Our Privacy Notice
THIS IS THE PRIVACY NOTICE RELATING TO CCS GROUP PLC (“CCS” OR THE “CCS GROUP”) AND ITS SUBSIDIARIES WHICH INCLUDE CLESHAR CONTRACT SERVICES LIMITED, GPX ENGINEERING LIMITED AND INFRASTRUCTURE TRAINING SERVICES LIMITED.
CCS processes a range of data to carry out its business services and functions. The CCS Group is committed to safeguarding the privacy of personal data and complying with the UK Data Protection Act and the General Data Protection Regulation.
Types of personal data
The types of data held includes:
- Identity data such as first, middle and last names, photographs, marital status, date of birth, driving licence;
- Contact data such as address, email address, phone numbers;
- Work data such as CVs/work history, including references, education history, employment history, documentation relating to right to work in the UK;
- Technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Usage data includes information about how you use our website and services; and
- Special category data such as gender, medical information, including whether or not an individual has a disability, documentation about fitness to work, criminal history.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
CCS may also collect comments, questions, feedback from individuals in relation to its operations such as emails, telephone calls, texts and documentation and IP addresses regarding the CCS websites and associated media.
The cookies we use are analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our website works, for example, by making sure users are finding what they need easily.
Most browsers are set to automatically accept cookies by default, but you can change this setting. For instructions on how to find and accept/reject cookies for your browser, please read its help information.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers based in the United States. Google Analytics does not identify individual users or associate your IP address with any other data that may be held by Google. We only use reports provided by Google Analytics to help us understand website traffic and webpage usage and to purely see the number of people visiting the CCS Group plc website.
To opt out of Google Analytics, you can download the following plugin from Google, available for use on most internet browsers: https://tools.google.com/dlpage/gaoptout?hl=en
Use of personal data
CCS may process data for the following purposes:
- delivering business services and functions, including compliance with statutory or contractual requirements;
- dealing with individuals’ queries and requests;
- managing obligations under contracts between CCS and individuals;
- administering individuals’ records, including reminders regarding updating details;
- contacting individuals and carrying out surveys with regard to the business and performance;
- gathering information and statistics on CCS performance, including website usage. These records will be anonymised where issued to a 3rd party, i.e. a client;
- contacting individuals on developments and changes in the business, including the website and other associated media;
- issuing brochures and other materials regarding the services provided, i.e. training programmes; and
- crime, fraud and money laundering compliance and investigation purposes.
The failure to provide the appropriate personal data will preclude you from working or continuing to work for the organisation.
In circumstances where we use special category data, for example, data about your health, CCS will ensure that one of the following applies to the processing:
- you have given your explicit consent to the processing; or
- the processing is necessary for reasons of substantial public interest.
Disclosure of data information
CCS may disclose an individual’s information for processing to:
- any member of CCS;
- clients, consultants, contractors, subcontractors and other service providers, where access to personal data is required when providing services, including auditors, both financial and operational, lawyers, insurers and IT service and administration providers;
- government bodies and law enforcement agencies and in response to regulatory requests, where CCS has a duty to disclose and share an individual’s personal data to comply with any legal obligation or request;
- protect the safety, rights and property of CCS, clients or others, including sharing data in relation to fraud prevention; and
- prospective sellers or buyers if CCS buys or sells businesses or assets.
CCS has in place a range of security measures and procedures with regard to electronic communication with individuals and our website. This includes aspects such as:
- hardware, software and anti-virus security measures;
- access security, including internet/email use and password protection; and
- third country transfers and associated safeguards.
However, the internet is not a secure medium. As such, communications over the internet will not be secure unless you see the golden padlock in the browser address bar or emails have been selected as encrypted.
CCS believes it has appropriate procedures and IT security measures in place to protect personal data under CCS control, including:
- improper use or disclosure;
- unauthorised access or modification; and
- accidental loss or unlawful destruction.
However, we cannot accept responsibility for unauthorised access or loss of personal information beyond CCS’s control. CCS may provide links to third party websites for information purposes as part of its operations, but CCS is not responsible for the content of these sites. CCS would advise individuals to check the privacy policies/notices of any sites visited before providing them with any personal data.
Where CCS online portals and login details are supplied, CCS will continue to provide the same security and user access control so that your data is kept secure. CCS will always advise not to give out your portal login details to anyone else and to use a password generator for better password strength.
Personal Data Retention
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected, and in accordance with our data retention procedures.
For data collected, stored and processed by CCS, CCS is the data controller, i.e., the body that determines the purposes and means of the processing. The CCS registration number in the Data Protection Public Register is Z9678773.
Data Subject rights
Under data protection legislation, individuals have the following rights in relation to their data:
- the right to be informed;
- the right of access;
- the right for any inaccuracies to be corrected;
- the right to have information deleted;
- the right to restrict the processing of the data;
- the right to portability;
- the right to object to the inclusion of any information; and
- the right to regulate any automated decision-making and profiling of personal data.
For further information refer to the ICO website – http://www.ico.org.uk
Data Subject access to personal data
CCS will not charge a fee for access to personal data or exercise the rights as highlighted. However, CCS may make a charge where a request is:
- clearly unfounded; or
- retentive or excessive.
CCS may refuse to comply with an individual’s request under these circumstances.
Data Subject identification
CCS may request specific information from an individual to allow the company to confirm the individual’s identity and right to access their personal data, to ensure ensuring that any personal data is not disclosed to anyone who does not have the right to receive it.
CCS response to Data Subject
CCS will respond to a data request within one month. Where the data request is complex, we may extend the timescale for response from one month to three months. If this is the case, CCS will write to the individual within one month of receipt of the request explaining the reason for the extension.
If the response to the request is that the Company will take no action, an individual will be informed of the reasons.
The right to be informed
Individuals have the right to be told how CCS processes their data and the reasons for the processing.
In the event that CCS intends to use data already collected for a different reason than that already communicated, an individual will be informed of the new reason in advance.
The right of access
Individuals have the right to access their personal data which is held by CCS.
If someone wishes to have access to their personal data, they can do so by completing the CCS data information form which is available from Dataprivacy@cleshar.co.uk.
The right for data to be corrected
One of the fundamental principles underpinning data protection is that the data CCS processes about an individual will be accurate and up to date. Individuals have the right to have their data corrected if it is inaccurate or incomplete.
If someone wishes to have their data rectified, they can do so by completing the CCS data information form which is available from Dataprivacy@cleshar.co.uk.
Where any data which has been rectified was disclosed to third parties in its unrectified form, CCS will inform the third party of the rectification where possible. We will also inform an individual of the third parties to whom the data was disclosed.
The right to have data deleted
There is a right to have data deleted and removed from our systems where there is no compelling business reason for us to continue to process it.
The right to have data deleted applies in the following circumstances:
- where the personal data is no longer necessary in relation to the purpose for which CCS originally collected or processed it;
- where an individual withdraws consent to the continued processing of the data and there is no other lawful basis for us to continue processing the data;
- where an individual objects to the processing and we have no overriding legitimate interest to continue the processing;
- the personal data has been unlawfully processed; or
- the personal data has to be deleted due to a legal obligation.
If an individual wishes to make a request for data deletion, they should complete the CCS data information form which is available from Dataprivacy@cleshar.co.uk.
On receipt of a request, CCS will delete the data unless it is processed for one or more of the following reasons:
- to exercise the rights of freedom of expression and information;
- for CCS to comply with a legal requirement;
- the performance of a task carried out in the public interest or exercise of official authority,
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific historical research or statistical purposes; or
- the defence of legal claims.
Where a request is not complied with because of the one of the above reasons, the individual will be informed of the reason. Where a request is to be complied with, the individual will be informed when the data has been deleted.
Where the data which is to be deleted has been shared with third parties, we will inform those third parties where this is possible. However, where this notification will cause a disproportionate effect on CCS, this notification may not be carried out.
The right to restrict the processing of data
There is a right to restrict the processing of your data in certain circumstances. Restricting CCS from processing data means that we will continue to hold the data but will stop processing it.
CCS will be required to restrict the processing of your personal data in the following circumstances:
- Where an individual tells CCS that the data it holds on them is not accurate. Where this is the case, we will stop processing the data until we have taken steps to ensure that the data is accurate;
- Where the data is processed for the performance of a public interest task or because of our legitimate interests and an individual has objected to the processing of data. In these circumstances, the processing may be restricted while we consider whether its legitimate interests mean it is appropriate to continue to process it;
- When the data has been processed unlawfully; and
- Where we no longer need to process the data but an individual needs the data in relation to a legal claim;
If an individual wishes to make a request for data restriction, they should complete the CCS data information form which is available from Dataprivacy@cleshar.co.uk.
Where data processing is restricted, CCS will continue to hold the data but will not process it unless:
- an individual consents to the processing; or
- processing is required in relation to a legal claim.
Where the data to be restricted has been shared with third parties, we will inform those third parties where this is possible. However, where this notification will cause a disproportionate effect on CCS, this notification may not be carried out.
Where CCS is to lift any restriction on processing, an individual will be informed in advance.
The right to data portability
There is a right to obtain the data that CCS processes on an individual, and for them to use it for their own purposes. This means the right to receive the personal data that you have provided to us in a structured machine-readable format and to transmit the data to a different data controller.
This right applies in the following circumstances:
- where an individual has provided the data to CCS;
- where the processing is carried out because an individual has given the company their consent to do so;
- where the processing is carried out in order to perform the employment contract between an individual and the CCS; and
- where processing is carried out by automated means.
If an individual wishes to exercise this right, please email: Dataprivacy@cleshar.co.uk.
Where CCS is to comply with the request, the data will be provided in a structured and machine-readable form. There will be no charge for the provision of this data. On request, CCS will transmit the data directly to another organisation if our IT systems are compatible with those of the recipient.
The right to portability is different from the right to access. Although both involve a right to access personal data, the personal data to be accessed is not the same. The right to access data under the right to portability includes only personal data as described above. Access to data under the right of access includes all personal data relating to the individual, including that which has not been provided to CCS by them.
The right to object to the inclusion of data
There is a right to object to the processing of data in certain circumstances. This means the right to require CCS to stop processing personal data. In relation to their employment with CCS, an individual may object to processing where it is carried out:
- in relation to CCS’s legitimate interests;
- for the performance of a task in the public interest;
- in the exercise of official authority; or
- for profiling purposes.
If an individual wishes to object, they should do so by completing the CCS data information form which is available from Dataprivacy@cleshar.co.uk.
Where they object to processing, CCS will stop the processing activity objected to unless:
- CCS can demonstrate compelling legitimate reasons for the processing which are believed to be more important than their rights; or
- the processing is required in relation to legal claims made by, or against, CCS.
Rights in relation to automated decision making
CCS does not make decisions about you using automatic systems involving no human intervention.
We will contact you by post, and where you have provided consent, also by telephone and email, to let you know about our events and activities that might be of particular interest to you, and about the work of CCS more generally. CCS provides the opportunity for you to opt out from receiving our marketing communications every time we contact you.
You can opt out from receiving CCS marketing communications or update your contact preferences at any time by emailing: Dataprivacy@cleshar.co.uk.
Changes to your personal details
We aim to keep our information about you as accurate as possible. This includes details such as:
- Contact details – eg. telephone number, email information; and
- Next of kin.
If you would like to review or change the details you have supplied us with, please contact us at Dataprivacy@cleshar.co.uk.
Changes to this Privacy Notice
We keep our Privacy Notice under regular review and change control is noted in the footer.
If you have any questions which you feel have not been covered by this Privacy Notice, please do not hesitate to write or email using the appropriate address:
Head of HR
Heather Park House
North Circular Road
London NW10 7NN
If you wish to complain about this privacy notice, or any other procedures set out in it, please contact the Head of HR, in the first instance at Dataprivacy@cleshar.co.uk.
You also have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have not been adhered to.
For further information refer to the ICO website – www.ico.org.uk
The ICO can be contacted on 0303 123 1113 or refer to their website at www.ico.org.uk