MULTIPLEX – EU PRIVACY NOTICE
This Privacy Notice applies to the processing of your personal data by Multiplex Construction Europe Limited (“Multiplex”, “us” or “we”) whose registered office is 99 Bishopsgate, 2nd Floor, London EC2M 3XD.
As an essential part of our business, we collect and manage data about our clients. In doing so, we comply with the UK data protection legislation, and are committed to protecting and respecting your privacy and rights.
In order that you are reliably informed about how we operate, we have developed this Privacy Notice, which describes the ways in which we collect, process, store and share information about you. This privacy notice also provides you with information about how you can have control over the use of your data.
If you have any comments or queries regarding our use of your personal data or relating to this Notice, please contact our Data Protection Officer at email@example.com or at Multiplex Construction Europe Ltd, 99 Bishopsgate, London EC2M 3XD
This Notice applies to visitors to our website, clients, suppliers and other external stakeholders (eg. local planning office representatives, Community representative groups, local residents, schools, universities and charitable organisations).
Our data processing activities is governed by the General Data Protection Regulations (the “GDPR”). For the purpose of the GDPR, we are the ‘Data Controller’ of all personal data obtained by us as set out in this Policy, because we ultimately determine how your personal data will be handled by us or our sub-contractors, who would be our ‘Data Processors’. If we handle your personal data then you are a ‘Data Subject’. This means you have certain rights under GDPR in relation to how your personal data is processed, which are also sets out in this Policy.
‘Personal data’ is any information that can be used to identify you, including your name, e-mail address, IP address, or any other data that could reveal your physical, physiological, generic, mental, economic, cultural or social identity.
‘Special category data’ means information about you that is sensitive and includes your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
DATA PROTECTION PRINCIPLES
We are committed to complying with the Data Protection Principles when processing your data. These provide that personal data must be:
- Processed lawfully and fairly and in a transparent manner
- Obtained for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and kept up-to-date.
- Kept for only as long as necessary for its purpose.
- Safe with appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction.
- Managed by the Controller in a compliant manner, with the Controller being accountable for such processing.
PROCESSING DATA IN LINE WITH DATA SUBJECT’S RIGHTS
We will process all personal data in line with ‘data subjects’ rights, in particular, your:
Right to be informed
This privacy notice, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information.
Right of access
You have the right to ask us for a copy of any personal data that we hold about you. You can do this by sending a ‘subject access request’ to us for our consideration.
Right to object
You have the right to object to the continued use of your data for any purpose for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.
Right to restrict processing
This enables you to ask us to suspend the processing of personal information about you, for example if you want to establish its accuracy or the reason for processing it.
Right to rectification
Where we collect personal data from you, we want to provide a means for you to contact us should you need to update or correct that information. If any of the information that we hold about you in inaccurate, you can tell us and we will rectify it
Right to erasure (also known as the right to be forgotten)
You can request that personal data about you be deleted where there is no good reason for us continuing to process it and unless there is a legal or contractual obligation for us to hold onto the data.
Right to data portability
You have the right to get your personal data from us in a way that is accessible and machine-readable. You can also ask us to transfer your data to another organisation.
Right to withdraw your consent
You can withdraw your consent for us to process your personal data (if we have relied on your consent) at any time by contacting us.
Right to prevent auto-decision making
We may introduce various technologies that may make an automated decision which uses your personal data to reach a specific decision. If we intend to use such automated decision making technologies, you will be informed and we will obtain your consent to such use and processing of your personal data.
To exercise any of your rights, please contact our Data Protection Manager at Multiplex Construction Europe Ltd, 99 Bishopsgate, London EC2M 3XD or email firstname.lastname@example.org. Multiplex will consider all such requests and provide its response within a reasonable period (and in any event within one month of your request unless Multiplex tells you it is entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if Multiplex needs to keep using the information to comply with its own legal obligations or to establish, exercise or defend legal claims.
If an exception applies, Multiplex will tell you this when responding to your request. Multiplex may request you provide us with information necessary to confirm your identity before responding to any request you make.
PERSONAL DATA THAT WE COLLECT ABOUT YOU
Depending on our relationship, we will collect and use your information in different ways.
Examples of personal data that you provide to us and which we collect and process are, but not limited to:
- your name (including your title), address and contact details including email address and telephone number
- other information you provide when you correspond with us
- information about any services which we supply to you (or your employer)
- information you provide to help us improve our service (for example if we ask you complete a survey or questionnaire
- information about any complaints, queries or feedback you have about our services or business
The following information created and recorded automatically when you visit our website:
- Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; device ID where the website is accessed from a mobile device and platform. We use this personal information to administer our website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our webpages; and
- Information about your visit and your behaviour on our website (for example, the pages that you click on). This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data (e.g information about the routing, duration or timing of a message), location data (e.g. data showing the geographical position of the device) and other communication data and information provided when requesting further service or downloads.
If you visit one of our offices or construction sites
- your car registration number
- CCTV recordings and biometric information collected by our biometric access systems, if you visit one of our sites
health and safety information, including any accidents you have at one of our properties
If you are one of our suppliers or an employee or staff of one of our employees:
- Pitch and tender information
- proof of identification and address
- Visa or work permit documentation
- Details of compensation, expense claims and bank details
- Details of delivery and collection schedules
- information required to access company systems and applications (such as system ID)
- Work hours (overtime and hours worked)
If you attend one of our community events
- Your image when we photograph or film our community events
HOW WE COLLECT YOUR PERSONAL DATA
We collect personal information that is necessary for us to manage our business effectively, to develop and promote our services and to assist us with complying with our legal and regulatory obligations.
Generally, we try to collect personal information directly from you but, occasionally, we may collect personal information from publicly available records, third parties and/or other sources, where there is a lawful basis or we gain your consent to do so. Furthermore, we will only collect sensitive information about you if we have your consent or we are permitted or required by law to collect the information.
The ways we collect personal information include:
- Through our dealings with clients, contractors, subcontractors, suppliers and other service providers
- When you contact us by telephone, e-mail or during face to face conversations regarding an enquiry about our services or a contract that we may enter into with you
- From access control systems and registers for individuals accessing our sites and premises
- Through monitoring and surveillance systems, including CCTV systems in operation at our offices and sites where we provide our services
- Through third party companies engaged to undertake credit reference and due diligence checks
- From social media web sites
- On individuals and organisations with whom we engage in the operation of our business
- Through our dealings with government agencies
- As part of incident and accident investigations
- As part of induction and on-boarding programs
We will take reasonable steps to ensure that you are aware of the way we are collecting the information, any laws requiring the collection and who we disclose it to.
WHY WE USE YOUR INFORMATION
We will collect, use and store the personal information listed above for the following purposes:
- To carry out our obligations arising from any agreement that we have with, or concerning you and to provide you with the information, benefits and services that you request from us
- To inform you of existing and proposed services which we provide and commercial opportunities which we offer
- To conduct business processing functions including providing personal information to our related companies, contractors, service providers or other third parties
- Complying with our legal obligations, any relevant industry or professional standards and regulations or any applicable voluntary codes
- Complying with demands or requests made by any relevant regulators, including regional and national contractor frameworks, government departments and law enforcement authorities
- To receive and respond to enquiries, comments and complaints about our construction services and business
- The management of claims, disputes and litigation proceedings arising out of our business operations
- In connection with any sale, merger, acquisition, disposal, reorganisation or similar change of entity managing website’s business
- The investigation/prevention/detection/prosecution of allegations or complaints about our practices, conduct, unlawful or inappropriate activities
- to allow you to access and use our website;
- to receive and respond to enquiries from you through the website about our construction services and business;
- for improvement and maintenance of our website and to provide technical support for our website;
- to ensure the security of our website;
to recognise you when you return to our website, to store information about your preferences, and to allow us to customise the website
- according to your individual interests; and
- to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive.
- to collect information on our website, subject to your chosen cookie and privacy settings, such as your IP address, operating system and browser type for the purposes of website analytics about our website visitors’ traffic patterns
If you visit one of our offices or construction sites
- Maintaining effective access, safety and security controls for our sites and premises
- To prevent our services and facilities being used for any illegal purposes
- Provision of health practitioner, health monitoring and emergency medical assistance services
- Undertake CCTV monitoring of our project sites in order to protect the safety of our employees, contractors, the public and construction sites
- Undertake health and safety compliance reporting
If you are one of our suppliers or an employee or staff of one of our employees
- As part of tenders, bids and proposals we submit to clients and potential clients for the provision of works and services
- Obtaining credit references and conducting due diligence on individuals, suppliers, contractors and representatives of corporate entities
- Manage planning applications for construction projects
- To maintain our contractual data reporting obligations to our clients and local planning offices
- Engaging the services of external consultants, agency workers and other operatives
- Action various inspections eg. Construction equipment inspections, roof inspections, plumbing and utilities inspections, fire safety and smoke detection inspections
- To enable us to purchase and receive products and services from you (including conducting supplier due diligence, payment and expense reporting and financial audits)
- For security vetting (where applicable and allowed by law)
- Managing relationships, together with engaging and consulting with external stakeholders about existing projects and future plans
- To enable us to discharge our obligations under contracts that we enter into where it is necessary for us to do so.
If you attend one of our community events
- Delivering, assessing the value of and reporting on Corporate Social Responsibility initiatives
- Creating opportunities for employment, apprenticeships, work experience
ON WHAT BASIS WE PROCESS YOUR DATA
We are allowed to process your personal data where we have a legal basis for doing so.
The main legal grounds that we rely on when it comes to processing personal data are:
- Necessary for performing a contract – we rely on this ground where we are in a contract with you (or about to enter into a contract) and we need to use your personal details to complete this contract. For example, if you are a supplier of goods to us, we use your personal information to track the fulfilment of orders we have placed with you, and to pay you for fulfilling our order; if we hire you as a contractor to provide services to us, we will use your personal information to allow us to deploy you effectively, and to pay you.
- Consent – this is where we set out specific circumstances where we want to process your personal data and request your consent for this
- Compliance with a legal obligation – this is where we might need to process your personal data in order to comply with a statutory obligation, such as compliance with tax requirements, for health and safety purposes or fraud protection.
- Legitimate interest – this is where Multiplex has undertaken a balancing test to ensure that the company’s legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of your personal information.
We may need to process your personal data for the following specific legitimate interest purposes:
- Run, grow and develop our business (as well as the businesses of our group companies)
- Operate our website
- Ensure the security of our website
- To ensure the security of our construction sites
- Select appropriately skilled and qualified suppliers and contractors
- Ensure a safe environment for our staff, and the staff of our suppliers and contractors
- Carry out marketing, market research and business development
- Place, track and ensure fulfilment of orders with our suppliers
- For internal group management and administrative purposes
SHARING YOUR DATA & 3RD PARTY PROCESSING
We share your personal information within the Multiplex Group where it is in our legitimate interests to do so for internal management and administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).
We also share your personal information with the following third parties:
- Our related companies, business partners, contractors, subcontractors, suppliers, consultants & professional advisors, client and service providers
- Government VAT and tax inspectors, external auditors and internal auditors where necessary to ensure the billing of any procured services and obtain payment
- Local planning authorities, Land Registry, surveyors and consultants to manage planning applications for construction projects
- Government, local planning authorities, external legal counsel and consultants to comply with regional and national contractor frameworks
- CCTV providers who undertake CCTV monitoring of our sites
- Specialist forensic consultants and external legal counsel where required to process and respond to forensic issues linked to specific construction projects
- Health and safety inspectors, occupational health providers, specialist health and safety providers where needed to undertake safety compliance reporting
- Third party specialist inspectors and regulators to action various inspections
- Insurance providers to maintain our insurance arrangements for employees
- Other service providers and sub-contractors, including payment processors, utility providers, suppliers of technical and support services, insurers, logistic providers, and cloud service providers
- public agencies and the emergency services
- companies that assist in our marketing, advertising and promotional activities
- analytics and search engine providers that assist us in the improvement and optimisation of our website
These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. Where we provide your personal data to third parties who are acting on our behalf (known as ‘Data Processors’) such as providers of our IT system management, information security, printers and site security management, we will have in place a written agreement with each third party confirming on what basis they will handle your personal data and will ensure that there are appropriate safeguards and security measures to protect this data. Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes
We will disclose your personal information to third parties:
- where it is in our legitimate interests to do so to run, grow and develop our business
- if we sell or buy any business or assets, (or seek investment in them) we may disclose your personal information to the prospective seller or buyer of (or investor in, or lender to) such business or assets, and to their lawyers and other professional advisors
- if substantially all of our or any of our group company assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity
- to protect the rights, property, or safety of Multiplex, our staff, our supplier and clients and their staff, or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction
We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable you to be personally identified.
HOW LONG WILL WE RETAIN INFORMATION FOR?
Multiplex is committed to ensuring that your data is kept for no longer than necessary and only kept for as long as it’s relevant and necessary for legitimate purposes. Multiplex will hold your personal data for the duration of providing or receiving services from you.
As soon as data is no longer necessary for the purposes for which it was originally collected, it will be securely deleted, unless it is necessary to keep the data for some other legitimate reason.
For more information on our retention guidelines, please contact us for details of our Data Retention Policy.
TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
We are part of a global group of companies with offices and operations in locations in the UK, Europe, Canada, UAE and Australia.
Your personal information may be used, stored and/or accessed by staff operating outside the European Union (EU) working for Multiplex, other members of our group or suppliers.
- in the case of US based entities, entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome); or
- in the case of entities based in other countries outside the EU, entering into European Commission approved standard contractual arrangements with them.
Further details on the steps taken to protect your personal information, in these cases is available on request by contacting us by email at email@example.com.
SECURITY OF YOUR PERSONAL DATA
Multiplex takes the security of your data seriously. The Company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
Specifically some of our Data Security measures include:
- Applying technical controls such as encryption of data in response to identified risks
- Ensuring all IT infrastructure are protected against damage, loss or misuse or any other compromise
- Optimum security of our website.
- Using access controls and security measures for our offices, sites and business systems
- Secure lockable desks and cupboards
- Confidential waste disposal
- Provision of privacy screens for desk computers
- Clear desk policy and log-in protocols for laptops and desktop computers
- Driving awareness and understanding of data protection through the delivery of communications campaign and training. This is aimed at the requirements of GDPR, information security, and the responsibility of our colleagues & business partners to protect the confidentiality and integrity of the information that they handle
Furthermore we will manage all personal data we hold in accordance with our Information Security Policy. Where Multiplex engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.
VISITORS TO OUR WEBSITE AND COOKIES
Please also be advised that when you visit this website, cookies will be used to collect information about you such as your Internet Protocol (IP) address, which connects your computer or mobile device to the internet, and information about your visit such as the pages you viewed or searched for etc. We do this so that we can measure our website’s performance and make improvements in the future.
Cookies are also used to enhance our website’s functionality and personalisation, as well as to provide information to the owners of the site. You can control this, including whether or not to accept them and how to remove them by adjusting your cookies settings as described in our Cookies Policy. Tracking technologies may record information such as internet domain and host names, internet protocol addresses, browser software and operating system types, clickstream patterns and dates and times that our website is accessed. We may also analyse information that does not contain personal data for trends and statistics.
Where personal data is sent from our website about visitors to our website, this is secured by encryption using the latest protocols and working methods to keep such data secure.
MONITORING AND CHANGES TO THIS NOTICE
Multiplex is committed to monitoring this Notice and will update it as appropriate. The company reserves the right to amend this Notice at any time in accordance with revised procedures and changes in legislation. Where appropriate, especially where we make any material changes, we will notify you of those changes.
Questions and comments regarding this Privacy Notice are welcomed, and should be sent to our Data Protection Officer at firstname.lastname@example.org. Alternatively, you can write to our Data Protection Officer at Multiplex Construction Europe Ltd, 99 Bishopsgate, London EC2M 3XD
You can also contact our Data Protection Officer if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using this website.
Alternatively, you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk