PRIVACY POLICY

1.Introduction

This website is operated by Gravitas Build Ltd (“we” or “us”).  By using and visiting our website you agree to this privacy policy.  We recognise that when you choose to provide us with information about yourself, you trust us to act in a responsible manner.

The security of that information (data) is very important to us. In this document, we will explain how we collect, use and protect your personal data.

We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

2.Who Are We

Gravitas Build Ltd is a Construction and Refurbishment Contractor. We also carry out Mechanical and Electrical Installations.

Gravitas Build Ltd is the data controller. This means that we determine what data is collected, how this data is going to be used and how this data is protected.

Our registered office address is:
Harriet House
118 High Street
Erdington
Birmingham
B23 6BG

If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us here

3.Company & Websites within scope

Gravitas Build Ltd

https://gravitasbuild.co.uk/

(Unless specifically stated, we consider these websites to be UK based websites)

It includes personal data that is collected through our websites, by telephone, and through any related social media applications.

4.Collection of Personal Data – Enquiries

At times we may request that you voluntarily supply us with personal information.  Generally, this information is only requested to respond to an enquiry made by you, or when you apply for a job or if you wish to supply us. We may gather and use information about you in the following ways:-

a. To provide you with information that you have requested or which we think may be relevant to a subject or project in which you have demonstrated an interest;
b. You have requested to be added to our mailing list to receive our newsletter or other marketing material.
c. To investigate the legitimacy of an enquiry and to double check information given to us for security reasons to ensure the security and safe operation of our websites and underlying business infrastructure.
d. To fulfil a contract that we have entered into with you or with the entity that you represent;
e. Outside of signing up for our newsletter, we may also request contact details to enable us to follow up on future projects that you are undertaking.
f. For recruitment purposes, we will require certain information to assess your ability to carried out the role advertised.

Section 7 below provides more detail about the data that we collect for each of these purposes, the lawful basis for doing so, and the period for which we will retain each type of data.

5.Technical information

In addition, and in order to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
Your login information, browser type and version, time zone setting, browser plug-in types and versions;
Operating system and platform;
Information about your visit, including the Uniform Resource Locators (URL) clickstream to, through, and from our site.
Our Cookies Policy describes in detail how we use cookies.

In Section 10 below, we identify your rights in respect of the personal data that we collect and describe how you can exercise those rights.

6.Lawful basis for the processing of personal data

What follows is a description of the various forms of personal data we collect and the lawful basis for processing this data. We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, and the description below goes into some detail of the what and why we collect the information. Some data may be shared with third parties and, where this happens, this is also identified below.

When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:

The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary for that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?

7.Description of Data gathered and why

Item A. – To provide you with information

Purpose of collection
To provide you with information

Information category
Company information, capability statement, newsletter

Data collected
Name, company name, address, email address, job role, company website, telephone number

Purpose for collection
To provide appropriate online, email, or hard copy information about products and services that you have requested.
To provide further, related, online, email or hard copy information as well as ongoing news updates in relation to the identified area of interest.
A telephone number is collected to follow-up any enquiries and to ensure requested information meets needs and identify further requirements.

Lawful basis for processing
Legitimate Interest

Data shared with?
For internal use only

Retention period
Indefinite unless otherwise requested

Item B. Personal contact information provided through our newsletter subscription.

 Purpose of collection
You wish to subscribe to our mailing list

Information Category
Mailing list subscription

Data Collected
Name, email address

Purpose for collection
We will keep you updated with our latest news, projects undertaken, and any product reviews carried out.

Lawful basis for processing
Legitimate Interest

Data Shared with?
For internal use only

Retention Period
Indefinite unless otherwise requested

Item C. Security

Purpose of collection
To ensure the legitimacy of the contact information to help protect against hacking, phishing or any other malicious actions which may be suspected.

 Information category
Security information

Data collected
Technical information, as described in item 1 above, plus any other information that may be required for this purpose.

Lawful basis for processing
Legitimate interest

 Purpose for collection
To protect our websites and infrastructure from cyber attach or other threats and to report and deal with any illegal acts.

Data shared with
Internally, forensic and other organisations with whom we might contract for this purpose

Retention period
Indefinite unless otherwise requested

Item D – Project Communication

Purpose of collection
To communicate with you, your representative, stakeholders, fellow professionals or your client

Information category
Contact Information

Data collected
As in item 1 above, plus specific project information required to carry out work we have been appointed to do.

Purpose for collection
To communicate with you about any issue that you raise with us or which follows on from an interaction between us.

Lawful basis for processing
Legitimate interest

 Data shared with?
The nature of our business requires us to share information with outside specialist contractors and other professionals involved with a particular project.

Retention period
Indefinite unless otherwise requested.

Item E – Marketing

Purpose of collection
To communicate our services and availability to help with projects you may be involved with.

Information category
Marketing

Data collected
Information freely available in the public domain which could include but is not limited to all information in Item 1 above plus project information which could include address, the nature of the project and its estimated value. You may also wish to share information pertinent to the project.

Purpose for collection
To offer our services

Lawful basis for processing
Legitimate interest

Data shared with?
Internal use and/or other suppliers/contractors that could provide a legitimate service.

Retention period
Indefinite unless otherwise requested

Item F – Job Application

 Purpose of collection
To help with the process of appointing an individual or company to a specific job role.

Information category
Job Application

Data collected
Unique Tax Reference number, National Insurance number, CSCS Card Details, any tax or VAT information required by law, Insurance details, Disclosure and Barring Service information where required. Any certificates relating to qualifications and CPD. We will also hold on file a completed C.V.

Purpose for collection
To offer you an employed contract of work or if self-employed, a contract to carry out specific services.

Lawful basis for processing
Legitimate interest

Data shared with?
Internal use

Retention period
Indefinite unless otherwise requested

 8.Storage of personal data

Gravitas Build Ltd is a UK-domiciled organisation and based in the UK.

Our websites and web applications are hosted in the UK and are accessed only by our UK-based staff. The parent company of  of our website hosting company is based in the USA who have signed up to the The E.U-U.S and Swiss-U.S. Privacy Shield Frameworks

We have appropriate contractual and security measures in place to ensure that personal data is protected.

Our customer relationship management (CRM) data is stored with Amazon Web Services (AWS) in the United States. Any data stored outside of the EU has to be in a safe country or with a company that complies with the safeguards required by the GDPR legislation. Our supplier has agreed a Data Processing Addendum with AWS that commits them to the Model Contract Clauses, defined by the European Commission. This ensures safe transfer of data to AWS in accordance with EU data protection laws. (further information on Model Contract Clauses can be found in the UK Information Commissioners Office (ICO) guide.)

Marketing and accounting systems for our business is either EU-based or hosted by companies participating in the EU – U.S. Privacy Shield Framework.

We use a wide range of Cloud Service Providers (CSPs) as part of our processing environment. Unless we specifically state otherwise, we are, in respect of all these CSPs, the data controller.

Unless we specifically state otherwise all of the CSPs that we use utilise EU-located processing facilities.

8.1Data Retention

We retain your information for no longer than necessary for the purpose for which it was collected. In determining how long your information will be stored, we will consider:

  • the purpose(s) and use of your information both now and in the future;
  • what information we need to: best provide you with products and services; manage your relationship with us; meet our statutory obligations; develop our products and services; and meet our customers’ and previous customers reasonable expectations.

9.Security measures

Any Data that is transferred between ourselves and our CRM System provider is encrypted in transit using transport layer security (TLS). Our supplier works hard to support the highest possible cryptographic standards for encryption of data in transit and they disable support for any older standards that are no longer considered strong.

We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of what we do. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

10.Your rights as a data subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email Nick Goodwin at info@gravitasbuild.co.uk or use the information supplied in the Contact us section. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

10.1 The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.

10.2 The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

10.2.1) The purposes of the processing

10.2.2) The categories of personal data concerned

10.2.3) The recipients to whom the personal data has been disclosed

10.2.4) The retention period or envisioned retention period for that personal data

10.2.5) When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

10.3 The right to rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

10.4 The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

10.5 The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

10.5.1) The accuracy of the personal data is contested

10.5.2) Processing of the personal data is unlawful

10.5.3) We no longer need the personal data for processing but the personal data is required for part of a legal process

10.5.4) The right to object has been exercised and processing is restricted pending a decision on the status of the processing

10.6 The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

10.7  The right to object

You have the right to object to our processing of your data where:

10.7.1) Processing is not based on a legitimate interest;

10.7.2) Processing is for the purpose of direct marketing;

10.7.3) Processing is for the purposes of scientific or historic research;

10.7.4) Processing involves automated decision-making and profiling.

11. Contact us

Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to info@gravitasbuild.co.uk

Alternatively, you can contact us at our Head Office using the following postal address or telephone numbers:

Gravitas Build Ltd
Harriet House
118 High Street
Erdington
Birmingham
B23 6BG

Telephone: +44 (0)121 403 3693

Our telephone switchboard is open 8:30 am – 5:00 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.

12. Complaints

Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/.