Electronic Communications Data Protection Directive 2002/58/EC
- Privacy and Electronic Communications (EC Directive) Regulations 2003
- General Data Protection Regulation ((EU) 2016/679) (GDPR) as introduced into national law on 25 May 2018
- All applicable laws, regulations and secondary legislation relating to the processing of personal data and privacy
- Guidance and codes of practice issued by the Information Commissioner
- Any successor legislation to the DPA and GDPR.
How we collect
You give us information when you use our websites, products and services, including when you:
- Submit one of our forms
- Correspond with us by phone, email or otherwise
- Register with us or subscribe to our services
- Participate in our discussion boards, chat or social media
- We may also get information from other sources including from agencies who refer enquiries to us as well as within our own network of approved installers.
What we collect
The information we collect from you could include your:
- Name, address, email and phone number
- Professional role
How we use your information
We use your information for many purposes, including to:
- Facilitate the installation of our products and allow fulfilment of our services
- Promote the interests of our company
- Manage our employees
- Advertise, promote and market our services
- Notify you about a change to our service
- Carry out our contractual obligations
How we keep it safe
We take the security of your personal information seriously.
We use technical measures, such as encryption, and carry out regular security reviews to keep our protections up to date. We also control access and ensure staff who are authorised for access are adequately trained in keeping your information safe.
Our procedures mean that we may ask you to prove your identity before we share your personal information with you.
Third-party websites you access through links on our websites will have their own privacy policies. We do not accept any responsibility or liability for them.
Sharing your information
We do not share your information with others unless you have consented or it is necessary to do so because:
- The law requires us to
- Of administrative or operational needs
When we do have to share information, it is likely to be with:
- Service providers or booking agents
- Your employer or prospective employers
- Other (subcontracted) Installation teams or partner organisations but also including our own employees
- Law enforcement agencies.
Data Transfer Outside the EEA
There are no cookies in place for the GBGS website.
Email and Social Media,
There are a number of ways you may communicate with us online, including by:
- Social media (such as Facebook, Twitter or Linked-in)
What we do
When you use email, social media or other online platforms, it is likely you know what information you are sharing with us.
The information is normally handled by our authorised staff, but if we intend to share it with third parties beyond the platform you have used, we will make every effort to let you know.
Payments and Receipts
We do not use any financial information for any purpose you have not authorised, or disclose it to third parties without your permission.
In order to process electronic banking transactions between us, we collect sufficient data including bank account detail. In some instances, some of the data we add to our accounting systems is personal data – e.g. where we make or receive payments from sole traders.
When we make or receive payments to or from our trading customers or other parties, an individual’s name or other personal identifying information may be used as a payment source or reference for these transactions.
Where the transaction is either a one-off or infrequent, we do not maintain any data beyond our end-of-year accounting process – i.e. data is retained in our accounting database for 12 months or less. Note however, our bank account will reference payee and/or receipt data reference for a period upto 7 years. In both cases, GBGS use secure systems and at least 2 factor security protocols to access the personal data in these systems.
Where there is an on-going relationship between GBGS and you/your company, we retain your banking detail in our accounting software, together with other personal data such as name (individual) or contact name (corporate).
Who has access to your information
GBGS staff and contracted data processors have access to your payment details to carry out your transaction.
Our contracted data processors are;
- SAGE (UK) Ltd, North Park, Newcastle upon Tyne, NE13 9AA
- JFS Torbitt, 58 Durham Road, Birtley, Chester-le-Street, County Durham, DH3 1PB
Our websites, services and products are not aimed at children and we do not knowingly collect any information from them.
We ask children not to register with us or give us any of their information.
Where we have inadvertently collected information from a child, we will delete it as soon as possible.
If you know that a child has given their information to us, please contact us at firstname.lastname@example.org
You have the right to:
- Ask for a copy of any information we hold about you
- Withdraw any consents you have given
- Lodge a complaint with us or the Information Commissioner’s Office or with any other relevant supervisory authority about how we handle your personal data
- Ask us to correct any inaccurate or incomplete information we have about you
- Ask us to delete your information from our records
- Ask us to send a copy of your information to a third party in a data portable format.
Changing your contact preferences
You can change your contact preferences or withdraw your consents at any time by writing to us at email@example.com or:
Making a request to see your information
To see the information we hold about you, you should make a Subject Access Request in writing, including your:
- Full name, including previous or other names, if appropriate together with
- Either your address or your business address if the request relates to individual data captured in the course of business operations
and send it to:
Andy Crozier, Unit 1c Bowden Place, Meadowfield Industrial Estate, Durham, England, DH7 8TB
Additional Provisions – Construction preparation and installation works
How we use your information
We use your information to facilitate GBGS preparations and installation to occur.
We manage an electronic booking system for construction installations – this includes the capture of relevant personal data – in particular, site supervisors and site contacts.
Who has access to your information;
For construction installations, GBGS processes information directly through its own offices with its own employees.
Depending on the location of the installation works, we may also share your information with sub-contracting installation teams and partner organisations and their regional offices.
In addition, GBGS use a number of technology support organisations and software vendors who provide solutions to assist in processing, maintain data and network integrity – i.e. for data back-up. The following companies have access to personal data collected in the course of our operational business;
- Cardnet, Phoenix House, Christopher Martin Rd, Basildon SS14 3EZ
- Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Wherever personal data is shared between GBGS and third parties, it is done so under purposed processing agreements.
What we do
We use your:
- Contact details to administer the installation
- Card details to pay for construction consultancy and works
How long we keep it
In most cases, the guarantee for our work lasts 1 year. After this time, your details are deleted from our systems.
If you have any comments or concerns about an aspect of this policy or any privacy or data protection issue, please email our Privacy Team at GBGS Ltd, Unit 1c Bowden Place, Meadowfield Industrial Estate, Durham, England, DH7 8TB or by email to firstname.lastname@example.org.
Our Privacy Officer is Andy Crozier who you can contact through the email or address above.