Data protection commitments under the General Data Protection Regulations

This policy notice is for all suppliers and customers engaging in the services provided by Thames Ceilings Ltd. It gives details as to personal data held and the processing that takes place of this data.

Your information

  1. As a supplier/customer of Thames Ceilings Ltd we need to keep and process information about you for normal contract purposes. The information we hold and process is used for our management and administrative purposes only. We keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately.
  2. All information is stored in a secure manner in accordance with the Data Protection Act 2018.
  3. As a company engaged in the provision of services to the construction industry, we may sometimes need to process your data to pursue our legitimate business interests in winning and delivering projects. We will never process your data where these interests are overridden by your own interests.
  4. Most of the information we hold is provided by you, there is also some provided by other sources, (eg. performance reviews for suppliers) and external sources (eg. HMRC/banks/credit agencies).
  5. The type of information we hold includes:
    • Address
    • Bank Details
    • NI Number/UTR Number
    • Training records
    • Sub contract review
    • CIS payment details
    • Invoices
  6. We do not currently hold or process any special categories of information (relating to ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation). We will only collect and process this data with your explicit consent unless required by law to do otherwise. You have the right to withdraw your consent at any time.
  7. We will disclose information about you to third parties if we are legally obliged to do so and to comply with our contractual duties to you.
  8. Your personal data will be stored for a minimum of 7 years.

Your rights

  1. Under the General Data Protection Regulations (GDPR) and Data Protection Act (DPA) you have a number of rights with regard to your personal data:
    • Request access to the data held and rectify or erase personal data
    • Restrict processing
    • Object to processing
    • Data portability (in certain circumstances)
  2. You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of GDPR or DPA, with regard to your personal data.

Identity and contact details of data controller

Thames Ceilings Ltd is the controller and processor of your data for the purpose of GDPR and DPA.
If you have any concerns about how your data is processed, you can contact:
Email:  Tel: 01235 773710

This policy represents our intention to comply with GDPR. We do however remind you that you do have the right to refuse us permission to store or use your data as described above. If you wish to take this course of action, please write to us stating your objections and the reason behind your decision.