GDPR Policy

D. F. Keane Builders & Contractors collect as little personal information for storage as reasonably possible.

We are, however, obliged to collect and store some personal information for legal compliance and for the operation of our business.

Employees

We collect and store the following relevant information:

  • Name
  • Address
  • National Insurance Number
  • Bank Details
  • Date of Birth
  • Email Address
  • Salary
  • Pension Details
  • Driving License details for those driving company vehicles

Email Addresses are usually business addresses, with an @dfkeane.com extension. However, it may be possible that we would store personal addresses if requested by the employee.

Training records will also be kept, usually scanned to Google Drive, sometimes on paper. These records will not contain anything other than the aforementioned pieces of data.

Customers

We collect and store the following relevant information:

  • Name
  • Address
  • Telephone
  • Email

Subcontractors

In cases of subcontractors who are not registered as businesses, we collect and store the following relevant information:

  • Name
  • Address
  • Telephone
  • Email
  • Bank Details
  • National Insurance Number
  • Unique Tax Reference

As with Employees, our policy is to prefer business addresses, telephone and email addresses wherever possible. However, it may be possible that we store personal details if requested by the subcontractor for any reason.

Special Categories of Personal Data

D. F. Keane does not collect any data classified as a special category under the Regulation. These data include:

  • Race
  • Ethnicity
  • Political Opinion
  • Religion
  • Philosophical Belief
  • Trade Union Membership
  • Genetic Data
  • Biometrics
  • Health
  • Sexual Orientation

None of these categories are required for the operation of our business, and the collection of these types of data represent an unnecessary risk both for data protection purposes and potential discrimination matters.

How This Information Is Stored

This information is held in our Easybuild Accounting System. This system is accessible only by selected Users, authorised by a single Administrator. The Administrator controls which aspects of the system are accessible by the Users, and limits User access to sections required for the fulfilment of each User’s job role. The system itself is installed on a local server rather than a cloud based solution.

All User access is password protected. The information is not held outside of the Easybuild Accounting System, except in those cases required by HMRC, which are stored on paper and may include Names and National Insurance Numbers.

We keep paper invoices from subcontractors for at least 6 years as per HMRC guidelines. These invoices may include personal details of individuals related to those subcontractors. These invoices are scanned and stored in Easybuild as well as stored in lever arch files in our Head Office. Our Head Office is secured by a regularly maintained alarm system.

Our email and cloud storage is provided by Google G Suite. If, for any reason, some of the aforementioned data is input or uploaded to these systems, G Suite is GDPR compliant. See here for details.

What We Do with It

This information is collected and stored to facilitate certain business transactions. For instance, Bank Details are held to facilitate payments using the BACS system, and HMRC Details are held to facilitate tax collection and reporting obligations.

Sharing with Third Parties

For clarity, none of the information is used for Marketing purposes, nor is it sold to any third party. Some of the information is shared with HMRC for legal compliance (for example, reporting Tax and National Insurance deductions). We do not typically deal internationally. It is possible that some data may be stored on G Suite Services, which are compliant with GDPR as per this.

Our Policy in the Event of a Breach

While we endeavour to secure this information to the best of our ability, in the event of a breach leading to the sharing, be it malicious or inadvertent, of any of the aforementioned data, we will consider it our obligation to report said breach to both the Information Commissioners Office (ICO) and to the affected parties.

Data may not be processed unless there is at least one lawful basis to do so:

  • The data subject has given consent to the processing of personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.

In consenting to this privacy notice, you are giving D. F. Keane permission to process your personal data in the manner described above. You have the right to check or correct any data we hold about you at any time. It is our policy to respond to any request of this nature as quickly as possible.

Furthermore, you have the right to withdraw your consent at any time, at your discretion. You can request that we delete the information as described above and we will comply as soon as practically possible. Please be aware, however, that doing so may interrupt our ability to facilitate transactions, and we may be required to continue to hold and use some data for other legal obligations.