Privacy Policy

Privacy Policy – ICO Registration No: ZA364900

John McLeod Principal Contractors Ltd are committed to protecting and respecting your privacy. This Privacy Policy sets out in a transparent manner our aims and objectives to ensuring any identifiable data you choose to give or that is asked from you is in accordance with this policy and legislation. The policy outlines what data we collect, how it may be processed and how we will treat such data.

Data we collect

We may collect and process the following data;

  • Information that you choose to provide by completing contact forms on our Site including but not limited to; name and title, email address, telephone contact, demographic info.
  • Information you choose to provide when requesting further services from us.
  • Information given if you enter any competitions or promotions run by us.
  • Information given on completion of surveys / feedback.

Why we need to collect your data

Any information submitted via this website is transferred securely using TLS 1.2 (HTTPS) then processed and stored in accordance with our Data Storage and Classification Policy. We use this information solely to provide our services and fulfil contractual agreements. Examples of why we need to store your data include;

  • To process and manage you requests
  • To fulfil contractual agreements with you
  • To communicate invoices, statements and email communications to you
  • To send general (non- marketing) notifications to you
  • Internal Record keeping

How we store your data

We will take reasonable technical and organisational care to prevent a breach to integrity, confidentiality and availability of your data. We will endeavour to safeguard data by the following;

  • Company wide password guidelines in accordance with NIST recommendations (https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5wOrd)
  • Least privileged access, only those who require access to data shall have it
  • Firewall and appropriate cyber security including; regular patching, network firewalls, active anti-virus, internal policies for device management and general security awareness

We may use third party systems both in and out of the EEA to process and store your data for the purposes of day to day operational requirements, disaster recovery, accounting and project management. Each system used is vetted and is only used to process your data for our needs. Your data is never sold and or traded to third parties.

We have taken all reasonable precautions to safeguard transition and storage of your data, however due to the inherent risk of transferring and storing digital data we cannot safeguard against all eventualities. You understand by submitting data via this website you do so at your own risk.

Disclosure of your data

We may disclose data about you to any of our employees, suppliers or sub-contractors insofar as reasonably necessary for the purposes outlined within this Privacy Policy. We may also have to disclose data for the following;

  • If compelled by legal or regulatory bodies
  • To establish, or defend our legal rights and those of others for fraud prevention
  • In the event we sell or buy any business, assets or shares, in which case data may be disclosed to prospective buyers, shareholders
  • To selected third parties working on our behalf or those detailed on the “How we store your data” section. These include third party vendors that support our day to day operations, accounting, project management and general auxiliary business function

Policy Amendments

We may update this policy as required.  We encourage you to check this occasionally to ensure you are happy with any changes. This policy was last updated May 2018.

Your Rights

The General Data Protection Legislation (GDPR) gives you the right to request a copy of the data we hold about you. Your right of access is exercised in accordance with Law. We may impose a small fee for this service for administrative purposes if the request is time consuming and / or complex to fulfil. You may ask us to correct inaccurate data or remove data held.

If you require further information or would like to request a copy of your data held please contact – info@johnmcleod.co.uk

 

 

 

 

 

 

 

 

Suggest “The General Data Protection Legislation (GDRP) gives you the right to request a copy of the data we hold about you. Your right of access is exercised in accordance with law. We may impose a small fee for this service for administrative purposes if the request is time consuming and/or complex to fulfil. You may ask us to correct inaccurate data or remove data held.” As SARs (subject access requests) are meant to be free