This privacy notice describes how Clark Contracts Ltd (“we”, “us” or “our”) collects and uses Personal Data, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other applicable data protection law in the United Kingdom (collectively “data protection law”). It applies to Personal Data provided to us, both by individuals or by others. Personal Data is any information relating to an identified or identifiable living person. Words used with first letter capitalisation (e.g. Personal Data), unless otherwise defined in this policy, have the same definition and meaning as under data protection law.
Clark Contracts, registration number SC088490, was founded in 1978 and over the past 40 years the firm has diversified and moved into specialist areas of construction, refurbishment and maintenance across the UK. Personal interactions are at the core of our business, so we have implemented this policy for reasons of lawfulness, fairness and transparency in relation to our use of Personal Data.
Clark Contracts acts as a controller and processor of data.
Any personal information we collect from this website will be used in accordance with the General Data Protection Regulation and other applicable laws. The details we collect will be used:
Given the diversity of the services we provide to clients we may process many categories of Personal Data. By way of example, we could collect and process:
We will only collect such Personal Data that is necessary for us to perform our services and we ask our clients only to share such Personal Data as required for that purpose. Where we identify that a client has provided us with unnecessary Personal Data we will either return that information to its source or destroy it, taking into account our client’s preference wherever possible. Generally, we collect Personal Data from our clients or from third parties acting on the instructions of the relevant client. Examples of this collection include when:
Here we set out the basis upon which we process Personal Data. Please note that we may process Personal Data for more than one lawful basis, depending on the specific purpose for which we are using that information.
We provide a diverse range of professional services, of which more information can be found here: https://clarkcontracts.com/about-us/ Many of our services require us to process Personal Data for purposes necessary for the performance of our contract with our clients and/or suppliers. For example, this may include business addresses, financial information, training records etc to facilitate the delivery of our contracts.
We may process Personal Data for the purposes of our own legitimate interests in the effective delivery of information and services to our clients, and in the effective and lawful operation of our businesses, provided that those interests do not override the interests, rights and freedoms of a Data Subject which require the protection of that Personal Data. Examples of such processing activities include retention of data for future business interest opportunities.
We will process Personal Data as necessary to comply with legal obligations. Examples of such processing include storage of legal contracts and / or warranties beyond the duration of the contract. We are also to keep certain records to demonstrate that our services are provided in compliance with our legal, regulatory and professional obligations.
In certain limited circumstances we may process Personal Data by consent for marketing purposes and future business opportunities. Where consent is the only basis upon which Personal Data is processed the relevant Data Subject shall always have the right to withdraw their consent to processing for such specific purposes.
It is our policy to only process Personal Data by consent where there is no other lawful basis for processing.
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our standard retention period for records is 5 years. The exceptions to the general retention period are legal obligations, contractual requirements and where required by HMRC. Our standard email retention period is 5 years. We continually review our data retention policies, and we reserve the right to amend the above retention periods without notice.
Other records, which are not required to be retained, will be kept for a period of time depending on:
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This is not only in accordance with our obligations under GDPR, but also in accordance with our regulatory obligations of confidentiality.
In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know, and our IT systems operate on a ‘least privileged’ basis by default. Third parties will only process Personal Data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify any affected Data Subject and any applicable regulator of a suspected breach where we are legally required to do so. In some circumstances we may anonymise or pseudonymise Personal Data so that it can no longer be associated with the Data Subject, in which case we may use it without further notice.
We will share Personal Data with third parties where we are required by law, where it is necessary to administer our relationships between clients and Data Subjects, or where we have another legitimate interest in doing so.
All Personal Data will be provided with adequate protection and all transfers of Personal Data outside the EU are done lawfully. Where we transfer Personal Data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
We will also share Personal Data with third-party service providers. For example, we use third parties to:
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
A Data Subject’s duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, either through your usual contact at Clark Contracts or by using one of the means set out at the end of this privacy notice.
Data Subjects may have certain rights under UK or EU law in relation to the Personal Data held by us about them. In particular, they may have a right to:
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time.
To withdraw consent to our processing of your Personal Data please email our Data Protection Officer, Iain Blair, firstname.lastname@example.org or, to stop receiving marketing emails, please click on the unsubscribe link in the relevant email received from us.
Any request by a data subject in accordance with data protection legislation to see any information that is held about them by us will be dealt with in line with GDPR recommendations. Data Subjects also have the right to make a complaint to the ICO, the UK supervisory authority for data protection issues. For further information on individual rights and how to complain to the ICO, please refer to the ICO website.
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review. This privacy statement was last updated on 24 May 2018.
If there are any questions regarding this notice or if anyone would like to contact us about the manner in which we process their Personal Data, please email our Data Protection Officer, Iain Blair at email@example.com.
Look inside our Head Office:
Look inside our Edinburgh Office