GDPR: DATA PRIVACY POLICY

Introduction

McQuillan Companies encompassing John McQuillan (Contracts) Ltd; Edentrillick Quarries Ltd; McQuillan Skip Hire Ltd; McQuillan Envirocare Ltd and Patterson Outdoor Cleaning Solutions Ltd (“We”) are committed to protecting and respecting your privacy.

This Privacy Policy applies to the personal data of our Website Users, Recruitment Candidates, Clients, Suppliers, and other people whom we may contact in order to carry out our daily business. It also applies to the emergency contacts of our Employees.

This policy (together with our website’s terms of use, our Standard Terms and Conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

McQuillan Companies may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This policy is effective on and from 25 May 2018. You can download a full copy here. Download GDPR Privacy Notice

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Categories of data: Personal data and special categories of personal data

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or email address. Online identifiers include IP addresses and cookies.

Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Who are we?

McQuillan Companies is the data controller. This means we decide how your personal data is processed and for what purposes.

Our contact details are: McQuillan Companies, Head Office, 11 Ballinderry, Lisburn, BT28 2SA.

For all data matters contact our Compliance Manager Laverne Fawthrop who is McQuillan Companies Data Protection Lead, emaillaverne.fawthrop@johnmcquillan.com or Telephone 028 9266 8831.

The purpose(s) of processing your personal data

We use your personal data for the following purposes:

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

In order to carryout recruitment activities and provide employment opportunities, we need to process certain information about you. We only ask for details that are required and relevant to the job role such as your name, sex/gender, age/date of birth, contact details, education details, employment history, emergency contacts, referee details, nationality/citizenship/place of birth, a copy of your driving licence and/or passport/identity card (and you may choose to share other relevant information with us). Equal opportunities monitoring and other sensitive personal data including diversity information including racial or ethnic origin, religious or other beliefs, and physical or mental health, including disability related information, details of any criminal convictions.

We need to collect and use information about you, or individuals at your organisation, in the course of providing you our services, maintain our own accounts records and to inform individuals of news, events or activities. We generally only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses).

We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us. As part of our Supplier Evaluation we request and share copies of training and competency cards of Suppliers / Subcontractors’ employees, in which may contain the data subjects name, photograph and other personal information.

To ask for a reference, we need the referee’s contact details (such as name, email address and telephone number). We’ll also need these details if our Candidate or a member of our Staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency. In order to evaluate compliance with legislation we request and share copies of training and competency cards of Suppliers / Subcontractors’ employees, in which may contain the data subjects name, photograph and other personal information.

The categories of personal data concerned

With reference to the categories of personal data described in the definitions section, we process the following categories of your data:

Personal data:

personal details
family details
lifestyle and social circumstance
education and employment details
financial details
goods and services
IP address

Special categories of data:

We also process sensitive classes of information that may include:

racial or ethnic origin
religious or other beliefs
trade union membership
physical or mental health details
offences and alleged offences
criminal proceedings, sentences and outcomes
visual images; personal appearance and behaviour

We process personal information about:

customers, clients
staff
professional advisers and consultants
suppliers
service providers
complainants
enquirers
job candidates
offenders and suspected offenders
individuals captured by CCTV

We collect personal data from

We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please click here.

Directly from you (e.g. application form or CV); and

From third parties (e.g. Recruitment Agency)

Directly from you (e.g. Account and Credit Application Forms)

From third parties (e.g. Supply Chain)

Directly from you (e.g. Supplier Evaluation Questionnaires)

From third parties (e.g. Constructionline)

There are two main ways in which we collect personal data:

Directly from Staff / Candidates

From third parties (e.g. Clients and Suppliers)

What is our legal basis for processing your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:

Our lawful basis for processing your special categories of data:

Any personal data which reveals your, ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic, biometric or health data, sex life and sexual orientations will be regarded as special categories of personal data. We will only use this data in the following ways:

There may be circumstances where we need to process this type of information for legal claims or to protect your interests (or someone else’s) and you are not able capable of giving your consent or where the relevant information has already been made public.

Sharing your personal data

In order to meet our legal obligations connected with our business relationship it is necessary to share your personal information with certain third parties. We also need to share your data when we have legitimate business reasons for doing so and also where it is necessary in order to perform your contract.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

How long do we keep your personal data?

We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected for. Details of retention periods for specific purposes are available in our data retention policy which is available from our Data Protection Lead. When your professional or commercial relationship comes to an end with our business we will either retain or securely destroy your personal data in accordance with our data retention policy or other applicable laws and regulations.

How do we ensure your personal data is secure?

We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate security measures to prevent unauthorised use of your personal data including staff training. Details of the measures which are in place can be obtained from our Data Protection Lead. We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

Transfer of Data Abroad

We do no not transfer personal data outside the EEA. If a third party is transferring data outside the EAA, they are only permitted to process your personal data in accordance with our specified instructions. They are also required to take appropriate measures to protect your privacy and personal information.

Automated Decision Making

We do not use any form of automated decision making in our business

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Lead, Laverne Fawthrop onlaverne.fawthrop@johnmcquillan.com or Telephone 028 9266 8831.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.