Roach Brothers Ltd - Privacy Notice for Clients

Who we are:

We are Roach Brothers Ltd. For the purposes of this notice, the term ‘we’ encompasses all those employed by us to carry out our business, either directly or as external contractors.

Our Contact Details:

If you have any questions about this Privacy Notice, please contact: enquiries@roachbrothers.co.uk

1. Privacy laws

The processing of personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.

2. The capacities in which we process data

In providing you with our services we will be acting both as;

1. a controller of personal data (as defined by Article 4(7) GDPR) with respect to any processing for which we determine the purpose and means. This includes data that we obtain from you in order to facilitate the administration of our business relationship and the fulfilment of our contract with you, and;

2. a processor of personal data (as defined Article 4(8) GDPR) with respect to the processing of data you share with us in order to fulfil a purpose determined by you. Data subjects wishing to ensure and enforce their privacy rights in respect of data sent to us by a data controller should contact that controller in the first instance. Roach Brothers Ltd will support the controller in complying with those rights as described in Appendix A of this Notice.

3. The purposes of this privacy notice are;

• To inform you about our processing of your data as a controller under 2(a) above, in accordance with the ‘transparency’ requirement of Article 13 GDPR, and;
• To establish the legal basis and other stipulations upon which we process data as a processor under 2(b) above in accordance with Article 28 GDPR (see Appendix A).

4. The types of personal data we collect

The personal data we use may include, but is not limited to:

• Your name, address and contact details, including email address and mobile telephone numbers;
• The names, addresses and contact details, including email address and mobile telephone numbers of other individuals in your company;
• The terms and conditions of your contract with us for the provision of our services.

5. How we collect the personal data

We may collect this information in a variety of ways. For example, data might be collected through;

• correspondence with you; or
• through interviews and meetings.

We may also obtain personal data indirectly from sources such as public registers.

6. Providing your personal data

We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide professional services to you.

7. What we use your personal data for

Fulfilment of contract

• Providing our construction and other services as defined in Letters of Engagement or contracts between us.

Other business purposes

• As necessary for our own legitimate interests or those of other persons and organisations;
• For good governance, accounting, managing and auditing our business operations both internally and by third parties;
• For surveys of client experience and quality of our services;
• To monitor emails, calls, other communications;
• For market research, other surveys and analysis and developing statistics for improving business performance.

To comply with a legal obligation

• When you exercise your rights under data protection law;
• For compliance with legal and regulatory requirements;
• For the establishment and defence of legal rights;
• For activities relating to the prevention, detection and investigation of crime, and;
• To investigate complaints, legal claims and data protection incidents.

8. The legal basis for processing

We will process your personal data under Article 6 (1)(b) of the GDPR, on the legal basis that processing is necessary for the performance of a contract for the provision of our services, or in order to take steps at your request prior to entering into a contract.

In addition, we may process your personal data on the following legal bases;

• Legal obligation: the processing is necessary for compliance with a legal obligation - Article 6 (1)(c);
• Vital interests: the processing is necessary to protect someone’s life - Article 6 (1)(d);
• Public interest: the processing is necessary to perform a task in the public interest - Article 6 (1)(e);
• Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third-party - Article 6 (1)(f).

9. Sharing of your personal data

Subject to applicable data protection laws we may share your personal data with;

• Sub-contractors and other persons who help us to provide services to you;
• Our legal and other professional advisors, including our auditors;
• Fraud prevention agencies, credit reference agencies, and debt collection agencies;
• Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office;
• Courts, to comply with legal requirements, and for the administration of justice;
• In an emergency or to otherwise protect your vital interests;
• To protect the security or integrity of our business operations;
• When we restructure or buy or sell our business or its assets or have a merger or re-organisation;
• Payment systems and providers; and
• Anyone other party where we have your consent or as required by law.

10. Use of your personal data for marketing purposes

With your consent, and subject to your communications preferences, we may use your contact details to send you emails containing information on new services which we think may be of interest to you. We will not share your data with any external party for marketing purposes. You are free at any time to change your mind and withdraw your consent by contacting us using the details given at the top of this Notice. This will not affect the services we provide to you.

11. How long do we keep your data?

Information may be kept for up to five years from the termination of the contract between us or the date of the last provision of services to you by us, whichever is the later.

Information may be held for longer periods where any of the following apply;

• Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have;
• Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
• Retention in accordance with other legal and regulatory requirements. We will retain your personal data after you have received services based on legal and regulatory requirements and obligations pertaining at any given time.

12. Your rights under applicable data protection law

Your rights are, where applicable;

• The right to be informed about processing of your personal data;
• The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
• The right to object to processing of your personal data;
• The right to restrict processing of your personal data;
• The right to have your personal data erased (the "right to be forgotten”);
• The right to request access to your personal data and information about how we process it;
• The right to move, copy or transfer your personal data ("data portability"); and
• Rights in relation to automated decision-making including profiling.

You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

13. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.

You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data;

Appendix A

Stipulations for acting in the capacity of a data processor

The data we process under 2(b) above will consist of data provided to us by a third-party acting as its controller. We will process such data on the understanding of the controller’s compliance with the provisions of the GDPR and, in particular, that;

• They have met the transparency requirements of Article 13 GDPR in respect of informing those data subjects about the sharing of their data with us and our processing of it, and;
• They have established and documented legal bases for the processing of their data. Where such legal bases include the consent of the data subject, they have obtained, and documented, informed and freely given consent.

In acting as a data processor on a controller’s instructions, we confirm that we shall respect the privacy rights and freedoms of those data subjects whose data they share with us. In particular, and in accordance with the requirements of Article 28 GDPR, we shall;

• Only act on their documented instructions, unless required by law to act without such instructions or it is in the vital interests of the data subject to do so;
• Ensure that people processing the data are subject to a duty of confidence;
• Take appropriate measures to ensure the security of processing;
• Only engage a sub-processor under a written contract which contains all of the technical and organisational measures necessary to ensure compliance with these stipulations and any other GDPR requirement relevant in the circumstances;
• Take appropriate measures to assist the controller to respond to requests from individuals to exercise their rights under GDPR;
• Taking into account the nature of processing and the information available, assist the controller to meet their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
• Delete or return all personal data to the controller (at their choice) at the end of the contract, unless the law requires its storage or one of the criteria detailed at Section 8 are met; and
• Submit to audits and inspections.