Data Privacy Notice

GKR Maintenance & Building Co Ltd is committed to the correct and lawful treatment of personal data. In whatever medium a person’s data is held, whether paper or electronic, all data will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation 2018.

GKR Maintenance & Building Co Ltd adheres to the principles of the GDPR that detail the legal conditions that must be met in relation to the obtaining, handling, processing, storage and transportation of personal data. All employees of GKR who are involved in any of the above activities must adhere to these principles.

The GDPR Principles

Data will:

  1. Be processed fairly and lawfully
  2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  3. Be adequate, relevant and not excessive for those purposes.
  4. Be accurate and where necessary, kept up to date.
  5. Not be kept for longer than is necessary for that purpose.
  6. Be processed in accordance with the data subject’s rights.
  7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
  8. Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Types of Data We Collect / Store

Company Name, Address, Contact details including telephone numbers, fax numbers, email address), work order information, invoices, credit notes, statements, remittances

This information is used to be able to carry out contractual obligations, complete sales orders, raise invoices/credits to you and for general related correspondence. 

GKR Maintenance & Building Co Ltd endeavours to ensure the accuracy of the data that we hold. Any inaccuracies can be amended upon the request of the individual.

Data Sharing

We may have to share your data with third parties, including third-party clients & service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. 

We may share your data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. 

The following activities could be carried out by third-party service providers:

  • Carry out specialist services on behalf of GKR Maintenance & Building Co Ltd
  • Tax compliance, accounting and auditing
  • Health & Safety Consultancy and Accident Investigation

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and data processing policy.

We will never sell your information.

Website Cookies

To find out more information about cookies and how we use them, please click here.

Data Storage

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations. 

When data is destroyed, whether in electronic or hardcopy form, it will be destroyed securely in accordance with the best practice at time of destruction.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Access to Your Data

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your information, please contact us using the information below.

We want to make sure that your information is accurate and up to date. You may ask us to correct information that you think is inaccurate or to be removed. 

You will not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may refuse to comply with the request, or charge a reasonable administrative fee if your request for access is clearly unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. 

We will respond within 30 calendar days of receipt of a subject access request. This can be extended by a further 60 calendar days if the request is complex or if we have receive a number of requests from the same individual. 

Changes to Our Policy Notice

We keep our privacy notice under regular review and will place any updates via this web page. This privacy notice was last updated on 23 May 2018.

Please note that all requests for access must be in the written format.

How to Contact Us

If you have any questions about our notice, how we use/store/process data or you wish to submit a subject access request or complaint, please write to us at:

The Data Compliance Officer
GKR Maintenance & Building Co Ltd, 
Bedwas House Industrial Estate,
Caerphilly, CF83 8DW

Or alternatively email: dco@gkrmaintenance.co.uk 

 

Further Information

A link to the General Data Protection Regulation can be found at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

 

 

 

GKR Maintenance & Building Co. Ltd © 2016 Website Designed & Developed by Spindogs