This policy was last updated: 29th May 2018.
At High Five Construction Limited, we’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.
Any questions regarding this policy and our privacy practices should be sent by email to firstname.lastname@example.org or in writing to Alan North, High Five Construction Limited, Kemp House, 160 City Road, London, EC1V 2NX.
Who we are:
In this policy ‘High Five Construction Limited’, ‘we’, ‘us’ or ‘our’ means:
We obtain information about you in the following ways:
Information you give us directly
For example, we may obtain information about you when you become a customer, make an enquiry, or use our website.
Information you give us indirectly
Your information may be shared with us by third parties, indirectly from time to time. This will only apply where necessary for us to provide our services and as permitted by the law.
When you visit our company website
We, like many companies, automatically collect the following information:
When you interact with us on social media platforms such as Facebook and Twitter we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
What type of information is collected from you?
The personal information we collect, store and use might include:
How and why is your information used?
We may use your information for a number of different purposes, which may include:
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties in order to achieve the other purposes set out in this policy. These third parties may include:
Third parties working on our behalf: We may pass your information to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it like when you purchase our services.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority.
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) or a safeguarding issue which requires us to share your information with the emergency services.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).
For example, to:
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
We may use your contact details to provide you with information about products and services we think it may be of interest to you.
We will only send you marketing communications by email, text and telephone if you have explicitly provided your prior consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.
We may send you marketing communications by post unless you have told us that you would prefer not to hear from us.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, then you can select your choices by ticking the relevant boxes situated on the form used to collect your information.
We’re committed to putting you in control of your data so you’re free to change your marketing preferences (including to tell us that you don’t want to be contacted for marketing purposes) at any time by contacting us by email: email@example.com, or post: Kemp House, 160 City Road, London, EC1V 2NX.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted. However, we may still need to contact you for administrative purposes.
We may analyse your personal information to create a profile of your interests and preferences so that we can tailor and target our communications in a way that is timely and relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and also reduces the risk of someone receiving information they may find inappropriate or irrelevant.
We’re committed to putting you in control of your data so you’re free to opt out of your information being used in this way at any time by contacting firstname.lastname@example.org.
We may also use your personal information to detect and reduce fraud and credit risk.
Under UK data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Ballyhoo PR. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by emailing us at email@example.com
Right of access
You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you want to see and proof of your identity by post to the address provided below.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email or post (see below).
Right to restrict use
You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.
Right of erasure
You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object
You have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
If you want to exercise any of the above rights, please email us at firstname.lastname@example.org or write to High Five Construction Limited, Kemp House, 160 City Road, London, EC1V 2NX. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/
Keeping your information safe
Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
We take appropriate steps to ensure a safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
We cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Our website may contain links to other websites run by other organisations. This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our website.
We do not market this website at those under 18 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.
We will take appropriate steps to delete any personal data of individuals less than 16 years of age that has been collected on our website upon learning of the existence of such data.
Our website is hosted by Poppy Design (see www.poppydesignstudio.com). Any information that you supply to us may be stored and processed by our servers located in the EEA or another country that provides ‘adequate’ safeguards in accordance with the GDPR. Your data will only be transferred as permitted by the relevant data protection laws.
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.
If you have any concerns about how we handle your data, you can contact the Data Controller by email to email@example.com.
Changes to this policy
Any changes we may make to this policy in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on this website.
If you want to raise a concern about the use of your data, you can contact us by email to firstname.lastname@example.org Alternatively, you can formally raise a concern or complaint to the Information Commissioner’s Office (ICO) directly on 0303 123 1113, or see the options for reporting issues on https://ico.org.uk/concerns/
Review of this Policy
We keep this policy under regular review. This policy was last updated in May 2018.