Ampsail Limited (‘The Company’) specialises in the Design, Procurement, Installation, Inspection, Testing and Commissioning of Building Services together with the Service and Maintenance of installed Building Services.
To provide these services, the Company must process personal data (including sensitive personal data) and in doing so, the Company acts as a Data Controller.
The GDPR apply to all personal data we process regardless of how we receive the information and regardless of whether we receive it directly or from a third party. Personal details may be given to the Company directly, such as on an application form or via our website, or we may collect them from another source such as an employment agency. The Company must have a legal basis for processing your personal data. For the purposes of providing our services we will only use your personal data in accordance with the terms of the following statement.
1. Collection, use and processing of personal data
a. Personal data we may collect from you
To meet legal and business requirements we need to collect certain personal and sensitive personal data from employees and clients. We will only ask for details that that are needed for the provision of our services. We may also collect information relating to your health, disability, diversity and details of any criminal convictions. Where relevant, we may also collect from employees to ensure they can be paid.
b. Purpose of processing and legal basis
The Company will collect and process personal data (which may include sensitive personal data) for the purposes of providing our services. The legal bases we rely upon to offer these services are:
Article 6 (1)(f) of the GDPR say that we can process personal data where it is “necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”.
For clients, in order to provide our services, we will need to store personal data of individual contacts in your business as well as keep records of conversations and meetings. We may also contact you about future potential work or to undertake a customer satisfaction survey. We think this is reasonable and these uses of your data to be necessary for our legitimate interests as s business providing services to you.
Article 6(1)(c) provides a lawful basis for processing where “processing is necessary for compliance with a legal obligation to which the controller is subject”. In our business activities we have legal obligations to process and retain personal data to comply with our responsibilities to HMRC and under UK law.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Article 4 (11) of the GDPR states that consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the process of personal data relating to him or her.” This requires us to ensure that consent has been given freely, you know what you are consenting to and that you take positive action to give us your consent. We will keep records of the consents you have given in this way.
c. Recipient/s of data
Where appropriate and in accordance with UK laws and requirements, we may share or process your personal data and/or sensitive personal data with the following categories of recipients:
- Any of our legally associated companies;
- Individuals and organisations who hold information related to an employee’s references;
- Tax, audit or other authorities, when required by law or other regulations or requirements to share this data;
- Third party service providers who perform functions for us in our business (including professional advisers such as lawyers, auditors and accountants, technical support functions, intermediary service providers, outsourced IT providers and IT consultants carrying out testing and development work on our IT systems).
- Marketing technology platforms and suppliers;
d. Statutory/Contractual Requirement
Your personal data may be required by law and/or a contractual requirement (e.g. our client may require this personal data) and/or a requirement necessary to enter into a contract.
2. Overseas Transfers
The Company may transfer only the information provided to us to countries outside the European Economic Area (‘EEA’) for the purposes of delivering our business services. We will take steps to ensure adequate protections are in place to ensure the security of information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
3. Data retention
The Company will retain personal and sensitive personal data only for as long as is necessary. Different laws require us to keep different data for different periods of time.
We must also keep employee payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. We will regularly review how long we keep data for.
4. Your rights
Please be aware that you have the following data protection rights:
- The right to be informed about the personal data the Company processes on you;
- The right of access to the personal data the Company hold on you within 30 days of notice;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.
Where you have consented to the Company processing your personal and sensitive personal data you have the right to withdraw that consent at any time.
5. Contact details
If you wish to complain about this privacy notice or any of the procedures set out in it, or act on any of your rights set out in Section 4 please write to:
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.
How and what information is collected
When you use our website we may collect the following information:
a. Information provided to us by you
This can be your personal information which you submit to us on our website when sending enquiries via contact form or when applying for job vacancies with Ampsail.
b. Information provided automatically
This can be the IP address that your computer uses to connect to the internet, your computer name, browser version, operating system version and internet connection details, path analysis of your journey through our website. We may also use software tools to measure and collect the session information such as the length of session, click-through’s and visits to certain pages. This non-identifiable information is only used to optimise our website for better user experience.
Disclosure of your data
We will only disclose your information if required to do so by law.
What are cookies?
Cookies are a technology which can be used to provide you with tailored information and a positive user experience on our website. Cookies are files that are stored in your browsers cache for a limited time or until your browser cache is cleared.
Last updated: 24/09/18