Search

Third party privacy policy

This policy describes how and why we collect store and use the personal data of third parties including our customers, suppliers, subcontractors, business partners, other stakeholders or members of the public during the course of running our business.

Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). 


Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, us, ourVolkerWessels UK and our group companies 
Personal dataAny information relating to an identified or identifiable individual 
Special category personal data

Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership

Genetic data

Biometric data (where used for identification purposes)

Data concerning health, sex life or sexual orientation

 
Data subjectThe individual who the personal data relates to 

Personal data we collect about you

The personal data we collect about you depends on the particular services and/or work we are carrying out and our relationship with you. We  may collect and use the following personal data about you which will include but is not limited to:

  • your name and contact information, including email address and telephone number, job title and company details;
  • the name of your organisation;
  • information to check and verify your identity, eg your date of birth;
  • location data, if you choose to give this to us;
  • personal information contained within whistleblowing reports, a complaint or report of a concern;
  • personal data necessary for subcontractor or supplier prequalification, tendering or subcontractor/supplier onboarding;
  • personal data necessary to manage and administer orders, contracts, invoices or other general administration which is necessary to manage our business relationship with your organisation or a third party.
  • information to enable us to comply with professional, legal or regulatory obligations to which we are subject.
  • your contact history;
  • information processed via our CCTV systems (where applicable);
  • information from our IT systems;
  • photographs;
  • information obtained via our corporate communication system.


How your personal data is collected

We collect most of this personal data directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information: 

  • from publicly accessible sources, eg Companies House or HM Land Registry or social media;
  • directly from a third party;
  • from cookies on our website—for more information on our use of cookies, please see our cookie policy which is available on our website
  • via our IT systems, eg:
    • from door entry systems and reception logs;
    • CCTV and access control systems, communications systems, email and instant messaging systems;


How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason, eg:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.

The table below explains what we may use your personal data for and why.

What we use your personal data forOur reasons 
Providing services to youTo perform our contract with you or to take steps at your request before entering into a contract 
Preventing and detecting fraud against you or usFor our legitimate interest, ie to minimise fraud that could be damaging for you and/or us 

Conducting checks to identify our customers and verify their identity

Screening for financial and other sanctions or embargoes

Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safety law

Depending on the circumstances:

—to comply with our legal and regulatory obligations

—for our legitimate interests

 
To enforce legal rights or defend or undertake legal proceedings

Depending on the circumstances:

—to comply with our legal and regulatory obligations;

—in other cases, for our legitimate interests, ie to protect our business, interests and rights

 
Gathering and providing information required by or relating to audits, enquiries or investigations 

Depending on the circumstances:

—to comply with our legal and regulatory obligations;

—in other cases, for our legitimate interests, ie to protect our business, interests and rights

 
To investigate whistleblowing reports or reported concernsFor our legitimate interests 
Ensuring business policies are adhered to, eg policies covering security and internet useFor our legitimate interests, ie to make sure we are following our own internal procedures  
Operational reasons, such as improving efficiency, training and quality controlFor our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you. 
Ensuring the confidentiality of commercially sensitive information

Depending on the circumstances:

—for our legitimate interests, ie to protect trade secrets and other commercially valuable information;

—to comply with our legal and regulatory obligations

 
Preventing unauthorised access and modifications to systems

Depending on the circumstances:

—for our legitimate interests, ie to prevent and detect criminal activity that could be damaging for you and/or us;

—to comply with our legal and regulatory obligations

 
Protecting the security of systems and data used to provide the services

To comply with our legal and regulatory obligations

We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, ie to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us

 
Updating and enhancing customer records

Depending on the circumstances:

—to perform our contract with you or to take steps at your request before entering into a contract;

—to comply with our legal and regulatory obligations;

—for our legitimate interests, eg making sure that we can keep in touch with our customers about existing orders and new orders

 
Statutory returnsTo comply with our legal and regulatory obligations 
Ensuring safe working practices, staff administration and assessments

Depending on the circumstances:

—to comply with our legal and regulatory obligations;

—for our legitimate interests, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service 

 
Credit reference checks via external credit reference agenciesFor our legitimate interests 
External audits and quality checks, eg for ISO accreditation and the audit of our accounts 

Depending on the circumstances:

—for our legitimate interests, ie to maintain our accreditations so we can demonstrate we operate at the highest standards;

—to comply with our legal and regulatory obligations

 

Who we share your personal data with

We may share your personal data with companies within the VolkerWessels UK group to the extent necessary to fulfil the relevant purpose. We may also share your personal data with third parties we use to help us to deliver our services and our customers or other suppliers and stakeholders where it is in our legitimate interests to do so. 

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

We or the third parties mentioned above occasionally also share personal data with:

  • our and their external auditors, eg in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
  • our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
  • law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.


How long your personal data will be kept

We will not keep your personal data for longer than we need it for the purpose for which it is used. 


Transferring your personal data out of the UK and EEA

It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. 

We will only transfer your personal data to a country outside the UK/EEA where:

  • the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. 
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
  • a specific exception applies under relevant data protection law.


Your rights

You have the following rights, which you can exercise free of charge:

AccessThe right to be provided with a copy of your personal data
RectificationThe right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)The right to require us to delete your personal data—in certain situations
Restriction of processingThe right to require us to restrict processing of your personal data in certain circumstances, eg if you contest the accuracy of the data
Data portabilityThe right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object

The right to object:

—at any time to your personal data being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims

If you would like to exercise any of those rights, please email us at gdpr@volkerwessels.co.uk and let us know what right you want to exercise and the information to which your request relates.


Keeping your personal data secure

We have appropriate security measures to prevent personal data from being lost accidentally or used or accessed unlawfully. 

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


How to complain

Please contact us if you have any queries or concerns about our use of your personal data on gdpr@volkerwessels.co.uk. We hope we will be able to resolve any issues you may have.

You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator). 


Updating your personal data

We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed.