GDPR: DATA PRIVACY NOTICE FOR CLIENTS
The Data Protection Act 1998 is due to be replaced by the General Data Protection Regulation (GDPR) on 25 May 2018. Blue Fish Construction is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The rules on processing of personal data are set out in the General Data Protection Regulation (GDPR).
1 Data Controller
Blue Fish Construction is the data controller. This means we decide how the personal data that we hold is processed and for what purposes.
Our contact details are at the top of this document. For all data matters contact Zoe Fisher.
2 Personal data
Personal data that we will hold will include: Your name, home address, email address, contact telephone numbers.
We will have obtained your personal data from you personally, with your consent.
3 The purpose(s) of processing your personal data
Blue Fish will use your personal data in order allow the smooth running of construction operations.
We will need your personal data to comply with our contractual obligations; we’ll need your shipping address details for subcontractors and to deliver purchases, which we will pass on to couriers and / or companies supplying the materials.
Your data will also be used for accounting purposes
4 Legal basis for processing your personal data
(Article 5 &6 of GDPR)
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.
Your personal data will be relevant and limited to the purpose for which they are processed.
We keep your personal data specifically to allow the running of construction operations.
We also keep your personal data for accounting purposes and to facilitate the running of your account with us. We need quick access to previous invoices, sales and orders, we do not use your data for marketing purposes.
We will endeavour to keep your personal data accurate and up to date.
Your personal data will be kept securely, with protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
5. Sharing your personal data:
We do need to share your personal data with third parties, for example, couriers making deliveries, suppliers, sub-contractors.
We need to share personal data with the Inland Revenue and our Accountants: The Wow Company, Hikenield House, East Anton Court, Icknield Way, Andover. SP10 5RG. This is for the purposes of our accounting, taxation and legal duties as a business.
Your data is held for the purposes of facilitating your account with us.
Your personal data is treated as confidential, we share your data only with your consent.
6. How long do we keep your personal data?
We keep your personal data specifically for ability to work on the construction projects, for accounting purposes and financial records.
Examples are invoices, receipts, sales orders, banking records. They will kept no longer than reasonably necessary (6 years in the case of invoices, accounting and banking records) retained to comply with Inland Revenue statutory record keeping only, all data is incinerated or deleted from our computer records after this statutory period.
7. Providing us with your personal data
You are under no statutory or contractual requirement or obligation to provide us with your personal data.
However, if we do not keep your personal data, previous orders, archived invoices etc cannot be provided as all name, address details will have been destroyed thereby making it impossible to locate archived information for your future record keeping or queries.
8. Your rights and your personal data
You are entitled to be informed, view, amend, take/move, object to/restrict processing, not be subject to auto-profiling and decision making, delete/’be forgotten’, for the personal information that we hold on you, unless there is Legal Basis to do so.
If you would like to make an enquiry regarding personal data, please email our Data Protection Officer on firstname.lastname@example.org directly with your request, making sure to include your:
– Full name
– Relation to the company (see Data Subject Types)
– Your request
Under the GDPR we are under obligation to respond to a Data Subject Access Request (DSAR) within one month, we will do our best to respond to most requests within 72 hours, however there may be cases where a more thorough request may be required, needing more time to gather all the information and personal data.
The right to request your personal data is erased where it is no longer necessary to retain such data.
9. Legal compliance
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting our company to law enforcement.
10. Transfer of Data Abroad
We do not transfer data outside the European Economic Area (EEA).
11. Automated Decision Making
We do not use any form of automated decision making in our business.
13. How to ask for more information or make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Representative: Zoe Fisher, to the address above.
If this does not resolve your question to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.