PRIVACY POLICY
Site Sentinel Limited takes data privacy very seriously and this notice is designed to help you understand how we use your personal information. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. We encourage you to read the whole notice.
THE PURPOSE OF THIS PRIVACY POLICY
1. Identity
We are Site Sentinel Solutions Limited (crn: 12628180, registered office: 87 Church Road, Hove, East Sussex BN3 2BB, United Kingdom); its subsidiaries and affiliates trading under the name of Site Sentinel.
2. Our use of personal information We provide construction site management solutions via hardware and software services and hardware supplies to our customers. In common with most construction site management solutions, we collect, use and share information, including personal information, in connection with providing our services and running our business. Your data is used to verify whether you can access a construction site using an automated process.
3. This privacy notice
This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:
- our operations in specific countries in order to help ensure our compliance with local data protection requirements
- specific services that we offer to our customers from time to time
If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.
4. Updating this privacy notice
This notice may be updated from time to time. This version is dated 9th December 2020.
5. What is personal information?
Personal information is information that relates to you or allows us to identify you. This includes obvious things like biometric data, your photographic likeness, name, address and telephone number but can also include less obvious things like your attendance at a particular location or analysis of your qualifications and clearances.
6. Our responsibility to you
We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.
7. Data protection officer
We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:
- an email to: dpo@secandi.associates
- a letter to: The Site Sentinel Data Protection Officer,c/o Secandi Associates Ltd, 87 Church Road Hove East Sussex BN3 2BB, United Kingdom.
YOUR PERSONAL INFORMATION
8. Why are we collecting personal information about you?
We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:
- you are a customer or user of the software and hardware solutions provided by Site Sentinel
- you are the representative of a customer or end user in an ongoing project or installation
- your information is provided to us by a customer or end user, or we otherwise obtain your information, in connection with the provision of our goods and services
- you provide services to us (or you represent a company which provides services to us)
- you represent a regulator, certification body or government body which has dealings with us
- you attend our seminars or events, receive our updates or visit our offices or websites
- you are an applicant for a job with us
9. What personal information do we collect about you?
The types of information we process about you may include:
Individual details: Name and contact details (e.g. email and telephone numbers).
Identification details: all details and data contained within your Construction Skills Certification Scheme (CSCS) card.
Project details: Information about you which is relevant to a project or location at which we are supplying our goods and services to a customer.
Special categories of personal information: Information about your health limited to your temperature and biometric data.
10. Where do we collect your personal information from?
We collect your personal information from various sources, including:
- you
- your employer and any contractors at the relevant construction site
- our customers and our service providers
- government agencies and publicly accessible registers or sources of information (eg CSCS)
- by actively obtaining your personal information ourselves, for example through the use of website tracking devices
Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or our customers, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.
OUR USE OF YOUR PERSONAL INFORMATION
11. How do we use your personal information?
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
| Purpose/activity | Type of data | Lawful basis for processing |
|---|---|---|
| Registration and identification | Name, email, mobile number and biometric data |
Consent Performance of a contract with you |
| record data about your access to and from the construction site and the |
CSCS card data (name, qualifications, CSCS card details) Location |
Consent Performance of a contract with you |
| The creation of attendance reports to our customers and to any contractors to whom they have delegated management responsibilities relating to the construction site | Name, CSCS card data Location |
Consent Performance of a contract with you |
| Temperature checks | Temperature (health) |
Consent Public Task |
| Approve/authorise your access to a construction site via identity verification | Facial imagery |
Consent Performance of a contract with you |
| To manage our relationship with you including notifying you of changes to any Services |
Identity Contact Marketing and Communications |
Consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions) |
|
To deliver content and advertisements to you To make recommendations to you about goods or services which may interest you To measure and analyse the effectiveness of the advertising we serve you |
Identity Contact Device Content Profile Usage Marketing and Communications Location |
Consent Necessary for our legitimate interests (to develop our products/Services and grow our business) We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. Purposes for which we will use your personal data |
12. Consent
Where we process your personal information based on your consent only, you have the right to withdraw your consent at any time. To withdraw your consent please email us at dpo@secandi.associates or, to stop receiving our marketing emails or business news, please click on the unsubscribe link in the relevant email you receive from us.
13. Do we share your information with anyone else?
We do not sell your information nor make it generally available to others. But we do share your information in the following circumstances:
- our business is made up of a number of different entities. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our network of businesses. All of our business entities manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements
- where we have collected your personal information in respect of a construction project or construction site on which we are assisting a customer, we may provide your personal information to the customer or to other parties involved in the matter - for example, another party's site managers, health and safety advisors and surveyors - where it is necessary for us to do so in relation to the project or location
- if you are a customer, licensee of the software solution or end user, then we might provide your relevant information to third parties so they can verify your identity and CSCS card details
- in the course of providing our goods and services, we may require the assistance of various external providers of professional services and of support services. The use of these services might involve the service provider receiving your relevant information from us
- we use the services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) involve the service provider holding and using your personal information
- where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information
- if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business
- we share your personal information with other third parties, such as relevant regulators, where we are required to do so to comply with legal or regulatory requirements
In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes.
OTHER IMPORTANT THINGS YOU SHOULD KNOW
14. Keeping your personal information safe
We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process.
15. Profiling and automated decision making
We do not use profiling (where an electronic system uses personal information to try and predict something about you) but our systems do use automated decision making (where an electronic system uses personal information to make a decision about you without human intervention). Your access to a site is determined via an automated identity verification process.
16. How long do we keep your personal information?
We do not keep your personal information forever.
We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal, accountancy and regulatory requirements to retain the information for a minimum period, limitation periods for tax investigations, taking legal action, good practice and our business purposes.
17. Cross border transfers of your personal information
We are currently operating solely in England and Wales but in the future may become a global business that provides goods and services to our customers in diverse territories.
When and if relevant, the global nature of our business will mean that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.
Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data
protection laws. Generally, this means where we transfer your personal information to a third party that is located in a country which does not have adequate privacy protection, we will put in place a contract with the third party that includes the standard international data transfer contractual terms approved by the European Commission.
If you would like further details of how your personal information is protected when transferred from one country to another then please email us at dpo@secandi.associates
18. Local differences
Whilst this notice describes the data protection practices adopted by us in the United Kingdom, local data protection laws vary and some countries may place restrictions on our processing activities. Any country-specific differences in our data protection practices to help us comply with local requirements will be uploaded as and when relevant to our business.
YOUR RIGHTS
19. Contacting us and your rights
If you have any questions in relation to our use of you personal information, please email us at dpo@secandi.associates
Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your personal information
- provide you with a copy of the personal information we hold about you
- update any inaccuracies in the personal information we hold about you
- delete any of your personal information that we no longer have a lawful grund to use
- delete any of your personal information that we no longer have a lawful grund to use
- where processing is based on consent, stop that particular processing by withdrawing your consent
- object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
- restrict how we use your personal information whilst a complaint is being investigated
- transfer your personal information to a third party in a standardised machine-readable format
In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.
20. Your right to complain
If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority in your country.
We view the UK data protection regulator, the Information Commissioner's Office (ICO), as our lead data protection supervisory authority. Details of the ICO can be found at https://ico.org.uk.
If you are unsure of the authority that supervises our processing of your personal information then please email us at dpo@secandi.associates