G&D Higgins Mechanical Services Limited

Website Privacy Policy

This Website Privacy Policy is effective from 25 May 2018

It is important for you to understand who is responsible for keeping your personal data safe. The website www.gdhiggins.co.uk is operated by G&D Higgins Mechanical Services Ltd  (“we” or “us”). We are the “controller” of all personal data collected and used for the purposes of providing this website and for any other purposes set out in this Website Privacy Policy in accordance with the EU General Data Protection Regulation 2016/679 and the Data Protection Act 2018.  This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.

Our Data Security Committee have ultimate responsibility within G&D Higgins Mechanical Services Ltd  for making sure that this Website Privacy Policy and the law are adhered to.  Our Data Security Committee can be contacted by emailing lindarose.higgins@gdhiggins.co.uk

Keeping your data safe

We are committed to keeping your personal data safe and secure, and handling it in compliance with current legislation. This Website Privacy Policy contains important information and we ask that you read it carefully. It details:

  • the personal data we collect about you
  • the reasons and ways we process your personal data
  • with whom your information might be shared
  • your rights in relation to that data; and
  • anything else we think is of importance to you relating to our processing of your personal data.

Who are we?

G&D Higgins Mechanical Services Ltd is a mechanical engineering company. Our primary trading area is the design, installation, and maintenance of M&E plant and equipment. In addition, we engage in property development and construction activities.

Collection of your data

Data from you or your use of our website

We collect some data directly from you when you register an enquiry with us or contact us via email.

This data may include the following:

  • Full Name
  • Company name
  • Telephone number
  • Email address
  • Postcode
  • Job title
  • Information about your project (If you choose to provide them); and
  • Marketing preferences.

There may be occasions where we also collect information that you voluntarily provide to us. For example, if you contact us with queries, complaints, comments or praise, or information that you post about yourself on public areas of various social media platforms (Voluntary Data).

Please note that we do not collect any information in relation to your payment information, such as credit/debit card details.

  • Access to your payment information is restricted to authorised staff only.

Payment information is never taken by us or transferred to us either through our website or otherwise.

  • Information about your direct debit

When you agree to set up a direct debit arrangement, the information you give to us is passed to our own bank [name of bank] for processing according to our instructions. We keep this information only for the duration of the direct debit arrangement.

Job application and employment

If you send us information in connection with a job application, we may keep it for up to six months case we decide to contact you at a later date.

If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.

Communicating with us

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business / organisation.

We do not keep any personally identifiable information associated with your message, such as your name or email address.

We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.

Bank account details are only kept for suppliers if this is approved and if you require us to pay your invoices by Bank electronic payments.

We also collect and use information about any service errors or interruptions that may have occurred while you were on our site so that we can create fixes and make technical improvements to www.gdhiggins.co.uk.

What do we use your data for?
It is important that you understand how and why we use the personal data that we collect about you.

We will collect your personal data:

  • In order to take the necessary steps in preparation of, or to fulfil our obligations under, a contract to:
    • fulfil orders placed by you;
    • process any other transactions authorised by you;
  • with your consent, to:
    • inform you of special offers;
    • provide marketing information to you which we think you may find of interest;
  • in our legitimate interest to improve our services, to:
    • archive data that that may be of historical or statistical value. This data may then be used at a future time for internal purposes, Third parties are not allowed access to this data for research purposes. This may include any of the Voluntary Data that you have provided. We will only ever capture personal data that has already been made publicly available in this way and for these purposes. When the sites are archived we anonymise or remove personal data. From time to time the data that we keep in our archive is reviewed and any data that is no longer considered of interest will be deleted or anonymized.
    • Personal data gathered or supplied by our clients relating to special residential projects/i.e. access etc. is wiped on completion of the project.

Any reliance on a legitimate interest shall not prejudice your interest or fundamental rights and freedoms.

How we use anonymised data

We may use aggregated and anonymised data for certain purposes, such as to help us understand what type of content users like. When used for this purpose, this data does not enable you or any other individual user to be identified.

Who do we share your data with?

In some circumstances we may need to share your personal data with closely vetted third-parties, for example where we use third-party suppliers to conduct services on our behalf. These third-parties include information security service providers who help us to manage our IT systems and ensure that they are secure.

We will also share your personal data with third parties in the following circumstances:

  • where you have specifically consented to us sharing your data with a particular third party;
  • where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.

We do not transfer or store your personal data outside the European Economic Area (EEA), however, in certain instances the third parties to whom we share your data may do so as part of their services to us.  In the event that your personal data is shared / transferred outside the EEA, we will ensure that adequate safeguards are in place to protect your personal data in accordance with data protection legislation.

How long we will keep your personal data

We shall only retain any personal data for as long as necessary for the original purpose in which it was collected.  For further information in relation to specific retention periods, please contact lindarose.higgins@gdhiggins.co.uk

Our approach to information security

To protect your information, G&D Higgins Mechanical Services Ltd  has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and sub­contractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.

Your rights

Your rights under data protection law and how you can exercise them are detailed in this section. In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right. We may also require additional information, i.e. to help us to locate the particular data specified in your request.

A request to exercise your rights will be responded to as soon as possible and no longer than one month from receiving your request and all necessary identification proof or further information. For particularly difficult or complex requests, or if you have submitted a large volume of requests, we may

take up to three months to respond. In such cases we will advise you as soon as possible, explaining why it will take longer.

The right to access information we hold about you

At any point you can contact us to request access to the information we hold about you as well as why we have that information, who has access to the information and where we got the information. A request to exercise this right is called a “subject access request”.

The right to object to processing of your data

You have the right to request that G&D Higgins Mechanical Services Ltd stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer used by us, we may continue to hold your data to comply with our other rights. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.

Restricted processing rights

You can ask for the processing of your personal data to be restricted in some circumstances, for example if your personal data could be inaccurate and needs to be verified, or if we no longer require the data but need to keep for you to exercise your own legal rights. Restricting your personal data means that we only store your personal data. We cannot continue to process it unless permitted to by you or in order to exercise a legal claim or to protect a third party or the public.

The right to correct and update the information we hold about you

If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated after we are satisfied that the new data you have provided is accurate.

The right to have your information erased

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. If we are required by law to comply with your request, we will fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.

The right to data portability

You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.


In those cases where we need your consent to hold your information, we will ask you to check a box on any form requiring consent.  By checking these boxes you are stating that you have been informed as to why G&D Higgins Mechanical Services Ltd  is collecting the information, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject.

If you wish to exercise your rights above, please email lindarose.higgins@gdhiggins.co.uk

Cookies and tracking

What are ‘Cookies’?

Cookies are small text files which are downloaded to your computer or mobile device when you visit a website or application. Your web browser (such as Internet Explorer, Edge, Mozilla Firefox or Google Chrome) then sends these cookies back to the website or application on each subsequent visit so that they can recognise you and remember things like personalised details or user preferences.

Cookies are very useful and do lots of different jobs which help to make your experience on websites as smooth as possible. For example, they let you move between web pages efficiently, remembering your preferences, target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests and generally improving your experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

There are two types of cookies, session or persistent, depending on how long they are used:

  • Session cookies only last for your online session and disappear from your computer or device when you close your browser.
  • Persistent cookies stay on your computer or device after the browser has been closed and last for the period of time specified in the cookie. These persistent cookies are activated each time you visit the site where the cookie was generated.

In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a product or service you have requested.

We currently only use 2 cookies to track that you have agreed to our use of cookies. This remain in your browser cache for 60 days.


If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this Website Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

When you use our website, either on a web browser or a device, the following 4 categories of cookies may be set:
1.‘Strictly necessary’ cookies
2. Functional Cookies
3. Analytics Cookies
4. Third Party Cookies

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website.  For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/

Customer enquiries

When contacted with an enquiry, G&D Higgins Mechanical Services Ltd will hold the entity name and contact details only for the purposes of handling the enquiry.

How can you contact us?

If you have any queries about this Website Privacy Policy and/or our processing of your data, or you would like to exercise any of the above rights, you can get in touch with our Data Protection Officer by emailing lindarose.higgins@gdhiggins.co.uk

Complaints procedure

Should you be unhappy with the way we have processed your personal data, complaints can be made to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. For details on how to do this by visit www.ico.org.uk

Changes to this Website Privacy Policy

We may change this Website Privacy Policy from time to time. You should check this Website Privacy Policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website. You may also be notified of any significant changes by email.

Policy updated on 1/1/2020

You can download a copy of this document from here 



G&D Higgins have further policies on;­

  • Acceptable Use Policy
  • Access Control Policy
  • Business Security Agreement
  • CCTV Policy
  • Change Request Policy
  • Clear Desk Clear Screen Policy
  • Computer Security Incident Response Policy
  • Data Classification Policy
  • Data Privacy Impact Assessment Risk Assessment Template
  • Data Privacy Impact Assessment
  • Data Protection Policy
  • Data Retention Policy
  • Data_Flow_Process_Mapping
  • GDPR Policy Change Log
  • ICO-gdpr_documentation_controller_template
  • ICO-gdpr_documentation_processor_template
  • Incident Response Plan
  • Information Security Policy
  • Legitimate Interests Assessment
  • Mobile & Teleworking Policy
  • Mobile Device and BYOD Security Policy
  • Physical Security Policy
  • Secure Destruction Policy

These are available on request from lindarose.higgins@gdhiggins.co.uk