G&D Higgins Mechanical Services Limited
Website Privacy Policy
This Website Privacy Policy is effective from 25 May 2018
Introduction
It is important for you to understand who is responsible for keeping your personal data safe. The website www.gdhiggins.co.uk is operated by G&D Higgins Mechanical Services Ltd (“we” or “us”). We are the “controller” of all personal data collected and used for the purposes of providing this website and for any other purposes set out in this Website Privacy Policy in accordance with the EU General Data Protection Regulation 2016/679 and the Data Protection Act 2018. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
Our Data Security Committee have ultimate responsibility within G&D Higgins Mechanical Services Ltd for making sure that this Website Privacy Policy and the law are adhered to. Our Data Security Committee can be contacted by emailing lindarose.higgins@gdhiggins.co.uk
Keeping your data safe
We are committed to keeping your personal data safe and secure, and handling it in compliance with current legislation. This Website Privacy Policy contains important information and we ask that you read it carefully. It details:
- the personal data we collect about you
- the reasons and ways we process your personal data
- with whom your information might be shared
- your rights in relation to that data; and
- anything else we think is of importance to you relating to our processing of your personal data.
Who are we?
G&D Higgins Mechanical Services Ltd is a mechanical engineering company. Our primary trading area is the design, installation, and maintenance of M&E plant and equipment. In addition, we engage in property development and construction activities.
Collection of your data
Data from you or your use of our website
We collect some data directly from you when you register an enquiry with us or contact us via email.
This data may include the following:
- Full Name
- Company name
- Telephone number
- Email address
- Postcode
- Job title
- Information about your project (If you choose to provide them); and
- Marketing preferences.
There may be occasions where we also collect information that you voluntarily provide to us. For example, if you contact us with queries, complaints, comments or praise, or information that you post about yourself on public areas of various social media platforms (Voluntary Data).
Please note that we do not collect any information in relation to your payment information, such as credit/debit card details.
- Access to your payment information is restricted to authorised staff only.
Payment information is never taken by us or transferred to us either through our website or otherwise.
- Information about your direct debit
When you agree to set up a direct debit arrangement, the information you give to us is passed to our own bank for processing according to our instructions. We keep this information only for the duration of the direct debit arrangement.
Job application and employment
If you send us information in connection with a job application, we may keep it for up to six months case we decide to contact you at a later date.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.
Communicating with us
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business / organisation.
We do not keep any personally identifiable information associated with your message, such as your name or email address.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.
Bank account details are only kept for suppliers if this is approved and if you require us to pay your invoices by Bank electronic payments.
We also collect and use information about any service errors or interruptions that may have occurred while you were on our site so that we can create fixes and make technical improvements to www.gdhiggins.co.uk.
What do we use your data for?
It is important that you understand how and why we use the personal data that we collect about you.
We will collect your personal data:
- In order to take the necessary steps in preparation of, or to fulfil our obligations under, a contract to:
- fulfil orders placed by you;
- process any other transactions authorised by you;
- with your consent, to:
- inform you of special offers;
- provide marketing information to you which we think you may find of interest;
- in our legitimate interest to improve our services, to:
- archive data that that may be of historical or statistical value. This data may then be used at a future time for internal purposes, Third parties are not allowed access to this data for research purposes. This may include any of the Voluntary Data that you have provided. We will only ever capture personal data that has already been made publicly available in this way and for these purposes. When the sites are archived we anonymise or remove personal data. From time to time the data that we keep in our archive is reviewed and any data that is no longer considered of interest will be deleted or anonymized.
- Personal data gathered or supplied by our clients relating to special residential projects/i.e. access etc. is wiped on completion of the project.
Any reliance on a legitimate interest shall not prejudice your interest or fundamental rights and freedoms.
How we use anonymised data
We may use aggregated and anonymised data for certain purposes, such as to help us understand what type of content users like. When used for this purpose, this data does not enable you or any other individual user to be identified.
Who do we share your data with?
In some circumstances we may need to share your personal data with closely vetted third-parties, for example where we use third-party suppliers to conduct services on our behalf. These third-parties include information security service providers who help us to manage our IT systems and ensure that they are secure.
We will also share your personal data with third parties in the following circumstances:
- where you have specifically consented to us sharing your data with a particular third party;
- where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
We do not transfer or store your personal data outside the European Economic Area (EEA), however, in certain instances the third parties to whom we share your data may do so as part of their services to us. In the event that your personal data is shared / transferred outside the EEA, we will ensure that adequate safeguards are in place to protect your personal data in accordance with data protection legislation.
How long we will keep your personal data
We shall only retain any personal data for as long as necessary for the original purpose in which it was collected. For further information in relation to specific retention periods, please contact lindarose.higgins@gdhiggins.co.uk
Our approach to information security
To protect your information, G&D Higgins Mechanical Services Ltd has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.
To make sure all employees, contractors and subcontractors understand these responsibilities they are provided with the necessary training and resources they need.
In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.
To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.
Your rights
Your rights under data protection law and how you can exercise them are detailed in this section. In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right. We may also require additional information, i.e. to help us to locate the particular data specified in your request.
A request to exercise your rights will be responded to as soon as possible and no longer than one month from receiving your request and all necessary identification proof or further information. For particularly difficult or complex requests, or if you have submitted a large volume of requests, we may
take up to three months to respond. In such cases we will advise you as soon as possible, explaining why it will take longer.
The right to access information we hold about you
At any point you can contact us to request access to the information we hold about you as well as why we have that information, who has access to the information and where we got the information. A request to exercise this right is called a “subject access request”.
The right to object to processing of your data
You have the right to request that G&D Higgins Mechanical Services Ltd stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer used by us, we may continue to hold your data to comply with our other rights. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
Restricted processing rights
You can ask for the processing of your personal data to be restricted in some circumstances, for example if your personal data could be inaccurate and needs to be verified, or if we no longer require the data but need to keep for you to exercise your own legal rights. Restricting your personal data means that we only store your personal data. We cannot continue to process it unless permitted to by you or in order to exercise a legal claim or to protect a third party or the public.
The right to correct and update the information we hold about you
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated after we are satisfied that the new data you have provided is accurate.
The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. If we are required by law to comply with your request, we will fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.
The right to data portability
You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.
Consent
In those cases where we need your consent to hold your information, we will ask you to check a box on any form requiring consent. By checking these boxes you are stating that you have been informed as to why G&D Higgins Mechanical Services Ltd is collecting the information, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject.
If you wish to exercise your rights above, please email lindarose.higgins@gdhiggins.co.uk
Cookies and tracking
This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to control the cookie preferences. For further information on how we use, store, and keep your personal data secure, see our Privacy Policy.
You can at any time change or withdraw your consent from the Cookie Declaration on our website
Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.
Your consent applies to the following domains: www.gdhiggins.co.uk
What are cookies ?
How do we use cookies ?
As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
What types of cookies do we use ?
Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket, and checkout securely.
Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit, etc. These data help us understand and analyze how well the website performs and where it needs improvement.
Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.
The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.
Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing content of the website on social media platforms.
Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.
The below list details the cookies used in our website.
| Cookie | Description |
|---|---|
| cookielawinfo-checkbox-advertisement | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category. |
| cookielawinfo-checkbox-analytics | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category. |
| cookielawinfo-checkbox-functional | The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category. |
| cookielawinfo-checkbox-others | Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others". |
| cookielawinfo-checkbox-performance | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance". |
| CookieLawInfoConsent | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. |
How can I control the cookie preferences ?
Should you decide to change your preferences later through your browsing session, you can click on the “Manage consent” tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more about how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.
Customer enquiries
When contacted with an enquiry, G&D Higgins Mechanical Services Ltd will hold the entity name and contact details only for the purposes of handling the enquiry.
How can you contact us?
If you have any queries about this Website Privacy Policy and/or our processing of your data, or you would like to exercise any of the above rights, you can get in touch with our Data Protection Officer by emailing lindarose.higgins@gdhiggins.co.uk
Complaints procedure
Should you be unhappy with the way we have processed your personal data, complaints can be made to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. For details on how to do this by visit www.ico.org.uk
Changes to this Website Privacy Policy
We may change this Website Privacy Policy from time to time. You should check this Website Privacy Policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website. You may also be notified of any significant changes by email.
Policy updated on 14/07/2023
G&D Higgins have further policies on;
- Acceptable Use Policy
- Access Control Policy
- Business Security Agreement
- CCTV Policy
- Change Request Policy
- Clear Desk Clear Screen Policy
- Computer Security Incident Response Policy
- Data Classification Policy
- Data Privacy Impact Assessment Risk Assessment Template
- Data Privacy Impact Assessment
- Data Protection Policy
- Data Retention Policy
- Data_Flow_Process_Mapping
- GDPR Policy Change Log
- ICO-gdpr_documentation_controller_template
- ICO-gdpr_documentation_processor_template
- Incident Response Plan
- Information Security Policy
- Legitimate Interests Assessment
- Mobile & Teleworking Policy
- Mobile Device and BYOD Security Policy
- Physical Security Policy
- Secure Destruction Policy
These are available on request from lindarose.higgins@gdhiggins.co.uk
