c

Privacy notice - Suppliers

In this information message, Skanska UK (“Skanska”, “we”, “our”, “us”) explain how we process your personal data and how it is ensured that your personal data is processed in a responsible manner and in accordance with applicable data protection legislation.

1. General

1.1 You should always feel safe when you share your personal data with us. We protect and respect your privacy and strive for a high level of security in all personal data processing. We have therefore taken the technical and organisational security measures necessary in order to protect your personal data from unauthorised access, use, alteration and erasure. Examples of such security measures are access limitations and encryption of personal data.

 

2. Data Controller

2.1 Skanska UK (registration number 00784752) is the data controller for the processing activities carried out by or on behalf of us. This means that we determine the purposes of and means of the processing of your personal data, i.e. why and how we process your data.

2.2 If you have any questions regarding the processing of your personal data, please contact us by using the contact details listed under section 7.

 

3. What is personal data and personal data processing?

3.1 Personal data is all information which can be directly or indirectly (i.e. together with other data) related to a living natural person. Examples of such data include, but are not limited to names, IP addresses, absence and performance history and contact details such as telephone number, e-mail address and postal address. Even if the data itself cannot identify you as an individual, the data may still constitute personal data if it, together with other data, can be related to you.

3.2 In principle, personal data processing includes any operation performed on personal data, such as collection, recording, adaptation, alteration, use, storage, disclosure, blocking or destruction.

 

4. Our processing of your personal data

4.1 What personal data is collected and why?

Depending on Skanska’s relationship with you, some or all of the following types of personal data may be processed.

Type of data

Purpose

Legal basis

Personal Data

Name, address and other contact details e.g. telephone number or email address

 

         

For the supply of services and fulfilment of contract;

To respond to complaints or enquiries;

To respond to and deal with a Environment and Health and Safty incidents;  

To publish contact details of our suppliers on our internal intranet webpages in order for employees to contact suppliers;

If the company / organisation you represent orders services and / or goods from us or if we order services and / or goods from the company / organisation you represent, we will be in contact with you to deal with any questions or complaints regarding such services and / or goods;

To maintain accurate contractor and third party agreement records.

Performance of contract; In compliance with a legal obligation to deal with incidents;

Legitimate interests in managing our relationship with you as a partner, supplier,  client/customer or third party representative, including where required to investigate any health and safety matters or to defend a legal claim.  

The terms and conditions of your engagment as a third party or contractor

For the supply of services and fulfilment of contract;

To budget and plan work;

To benchmark the supply of services

Legitimate interests in managing our relationship with you as a partner, supplier,  client/customer or third party representative

Accounting details i.e. bank details

To process data in connection with invoicing, anti fraud purposes and fulfilment of contract

Performance of contract;

Legitimate interests in managing our relationship with you as a partner, supplier or client/customer

Company registration number and unique tax reference number where applicable

For the supply of services and fulfilment of contract

Performance of contract; Legitimate interests in managing our relationship with you as a partner, supplier or client/customer

Qualification and / or Skills competency registration details and / or career history

To ensure workers have the required qualifications and / or safety standards to perform their role where applicable

Performance of contract; Legitimate interests in managing our relationship with you as a partner, supplier or client/customer;

Public interest

NI Number

 

To use as your unique identifier to check skills/qualifications;

To be used by third party Drug and Alcohol test providers as a unique identifier

To comply with legal obligations and fulfil obligations to maintain Health and Saftey standards;

Legitimate interests in managing our relationship with you as a partner, supplier,  client/customer or third party representative

Special categories of personal data

Medical information / injuries

To respond to and deal with Health & Safety incidents including reporting to regulatory bodies

Legal obligation

Data revealing trade union membership

To comply with our legal obligations (for example GDPR) or to respond to and deal with Health & Safety incidents including reporting to regulatory bodies or dealing with trade union disputes

Legal obligation

Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law

Processing is necessary for the establishment, exercise or defence of legal claims

If we do business with a sole trader we process the sole trader’s National Insurance number, instead of a company registration number, for the purposes of setting up the business relationship.

4.2 Additional information about the purpose and legitimate reasons for processing special categories of personal data

4.2.1 We may collect and process special categories of personal data (injury related information.) for the purpose of responding to a Health & Safety incident or to comply with our other obligations, including GDPR. This processing is necessary for the compliance with legal obligations to which Skanska is subject. The data collated will only be used for this compliance purpose (and appropriate safeguards in the form of access controls will be introduced internally to ensure that this is reflected in reality).

4.3 How we collect your personal data

4.3.1 We may collect your personal data in a variety of ways for some or all of the purposes set out in section 4.1, for example:

      • When you or your representative contacts us through our website, by telephone, post, email or social media
      • When you or your representative is contacted by our teams
      • When you or your representative speaks to one of our employees or one of our approved contractors or sub-contractors in person
      • When you complete a survey, or register for services or other information
      • When you make payments to us or we make payments to you
      • When we receive your personal data from third parties, for example fraud prevention organisations, your representative when arranging work or by other individuals
      • When we collect publically available information about you

4.4 When will the data be deleted?

4.4.1 Your personal data will be kept in line with statutory limitation periods.

4.5 Legal basis and legitimate interests for the personal data processing

4.5.1 We always process your personal data in accordance with applicable law.

4.5.2 The 6 lawful bases described under the GDPR are as follows:

(i) The processing is required for compliance with a legal obligation to which Skanska is subject;

(ii)  The processing is required for the performance of a contract to which the data subject is party;

(iii) The processing can be performed on the basis of the legitimate interests pursued by the controller;

(iv) The processing can be performed if the data subject has given his or her consent to it;

(v) The processing is necessary to protect the vital interests of the data subject;

(vi) The processing is necessary to perform a task carried out in the public interest or in the exercise of official authority.

4.5.3 In the event we were to process your personal data for any other purpose than those specified above, we will inform you about this by updating this information message or inform you at the point of collecting the personal data.

4.5.4 If we process your personal data for any purpose which, according to applicable legislation, requires your consent, we will collect your consent before commencing such processing. Where you have given consent, you have the right to withdraw this at any time and can do so by contacting us.

 

5. Restrictions on disclosure of personal data

  • We may disclose your personal data to any of our group companies, contractors or sub-contractors where necessary for the reasons set out in section 4.1 above.
  • We may also engage external partners to perform tasks on Skanska’s behalf, for example to supply IT services such as a work planning system. The performance of these services may mean that Skanska’s partners, both within and outside the EU/EEA, gains access to your personal data.
  • Companies that process personal data on our behalf must always enter into a data processor agreement with us so that we are able to ensure that a high level of protection of your personal data is maintained. Adequate safeguards are taken in relation to partners outside the EU/EEA, such as signing data transfer agreements, including the standardised model clauses for data transfer adopted by the EU Commission and which are available on the EU Commission’s website.
  • We may also disclose your personal data to third parties when:
    • such action follows from a legal requirement or other statutory or public authority decision;
    • information is disclosed to insurance companies, pension providers, credit card companies or benefit partners in accordance with what is described above;
    • disclosure to a joint venture partner is required to facilitate the cross charging of costs as necessary.
  • We may also disclose your personal data to third parties, for example the police, HMRC or other public authorities, if it concerns criminal investigations or if we are otherwise required to disclose such data by law or public authority decision.
  • Skanska will not disclose your personal data to any extent other than described in this section.

 

6. Your rights under applicable data protection legislation

  • In accordance with applicable data protection legislation, you have the right, at any time, to be granted access to the personal data we processed about you. You also have the right to rectification of inaccurate personal data, to request that we cease processing and delete your personal data, that the processing of your personal data is limited, to exercise your right to data portability and to object to the personal data processing.
  • It should be noted that in some cases, there are specific exemptions and restrictions regarding these rights. In regards to deletion, the right will not apply where the processing is necessary:
    • (a) for exercising the right of freedom of expression and information;
    • (b) for compliance with a legal obligation;
    • (c) for the establishment, exercise or defence of legal claims.
  • With relation to limiting the processing of personal data, the personal data may still be stored and processed:
    • (a) with the data subject's consent;
    • (b) for the establishment, exercise or defence of legal claims; or
    • (c) to protect the rights of another natural or legal person.
  • If you wish to exercise any of your rights, please contact us by using the contact details listed in section below.
  • You also have the right, at any time, to submit a complaint to the relevant supervisory authority if you find that your personal data is being processed in violation of the applicable data protection legislation.
  • In the UK, the supervisory authority is the Information Commissioners Office (ICO). The ICO’s address is:

Wycliffe House,
Water Lane,
Wilmslow,
Cheshire
SK9 5AF.

The contact numbers are: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. The fax number is: 01625 524 510. You can find out more about the ICO by visiting their website: www.ico.org.uk

 

7. Contact details

Skanska UK Plc. is the data controller for the processing of your data. If you have any questions about how we process your personal data, or have a question about data protection within our group, please contact us by using the following contact details:

Post:
HR Risk and Compliance Team
Skanska UK Plc,
Maple Cross House,
Denham Way,
Maple Cross,
Rickmansworth,
Hertfordshire
WD3 9SW

GDPR inbox: Contact
Telephone: 01923 423600 option 4

Last updated: 24/10/2018