Bellstan Ltd (“we” and “us”) are committed to protecting and safeguarding your personal data.
This privacy notice sets out how we will process personal data we collect about you and which you provided to us.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data.
What Information will we hold about our Supply Chain
We will process and store the following types of personal information about you or your company:
- Personal details – including Name, title, phone number, address, e-mail address, birth date, gender
- Next of Kin details, Contracts and HR Notes and Letters
- Training Qualifications/history and Site Inductions
- ID ref your Right to Work in the UK
- Payment Details – to included NI no., UTR no., Bank Details, Payments made.
- Insurances, Quotes and Invoices/Credit Notes
We will process and store the following “special categories” of more sensitive personal information about you or your company:
- Information about your health
- Accident and Incident Reports
- Drugs and Alcohol Results, if appropriate
- Criminal offences (if relevant to the contracts you are working on)
- Biometric Data
Where is your information collected from?
- Information you give us
- Information from third Parties (that include but are not limited to):
- Accountants, UP’s, The Disclosure and Barring Service, Drug and Alcohol Testing Services, recruitment agencies, health professionals and publicly available resources.
If you choose not to provide information – when requested, it may be necessary for us to exclude you from site or it may delay or prevent us from meeting our obligations.
When we can use your information?
- To administer payments
- Where it is necessary for us to perform the contract or contracts we have with you.
- Where we believe it is necessary to use your information to comply with a legal obligation to which we are subject.
- To manage risk for us and our supply chain
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audits.
Automated Decision Making
You will not be subject to decisions based on automated decision making.
How long we will keep your data for
We will keep your information for as long as necessary for us to fulfil our legal and business requirements.
Your data will be held securely and will only be accessible by staff, contractors and other third parties who are required to do so and have a business need to know.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Who we share your information with?
We engage third-party service providers to perform a variety of business operations on our behalf. In so doing, we may share your personal information with them. We provide our service providers with only the personal information they need in order to perform the services we request, and we contractually require that they protect this information appropriately and not use it for any other purpose.
The following activities are carried out by third parties service providers such as: Clients/Customers, Payroll Company, Pension Company, Professional Advisory Body, Drugs Testing Company, Health & Wellbeing Company, IT Company, Mobile Communications, Vehicle Tracking and External Training Providers.
We will share your personal data with third parties where we are required by law. (Ie. HMRC, HSE)
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing, whose details are provided below.
Right to Withdraw Consent
If you have consented to us holding your details you have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact us in writing. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data, subject to our retention policy, we will dispose of your personal data securely and you will no longer be able to access our sites or services.
If you talk to us over the Internet (for example by email) remember that this form of communication is not always secure. These kinds of messages may go through a number of countries before they are delivered. So, we cannot accept responsibility for any unauthorised access or loss of personal information if it is beyond our control.
Data Protection Officer
If you have any questions about this Supply Chain Privacy Notice or how we handle your personal information, please contact the Data Protection Officer whose details are as follows:
Name: Stefan Zaremba
Telephone Number: 0118 988 8078
Address: 19 Grovelands Road, Spencer’s Wood, Reading, Berkshire, RG7 1DP
If you are unhappy with the way that your personal information has been used by us or you wish to
seek further information on GDPR, please contact us as above. Alternatively, you can contact the Information Commissioners Office (https://ico.org.uk/).
Dated: 25th May 2018
Review Date: 1st January 2019
2nd Review : 6th January 2020