Data Protection Policy

  1. Purpose

The purpose of this policy is to demonstrate our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respects towards individual rights in line with the General Data Protection Regulations (GDPR) 2018.

  1. Scope

This policy refers to all parties, these being employees with directly employed or sub- contractors, customers, suppliers who provide any amount of information to the company.

Our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.

  1. Responsibilities

All Employees of the business whether they are senior management, supervisors or office staff must adhere this policy.

  1. Policy Elements

As part of our operations, we need to obtain and process information. This information may include any offline or online data that makes a person or company identifiable such as:

Suppliers

  • Company name
  • Name of contacts
  • Address
  • Contact numbers and email addresses
  • Bank account details
  • Policies and Company details relating to the Supplier Questionnaire

Clients

  • Company name
  • Name of contacts
  • Address
  • Contact numbers and email addresses
  • Terms of business
  • Financial information
  • Job related information (job packs of work to be completed, addresses of work to be completed for Clients end user/customer)

Subcontractors & Employees

  • Name
  • Personal information (address, contact number, email address, emergency contact, national insurance number, UTR number, date of birth etc.)
  • Copy of ID (for example or if applicable, driving licence, right to work documentation)
  • Health related information (health questionnaire for HSE & Q)
  • Basic disclosure and driving licence check information (if applicable)
  • Financial information (including bank details, salary details, tax status, information needed to process salary/invoice payments etc.)
  • Copies of training certificates and cards and work history
  • Usernames and passwords for work owned items (laptops, phones etc.)
  • Photograph

JN Civils collects this information in a transparent way and only with the full consent and knowledge of the interested parties. Once this information is available to us, the following rules apply:

Our data will be:

  • Kept up to date and accurate
  • Collected fairly and for lawful purposes
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorised or illegal access by internal and external parties
  • Made accessible to the individual/company whom the information relates to with full transparency of how this data is used
  • kept for a duration in line with the current legal guidelines set out by HMRC and HSE

Our data will NOT be:

  • Communicated informally
  • Stored for more than a specified amount of time (this is dependent on the information and legalisation requirements)
  • Transferred to other organisations that do not have adequate data protection policies
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling data, the company hold direct obligations towards people to whom the data belongs. Specially we must:

  • Let people know which of their data is collected
  • Inform people about how we’ll process their data
  • Inform people about who has access to their information
  • Have provisions in cases of lost, corrupt or compromised data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases

To exercise data protection, JN Civils are committed to:

  • Restrict and monitor access to sensitive data
  • Train employees in online privacy and security measures
  • Build secure networks to protect online data from “cyberattacks”
  • Establish data protection practices (document shredding, secure locking, data encryption, frequent backups, access authorisation
  • Where applicable, include contract clauses or communicate statements on how we handle data
  1. Disciplinary Action

All principles documented within this policy must be strictly adhered to and any breach of this data protection policy will lead to disciplinary action and possible legal action.

  1. Legislation Guidance

General Data Protection Regulations (GDPR) 2018

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Ok