This privacy statement described how Parsons Peebles Group Limited and our family of companies including our affiliates and subsidiaries (collectively “Parsons Peebles” or “we”, “our” or “us”) is committed to protecting the security and privacy of all personal information or data collected from you. We therefore conduct our business in compliance with applicable laws on data privacy protection and data security. This privacy statement tells you what to expect when we collect and process your personal information.
We try to meet the highest standards when processing your personal information. The data controller who is responsible for how we handle your personal information is the Parsons Peebles subsidiary with whom you standardly deal and who owns or delivers the services or the service media which collects, stores or uses your data. Any queries you have in relation to the same should be directed to Gillian Aird, Group Marketing & Communications Director.
Information We May Collect from You
We may ask you to provide certain information about yourself when you use our website or are in contact with us about the services and activities we provide (whether it is by telephone, email via the forms on our website, through applications or platforms we use, through our social media platforms or even face to face). The information collected may include:
We will generally not collect sensitive data from you via our website. Sensitive data is personal information which includes your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data, or information concerning your health or mental wellbeing or sexual orientation. Much of the additional specific information referred to in the previous paragraph will be sensitive data. Given the nature of the products and services we sell it is extremely unlikely that we will require to collect any sensitive data about you. Where we do require to process such sensitive data to provide services to you we will notify you in advance and will request your express consent in writing to process such sensitive data.
If you do not wish us to collect any of the personal information stated above, you should discuss this with us. We can explain the reasons for collection and discuss the consequences of not providing the information or of providing partial or incomplete information and the effect this may have on our ability to provide our services.
Uses Made of Your Information
By law we can only process your information if we can demonstrate the lawful grounds we have for doing so. Currently there are six potential lawful grounds for processing personal information, namely
If none of these grounds apply or ceases to apply we must cease processing your personal information immediately.
We may use personal information held about you in the following ways: –
|Activity or purpose of processing||Type of Data processed||What is our Legal Ground for doing this?|
|Registering you as a client or a service user||Your identity and contact details||Performance of a contract|
|Maintaining our relationship with you||Your identity and contact and profile details||Performance of contract|
Legitimate Interest i.e. to keep our records updated and identifying how you use our services
|Ensuring that content from our website is relevant to you and is presented in the most effective manner for you including seeking your views on our products and services||Your identity, contact, profile and technical details||Legitimate Interest i.e. to review the services we supply to you and to inform our overall marketing strategy|
|Processing or delivering our products and services including managing your contract||Your identity, contact, financial and transaction details||Performance of a contract|
|Payment for Services||Your identity, contact, financial and transaction details||Performance of a contract|
|Credit verification and fraud detection||Your identity, financial and transaction details||Performance of a contract|
|Administration of our website and business (including webhosting and support)||Your identity, contact and technical data||Legal Obligation|
Legitimate interest i.e. running business, ensuring security and performance of the website, admin and support, monitoring for viruses or malicious software
|To make suggestions that may be of interest to you such as available upgrades and enhanced or additional related services or products and advise you on service/security or technical issues that may affect you||Your identity, contact, profile and technical data||Legitimate interests i.e. to develop our services|
We will only retain your personal information for as long as is necessary in line with the purposes for which it was originally requested or collected or where we are required to do so for some legal or reporting purpose.
In working out how long we retain personal data we look the type of personal data involved, the purpose of processing, how sensitive or confidential the data is and at legal and commercial considerations including any legal obligations we have. By way of example by law we are required to keep accounting records for six years after end of the year in which the last transaction occurred. This means that we will be required to keep some basic client details for that purpose even although our relationship with you may be at an end. However, it should be noted that the requirement is basic client details and therefore it is not legitimate to also keep information such as your preferences for that period of time.
If you have any questions relating to either retention periods or more require more detail on the purposes of processing or the specific reason or legal grounds, we are relying on for that processing then please contact us for additional information.
Sharing Your Information
We will not sell the personal information that we collect from you and will only use it for the purposes set out in this privacy statement. We may share your personal information with the following parties: –
All third parties with whom we share your data are required to protect your personal data, treat it confidentially and to process it in accordance with the law. Where we use third parties we will take all reasonable steps to ensure that they are GDPR compliant and in particular that: –
IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. Where we use third party providers such as Google Analytics although these third-party services record data such as your geographical location, device, browser and operation system none of this information identifies you to us. We do not make and do not allow these third-party services to make any attempt to find out the identities of anyone who visits our website.
We may provide you with information on services and products that we may provide. This is regarded as marketing activity. We will only market to you where you have: –
If you have opted out of marketing, we will not send you any future marketing without your consent.
Each time we market to you we will always give you the right to opt out of any future marketing but would point out that you have the right at any time to ask us not to market to you at any time by emailing us at firstname.lastname@example.org rather than waiting on a specific opt out.
Security of Personal Data
We take information security very seriously. Your information and records will be stored securely to ensure privacy of your personal data. We take all reasonable steps to ensure that there are technical and organisational measures of security in place to protect your personal data from unauthorised access to or disclosure of it, and against loss or accidental damage or unauthorised alteration of it. Staff handling your personal data are also adequately trained in relation to the legal requirements for handling personal data. These include robust procedures for dealing with breaches including incident reporting and notifying the national supervisory or data protection authorities, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.
If you are based in the EU, then where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.
If you are based in the EU, we would point out that countries outside of the EEA do not always have similar levels of protection for personal data as those inside the EEA. The law provides that transfers of personal data in respect of EU based individuals outside of the EEA is only permitted where that country has adequate safeguards in place for the protection of personal data. Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the EEA or may use processors who are based overseas.
Where we use cloud-based services or third-party providers of such services and in either or both circumstances the data is processed outside of the EEA if you are an EU based individual that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to EU standards and in particular one of the following permitted safeguards applies: –
If none of these safeguards exist, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual you are free to withdraw this consent at any time.
In respect of personal information collected in respect of non-EU based individuals or services which are not performed within the EU we will also ensure where possible this meets the GDPR standards unless these conflict with local data protection laws. However, you should be aware that if the country you reside in or are a citizen of is outwith the EU and the services you request are being performed outwith the EU and your personal information is being stored there then that personal information may be in a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as provided under the GDPR.
In certain instances, you have rights as an individual which you can exercise in relation to the information we hold about you. These rights are:
Additional information about these rights can be found on the Information Commissioner’s website at www.ico.org.uk/for-organisation/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you have provided consent and we are relying on that as the legal ground of processing your personal information and wish to exercise your right to withdraw that consent you can do so at any time by contacting us at email@example.com.
Access to Personal Information
We try to be as open as we can in giving people access to their personal information. You can make a subject access request at any time about the personal information we process about you. Any request requires to be in writing and is not subject to any charges or fees. If we do hold any personal information about you, we will:
We will respond to a subject access request within 30 days. On occasion we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex we may take longer than this but shall keep you advised as to progress should this be the case.
If you believe that any information we hold about you is incorrect or incomplete you should email us at firstname.lastname@example.org.Any information which is found to be incorrect will be corrected as soon as possible.
We would prefer to resolve any issues or concerns you may have direct with you. If you feel you are unable to resolve matters by contacting us direct or are you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to your national data protection authority. For example, the Information Commissioner is the statutory body which oversees data protection law in the UK where Parsons Peebles have their corporate headquarters. They can be contacted through www.ico.org.uk/concerns.
Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to:
Group Director of Marketing & Communications
Parsons Peebles Group | Aquarius Court | Orchardhead Way | Innova Campus | Rosyth | Fife | KY11 2DW
Changes to this Privacy Statement
We keep our privacy notice under regular review. This privacy notice was last updated on 22nd May 2018.