DPC seeks to provide high quality engineering services to a variety of industry sectors and holds personal and business information of customers, suppliers and employees to facilitate the delivery of this service.
As a data controller, DPC is committed to the protection of the confidentiality and integrity of personal information and this policy sets out how this data is held and protected.
Information protection principles
DPC will comply with information protection law, so personal information we hold must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes and not used in any way that is incompatible with those purposes.
3. Relevant to the purpose of use and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purpose intended.
6. Kept securely.
Purpose for collecting personal information
Personal information is collected and retained for the following purposes:
Customers: We will collect personal data with the overall aim of providing a better service and to enable us to perform the necessary administration of the associated standard of work contracted to undertake.
Suppliers and Sub-contractors: for the completion of orders or contracts in direct relation to the on-going continuation of the business relationship.
Employees: for contract of employment and associated records and communication.
Personal information collected and retained
The following information may be collected and retained:
Customers, suppliers and sub-contractors: through direct contact, via e-mail, post or by phone and may include variations of names, positions, copies of qualification certificates and direct contact details i.e. e-mail addresses, phone numbers etc
Employees: from direct contact, details may include the name, address, telephone number, e-mail address, date of birth, gender, marital status, salary, bank, pension, national insurance, employment detail and any human resources administration i.e. qualifications, photographs etc
Your right to withdraw consent
Personal information will only be used for the purposes stated above unless we are under a legal obligation to share your personal data. You have the right to withdraw your consent at any time by contacting us.
Security Integrity and Confidentiality
Personal Information is secured and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Internal controls ensure confidentiality of data and availability to authorised personnel only.
Access and sharing
The information is only used in communication between DPC employees and the related company or individual as part of normal auditing, recording, reporting, analysis and research within the context of the agreement between the relevant parties.
Any company or individual has a right to request access to their personal information regarding correction, erasure, restriction or to object to its processing.
Please contact us if you would like a copy of the information held about you.
Storage and Security
Storage: all personal information is retained on the main DPC server and secure backups. Suitable security measures are in place which are reviewed regularly.
Security: all third-party service providers are required to take appropriate security measures to protect your personal information in line with our policy and we do not allow our third-party service providers to use your personal information for their own purposes.
As a duty of confidentiality, measures are in place to protect the security of your information to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Security Breaches: procedures to deal with any suspected information security breach are in place including immediate communication to any relevant parties regarding the breach and any actions taken.
Personal information is only retained for as long as necessary to fulfil the purposes it was collected for, during the period of the contractual relationship and may include satisfying any legal, accounting, or reporting requirements. This appropriate retention period will also consider the purpose, amount, nature, sensitivity, potential risk of harm from unauthorised use or disclosure of personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Hard Copies are shredded or disposed of in a manner that the details cannot be used.
Computer Records are deleted from the appropriate storage facility.
Changes to this privacy notice
The policy is subject to change as necessitated by policy and law updates.
Dated 22nd May 2018