TKC is presently undergoing the formal process to become ISO 9001 Registered and we expect to achieve this within the next business quarter. However, we would confirm at this time that each member of the Practice has worked previously for organisations who were fully ISO Registered and as a result, all are conversant with the methods and procedures required to design and undertake engineering works in all manners compliant with a quality system.
As such, we are all very familiar with and conversant to the requirement for proper and regulated:
- Checking and verification of designs and calculations
- Accurate logging of information
- Accuracy of internal filing including a documented and common coding structure
- The requirements of the CDM Regulations
It describes how we collect, use and process personal data, and how, in doing so, we comply with our legal obligations. Privacy is important to us, and we are committed to protecting and safeguarding people’s data privacy rights.
This Policy applies to the personal data of our Clients, Employees, Potential Clients, Consultants, Contractors, Suppliers and any Potential Employee.
For the purposes of the General Data Protection Regulations we confirm that the proprietor and operator of the website at www.thekeenanconsultancy.co.uk (the ‘Website’) is Keenan Culbertson Limited (t/a The Keenan Consultancy), 42 Rose Street North Lane, Edinburgh, EH2 2NP (‘we’, ‘us’, ‘our’ or ‘TKC’) who can be contacted via the contact section on the Website.
This policy is effective from 25 May 2018.
What kind of personal data do we store?
To provide the high-quality services we aspire to we require to process certain information. We will only ask for details that will assist us in the delivery of our service, such as name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and a work address details. If a private client, then we may also ask for a home address.
- Consultant/Contractors/Supplier Data
We collect a minimum amount of data from our consultants/contractor/suppliers to ensure that we can easily communicate and process transactions. We will collect contact details for the main contact and any associate contacts within the business that we feel will assist us in processing transactions and delivering projects. Other information such as bank details so that we can pay for the services provide (if this is part of the contractual arrangements between us) will also be obtained.
We collect a minimum amount of data from our employees and Directors to ensure that we can easily communicate and process transactions. We require information such as your name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and your work address details. Other information such as your NI number and bank details so that we can pay you and reimburse you for expenses.
How do we collect personal data?
We collect client data directly from our Clients, Consultants/Contractors/Suppliers and Employees/Potential Employees.
How will we use your personal data?
The main reasons for retaining our clients’ personal details are to keep them informed of their project, keep them advised on any potential projects and to keep them informed about our business.
- Consultant/Contractor/Supplier Data
The main reasons for retaining consultant/contractor/supplier personal data is to ensure that we can fulfil any contractual arrangements between parties, keep them advised on any potential projects and to keep them informed about our business.
If a potential employee sends us an application form, a CV or contacts us with personal information for employment purposes, we may store that information for 6 months. We do not share that information with any third parties and would only contact the potential employee within that 6 month period should a suitable post arise. Thereafter the information be removed from the system.
The main reasons for retaining your personal details are to pay you, provide you with legislative updates in accordance with UK law and keep you informed about the business. We will also hold next of kin contact details in case of any emergency.
How do we safeguard personal data?
Protecting personal information is important to us which is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, personal data. These processes include but are not limited to; encrypted server access, laptop devices are encrypted, all antivirus and gateway security settings are up to date and monitored and any online systems are protected by secure passwords and two stage authentication.
How long do we retain the data?
If we have not had meaningful contact with you for a period of six years, we will remove your data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
Who has access to the data?
Basic data (such as contact details) are accessible to all our staff for the purposes of assisting the flow of communications between our parties. Financial data is accessible to our Directors only with secure access available to our Chartered Accountants for accounting purposes. We assure you that we do not share any information with any other parties unless you specifically request this or we are legally obliged to do so.
Should you wish to be removed from our database you have the write to request this at any point by writing to the Data Protection Officer, Keenan Culbertson Limited, 42 Rose Street North Lane, Edinburgh, EH2 2NP or emailing us at firstname.lastname@example.org. We will process the changes/removal of the personal information within 10 days.
Our legal basis for processing your data
Article 6(1)(f) of the GDPR states that we can process personal data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
We think it reasonable that if the individual has communicated with us in the past or we have had meaningful contact with the individual within the past 6 years that there is legitimate interest that the individual will continue to benefit from our continued communication. We want to provide potential clients with the opportunity to hear about our services and to have the ability to request additional information from ourselves.
- Contractor/Contractor/Supplier data
We store and process the personal information of individuals within interested organisations to facilitate the receipt of services from them as one of our consultants/contractors/suppliers. We may also hold financial details, so that we can pay for services provided. We deem all such activities to be necessary within legitimate interests.
Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
In this context, a contract does not have to be a formal signed document, or even written down, if there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
Where we have entered into a contractual agreement to deliver services we will process the appropriate and required information to do so. i.e. address details of the business.
Security of Personal Data
Transmission of data and information via the Website or by email is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website or otherwise arranged between us. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people.
We set security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.