Privacy Policy

PRIVACY POLICY

PRIVACY NOTICE (EXTERNAL)

INTRODUCTION

We are Grid Point Holdings Limited (Registered in England & Wales No. 09164038) and Grid Point Recruitment Limited (Registered in England & Wales No. 10778982). We act as joint data controllers in respect of the personal data which we use in the course of our business activities as an engineering contractor and as an employment business.

We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should also refer to this webpage periodically so that you may view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data. 

WHO SHOULD READ THIS PRIVACY NOTICE?
This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities. 

You should read this Privacy Notice if you are a:

  • Temporary Worker
  • Subcontractor
  • Supplier Contact
  • Client Contact
  • Referee

In some cases, you will fall into more than one of the above categories.

For an explanation of the definitions which are used in this Privacy Notice, please refer to the section at the end of the document.

INFORMATION FOR TEMPORARY WORKERS 
(WHERE WE ACT AS AN EMPLOYMENT BUSINESS)

Where We Obtain Your Personal Data
We will obtain personal data relating to you:

Directly if you have:
  • applied for a Client vacancy through us
  • uploaded your CV through our website
  • asked us to provide any work-finding services to you
  • provided any such data on any social media pages which we operate
  • engaged with us through any networking activities or events
  • had any discussions with us about finding temporary work

Indirectly from:
  • online professional networking sites such as LinkedIn
  • social networking sites such as Facebook or Twitter
  • job boards 
  • Clients who provide feedback about applications for temporary work which you have made, interviews which you have attended and assignments which you have carried out
  • Referees who provide information about your experience and their opinion as to your skills and aptitude
  • online industry databases such as the Construction Industry Training Board
  • where appropriate, third-party background checking services such as the Disclosure & Barring Service

Types of Personal Data We Hold

We will collect, store and process the following types of personal data about you:
  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
  • Your gender, date of birth, nationality and place of residence;
  • Your professional skills and experience;
  • Your qualifications, training and certifications;
  • Proof of your right to work in the United Kingdom such as copies of your passport and, where applicable, visa, residence permit or similar government documents;
  • Proof of your identity and address, such as copies of your driving licence, utility bills or similar documents;
  • Information about your current or most recent role, including your job title, department, reporting line, responsibilities, salary, benefits and notice period;
  • Your motivation and reasons for seeking new work;
  • Any information within your CV or any application document which a Client may require you to complete;
  • Any background information which you provide to us during the course of your dealings with us;
  • Details of any Clients to whom you have been introduced by us;
  • Details of any interviews which you have attended and our Clients’ feedback on those interviews; 
  • Details of any limited company through which you contract and how you are engaged by that company;
  • Information about the days and times which you have worked;
  • Your bank details, tax code and National Insurance Number; and
  • Information about any services which you have carried out, including any comments, feedback and issues relating to such services. 
We will also collect, store and use the following "special categories" of more sensitive personal data:
  • Information about your race or ethnicity;
  • Information about your health, including any medical condition, health and sickness records; and
  • Information about criminal convictions and offences, where relevant.

How We Use Your Personal Data

We use your personal data to:
  • Assess and verify your potential suitability for engagement with a Client;
  • Contact you in relation to any potential opportunities;
  • Introduce you to our Clients and potentially arrange for you to fill a vacancy;
  • Stay in regular contact with you to understand your current position, career aspirations and motivation for finding new employment;
  • Where applicable, make payments to you;
  • Contact you to ask for a referral; 
  • Produce anonymised statistical data;
  • Carry out compliance checks to ensure that we have complied with our legal and contractual obligations; and
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime 

Our Lawful Basis for Processing Your Personal Data

We have determined that we have a legitimate interest to process your personal data where you are a Temporary Worker, on the basis that it is necessary for us to maintain a database of individuals who are (i) actively seeking new engagement with a Client or (ii) potentially suitable for engagement with a Client. By processing your personal data and contacting you from time to time, we are able to gain an understanding of your current role (where applicable), your skills and experience, and your career aspirations. Our processing of your personal data is therefore of benefit to:
  • You, as it assists us to identify new opportunities about which you might not otherwise been aware and to give general support and guidance for the furtherance of your career;
  • Our Clients, who rely on us to have access to suitable, pre-qualified Temporary Workers who can fill their requirements; and
  • Us, as we are a business which relies upon being able to introduce Temporary Workers to our Clients
If you are a Temporary Worker, we may also need to process sensitive (special) personal data relating to you. The type of sensitive personal data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the type of work which you are proposing to carry out (ii) information about any unspent criminal convictions and, where relevant to the type of role which you are carrying out, spent convictions, police warnings etc and (iii) information about any trade union of which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site). 

We are acting as an employment business in our dealings with you. In accordance with Article 9 (2)(b) of the GDPR, this sensitive personal data is necessary in the field of employment. i.e. it is required for performing our obligations as an employment business and is used solely for this purpose. Any sensitive personal data shall be held strictly in accordance with our policies on data retention and sensitive personal data. 

We may also process equal opportunities information relating to you. This shall be anonymised and it is not therefore personal data within the meaning of the Data Protection Legislation.

Parties with Whom We May Share Your Personal Data

We may share your personal data for legitimate purposes with:

  • A Client where you have expressed an interest in being introduced to such Client or are being supplied to such Client on an assignment;
  • Any third-party which is engaged by the Client to assist them in the recruitment process including a managed service company, Recruitment Process Outsourcing provider or IT platform provider;
  • A Client-appointed auditor (and/or the Client itself) for the purposes of demonstrating that we have complied with our legal and contractual obligations;
  • A third-party company through which you are contracting;
  • A third-party to which you have specifically asked to be introduced or referred, such as an insurance company or intermediary (umbrella) company;
  • Background checking services such as the Disclosure & Barring Service;
  • Industry bodies such as the Construction Industry Training Board and any similar organisations which are relevant to the market sector in which you work;
  • Suppliers who in some cases may use their own subcontractors and sub-processors;
  • Our recruitment finance provider;
  • Governmental departments and agencies where we are permitted or required by law to do so.

We will share sensitive personal data relating to you with our Clients if there is a legitimate reason to do so. For example, we will share information about any medical condition which you have if it is relevant for health & safety purposes. We will share information about any convictions which you disclose as we are under a legal obligation to notify our Client of information which is relevant to your suitability to carry out a temporary assignment.

INFORMATION FOR SUBCONTRACTORS 
(WHERE WE ACT AS AN ENGINEERING CONTRACTOR)

Where We Obtain Your Personal Data
We will obtain personal data relating to you:

Directly if you have:
  • Contacted or engaged with us with a view to providing engineering services to us or to our Clients
Indirectly from:
  • Any third-party company or limited liability partnership through which you contract;
  • Clients who provide feedback about any services which you have performed;
Types of Personal Data We Hold
We will collect, store and process the following types of personal data about you:
  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
  • Your gender, date of birth, nationality and place of residence;
  • Your professional skills and experience;
  • Your qualifications, training and certifications;
  • Proof of your right to work in the United Kingdom such as copies of your passport and, where applicable, visa, residence permit or similar government documents;
  • Proof of your identity and address, such as copies of your driving licence, utility bills or similar documents;
  • Any background information which you provide to us during the course of your dealings with us;
  • Details of any services which you perform for us or for our Clients; and
  • Details of any third-party company or limited liability partnership through which you contract.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Subcontractor.

How We Use Your Personal Data
We use your personal data to:
  • Assess and verify your potential suitability to provide services to us or to our Clients;
  • Arrange for you to perform services;
  • Where applicable, make payments to you or to any third party through which you contract;
  • Carry out compliance checks to ensure that we have complied with our legal and contractual obligations;
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime; 

Our Lawful Basis for Processing Your Personal Data
Where you engage with us as a self-employed Subcontractor, we need to process your personal data as it is necessary for the performance of a contract to which you are a party.

Where you are contracting through a third-party company or limited liability partnership, we have a legitimate interest to process your personal data on the basis that it is necessary for us to maintain information about the individuals who are performing services on our behalf for (i) health and safety reasons (ii) security reasons and (iii) verifying that such individuals are competent and suitable for the performance of such services.

Parties with Whom We May Share Your Personal Data
We may share your personal data for legitimate purposes with:
  • A Client where you have expressed an interest in performing services for that Client or are being supplied to perform services;
  • A third-party company through which you are contracting;
  • A third-party company to which you have specifically asked to be introduced or referred, such as an insurance company or intermediary (umbrella) company;
  • Background checking services such as the Disclosure & Barring Service;
  • Industry bodies such as the Construction Industry Training Board and any similar organisations which are relevant to the market sector in which you work;
  • Governmental departments and agencies where we are permitted or required by law to do so.

INFORMATION FOR CLIENT CONTACTS

Where We Obtain Your Personal Data
We obtain personal data relating to you:
  • Directly in the course of dealing with you as a representative of the Client
Indirectly from:
  • online professional networking sites such as LinkedIn
  • your employer’s website and other industry-related websites
  • business information directories
  • other individuals within your organisation in the course of us providing services to the Client.

Types of Personal Data We Hold
We collect, store, and use the following categories of personal data about you:
  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
  • Your job title and position within the Client organisation; and
  • Any background information relating to your personal circumstances, your work history and the role which you perform within the Client which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.

How We Use Your Personal Data
We use your personal data to:
  • Contact you to obtain information about our Client’s requirements;
  • Liaise with you so that we may effectively perform the services to our Client;
  • Contact you to provide details of a potential Temporary Worker or Subcontractor;
  • Obtain a reference for a Temporary Worker;
  • Contact you for invoicing and credit control purposes;
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

Our Lawful Basis for Processing Your Personal Data
We have determined that we have a legitimate interest to process your personal data where you are a Client Contact on the basis that we need to be able to contact and interact with the individuals who represent our Clients. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business. We do not use your data in any way which could reasonably be considered to be prejudicial to your interests.

Parties with Whom We May Share Your Personal Data

We may share contact information relating to you:
  • With a Temporary Worker where such sharing is strictly required for the recruitment process or
  • With a Subcontractor so that they make arrange to provide services.

INFORMATION FOR SUPPLIER CONTACTS

Where We Obtain Your Personal Data
We obtain personal data relating to you:
  • Directly in the course of our dealings with you as a representative of the Supplier; and
Indirectly from:
  • online professional networking sites such as LinkedIn
  • your employer’s website and other industry-related websites
  • business information directories
  • other individuals within your organisation in the course of the Supplier providing services to us.

Types of Personal Data We Hold
We will collect, store, and use the following categories of personal information about you:
  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
  • Your job title and position within the Supplier organisation; and
  • Any background information relating to the role which you perform within the Supplier which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Contact.

How We Use Your Personal Data
We use your personal data to:
  • Liaise with you in respect of services which are being provided by the Supplier;
  • Contact you in relation to billing matters;
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

Our Lawful Basis for Processing Your Personal Data
We have determined that we have a legitimate interest to process your personal data where you are a Supplier Contact, on the basis that we need to be able to contact and interact with the individuals who represent our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible service which, in turn, is of direct benefit to both our Temporary Workers, Subcontractors and Clients. We do not use your data in any way which could reasonably be considered to be prejudicial to your interests.

Parties with Whom We May Share Your Personal Data
We will share your personal data with other Suppliers for legitimate business purposes, such as the maintenance of our database or the outsourcing of any sales ledger functions.


INFORMATION FOR REFEREES

Where We Obtain Your Personal Data
We obtain personal data relating to you:
  • Directly from you in the course of any communications between us; or
Indirectly from:
  • the Temporary Worker who has nominated you as his or her Referee
  • online professional networking sites such as LinkedIn
  • your employer’s website and other industry-related websites

Types of Personal Data We Hold
We collect, store, and use the following categories of personal data about you:
  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
  • Your job title and position within your employer; and
  • Any background information which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Referee.

How We Use Your Personal Data
We use your personal data to:
  • Contact you to obtain a reference on a Temporary Worker; 
  • Provide a copy of the reference to our Client;
  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

Our Lawful Basis for Processing Your Personal Data
We have determined that we have a legitimate interest to process your personal data where you are a Referee, on the basis that we are generally required to obtain references to comply with our contractual obligations to third parties and, in some instances, we are under a legal obligation to do so. It is therefore necessary and reasonable for us to process personal data relating to you strictly for compliance with these obligations. 

Parties with Whom We May Share Your Personal Data
We will share with our Clients the details of any reference which you give. We will usually provide your name, job title and employer name when doing so. In some circumstances and only when you have agreed to such disclosure, we will provide your contact details so that our Client may verify the reference or ask for further information. We will also share your personal data with Suppliers for legitimate business purposes.

WHERE WE PROCESS PERSONAL DATA
Your personal data is held and processed by us in the United Kingdom. 

We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the EEA where:

  • There are binding corporate rules in place regarding the transfer of such data within the Group, in accordance with Article 47 of the GDPR. This means that the data transfer is between group companies and those group companies have agreed to share that data in accordance with the rules specified by the European Commission.
  • The European Commission has made an adequacy decision in respect of such jurisdiction. This means that the European Commission has pre-approved the data privacy regime in the relevant non-EEA country. At present, the European Commission-approved jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
  • The transfer of data is subject to the model contractual clauses adopted by the European Commission. This means that we have a data-sharing agreement in place which complies with the requirements set out by the European Commission; or
  • You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you the same degree of protection as you have within the EEA.

USING OUR WEBSITE
This section applies to any interactions which you may have with our website at www.grid-point.co.uk (Website). In operating our Website, we may collect and process the following data about you:
  • Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data.
  • Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.
  • Information provided to us when you communicate with us for any reason.

On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website to our advertisers, where applicable. Such information will not identify you personally, it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve this Website.

We may gather information about your general Internet use by using a cookie file that is downloaded to your computer:
  • Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. 
  • Cookies help us to improve our Website and the service that we provide to you.
  • All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular areas of our Website.
  • For more information on cookies, you can read the guidance at http://www.allaboutcookies.org/ 

You might find links to third party websites on our Website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

AUTOMATED DECISION MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. 

All decisions which are made in the course of our business processes involve human intervention. We do not make any decisions using automated means. 

DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Directors.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Our standard data retention period is three years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will usually delete your personal data from our records. 

Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years in respect of audit data which we may be required to produce for HRMC and/or to prove compliance with our contractual and legal obligations. 
 
In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

RIGHTS OF ACCESS, CORRECTION, ERASURE & RESTRICTION 
Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. 

Your rights in connection with personal information. Under certain circumstances, you have the right to:

  • Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
  • Object to processing of your personal information where we are relying on a legitimate interest and you object on “grounds relating to your particular situation.” 
  • Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
  • Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not usually applicable to any data processing carried out by us.

If you want to exercise any of the above rights, please contact a Director using the contact details at the end of this document. We will consider your request and confirm the actions which we have taken in response to such request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Directors. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745  
Email: casework@ico.org.uk

DEFINITIONS

This Privacy Notice uses the following defined terms:

  • Client means a business which has engaged us to provide services or which we have identified as a business for which we wish to perform services.
  • Client Contact means a person who is employed or engaged by a Client and with whom we may liaise in respect of any services which we are providing or wish to provide to the Client. In some cases, the Client Contact and the Client may be the same person e.g. where a Client is a sole trader.
  • Data Protection Legislation means (i) the Data Protection Act 2018, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the Data Protection Act 2018 or the GDPR.
  • Referee means a person who has provided to us a written or verbal opinion in respect of the work history, skills, competency and/or experience of a Temporary Worker.
  • Subcontractor means a self-employed contractor or limited company contractor who we engage to provide engineering services to us or to our Clients on a subcontracting basis.
  • Supplier means a business which provides services to us and which may process personal data relating to any Temporary Worker, Subcontractor, Client Contact or Supplier Contact in the course of performing such services including our:
  • Professional advisers including accountants, finance providers, insurers, tax advisors and lawyers;
  • IT services providers and software providers; and
  • Independent consultants.
  • Supplier Contact means a person who is employed or engaged by a Supplier and with whom we may liaise from time to time in respect of the services which are provided by that Supplier.
  • Temporary Worker means a person with whom we are dealing in the capacity of an Employment Business and who is recorded in our records as seeking or potentially suitable for an engagement with a Client. This includes individuals who are not actively seeking a new role but who are in contact with us about potential opportunities which may be of interest from time to time.

CONTACTING US
If you have any questions about this Privacy Notice, you can write to the Directors at Grid Point, Albany House, 14 Shute End, Wokingham, Berkshire RG40 1BJ. Alternatively, you may telephone us on 0118 466 0293 or email us at jason.hamblin@grid-point.co.uk.


Share by: