Mendip Timber Designs Ltd takes data protection and privacy very seriously. We are making continual improvements to our processes and policies, ensuring our employees understand their roles and the requirements that we must meet as an organisation.

This Privacy Notice explains how we handle and process data that relates to External Contacts (i.e. non-employee data). If you have any questions or concerns, please contact our Data Protection Team.

This External Contacts Privacy Notice sets out what personal data Mendip Timber Designs Ltd holds about you, how we collect it, and how we use it for the performance of contracts and marketing. It applies to anyone in our contacts database.

Please note: we will not necessarily hold, use or share all of the types of personal data described in this Privacy Notice. The specific types of data about you that we will hold, use and share will depend upon our professional relationship with you.

We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any additional information that we might give you about how we collect and use your personal data.

This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.

Mendip Timber Designs Ltd (46 Grenville Avenue, Locking, Weston-Super-Mare, BS24 8AR) is the “controller” for the purposes of data protection law. We are responsible for deciding how we hold and use your personal data.

Our Data Protection Lead is Tom Hornshaw. He is responsible for advising us on our data protection law obligations and monitoring our compliance. You can contact him if you have any questions or concerns about data protection.

‘Personal data’ means any information that could identify you, for example:

Name

National Insurance number

Employee number

Email address

Physical features

It can be factual (e.g. contact details or date of birth), an opinion about your actions or behaviour, or information that may impact you in a personal or business capacity.

Data protection law divides personal data into two categories:

Ordinary personal data OR

Special category data: any personal data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).

We collect, hold and use the following types of ordinary personal data about you:

Biographical information including your name, title, contact details.

Publicly available information about you, such as your business social media presence.

Lifestyle information including but not limited to interests.

Events that you have attended with us or with an employee of Mendip Timber Designs Ltd.

Any personal information retained is used solely in connection with project related day to day correspondence. We do not as a usual course of business carry out marketing campaigns, or newsletter drops etc.

We need it to undertake a project (Performance of Contract), because you are a member of the external team on one of our projects.

We need it to comply with a legal obligation (Legal Obligation), e.g. if you are a member of the external team on one of our projects we are required to retain your details for the duration of the contract i.e. for 6 years for a signed contract or 12 years for a contract signed under deed or under seal.

We will only collect, hold and use limited types of special category data about you, as described below.

Since special category data is usually more sensitive than ordinary personal data, we need to have an additional legal ground (as well as the legal grounds set out in the section on ordinary personal data, above) to collect, hold and use it.

The additional legal grounds that we rely on to collect, hold and use your special category data are explained below for each type of special category data.

Criminal records information/DBS checks

Due to our work with education providers (Schools, Colleges and Universities), Ministry of Justice and Ministry of Defence we may ask you to complete a DBS or Security Clearance.

For the majority of our External Contacts we do not collect this data. However, should our clients require you to have these checks to enter their premises or work on their projects we will inform you.

In the context of the Performance of Contract we will use this information to assess your suitability to form part of an External Team for projects where these checks need to be in place e.g. schools, NHS Schemes etc.

Our additional legal ground for using this information is that of Legal Obligation.

You provide us with most of the personal data about you that we hold and use, for example on a business card, email signature or through verbal discussions.

Some of the personal data about you that we hold and use is generated from internal sources following a Business Development meeting. For example, we may record that you enjoy cycling or that you have particular sector experience.

Some of the personal data about you that we hold and use may come from external sources. We may also obtain information about you from publicly available sources, such as your LinkedIn profile or other media sources.

We will not share your personal data with anyone, with the exception of;

Legal/professional advisers

We share any of your personal data that is relevant, where appropriate, with our legal and other professional advisers, in order to obtain legal or other professional advice about matters related to you or in the course of dealing with legal disputes with you or your company.

Our legal grounds for sharing this personal data are that: it is in our legitimate interests to seek advice to clarify our rights/obligations and appropriately defend ourselves from potential claims; it is necessary to comply with our legal obligations/exercise legal rights in connection with contract; and it is necessary to establish, exercise or defend legal claims.

If you are involved with a project(i.e. part of an external team), we are required to retain your details for the duration of the contract i.e. for 6 years for a signed contract or 12 years for a contract signed under deed or under seal. However we may need to retain these for a maximum of 15years, if there are specific legal circumstances associated with a contract that require us to hold your personal data.

You have a number of legal rights relating to your personal data, which are outlined here:

The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

The right to request that we correct incomplete or inaccurate personal data that we hold about you.

The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing

The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.

The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).

The right to object to a decision based on profiling/solely automated decision-making, including the right to voice your opinion, and obtain human intervention in the decision-making.

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

If you would like to exercise any of the above rights, please contact Tom Hornshaw, our Data Protection Lead at admin@mendiptimberdesigns.co.uk, in writing.

Note that these rights are not absolute and in some circumstances, we may be entitled to refuse some or all of your request.

If you have any questions or concerns about how your personal data is being used by us, you can contact our Data Protection Team.

Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk