192 Campden Hill Road, Notting Hill, London, UK,
Postcode: W8 7TH
[email protected]
MASPER
Need Help? Talk to an experts
020 3743 3014
Get a Quote

GDPR Compliance

020 3743 3014

We are available on

Introduction

Masper Build LTD treat privacy with the utmost importance and are committed to ensuring compliance with the Data Protection Act 2018 (DPA) which is the UK’s implementation of the General Data Protection Regulation (GDPR). We aim to protect the rights of staff, customers and partners in addition to ensuring that, as a company, we protect ourselves from the risks of a data breach.

We routinely review this Policy as part of our quality management system, keeping up to date through the published content of the Information Commissioner’s Office (ICO).

Roles and Responsibilities

Everyone at Masper Build LTD has responsibility for ensuring data is collected, stored and handled appropriately. To ensure this Policy is maintained there is a nominated Data Protection Officer and a supporting quality management system, including data retention rules. For the purposes of DPA we consider ourselves a ‘data controller’ and set out the manner by which we process personal data.

Some key principles we work to:

  • Data will be held in as few places as possible;
  • Data will be regularly reviewed to make sure it is up to date;
  • Systems will be maintained in such a way that data is easily retrievable e.g. website, shared drives and project specific cloud products; and
  • Inaccuracies will be corrected within a reasonable period of time when discovered.

Personal Data Collected and Used

Our data will likely be generated by being an employer, our maintenance and project work where suppliers, contractors and customer information is provided. The most common personal information provided to us is:

  • Name, address and contact details;
  • Relevant information necessary for employment / undertaking your role (e.g. HMRC details, driving license, residential status confirmation);
  • Health records (as part of workforce wellbeing monitoring/surveillance processes);
  • Professional and organisational accreditations (e.g. CSCS / NICEIC / Gas Safe / Training Certification).

We use your personal data to:

  • Help identify where more needs to be done to control risks;
  • Make arrangements to complete works for our client and/or tenants; and
  • Provide ongoing employment.

Sharing your personal data We routinely share relevant personal data with subcontractors. This data sharing enables them to complete required works. We expect all our supply chain to meet the legal requirements of the DPA. If required by law enforcement or other authorities in the conduct of their regulatory responsibilities we will pass on your personal data.

In the event that an employee requires the assistance of occupational health, personal data will be shared in consultation with the individual concerned.

We will not share your personal information with any other third party.

Keeping Personal Data

We will not keep data for longer than we need it. We are guided by the ICO and the advice they provide; the purpose for processing the data, and any regulatory or legal requirements for retaining it.

Operational data will be kept for 3 years after the end of financial year to which they relate. This includes previous staff records, training and contract information (excluding live ongoing contracts and relevant financials).

Health and Safety Records will be kept for 6 years (5 Years after the end of financial year to which they relate). This includes lists of staff who held key roles, RIDDOR, risk assessments, COSHH data, machinery and equipment registers (based on Limitations Act 1980). A Specific Retention Schedule is appended to this Policy.

Health Records will be kept for 40 years. This is part of our health surveillance procedure.

If necessary, the data will be anonymised – for example if EWC wishes to demonstrate long term trends in accidents/health conditions or age profiles of the workforce.

Your rights

We follow the guidance laid out by the ICO which says that individuals have the right to:

  • Be informed (know that their personal data is being collected);
  • Have access (known as a Subject Access Request or SAR);
  • Rectification (fix inaccurate personal data);
  • Erasure (known as the ‘right to be forgotten’);
  • Restrict processing (this is about suppressing individuals’ personal data);
  • Data portability (allowing individuals to obtain and reuse their personal data for their own purposes across different services);
  • Object (making it clear that an individual does not want the personal data to be processed e.g. direct marketing);
  • Protection from automated individual decision-making (where there is no human involvement); and
  • Protection from profiling by automated processing (used to evaluate certain things about an individual).

Please note that if you are making a Subject Access Request, we will require the following:

  • Enough information to identify you, such as proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • The information to which your request relates, including any account or reference numbers, if you have them.

Keeping your personal information secure

Data stored on paper, should be kept in a secure place where unauthorised people cannot see it.

We ask all staff to follow the rules listed below:

  • When not required, the paper or files should be kept in a locked drawer or filing cabinet;
  • Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer; and
  • Data printouts should be shredded and disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts, we ask all staff to ensure that:

  • Data is protected by strong passwords that are changed regularly and never shared between employees;
  • If data is stored on removable media, these should be kept locked away securely when not being used;
  • Data should only be stored on designated drives and servers;
  • Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures;
  • Data should only be saved directly to laptops or other mobile devices like tablets or smart phones if there are no other options and it should be moved to designated drives and servers as soon as reasonably practicable, then deleted from the hardware.

We work with specialist ICT service providers to ensure all servers and computers containing data are protected by approved security software and firewall. We adjust the levels of our security to meet the needs of our clients and regularly assess the risk of our activities.

Changes to this privacy notice This privacy notice was first published on 1st May 2018 and last reviewed on 14th November 2022.

Updates released by the ICO, identified on last review https://ico.org.uk/for-organisations/guide-todata-protection/whats-new/:

  • April 2021: National Security Provisions – no impact on us.
  • March 2021: National Security Exemptions – no impact on us.
  • January 2021: Impact of the UK exit from the EU – It is possible, but unlikely, that this has an impact on us. No policy changes were made.

We may change this privacy notice from time to time, when we do, we will inform you via our company website. How to contact us If you wish to contact our Data Protection administrator, please send an email to [email protected] , or write.

This site uses third-party website tracking technologies to provide and continually improve your experience on our website and our services. You may revoke or change your consent at any time. Privacy Policy