Brick Peers Ltd is strongly committed to protecting the privacy and security of your personal data. This Privacy Notice covers how we collect, use, store and disclose the data that you supply to us and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
Personal data is any information about an individual from which that person can be identified. Brick Peers Ltd processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this notice.
Collection of personal data
We collect and process a range of personal data about our suppliers, sub-contractors, contractors and customers. We collect this information in order to manage our business relationships, contracts, to receive services from our suppliers and to provide professional services to our customers and contractors.
Use of data
We use personal data for the following purposes:
Receiving services or products
We process personal data in relation to our suppliers and their staff as necessary to receive the services. For example, where a supplier is providing us with services, we will process personal data about those individuals that are providing services to us.
Providing professional services or products to both contractors and customers
Where a supplier or sub-contractor is helping us to deliver services to both our contractors and customers, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier, sub-contractor and the relevant individuals and to provide such services to our clients.
Administering, managing and developing businesses and services
We need to process personal data in order to run our business and we will only process data for the purpose it was obtained. Processing personal data allows us to:
• Manage our relationship with suppliers and sub-contractors
• Maintain accurate and up-to-date contact information
• Record contractual information
• Maintain details of the products and services provided
• Make and receive payments in accordance with contracts and agreements
• Comply with accounting and auditing regulations
• Provide a professional service
• Continue to develop our businesses and services
• Respond to and defend against legal claims
Access to Data
Access to personal information is strictly controlled and limited to only those who need to have access.
Where personal details relating to employees or third parties are transmitted or transported, Brick Peers Ltd ensures that data in transit will always be secured through the use of secure protocols. Where business requirements necessitate the use of removable storage, such as DVD, flash drives or external hard drives, these devices will be encrypted.
Where personal data is transferred by email, particularly where files contain personal information and considered high risk, these files will be encrypted. We also use password protection and password access is limited to necessary staff only.
Security, quality and risk management activities
We have security measures in place to protect personal data. All our computer systems are installed with security software, such as Firewalls, Anti-virus and Anti-Malware programmes. These are designed to detect, investigate and resolve security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.
We have policies and procedures in place to monitor the quality of our services and manage risk in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
Complying with any requirement of law, regulation or a professional body of which we are a member
We are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. Including as required by applicable law or regulation.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
When we no longer need to keep certain data, we will destroy paper records securely by shredding them and electronic records are deleted from our systems.
Personal data held by us may be transferred to:
Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as service providers, website hosting and management, data analysis, data back-up, security and storage devices. The servers powering and facilitating that cloud infrastructure are located in secure data centres.
Third party organisations that otherwise assist us in providing goods, services or information
Auditors and other professional advisers;
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check we are complying with applicable law and regulation or to defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Changes to this Privacy Notice
We recognise that transparency is an ongoing responsibility, so we will keep this privacy notice under regular review
This Privacy Notice was last updated on the 14th September 2018.
Data Controller and contact information:
The Data Controller is Mark Ambrosini
If you have any questions about this Privacy Notice or how and why we process personal data, please contact us at:
Brick Peers Ltd
Milton Priory House
Individuals’ rights and how to exercise them
You have a right of access to personal data held by us as a data controller. This right may be exercised by writing to us at the address above.
Amendment of personal data
To update personal data submitted to us, you may write to us.
Once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time.
Other data subject rights
This privacy notice is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have rights in relation to the personal data we hold, such as a right to deletion, to restrict or object to our processing data and the right to portability. Some of these rights will only be available from 25th May 2018.
We hope that you will not ever need to, but if you do want to complain about our use of personal data, please put it in writing to the address as stated above.
You also have the right to file a complaint with the information Commissioner’s Office (“ICO”) The UK Data Protection Regulator.
For further information on your rights and how to complain to the ICO, please refer to the ICO website.