Privacy Policy & Data Protection

See our Data Protection policy and procedures to ensure the correct storage of yours and our employees data

1.0      GENERAL STATEMENT

Platinum Civil Engineering Ltd. is committed to the protection of all personal and sensitive data for which it holds responsibility and the handling of such data in line with the principles of the Data Protection Act (DPA) and the increased duties under the General Data Protection Regulation (GDPR). 

Platinum Civil Engineering Ltd. will comply with the requirements of the General Data Protection Regulation (GDPR) and respect the rights of individuals and organisations to have control of their data and to ensure it is protected, per our Data Protection Procedures.

To assure compliance, Platinum Civil Engineering Ltd. has designated a Data Controller, Amanda Atkins to take responsibility for the protection of data.

The Data Controller will ensure all employees within the organisation are aware of the legal requirements regarding GDPR and the duties placed upon them.

The requirements of this policy and the associated procedures are mandatory for all staff employed by Platinum Civil Engineering Ltd. and any third party contracted to provide services within the scope of any agreements with Platinum Civil Engineering Ltd. Changes to data protection legislation will be monitored and implemented in order to remain compliant with all requirements.

 2.0      ORGANISATION AND RESPONSIBILITIES

The Data Controller of Platinum Civil Engineering Ltd., Amanda Atkins will make available adequate resources for the implementation of General Data Protection Regulation (GDPR) and other related legislation and holds overall and final responsibility for the protection and disposal of data.

The Data Controller will also be responsible for the establishment of structures through which data protection can be dealt. To assist in the protection of the data both electronic and hard copy the Data Controller has the help of all employees.

All Employees must co-operate with supervisors and managers on all data protection matters. Employees will report all breaches of data protection concerns to the Data Controller. The Data Controller will maintain a record of the types of data held and how it will be destroyed.

3.0      Procedures

Privacy notice: 

Platinum Civil Engineering Ltd. will be transparent about the intended processing of data and communicate these intentions via notification to staff, customers, clients and suppliers prior to the processing of data.  

The intention to share data relating to individuals to an organisation outside of our organisation will be clearly defined within notifications and details of the basis for sharing given. Data will be shared with external parties only in circumstances where it is a legal requirement to provide such information or the individual has explicitly requested that we do so. Any proposed change to the processing of individual’s data will first be notified to them. 

On collection of data individuals have the following rights:

. The right to be informed;
. The right of access;
. The right to rectification;
. The right to erasure;
. The right to restrict processing;
. The right to data portability;
. The right to object;
. The right not to be subject to automated decision-making including profiling.  

Individual’s consent will be assured by:

. Reviewing records held and refreshing consent to contact those individuals;
. Offering genuine choice and control over what data is held;
. Obtaining a positive opt-in prior to contacting individuals, evidence of which will be kept (who, when, how, and what we told people);
. Ensuring individuals know that they can withdraw consent to be contacted and have their data removed at any time, and that this is an easy process;
. Never using pre-ticked boxes or any other method of consent by default;
. There will be no decision based solely on automated processing, including profiling;
. Profiling for marketing purposes will always require explicit consent.
. Avoiding making consent a precondition of a service;
. Keeping consent to contact separate from any other terms and conditions.


Data Access Requests: 

All individuals whose data is held by Platinum Civil Engineering Ltd., has a legal right to request access to such data or information about what is held. We will respond to such requests within one calendar month and they should be made in writing to: Amanda Atkins. No charge will be applied to process the request. 

Individual’s consent will be obtained in any instance of storing their data and kept under review, to be refreshed if anything changes. 

Any individual has a right to request for their data to be deleted. The data controller will then delete personal data on request and can only be retained where there are legitimate grounds or a legal obligation to retain the data. 

The Data Controller will identify the electronic and physical (e.g. printed) data is stored to ensure how to securely destroy all the information on the individual. An accurate record ofwhat data and information has been destroyed will be retained by the Data Controller

Data Security: 

The following principles of the Data Protection Acts (DPA) will be applied to all data processed:

. Data will be processed fairly and lawfully;
. Obtained only for lawful purposes, and is not further used in any manner incompatible with those original purposes;
. Accurate and, where necessary, kept up to date;
. Adequate, relevant and not excessive in relation to the purposes for which it is processed;
. Not kept for longer than is necessary for those purposes;
. Processed in accordance with the rights of data subjects under the DPA;
. Protected by appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage;
. Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection of the personal information;
. Not routinely disclosed or transferred to recipients outside of the UK.

Storage of Data:

Electronic Data may be stored on a number of facilities:

.   On the server hard drive
.   Individual computers and laptops
.   USBs and standalone hard drives
.   Information is backed up each night to an off-site location.

Paper documents and other hard copies will be stored in a secure manner.

All data within the organisation’s control shall be risk assessed and identified as personal, sensitive or both to ensure it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates.

To assure the protection of all data being processed and inform decisions on processing activities, we will undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.

Security of data will be achieved through the implementation of proportionate physical and technical measures. The Data Controller will be responsible for the effectiveness of the controls implemented and reporting of their performance.

The security arrangements of any organisation with which data is shared will also be considered and these organisations will provide evidence of the competence in the security of shared data.  Platinum Civil Engineering Ltd. retain the services of external IT professionals, MiMSP to assure all privacy and protective measures are in place to protect data stored electronically.

In the unlikely event of a breach of personal or sensitive data, the individual(s) concerned will be notified immediately.

Data Disposal:

The organisation recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk.

All data held in any form of media will only be passed to a disposal partner with demonstrable competence in providing secure disposal services.

All data will be destroyed or eradicated to agreed levels meeting recognised national standards, with confirmation at completion of the disposal process.

A Policy of shredding all material(where all paper-based information is destroyed prior to disposal) means employees do not have to make a decision about which information is confidential and which is not.

The Data Controller will observe the destruction of any obsolete or unused hard drive to ensure the data is not able to be recovered. Hard drives will be removed from any computer and destroyed prior to the computer being sold.