0118 907 1533 info@gravity-ce.co.uk

Privacy Policy

Data protection policy

This privacy policy applies to our use of any and all data collected by us or provided by you.

The General Data Protection Regulation, known as GDPR came into effect in May 2018, it will be incorporated into the new Data Protection Act 2018 (the legislation) that will supersede the UK Data Protection Act 1998 and a new Irish Data Protection Act that will supersede the Irish Data Protection (Amendment) Act 2003.

Gravity Consulting Engineers Ltd are committed to protecting and processing any personal data in accordance with the GDPR. This includes a requirement to have appropriate security to prevent it being accidentally or deliberately compromised.  Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing, accidental loss or destruction of, or damage to, personal data.

The policy applies to all data the company holds relating to individuals, it includes

  • Names of individuals, including job title and profession
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Any personal information given when website visitors make an enquiry via our website
  • Plus any other relevant information relating to individuals

Responsibilities

Everyone who works for Gravity Consulting Engineers Ltd has the responsibility for ensuring data is collected, stored and handled appropriately.

We may disclose your personal information, e.g your name (to our employees and insurers) in so far as is reasonably necessary.

We will not without your consent, supply your personal information to any other third party for the purpose of their or any other third party’s direct marketing.

We will retain documents (including electronic documents) containing personal data to the extent that we are required to do so by law. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information (secure password and firewall protected server).

Employees will keep all data secure, by taking sensible precautions and following guidelines below

  • Strong passwords must be used
  • Personal data will not be disclosed to unauthorised people.
  • Data will be regularly reviewed and updated, if it is not required it will be deleted.

Data storage

Paper

All data sensitive paperwork will be stored in a secure place where unauthorised people cannot see it. Data printouts will be shredded when they are no longer required.

Electronic

Access to the system will be protected by strong passwords. Removable data discs will be stored in a secure place where unauthorised people cannot access them. Any data stored on servers will be in designated drives and not uploaded unless to approved services. Personal information will be stored in a secure location on the server with restricted access. Company information will not be saved to laptops. All servers and computers containing data should be protected by approved security software and firewalls

Gravity Consulting Engineers Ltd are required to retain certain details of project designs including any change requests, RFI’s and variations for a period of 12 years as per our requirement to provide Professional Indemnity insurance for 12 years following the completion of a project. Once this date has passed all data will be deleted.

Website

By using our website you (or whomever you use it on behalf of) are deemed to accept that this policy applies between you, as user of our website, and us, Gravity Consulting Engineers Ltd, the owner and provider of this website. This policy is applicable to our use of any and all data collected by us in relation to your use of the website and any services or systems in or from our website.

Whenever you use our site the following information will be automatically collected in relation to your access: IP address originating access, web browser type / version used, operating system used, a list of the URLs you use (starting with a referring site), your activity on this website, and the site you exit to. You may access certain areas of the website without providing any other data at all. However, to use all services and systems available on the website you may be required to submit account information or other data. If you chose to submit data you thereby consent to our collection, storage and processing of any personal data (within the meaning of the GDPR and Data Protection legislation)

Security

We have appropriate security to prevent the personal data we hold being accidentally or deliberately compromised. In particular,

  • We have designed and organised our security to fit the nature of the personal data held and the harm that may result from a security breach.
  • We are clear about who is responsible for ensuring information security.
  • We make sure we have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff.
  • We are ready to respond to any breach of security swiftly and effectively.

We seek to ensure that:

  • Only authorised people can access, alter, disclose or destroy personal data.
  • Those people only act within the scope of their authority.
  • If personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned.

Gravity Consulting Engineers Ltd will handle any Information Security incidents properly, effectively and in a manner that minimises the adverse impact to Gravity Consulting Engineers Ltd, its clients and the public.

Gravity Consulting Engineers Ltd will ensure that:

  • Incidents are reported in a timely manner, are properly investigated and normal operations are restored.
  • Incidents are handled by appropriately authorised and skilled personnel.
  • Incidents are recorded and documented.
  • The impact of the incidents are understood and action is taken to prevent further damage, evidence is gathered, recorded and maintained in a form that will withstand internal and external scrutiny.
  • Incidents are reviewed to identify improvements in policies and procedures.

The Directors will monitor and review information security incidents to identify recurring incidents and areas of risk. The review process will be used to identify requirements for new or changed policies, to record and identify any other relevant controls.

The Directors and IT consultant will conduct periodic testing of the information security handling procedures to maintain and improve staff awareness of the procedures and the actions required

We may update this policy from time to time and will publish any updated versions on our website.