Overview

This is the Privacy Notice relating to CCS Group Plc and its subsidiaries (“CCS” or the “CCS Group”) which includes Cleshar Contract Services Limited, GPX Engineering Limited and Infrastructure Training Services Limited.

CCS processes a range of data to carry out its business services and functions. The CCS Group is committed to safeguarding the privacy of personal data and complying with the UK Data Protection Act and the General Data Protection Regulation.

Types of personal data

The types of data held includes:

  • Identity data such as - first, middle and last names, photographs, marital status, date of birth, driving licence, where applicable;

  • Contact data such as - address, email address, phone numbers;

  • Work data such as - CVs/work history including references, education history, employment history, documentation relating to right to work in the UK;

  • Technical data such as - internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;

  • Usage Data includes information about how you use our website and services; and

  • Special Category data such as – gender, medical information including whether or not an individual has a disability, documentation about fitness to work, criminal history.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

CCS may also collect comments, questions, feedback from individuals in relation to its operations in relation to communications such as emails, telephone calls, texts and documentation and IP addresses with regards to the CCS websites and associated media.

Use of cookies

Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

The cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily.

Most browsers are set to automatically accept cookies by default, but you can change this setting. For instructions on how to find and accept/reject cookies for your browser, please read its help information.

Our website uses Google Analytics, a service which transmits website traffic data to Google servers based in the United States. Google Analytics does not identify individual users or associate your IP address with any other data that may be held by Google. We only use reports provided by Google Analytics to help us understand website traffic and webpage usage, to purely see the number of people visiting the CCS Group plc website.

To opt out of Google Analytics, you can download the following plugin from Google, available for use on most internet browsers:

https://tools.google.com/dlpage/gaoptout?hl=en

Use of personal data

CCS may process data for the following purposes:

  • delivering business services and functions, including compliance with statutory or contractual requirements;

  • dealing with individuals queries and requests;

  • managing obligations under contracts between CCS and individuals;

  • administering individuals records, including reminders regarding updating details;

  • contacting individuals and carrying out surveys, with regards to the business and performance;

  • gathering information and statistics on CCS performance, including website usage. These records will be anonymised where issued to a 3rd party, i.e. a client;

  • contacting individuals on developments and changes in the business, including the website and other associated media;

  • issuing brochures and other materials regarding the services provided, i.e. training programmes; and

  • crime, fraud and money laundering compliance and investigation purposes.

The failure to provide the appropriate personal data will preclude you from working or continuing to work for the organisation.

 

In circumstances where we use special category data, for example, data about your health, CCS will ensure that one of the following applies to the processing:

  • you have given your explicit consent to the processing; or

  • the processing is necessary for reasons of substantial public interest.

Disclosure of data information

CCS may disclose an individual’s information for processing to:

  • any member of CCS;

  • clients, consultants, contractors, subcontractors and other service providers, where access to personal data is required when providing services, including auditors, both financial and operational, lawyers, insurers and IT service and administration providers;

  • government bodies and law enforcement agencies and in response to regulatory requests, where CCS has a duty to disclose and share an individual’s personal data to comply with any legal obligation or request;

  • protect the safety, rights and property of CCS, clients or others, including sharing data in relation to fraud prevention; and

  • prospective sellers or buyers if CCS buys or sells businesses or assets.

 

IT Security

CCS has in place a range of security measures and procedures with regards to electronic communication with individuals and our website. This includes aspects such as:

  • Hardware, software and anti-virus security measures;

  • Access security including internet/email use and password protection; and

  • Third country transfers and associated safeguards.

However the internet is not a secure medium. As such, communications over the internet will not be secure unless you see the golden padlock in the browser address bar or emails have been selected as encrypted.

 

CCS believes it has appropriate procedures and IT security measures in place to protect personal data under CCS control including:

  • improper use or disclosure;

  • unauthorised access or modification; and

  • accidental loss or unlawful destruction.

 

However, we cannot accept responsibility for unauthorised access or loss of personal information beyond CCS’s control. CCS may provide links to 3rd Party websites for information purposes as part of its operations, but CCS is not responsible for the content of these sites. CCS would advise individuals to check the privacy policies/notices of any sites visited before providing them with any personal data.

 

Where CCS online portals and login details are supplied, CCS will continue to provide the same security and user access control so your data is kept secure. CCS will always advise not to give out your portal login details to anyone else and to use a password generator for better password strength.

Personal Data Retention

We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected, and in accordance with our Data Retention Procedures.

Data Controller

For data collected, stored and processed by CCS, CCS is the Data Controller, i.e. the body that determines the purposes and means of the processing. The CCS Registration Number in the Data Protection Public Register is: Z9678773.

Data Subject rights

Under data protection legislation, individuals have the following rights in relation to their data:

  • the right to be informed;

  • the right of access;

  • the right for any inaccuracies to be corrected,;

  • the right to have information deleted;

  • the right to restrict the processing of the data;

  • the right to portability;

  • the right to object to the inclusion of any information; and

  • the right to regulate any automated decision-making and profiling of personal data.

For further information refer to the ICO website – www.ico.org.uk

Data Subject access to personal data

CCS will not charge a fee for access to personal data or exercise the rights as highlighted.  However, CCS may make a charge where a request is:

  • clearly unfounded; or

  • retentive or excessive.

CCS may refuse to comply with an individual’s request under these circumstances.

Data Subject identification

CCS may request specific information from an individual to allow the company to confirm the individual’s identity and right to access their personal data, to ensure that any personal data is not disclosed to anyone who does not have the right to receive it.

CCS response to Data Subject

CCS will respond to a data request within one month. Where the data request is complex, we may extend the timescale for response from one month to three months. If this is the case, CCS will write to the individual within one month of receipt of the request explaining the reason for the extension.

If the response to the request is that the Company will take no action, an individual will be informed of the reasons.

The right to be informed

Individuals have the right to be told how CCS processes their data and the reasons for the processing.

In the event that CCS intends to use data already collected for a different reason than that already communicated, an individual will be informed of the new reason in advance.

The right of access

Individuals have the right to access their personal data which is held by CCS.

If someone wishes to have access to their personal data, they can do so by completing the CCS Data Information form which is available from Dataprivacy@cleshar.co.uk.

The right for data to be corrected

One of the fundamental principles underpinning data protection is that the data CCS processes about an individual will be accurate and up to date. Individuals have the right to have their data corrected if it is inaccurate or incomplete.

If someone wishes to have their data rectified, they can do so by completing the CCS Data Information form which is available from Dataprivacy@cleshar.co.uk.

 

Where any data which has been rectified was disclosed to third parties in its unrectified form, CCS will inform the third party of the rectification where possible. We will also inform an individual of the third parties to whom the data was disclosed.

The right to have data deleted

There is a right to have data deleted and removed from our systems where there is no compelling business reason for us to continue to process it.

The right to have data deleted applies in the following circumstances:

  • where the personal data is no longer necessary in relation to the purpose for which CCS originally collected or processed it;

  • where an individual withdraws consent to the continued processing of the data and there is no other lawful basis for us to continue processing the data;

  • where an individual objects to the processing and we have no overriding legitimate interest to continue the processing;

  • the personal data has been unlawfully processed; or

  • the personal data has to be deleted due to a legal obligation.

If an individual wishes to make a request for data deletion they should complete the CCS Data Information form which is available from Dataprivacy@cleshar.co.uk.

 

Upon receipt of a request, CCS will delete the data, unless it is processed for one or more of the following reasons:

  • to exercise the rights of freedom of expression and information;

  • for CCS to comply with a legal requirement;

  • the performance of a task carried out in the public interest or exercise of official authority,

  • for public health purposes in the public interest;

  • archiving purposes in the public interest, scientific historical research or statistical purposes; or

  • the defence of legal claims.

Where a request is not complied with because of the one of the above reasons, the individual will be informed of the reason. Where a request is to be complied with, the individual will be informed when the data has been deleted.

Where the data which is to be deleted has been shared with third parties, we will inform those third parties where this is possible. However, where this notification will cause a disproportionate effect on CCS, this notification may not be carried out.

The right to restrict the processing of data

There is a right to restrict the processing of your data in certain circumstances. Restricting CCS from processing data means that we will continue to hold the data, but will stop processing it.

CCS will be required to restrict the processing of your personal data in the following circumstances:

  • Where an individual tells CCS that the data it holds on them is not accurate. Where this is the case, we will stop processing the data until we have taken steps to ensure that the data is accurate;

  • Where the data is processed for the performance of a public interest task or because of our legitimate interests and an individual has objected to the processing of data. In these circumstances, the processing may be restricted while we consider whether its legitimate interests mean it is appropriate to continue to process it;

  • When the data has been processed unlawfully; and

  • Where we no longer need to process the data but an individual needs the data in relation to a legal claim;

If an individual wishes to make a request for data restriction they should complete the CCS Data Information form which is available from Dataprivacy@cleshar.co.uk.

 

Where data processing is restricted, CCS will continue to hold the data but will not process it unless:

  • an individual consents to the processing; or

  • processing is required in relation to a legal claim.

Where the data to be restricted has been shared with third parties, we will inform those third parties where this is possible. However, where this notification will cause a disproportionate effect on CCS, this notification may not be carried out.

Where CCS is to lift any restriction on processing, an individual will be informed in advance.

The right to data portability

There is a right to obtain the data that CCS processes on an individual, and for them to use it for their own purposes. This means the right to receive the personal data that you have provided to us in a structured machine readable format and to transmit the data to a different Data Controller.

This right applies in the following circumstances:

  • where an individual has provided the data to CCS;

  • where the processing is carried out because an individual has given the Company their consent to do so;

  • where the processing is carried out in order to perform the employment contract between an individual and the CCS; and

  • where processing is carried out by automated means.

If an individual wishes to exercise this right, please email: Dataprivacy@cleshar.co.uk.

 

Where CCS is to comply with the request, the data will be provided in a structured and machine readable form. There will be no charge for the provision of this data. Upon request, CCS will transmit the data directly to another organisation if our IT systems are compatible with those of the recipient.

The right to portability is different from the right to access. Although both involve a right to access personal data, the personal data to be accessed is not the same. The right to access data under the right to portability includes only personal data as described above. Access to data under the right of access includes all personal data relating to the individual, including that which has not been provided to CCS by them.

The right to object to the inclusion of data

There is a right to object to the processing of data in certain circumstances. This means the right to require CCS to stop processing personal data. In relation to their employment with CCS, an individual may object to processing where it is carried out:

  • in relation to CCS’s legitimate interests;

  • for the performance of a task in the public interest;

  • in the exercise of official authority; or

  • for profiling purposes.

If an individual wishes to object, they should do so by completing CCS Data Information form which is available from Dataprivacy@cleshar.co.uk.

 

Where they object to processing, CCS will stop the processing activity objected to unless:

  • CCS can demonstrate compelling legitimate reasons for the processing which are believed to be more important than their rights; or

  • the processing is required in relation to legal claims made by, or against, CCS.

Rights in relation to automated decision making

CCS does not make decisions about you using automatic system involving no human intervention.

We will contact you by post, and where you have provided consent, also by telephone and email, to let you know about our events and activities that might be of particular interest to you; about the work of CCS more generally. CCS provides the opportunity for you to opt-out from receiving our marketing communications every time we contact you.

You can opt-out from receiving CCS marketing communications, or update your contact preferences at any time by emailing: Dataprivacy@cleshar.co.uk.

Changes to your personal details

We aim to keep our information about you as accurate as possible. This includes details such as:

  • Name;

  • Address;

  • Contact details – eg. telephone number, email information; and

  • Next of kin.

 

If you would like to review or change the details you have supplied us with, please contact us at Dataprivacy@cleshar.co.uk.

Changes to this Privacy Notice

We keep our Privacy Notice under regular review and change control is noted in the footer.

Further Information

If you have any questions which you feel have not been covered by this Privacy Notice, please do not hesitate to write or email using the appropriate address:

Head of HR, 
Heather Park House

North Circular Road

Stonebridge Park

London, NW10 7NN

 

Dataprivacy@cleshar.co.uk.

Complaints

If you wish to complain about this privacy notice, or any other procedures set out in it, please contact the Head of HR, in the first instance at Dataprivacy@cleshar.co.uk.

 

You also have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have not been adhered to.  

For further information refer to the ICO website – www.ico.org.uk

The ICO can be contacted on 0303 123 1113 or refer to their website at https://ico.org.uk

© 2016 by Cleshar