LUX Technical Ltd and its subsidiary companies collects and processes personal data relating to its clients, policyholders (for insurance repairs) and suppliers. LUX Technical is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does LUX Technical collect?
LUX Technical collects and processes a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number,
- details of suppliers bank account for payments
- photographs (which may include timelapse or CCTV) for recording the progress of a project, security, media releases or Pre Qualification Questionnaire for tendering
LUX Technical collects this information in a variety of ways. For example, data is collected through contracts, trade and accreditation application forms, from forms completed by you at the start of or during the project or from insurance companies and their representatives, from correspondence with you; or through meetings or other assessments.
Why does LUX Technical process personal data?
LUX Technical needs to process data to enter into a contract with you and to enable the work to be completed in line with our contract.
In some cases, LUX Technical needs to process data to ensure that it is complying with its legal obligations. For example: HMRC, VAT and the construction industry scheme (CIS).
Where LUX Technical relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of clients, policyholder (for insurance repairs) and suppliers and has concluded that they are not.
Who has access to data?
Your information will be shared internally, with staff if access to the data is necessary for performance of their roles. Your information will also be shared with our subcontractors and suppliers if it is necessary for them to perform their duties to undertake the work for you.
LUX Technical will not transfer your data to countries outside the European Economic Area.
How does LUX Technical protect data?
LUX Technical takes the security of your data seriously. LUX Technical has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Data is stored in a range of different places, including in paper files kept at head office and site offices, Sage Accounts and Eque 2, CCTV data is kept on hard drives and we use other IT systems (including LUX Technical’s email system). All electronic files are password protected and are encrypted on our cloud based server and only relevant employees have access to this.
In order to enable the company to run and maintain its IT systems efficiently, our third-party provider, Clear Networks Ltd, will also have access to company files. They have signed a data processing agreement in line with GDPR.
Where LUX Technical engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does LUX Technical keep data?
LUX Technical will hold your personal data throughout the project. Once the project has been completed the data will then be securely held for a period of 7 years for the purposes of defending ourselves should there be any legal action brought against the company and for any HMRC inspections or for contractual purposes.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require LUX Technical to change incorrect or incomplete data;
- require LUX Technical to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where LUX Technical is relying on its legitimate interests as the legal ground for processing; and
- ask LUX Technical to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override LUX Technical’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact Olivia Clephane at firstname.lastname@example.org.
You can make a subject access request by completing LUX Technical’s form which can be requested from email@example.com.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 21 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
If you believe that LUX Technical has not complied with your data protection rights, you can complain to the Information Commissioner.
Peter Gibbons Date: – 20/01/2020
|Version Number||Change History (Detail amendments)||Date of next review|
|1.||Initial release||January 2020|