Personal Data

Processing of personal data

In this information message, Amvico (“Amvico”, “we”, “our”, “us”) explain how we process your personal data and how it is ensured that your personal data is processed in a responsible manner and in accordance with applicable data protection legislation.

 

1. General

1.1 You should always feel safe when you share your personal data with us. We protect and respect your privacy and strive for a high level of security in all personal data processing. We have therefore taken the technical and organisational security measures necessary in order to protect your personal data from unauthorised access, use, alteration and erasure. Examples of such security measures are access limitations and encryption of personal data.

 

2. Data Controller

2.1 Amvico (registration number 08636979) is the data controller for the processing activities carried out by or on behalf of us. This means that we determine the purposes of and means of the processing of your personal data, i.e. why and how we process your data.

2.2 If you have any questions regarding the processing of your personal data, please contact us by using the contact details listed under section 7 below.

 

3. What are personal data and personal data processing?

3.1 Personal data is all information which can be directly or indirectly (i.e. together with other data) related to a living natural person. Examples of such data include, but are not limited to names, IP addresses, absence and performance history and contact details such as telephone number, e-mail address and postal address. Even if the data itself cannot identify you as an individual, the data may still constitute personal data if it, together with other data, can be related to you.

3.2 In principle, personal data processing includes any operation performed on personal data, such as collection, recording, adaptation, alteration, use, storage, disclosure, blocking or destruction.

 

4. Our processing of your personal data

4.1 What personal data is collected and why?

 

Type of data Type of data Type of data
Name, address and other contact details e.g. telephone number or email address For the supply of services and fulfilment of contract;

To respond to complaints or enquiries;

To respond to and deal with an Environment and Health and Safty incidents;

To publish contact details of our suppliers on our internal intranet web pages in order for employees to contact suppliers;

If the company/organisation you represent orders services and/or goods from us or if we order services and/or goods from the company/organisation you represent, we will be in contact with you to deal with any questions or complaints regarding such services and/or goods.

Performance of contract; In compliance with a legal obligation to deal with incidents;

Legitimate interests in managing our relationship with you as a partner, supplier or client/customer

Accounting details i.e. bank details To process data in connection with invoicing, anti-fraud purposes and fulfilment of contract Performance of contract; Legitimate interests in managing our relationship with you as a partner, supplier or client/customer
Company registration number and unique tax reference number where applicable For the supply of services and fulfilment of contract Performance of contract; Legitimate interests in managing our relationship with you as a partner, supplier or client/customer
Special categories of personal data
Medical information / injuries To respond to and deal with Health & Safety incidents including reporting to regulatory bodies Legal obligation

 

If we do business with a sole trader we process the sole trader’s National Insurance number, instead of a company registration number, for the purposes of setting up the business relationship.

4.2 Additional information about the purpose and legitimate reasons for processing special categories of personal data

4.2.1 We may collect and process special categories of personal data (injury-related information.) for the purpose of responding to a Health & Safety incident. This processing is necessary for the compliance with legal obligations to which Amvico is subject. The data collated will only be used for this compliance purpose (and appropriate safeguards in the form of access controls will be introduced internally to ensure that this is reflected in reality).

4.3 How we collect your personal data

4.3.1 We may collect your personal data in a variety of ways for some or all of the purposes set out in section 4.1, for example:

  • When you or your representative contacts us through our website, by telephone, post, email or social media
  • When you or your representative is contacted by our teams
  • When you or your representative speaks to one of our employees or one of our approved contractors or sub-contractors in person
  • When you complete a survey, or register for services or other information
  • When you make payments to us or we make payments to you
  • When we receive your personal data from third parties, for example fraud prevention organisations, your representative when arranging work or by other individuals
  • When we collect publicly available information about you

4.4 When will the data be deleted?

4.4.1 Your personal data will be kept in line with statutory limitation periods.

4.5 Legal basis and legitimate interests for the personal data processing

4.5.1 We always process your personal data in accordance with applicable law.

4.5.2 The 6 lawful bases described under the GDPR are as follows

  • The processing is required for compliance with a legal obligation to which Amvico is subject;

(ii) The processing is required for the performance of a contract to which the data subject is a party;

(iii) The processing can be performed on the basis of the legitimate interests pursued by the controller;

(iv) The processing can be performed if the data subject has given his or her consent to it;

(v) The processing is necessary to protect the vital interests of the data subject;

(vi) The processing is necessary to perform a task carried out in the public interest or in the exercise of official authority.

4.5.3 In the event we were to process your personal data for any other purpose than those specified above, we will inform you about this by updating this information message or inform you at the point of collecting the personal data.

4.5.4 If we process your personal data for any purpose which, according to applicable legislation, requires your consent, we will collect your consent before commencing such processing.  Where you have given consent, you have the right to withdraw this at any time and can do so by contacting us.

 

5. Restrictions on disclosure of personal data

5.1.1 We may disclose your personal data to any of our group companies, contractors or sub-contractors were necessary for the reasons set out in section 4.1 above.

5.1.2 We may also engage external partners to perform tasks on Amvico’s behalf, for example, to supply IT services such as a work planning system. The performance of these services may mean that Amvico’s partners, both within and outside the EU/EEA, gain access to your personal data.

5.1.3 Companies that process personal data on our behalf must always enter into a data processor agreement with us so that we are able to ensure that a high level of protection of your personal data is maintained. Adequate safeguards are taken in relation to partners outside the EU/EEA, such as signing data transfer agreements, including the standardised model clauses for data transfer adopted by the EU Commission and which are available on the EU Commission’s website.

5.1.4 We may also disclose your personal data to third parties when

  • such action follows from a legal requirement or other statutory or public authority decision

(ii) information is disclosed to insurance companies, pension providers, credit card companies or benefit partners in accordance with what is described above

(iii) disclosure to a joint venture partner is required to facilitate the cross charging of costs as necessary 

5.2 We may also disclose your personal data to third parties, for example the police, HMRC or other public authorities, if it concerns criminal investigations or if we are otherwise required to disclose such data by law or public authority decision.

5.3 Amvico may collect data from clients in order to complete a contract. In such instances, Amvico is a data processor and agrees to comply with the GDPR.

5.4 Amvico will not disclose your personal data to any extent other than described in this section.

 

6. Your rights under applicable data protection legislation

6.1 In accordance with applicable data protection legislation, you have the right, at any time, to be granted access to the personal data we processed about you. You also have the right to rectification of inaccurate personal data, to request that we cease processing and delete your personal data, that the processing of your personal data is limited, to exercise your right to data portability and to object to the personal data processing.

6.2 It should be noted that in some cases, there are specific exemptions and restrictions regarding these rights. In regards to deletion, the right will not apply where the processing is necessary: (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; (c) for the establishment, exercise or defence of legal claims. With relation to limiting the processing of personal data, the personal data may still be stored and processed: (a) with the data subject’s consent; (b) for the establishment, exercise or defence of legal claims; or (c) to protect the rights of another natural or legal person.

6.3 If you wish to exercise any of your rights, please contact us by using the contact details listed in section 7 below.

6.4 You also have the right, at any time, to submit a complaint to the relevant supervisory authority if you find that your personal data is being processed in violation of the applicable data protection legislation.

6.5 In the UK, the supervisory authority is the Information Commissioners Office (ICO). The ICO’s address is:

Wycliffe House,

Water Lane,

Wilmslow,

Cheshire

SK9 5AF.

The contact numbers are: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. The fax number is: 01625 524 510. You can find out more about the ICO by visiting their website: www.ico.org.uk.

 

7. Contact details

7.1 Amvico ltd is the data controller for the processing of your data. If you have any questions about how we process your personal data, or have a question about data protection within our group, please contact by using the following contact details:

 

Post:

6-8 Bonhill Street
London
EC2A 4BX

Email:   enquiries@amvico.co.uk