Privacy Notice

Houlder views the protection, confidentiality and integrity of personal data as a critical responsibility that we take seriously at all times.

Introduction

This Notice sets out Houlder’s policy on the protection of information relating to staff members; workers; contractors; volunteers; interns (referred to as staff members); business customers; suppliers; partners, stakeholders and/or investors.  Houlder will ensure that data is always processed in accordance with the provisions of relevant data protection legislation including the General Data Protection Regulation (GDPR).

Any person who considers that the policy has not been followed in respect of personal data about themselves, should raise the matter with Houlder’s Data Protection Officer (DPO) initially.  If the matter is not resolved satisfactorily it could be raised as a formal grievance or complaint.

Data Processing

Data processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it.  Processing also includes transmitting or transferring personal data to third parties.

Personal Data

Personal data is any information identifying a data subject (a living person to whom the data relates).  It includes information relating to a data subject that can be identified (directly or indirectly) from that data alone or in combination with other identifiers Houlder possesses or can reasonably access.  Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Fair Processing Principles

In processing an individual’s data, the following principles will be adhered to.  Personal data will be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that are clearly explained and not used in any way that is incompatible with those purposes.
• Relevant to specific purposes and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the specified purposes.
• Kept securely.

Lawful Processing of Personal Data

Personal information will only be processed when there is a lawful basis for doing so.  Most commonly, Houlder will use personal information in the following circumstances:

• When it is needed to perform staff members’ contracts of employment.
• When it is needed to comply with a legal obligation.
• When it is necessary for the legitimate interests of our business, staff and/or third party (and fundamental rights do not override those interests.)  This includes:
  • Researching, developing and improving products or services.
  • Concluding and executing agreements with customers, suppliers and business partners.
  • Demonstrating the company’s capabilities through sharing personal experience and qualifications.
  • Recording and settling services, products and materials.
  • Managing relationships and marketing such as maintaining and promoting contact with existing and prospective customers, account management, customer service.
  • Development, execution and analysis of market surveys and marketing strategies.
• When it is necessary for the organisation and management of the business including financial management, implementation of controls, management reporting, analysis, internal audits and investigations.
• When it is necessary for health, safety and security including protection of an individual’s life or health, occupational health and safety and authentication of individual status and access rights.

Houlder may also use personal information in the following situations, which are likely to be rare:

• When it is necessary to protect staff members’ interests (or someone else’s interests).
• When it is necessary in the public interest or for official purposes.

In all cases, we will:

• Clearly identify communication as coming from Houlder.
• Send communications with the consent of the recipient or an implied legitimate interest gained through an existing business relationship.
• Ensure communications have an unsubscribe or opt out facility.

Data Security

Houlder has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Details of these measures are available upon request.  Access to personal information is limited to those staff members and other third parties who have a business need to know.

They will only process personal information on Houlder’s instructions and are subject to a duty of confidentiality.  Houlder expects staff members handling personal data to take steps to safeguard personal data in line with this policy.

Data Sharing

Houlder requires third parties to respect the security of data and to treat it in accordance with the law.  Houlder may share personal information with third parties in strictly limited circumstances, including regulators, to otherwise comply with the law.

Houlder may also share employee and subcontractor data with third-party service providers where it is necessary to administer the working relationship with staff members or where Houlder has a legitimate interest in doing so. 

Individual Rights

Under certain circumstances, individuals have the right to:

• Request access to personal information (commonly known as a “data subject access request”)
• Request erasure of personal information
• Object to processing of personal information where Houlder is relying on a legitimate interest (or those of a third party) to lawfully process it
• Request the restriction of processing of personal information
• Request the transfer of personal information to another party

If a Houlder staff member wishes to make a request on any of the above grounds, they should contact the Human Resources Manager in writing.  Other individuals should contact the Marketing Manager in writing.

Responsibility

Houlder has appointed a Data Protection Officer (DPO) who is tasked with overseeing compliance with Houlder’s Data Protection Policy, while responsibility lies with the Board of Directors.  All staff members, particularly those tasked with regularly handling personal data of colleagues or third parties, have responsibility for ensuring that processing meets the standards set out in our policy.