Fusion Building Systems, Fusion House, Scirocco Close, Moulton Park Industrial Estate, Northampton NN3 6HE
We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data about our employees, applicants for employment, clients, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is very important to us, and we are committed to protecting and safeguarding your data privacy rights.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data is Fusion Building Systems.
For the purpose of UK data protection laws, where we are not a data processor, the data controller is Fusion Building Systems, Fusion House, Scirocco Close, Moulton Park Industrial Estate, Northampton NN3 6HE
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
DATA PROTECTION PRINCIPLES
When processing your information, we must comply with the six enforceable principles of good practice.
These provide that your personal data must be:
- Processed lawfully, fairly and in a transparent manner,
- Processed for specified, explicit and legitimate purposes,
- Adequate, relevant and limited to what is necessary,
- Accurate and kept up-to-date,
- Kept for no longer than is necessary, and
- Processed in a manner than ensures appropriate security.
INFORMATION YOU GIVE TO US:
How do we obtain data about you?
We obtain data from our employees, applicants for employment, clients, suppliers and other third parties in some or all of the following ways:
- Corresponding with us by phone, email, letters or otherwise,
- Utilising our customer support functionality, for instance screen sharing software
- Providing customer and technical support
- Various employee related activities
- Interactive processes concerning providers of goods and service
- Communications with regulatory bodies and enforcement agencies
- From third parties, for example, named referees.
Information and Data we may hold:
Employees and Applicants for Employment – Typically, we collect details such as your name, contact details, education details, employment history, and right to work status (and of course you may choose to share other relevant information with us). We will store other pertinent details which could include elements such as records of interviews, information you have provided to us such as a CV and copies of correspondence, records of accidents and injuries, records of any disciplinary proceedings and training records
Below is a non-exhaustive list of personal data we may collect:
- Name; Age/date of birth; Gender; Photograph; Marital status; Contact details; Education details;
- Employment history; Emergency contacts and details of any dependants; Referee details;
- Nationality/citizenship/place of birth; Right to Work / Immigration status (whether you need a work permit);
- A copy of your address confirmation / passport and/or driving licence / identity card;
- National Insurance number and any other tax-related information;
- Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
- Details about your current remuneration, pensions and benefits arrangements;
- Information on your interests, both collected directly and inferred;
- Extra information that you choose to tell us;
- Extra information that your referees chooses to tell us about you;
Clients – If you are a Fusion Building Systems client, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services.
We usually only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to ensure that our relationship runs smoothly.
Suppliers – Usually all we require is contact details of relevant individuals at your organisation so that we can communicate with you, such as names, telephone numbers and email addresses. We also need other information such as your bank details so that we can pay for the services you provide as part of a contractual arrangement between us.
Other – such as Referees and Emergency Contacts (3rd party information)
In order to provide Employees with appropriate support, we require some basic background information (such as name, email address and telephone number). We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our employees.
We may use the information you give to us for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
|Purposes for which we will use the information you give to us||Legal basis|
|To enable our employees, applicants for employment, clients and suppliers of goods and services to comply with related legal and contractual requirements||It will be necessary for us to comply with a legal obligation to which we are subject under the relevant contractual, health and safety and employment laws and other applicable regulatory requirements|
|To perform the contracted services that our employees, clients and suppliers of goods and services, have requested from us.||It will be necessary for our legitimate business interests, namely for the performance of a contract entered into between ourselves, our employees, clients, suppliers of goods and services, or any other relevant data controller.|
|To notify our employees, clients and suppliers of goods and services, about changes to the services that we are providing.||It will be necessary for our legitimate business interests to ensure our employees, clients and suppliers of goods and services, are aware of the latest developments in relation to the services we are providing.|
|To notify our employees, clients and suppliers of goods and services, about changes to the services and communications platforms that we are providing to you and to additional services that are available to you.||It will be necessary for our legitimate business interests, namely to ensure that you are aware of changes to our processes and procedures which may affect you|
|To provide interested parties with any relevant information||Unless we are bound by legal or regulatory requirement to do so, we will only do this if you give us your consent by some specific, informed and unambiguous method.|
As stated in the table above, it is a legal obligation for you to provide us with certain information. It is also a contractual requirement for you to provide us with certain information.
All other information you give us is given entirely at your discretion. If you do not provide that information, then this may impede your ability to use our services.
INFORMATION WE COLLECT ABOUT YOU FROM OTHER SOURCES
During the normal operation of our business and the related processes, sales, purchasing and HR related activity, we may retain and put on file our employees, clients and suppliers of goods and services personal details, such as name, employer, postal address, email address and job title.
We may also collect information about you by using customer feedback software.
We may use the information we collect about you for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
|Purposes for which we will process the information||Legal basis for the processing|
|To administer business processes in an effective and efficient manner.||It will be necessary for our legitimate business interests that you receive the best possible service and support and ensuring that all contractual requirements are met.|
|It will be necessary for our legitimate business interests to ensure we continually improve our product and services.||If you do not allow us to collect this information, then we may be unable to offer you up to date information on procedural and product improvements.|
‘SPECIAL CATEGORY’ DATA
Other than in the case of employees, or applicants for employment, during the course of dealing with you, it is highly unlikely that we will collect information about you relating to your health. This is most likely to occur, for example, if you have an accident in the work place.
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your personal information with:
- HMRC, Health and Safety Executive and Information Commissioners Office
- Our auditors and quality assurance assessors;
- Selected third parties including:
- Your Employer, or any other relevant data controller,
- Business partners, customers, suppliers and sub-contractors to the extent we reasonably consider that it is in your best interests for us to do so, or it is necessary for our legitimate business interests,
We will disclose your personal information to third parties:
- in the event that we enter into negotiations to sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if Fusion Building Systems, or substantially all of its assets are acquired by a third party, in which case personal data held by it about you will be one of the assets transferred to the third party; or
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers in the United Kingdom.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- Entry controls. Phone Entry system.
- Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Equipment. Our internal policies require that individual monitors do not show confidential information to passers-by and that users lock or log-off from their computer when it is unattended.
- Hardware, Software and Databases. We use utilise proprietary cyber security software to protect our network and infrastructure, including Firewall Protection, Advanced Endpoint Protection, Application Whitelisting, Mobile Device Encryption and Vulnerability Scans. Our websites utilise encryption to protect security information and 2 stage authentication and login lockdown.
Some of the data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom who work for us, our group companies or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE WILL STORE YOUR PERSONAL DATA
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
|Legal Basis||Length of Time|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject.||We will use/store your data for as long as it is necessary for us to comply with our legal obligations.|
|Where we use/store your data because it is necessary for our legitimate business interests.||We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your data).|
|Where we use/store your data because you have given us your specific, informed and unambiguous consent.||We will use/store your data until you ask us to stop.|
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact; Quality Systems Manager by writing to the address at the top of this policy, or by emailing us at GDPR.firstname.lastname@example.org
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
We do not use automated decision-making processes.
CHANGES TO OUR POLICY
Any changes we make to our policy in the future will be posted on our portal and, where appropriate, notified to you by email or via social media. Please check our portal frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to; Quality Systems Manager by writing to the address at the top of this policy, or by emailing us at email@example.com