Amberon Group Ltd.

Privacy Notice (customers, suppliers and sub-contractors)
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

Who collects the information

Amberon Group Limited (a company incorporated and registered in England and Wales with company number 11665703) (Company, we and us) is a ‘data controller’ and gathers and uses certain information about you. When we do so, we are regulated under the Data Protection Act 2018 (and, for so long as the United Kingdom is a member of the European Union, the General Data Protection Regulation 2016) (Data Legislation).

About the information we collect and hold

What information
We may collect the following information when you provide it to us:

Purpose/ActivityType of dataLawful basis for processing including basis for legitimate interest
To respond to your enquiry which you have raised by filling in the contact form on our website or sending an email to our sales email address
  • Identity information
  • Contact details
Responding to your enquiry
To note you as a point of contact for a customer or supplier
  • Identity information
  • Contact details
Performance of a contract with the corporate customer or supplier
To be able to engage you (or your employer) to provide services to us
  • Identity information
  • Contact details
  • Training history and qualifications
  • Insurance details
  • Trade association memberships and accreditations
  • Medical information
  • Risk & Method Statements
  • Bank Details
  • Potential engagement with and/or performance of a contract with a supplier or subcontractor
  • Necessary for our legitimate interests (to engage the right suppliers/subcontractors)
  •  Necessary for us to pay for goods/services provided
To request a reference from you for one of our suppliers
  • Identity information
  • Contact details
  • Potential engagement with and/or performance of a contract with a supplier or subcontractor
  • Necessary for our legitimate interests (to engage the right suppliers/subcontractors)
To process and deliver an order for services to the corporate customer of which you are a contact, including:
(a) manage payments, fees and charges
(b) collect and recover money owed to us
  • Identity information
  • Contact details
  • Performance of a contract with the corporate customer
  • Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with our customer (for whom you are a point of contact) which will include:
(a) Notifying you about changes to our terms or privacy policy
  • Identity information
  • Contact details
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • Identity information
  • Contact details
  • Technical IT data
  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • Necessary to comply with a legal obligation

 

We may collect Special Categories of Personal Data about you (this includes information about your health and information about criminal convictions and offences).

How we collect the information

We may collect this information from you as detailed above, or via third parties and publicly available sources.

We may receive personal data about you from various third parties as set out below:
a) search information providers such as Google and other search engines;
b) identity and contact data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

 

How we may share the information
We may share your data with our third party suppliers. This data sharing enables them to supply the services to you. We may share your name and contact details with our group companies. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

 

Where information is held
We hold your personal information at our offices and on our electronic servers, which are located in our offices.

 

How long we keep your information
We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
For personal data held by us in connection with a customer enquiry which does not become a contract, or in connection with seeking references for a supplier or subcontractor where we do not engage that supplier/subcontractor, unless we have your consent to use your data for any other purpose, we will hold your name and contact details for 7 years on our servers.

For personal data held by us in connection with a customer contract, or in connection with seeking references for a supplier or subcontractor, unless we have your consent to use your data for any other purpose, after conclusion of the contract in connection with which we have your contact details, we will hold your name and contact details for the period we are required to retain this information by applicable UK tax law (currently 7 years).

For personal data held by us in connection with a supplier or subcontractor, we will hold your name, contact details, contract information, details of business bank/building society, training and qualifications, third party reference contact details, insurance policy cover including public, products, professional and employers’ liability insurance, trade association memberships and accreditations for 7 years on our systems and servers.

Your rights

Under the Data Legislation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your personal information
    access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on the ICO’s website concerning individuals’ rights under the Data Legislation.

If you would like to exercise any of those rights, please:

  • email, call or write to us (contact details are at the bottom of this page)
  • let us have enough information to identify you (e.g. customer account details, name, job title)
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
  • let us know the information to which your request relates

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

Changes to this privacy policy
You will be informed of any changes to this privacy policy via email and current versions are available from our IT Manager.

How to complain
We hope that our IT Manager Dean Fullalove can resolve any query or concern you raise about our use of your information. Dean can be contacted at ithelp@amberontm.com or via 01803 668083 or at Amberon House, Aspen Way, Paignton, TQ4 7QR.

If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.