Privacy Policy

Introduction

R.J. Heathman (Contractors) Limited T/A County Contractors are committed to respecting and protecting your privacy. This Privacy Policy explains how we will collect, store, and use any personal data you provide via our website, email, or networking with our people and when you otherwise communicate with us, including in the course of the services we provide or the running of our business. Our details are as follows:

• Data controller: R.J Heathman (Contractors) Limited
• ICO registration number: Z2314010

We are registered under current data protection legislation and comply with such legislation including The General Data Protection Regulations 2018 in all our dealings with your personal data.

[fs-toc-H2]What data we collect & how we collect your data

Information we may collect about you

1. We may collect and process information about you and your personnel through various means, including:
   
   • Whilst carrying out work for you, or your business.
   • Via our website (e.g. on our ‘Contact Us’ page or our news and insight subscription form, submitting a job application etc).
   • By email or other electronic correspondence.
   • By telephone.
   • Networking (e.g. at client events and/or other meetings or events either hosted or attended by us)
   • by operating security policies and procedures in our offices (e.g. data collected via CCTV footage recorded at our premises or sites).
   • Otherwise through providing our services or operating our business.
2. The personal data you give to us may include:
   • Your name and title.
   • Contact information, including telephone number, postal address, and email address.
   • Information relating to your location, preferences, or interests.
   • Employment and job application details, e.g. date of birth, employment history, qualifications, equality monitoring information.
   • Photographic identification, video footage and biometric data.
   • In certain circumstances, your and others’ signature(s), National Insurance number(s), financial details such as bank account details and details of any relevant sanctions or similar restrictions.
   • In certain circumstances, data relating to health (including disabilities), ethnicity, race, religious beliefs, trade union membership and other ‘special category personal data’.
   • The content of any enquiry submitted over our website.
   • Any other personal data we collect (such as the client reference number which may be assigned to you) in the context of our work for our clients or while operating our business.
3. Each time you visit our website, we may automatically collect the following information:
   • Web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform.
   • Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
   • Location, device, and demographic information.
4. We may ask you for information when you report a problem with our website.
5. If you contact us, we may keep a record of that correspondence.
6. The personal data described above may relate to any of the following categories of person:
   • Our clients and clients’ personnel.
   • Our prospective employees, work experience students or other job applicants.
   • Those emergency contacts whose details have been provided to us by our people.
   • third party processors of data with whom we have contact by virtue of providing services.
   • Our contacts at professional advisors or others with whom we work in the context of our business.
   • Our prospective target clients.
   • Our contractors and suppliers.
   • Those with whom we work in the context of our Corporate Responsibility initiatives.
   • Those who submit enquiries through our website or whose details are otherwise entered into our client relationship management system.
   • Any other visitor to our offices.

[fs-toc-H2]Cookie Policy

Our website uses cookies to distinguish you from other users, to improve your experience on our website, and, to recommend content that may be of interest to you.

[fs-toc-H2]How we use your data

We may use your information for the following purposes:

1. To respond to any query that you may submit to us.
2. To manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes.
3. To complete our contractual obligations to you, or otherwise taking steps as described in our Terms and Conditions.
4. To send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation) to process any job application you (or your representative) has submitted.
5. To ensure that our website’s content is presented in the most effective manner for you and your device.
6. To customise our website according to your interests.
7. To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses.
8. To allow you to participate in interactive features on our website when you choose to do so.
9. As part of our efforts to keep our website safe and secure.
10. To measure or understand the effectiveness of advertising we send to you and others, and to deliver relevant advertising to you.
11. To ensure we appropriately administer any attendance / visits to our offices.
12. To comply with any other professional, legal, and regulatory obligations which apply to us or policies that we have in place.
13. As we feel is necessary to prevent illegal activity or to protect our interests.
14. To carry out any relevant checks (including but not limited to DBS checks, right to work checks or other checks required during our business).

[fs-toc-H2]Legal grounds for processing information

We will rely on the following legal bases under the applicable Data Protection Legislation for processing your personal data:

1. Performance of, or entry into, a contract. The personal data that we are required to collect to comply with any other professional, legal, and regulatory obligations which apply to us must be provided to us for us to perform this contract – we would not be able to act for you without this personal data.
2. Compliance with a legal obligation to which we are subject.
3. We have a legitimate interest in doing so (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices, and ascertaining achievement of proper standards/ compliance with policies, practices, or procedures.
4. Where processing of ‘special category data’ is necessary in the context of the establishment, exercise, or defence of legal claims.
5. in certain circumstances, such as those described in paragraph 4.1(o) above or where we need to process ‘special category data’ in the context of our work but outside the scope of paragraph 5.1(d) above, where we have obtained your express consent to do so. As we will explain at the time we collect your consent, you may withdraw it at any time in accordance with the information we provide to you at that time.

[fs-toc-H2]Sharing & storing your data

Sharing your information

We may share your details with carefully selected third parties. These may include service providers, support services and organisation that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and/or our clients during business.

If we share your information with third parties, they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the applicable Data Protection Legislation.

We may disclose your information to third parties when:

• You specifically request this, or it is necessary to provide our services to you.
• We feel other companies’ products and services may interest you.
• If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If our website or substantially all its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data to comply with any legal obligation or to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisation for the purposes of fraud protection and credit risk reduction.

The third parties include:

• Our bank.
• Our insurers.
• Our auditors, including external accreditation bodies.
• Other professional advisors or third parties with whom we engage as part of our work for our clients or who our clients separately engage in the same context.
• Any professional bodies that we are a member of.
• Our data processors providing security, email security, data governance, archiving and other IT and business support services.
• Our email marketing platform provider and our website platform provider.
• Selected partner digital agencies and online job application provider.
• Analytics and search engine providers that assist us in the improvement and optimisation of our website.
• Any third party you ask us to share your data with.

Our website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.

Storage and retention of your personal data

1. We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on our website will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
2. We will keep your information stored on our systems for as long as it takes to provide the services to you. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory, or technical reasons. We may also keep it for research or statistical purposes. If we do, we will ensure that appropriate safeguards are in place to protect your privacy and only used for those purposes.
3. The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
4. We will, subject to paragraph 2, not store your information for longer than is reasonably necessary or required by law.

Sending your information outside of the EEA

If we need to share your personal data with a recipient outside the European Economic Area (“EEA”) (e.g. a professional advisor or third party engaged by us or you) we will ensure we do so in compliance with the relevant Data Protection Legislations, including where applicable by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests.

Our people may access our systems remotely when working abroad (including from jurisdictions outside the European Economic Area). Where they do so, they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.

Withdrawal of consent

Where we process your personal data, we do so on the basis that you have provided your consent for us to do so for the purposes set out in this Policy when you submitted your personal data to us. You may withdraw your consent to this processing at any time by contacting us at dataprotection@countycontractors.co.uk or via the web form on our Contact Us page.

If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.

[fs-toc-H2]Your information rights

1. The current Data Protection Legislation gives you the right to access information held about you. You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold; details of the purposes for the processing of your personal information; and details of any third party with whom your personal information has been shared.
2. You can access the personal information we hold on you by writing to us at: FAO: Data Compliance Officer, County Contractors, 105-107 High Street, Worle, Weston-super-Mare, Somerset, BS22 6HA. You can also contact us by email at dataprotection@countycontractors.co.uk or by completing our web form via our Contact Us page.
3. We will ask you to provide proof of identity before we show you your personal information – this is so we can prevent unauthorised access.
4. You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights). However, if an access request is unfounded, excessive, or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. Alternatively, we may refuse to comply with your request in such circumstances. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information. (That fee will be based upon the administrative costs of providing the information).
5. You have the additional rights to request rectification and erasure of your personal data and to request restriction of, and to otherwise object to, our processing of your personal data and you can exercise these rights at any time by contacting dataprotection@countycontractors.co.uk or by completing our web form via our Contact Us page.
6. You are also entitled to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller. You can exercise this right by contacting us at dataprotection@countycontractors.co.uk or by completing our web form via our Contact Us page.

[fs-toc-H2]Complaints & Contact

Complaints

If you consent to us contacting you, we will always aim to be respectful, relevant, and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.

You also have the right to make a complaint to the Information Commissioner’s Office. For more details, please visit the ICO website.

Contact

Any questions, comments, and requests regarding this Policy should be addressed to the:Data Compliance Office, County Contractors, 105-107 High Street, Worle, Weston-super-Mare, Somerset, BS22 6HA.
Email address: dataprotection@countycontractors.co.uk
Telephone number: +44 (0) 1934 523000

[fs-toc-H2]Review and Revision

This policy will be reviewed as it is deemed appropriate, but no less frequently than every 3 years. Policy review will be undertaken by the Network/IT Manager. The up-to-date version will always be available on our website and becomes effective immediately.