INNOVATIVE SOLUTIONS FOR DEFENCE AND SECURITY

Privacy Policy

INTRODUCTION

At Drumgrange we are committed to protecting and respecting your privacy. 

This policy explains what, when and why we collect personal data, the legal basis for processing, how long the data will be retained and your rights in respect to the data.

Drumgrange will adhere to the 6 data protection principles that are central to the general Data Protection Regulation (GDPR):

(1) Lawfulness, fairness and transparency

(2) Purpose limitation

(3) Data minimisation

(4) Accuracy

(5) Storage limitation

(6) Integrity and confidentiality

WHO IS COLLECTING THE DATA?

This policy relates to data being collected by Drumgrange Ltd, Registered Office: Unit A, The Forum, Hanworth Lane, Chertsey, Surrey, KT16 9JX, Registered in England No. 1460044.

In this policy 'Drumgrange', 'we', refers to Drumgrange Ltd. the Company, including both the Chertsey and Portland sites.

Any questions in relation to this policy should be sent by email to the Drumgrange Data Protection Representative (DPR) dataprotection@drumgrange.co.uk or alternately telephone +44 (0)1932 581100 and ask for the DPR.

WHAT DATA IS BEING COLLECTED?

Drumgrange collects and processes personal data relating to the following data subjects:

(1) Employees

Name, address, email, telephone number, next of kin, payroll, pension, personnel information (including but not limited to, annual leave, sickness, performance reviews).

(2) Customers, Suppliers and Business Contacts

Name, title, address, email, telephone number.

(3) Candidates

Name, address, email, telephone number, CV, covering letter and references.

WHAT IS THE LEGAL BASIS FOR PROCESSING THE DATA?

Drumgrange have identified the following legal basis for processing of personal data under the GDPR for the data subjects:

(1) Employees

Contract, Legal Obligation

(2) Customers, Suppliers and Business Contacts

Contract, Legitimate Interest

(3) Candidates

Contract, Legitimate Interest

WILL THE DATA BE SHARED WITH ANY THIRD PARTIES?

Drumgrange may disclose your personal data to third parties insofar as reasonably necessary for the purposes, and on the legal basis as set out in this policy.

HOW WILL THE INFORMATION BE USED?

Drumgrange will use the information only for the purpose for which it was obtained.

(1) Employees

We will use the information provided to fulfil your contract of employment.

(2) Customers, Suppliers and Business Contacts

We will use the information provided to maintain contact with you for 'relationship management' and for the fulfilment of any contract or supply of goods. We may use your contact information to send you Christmas cards, calendars, newsletters that we circulate from time to time and news about any events we are organising or participating in. 

(3) Candidates

We will use the information provided on your application form to process your application, if successful this information will be held in your personnel file. 

HOW LONG WILL THE DATA BE STORED FOR?

Drumgrange will not retain personal data for longer than necessary for the purpose that it was obtained.

We will retain your personal data as follows:

(1) Employees

   (a) Personnel file - 6 years post-employment

   (b) Accounting records - 3 years

   (c) Medical records (General) - 40 years

   (d) Medical records (Ionising Radiation) - 50 years or age 75

(2) Customers, Suppliers and Business Contacts

   (a) Subject to annual review

(3) Candidates

   (a) Not invited to interview - Not retained beyond the recruitment campaign

   (b) Unsuccessful following interview - 1 year beyond the recruitment campaign

   (c) Successful - Transferred to personnel file

Notwithstanding the above, Drumgrange may retain personal data where the retention is necessary for legal obligations and statuatory compliance.

WHAT RIGHTS DOES THE DATA SUBJECT HAVE?

The GDPR provides the following rights to data subjects:

(1) The right to be informed.

The information as specified within this Privacy Policy on who is collecting the personal data, what data is being collected, the legal basis for processing, whether it is shared with third parties, how the data will be used and how long it will be stored. You will be informed of the purpose for which the personal data is being collected, or reference made to this policy, at the time of data collection. 

(2) The right of access.

You have the right to access the personal data we hold about you, how we process the data and why. Any Subject Access Request (SAR) should be made to the DPR.

(3) The right to rectification.

You have the right to have any inaccurate or incomplete information rectified. Requests for rectification should be made to the DPr, identified above.

(4) The right to erasure.

You have the right, in some circumstances to have the personal data held about to erased. Requests for erasure of personal data should be made to the DPR. 

(5) The right to restrict processing.

You have the right to retrict the processing of personal data held about you. Requests for restriction of processing should be made to the DPR, identified above. 

(6) The right to data portability.

You have the right in some circumstances to request a copy of your personal data and use it for other purposes. Requests for data portability should be made to the DPR.

(7) The right to object.

You have the right to object on how we process your personal data, see below on how to complain.

(8) Rights with respect to automated decision making and profiling

Drumgrange does not use any automated decision making or profiling of personal data.

HOW CAN THE DATA SUBJECT MAKE A COMPLAINT?

In the first instance should you have a complaint about how we process your personal data please contact the Drumgrange Data Protection Representative. If you are not satisfied with the response you have the right to complain to the Information Commissioner's Office (ICO), https://ico.org.uk/concerns or call the ICO Helpline          0303 123 1113.