This policy is for the use of third parties, clients, or prospective clients, contractors or suppliers. This policy sets out the approach McMillan will take to comply with its legal obligations in relation to personal/sensitive data that it holds.
McMillan is part of a global organisation and we may hold your personal data on a client contact database especially if you are a client or potential client.
McMillan (Coppersmiths and Fabricators) Limited (McMillan) is a data controller for the purposes of the European General Data Protection Regulation (GDPR) and UK law.
Any questions about this statement can be sent to firstname.lastname@example.org.
This policy outlines how your data will be processed lawfully, fairly and in a transparent manner.
Why we hold information and what it is used for
McMillan do not sell, lease or rent Personal Data to third parties.
We hold certain Personal Data so we can communicate with you and manage our relationship. Sometimes we need this information to ensure that McMillan complies with its legal and contractual obligations with you, so for example, McMillan can pay you at the right time.
We collect data during our due diligence process, when you attend one of our Project sites or attend our offices. We do this so we can;
- Manage our business with you, set-up, administer and manager your relationship, associated accounts and records;
- for compliance and legal obligations;
- to protect the vital interests of a person; or
- a purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Data protection law requires us to process any personal data fairly and lawfully. This means that we must have a lawful reason for processing personal data from a list set out in legislation.
What personal information we hold
We collect your Personal Data when you complete our forms, through the use of online forms and when you e-mail your details to us. We also hold data about the transactions you undertake with us.
The law requires that we only hold the information we need and that we only use it for the purposes set out in in this policy. In our view, all of the information set out above is necessary for these purposes.
We will review the information that we hold in the first year once following this it will be every two years to confirm whether it remains necessary for the purposes set out in this policy.
Who we will share personal data with
We may disclose your Personal Data to any of the following recipients;
- any company within our Group (including to its employees and sub-contractors) that assists us in providing the services or that otherwise has a need to know such information;
- any third parties or other advisers auditing our business or who have the need to access such information for the purpose of advising us;
- Clients who we have contracts with to supply goods or services to their sites and in compliance with Health and Safety legislation (people attending sites will be give am individual privacy notice)
- any law enforcement or regulatory body which may have any reasonable requirement to access your Personal Data; or
- in the event that we sell or buy any business, assets or shares in part or whole we may disclose your personal details to such relevant third parties involved.
Transfer of data overseas
Where personal data is going to be transferred to another country or territory outside the EEA, we must ensure that it will be properly protected.
Where we are asked to permit the transfer of data outside the EEA, for instance where the third parties wish to carry out their services using an office outside the EEA, we will ask for information about the safeguards that the recipient will apply to any personal data that is transferred and ensure that an appropriate mechanism is in place to protect the personal data during and after the transfer, such as standard contractual clauses. We will not transfer personal data until appropriate checks have been made.
Whenever we engage new data processors, we will investigate at the outset of the engagement whether the nature of their operations requires the transfer of personal data outside the EEA and if so, on what mechanism transfers are based. We will not provide the new data processors with any personal data until we have received confirmation that satisfactory data protection measures are in place.
We retain your data for no longer than is necessary. This length of time is different for each type of personal data that we hold. We will keep our record retention periods under review.
At McMillan, we take privacy very seriously. We do need your information so that we can provide excellent HR services to you, however protecting your information and respecting your privacy is fundamental to maintaining your trust.
We need to obtain and use some of your personal information so that we can:
- Recruit and retain the best people;
- Manage your working relationship with McMillan and run our business in the best possible way;
- Protect you, the Company and our assets; and
- To comply with our policies and legal and regulatory obligations.
We will always take appropriate measures to keep your personal information confidential, secure and protected, including when we need to share it with our trusted managers.
What destruction of data means
Where data is held in a paper format, destruction means that the data will be shredded or sent to confidential waste for destruction.
Where data is held in an electronic format, destruction means that the data is put permanently beyond use.
Where data is held by third parties, we will rely on confirmation from them that data has been properly destroyed.
You may update your Personal Data at any time by contacting us using the details at the beginning of this document.
Requests for access to your personal data are free of charge.
Right to be forgotten and right to restrict processing
Someone can request erasure of their personal data without undue delay under certain circumstances including that it is no longer needed for the purpose(s) identified in this notice.
You can require us to stop processing your personal data when, for example, the person is contesting the accuracy of it.
We use a number of methods to ensure that all personal data information remains confidential.
If you have any questions, comments or concerns about your Personal Data and how McMillan is processing it please do not hesitate to contact the Compliance Officer. They can be contacted in the following ways;
FAO General Manager,
McMillan (Coppersmith& Fabricators) Ltd
Prestonpans Ind Est/Mid Rd
Telephone: 01283 566 661
Alternatively, you may contact the Information Commissioners Officer (ICO) directly. More information about the ICO can be found here https://ico.org.uk they are the UK body responsible for managing data protection compliance.