This page outlays DP Builders & Construction Ltd data protection policy. This policy statement covers all our clients (including potential clients), our suppliers and members of staff and of anyone who shared their personal information with us. We are registered as a data controller with the Information Commissioner’s Office (registration no. ZA459820).
We have nominated Mr. Derren Hancock as the Data Protection Officer for our business and he can be contacted at the following address:
Address: 40 Belmont Road, Erith, Kent, DA8 1LB, UK.
Types of data
We hold personal information of our clients (individuals or organisations) for the purpose of providing a competent and adequate service to them. The types of personal information that we process are given below:
- Postal address
- Email address
- Contact numbers
However, we retain additional information for our members of staff such as date of birth, bank details and social security numbers, as part of legal requirements to run payroll and make payments to them.
DP Builders & Construction Ltd do not possess any sensitive information as described under GDPR.
Sources of data
Most information are collected through direct correspondence with clients or suppliers. However, further information, when required, are requested from relevant parties for running payroll, making payments or HMRC verifications.
Usage of data
Our principle activity is general construction work and we use personal information of our clients, suppliers and members of staff (as per legal requirement, where necessary) to maintain our books and records and to manage and support our operation.
Disclosure of data
We generally do not disclose any personal information with anyone outside of our business, unless it is requested by the data subject himself or it is to assist us in order to carry out our operational activities. However, we may need to disclose information on certain circumstances e.g. upon court’s request, requests from Government departments as part of compliance and to HMRC.
All our members of staff or third parties, where applicable, handling all types of personal information are aware and adhere thoroughly to the GDPR compliances.
We take appropriate measures to secure any personal information we hold, both on paper or electronically. All physical files are kept inside our office at 40 Belmont Road, Erith, DA8 1LB and has only access to nominated staffs. All company phones and computers are password protected. Any personal information shared by email within the scope of our work are password protected as well.
We may sometimes require other organisation to process personal information on our behalf. They will be required to process personal information in line with our instructions and are obliged to provide security assurances to us and to certain regulatory bodies.
Data retention & disposal:
We retain information for the period as required by the law. The data retention process is dealt in our office through our systematic operation. Once the data is held for the required period, it will be deleted on request from the client or part of our housekeeping exercise.
Data from our website visitors
We may use Google Analytics to assess the browsing data of our web users. However, we do not use any of these information to identify individual visitors. We also do not use any of these information for marketing purposes.
Rights to data
Under the Data Protection legislation, data subjects have the following rights with regards to their personal information:
- the right to be informed, on request, about the collection and the use of their personal data
- the right to access personal data
- the right to have inaccurate personal data rectified, or completed if it is incomplete
- the right to erasure (to be forgotten) in certain circumstances
- the right to restrict processing in certain circumstances
- the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
- the right to object to processing in certain circumstances (if processing is based on legitimate grounds)
- rights in relation to automated decision making and profiling
- the right to withdraw consent at any time (where relevant)
- the right to complain to the Information Commissioner
Data breach reporting
At any time, if we identify any possible breach in our data protection system, it will be investigated immediately. Any exposure to data subject’s privacy rights and freedom will be reported to the Information Commissioner’s Office as soon as possible (but not longer than 72 hours).
Review of data protection policy
We continuously review and monitor our data protection policy. Any changes in our operational activities, security and control or in GDPR is reflected in our organisation’s data protection procedure, and subsequently reflects in our data protection policy statement to ensure compliance at all times.
In the event that an individual is not satisfied with the way in which we are processing his personal data, he/she has the right to make a complaint with the Information Commissioner’s Office.