Aims of this Policy
Rubicon Commercial is committed to safeguarding the privacy of your information, and processing in accordance with Data Protection legislation and the GDPR. Our Policy sets out the purposes for which we process your personal data, who we share it with and your rights in relation to the privacy of your data.
What is Personal Data?
The GDPR identifies personal data or personal information as any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This may include:
Name and title;
Contact details, including an email address, mobile number and / or business telephone number;
Recruitment data you provide when applying for a role with us;
Demographic information including business address and postcode;
Description of your company services;
Financial and transaction data such as bank account and payment details;
Any other documented information relevant to your business requirement.
Our justification for retaining and processing this information, is to facilitate commercial business needs and requirements, and to enable us to advise and provide you with the appropriate information on our relevant services.
We never collect any Special Categories of Personal Data (this includes details of race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions). Nor do we collect any information about any previous criminal convictions and offences.
Rubicon Commercial acts as both ‘Data Controller’ and ‘Processor’ in that we determine the purposes, the means and who we need to share information with i.e. Governing bodies and authorities, Suppliers, Subcontractors and other Third-Party providers. The processing of personal data is based upon Rubicon Commercial legitimate business interests and is a ‘necessary’ requirement when entering into a formal contract with us.
You have the right to object to the processing of your personal data. Rubicon Commercial will no longer process your personal information unless we can demonstrate legitimate grounds that override your interests and rights, or where there is an outstanding legal claim, or a need to comply with legal obligations, court rulings, and / or decisions implemented by other legal authorities. We will retain such information for the required period as governed by the statutory and legal obligations placed upon us.
Our rights in processing Personal Information and Data
Your personal data will only ever be processed within the confines of the data protection legislation.
Most generally this includes but is not limited to:
processing information to meet our contractual obligations to you;
delivering the contractual obligation, we have legally entered with you;
compliance with a legal or regulatory obligation;
processing and managing the collection, recovery and payment of fees and charges;
processing of job application information;
processing and managing of personal information in accordance with contractual employment.
The legal basis for Rubicon Commercial processing your data relies upon your written and documented ‘consent’ which is sought prior to commencement of a formal contractual procedure. Without such consent we may have to cancel our contractual agreement with you and seek legal recompense.
You have the right to request information about the personal data we hold on you at any time.
Should Rubicon Commercial process personal data, whether automated or based upon consent or a previous agreement, you have the right to request a copy of the data and to be informed on whether this has been transferred to a third-party. This only includes the personal data you may have submitted to us.
You have the right to request rectification of personal data should the information held be incorrect. This includes the right to have incomplete personal data completed.
You have the right to erase any personal data held by us at any time except where there is:
- a business, commercial or statutory obligation to maintain such information;
- ongoing unresolved matters between you and Rubicon Commercial;
- unsettled financial matters;
- unauthorised contractual obligations, or actions that have not been signed as being complete.
Rubicon Commercial will refrain from further processing of your personal data unless there are legitimate grounds that override your interest and rights.
Providing your personal data to others
Under the terms of a business contract formed with you, we may need to disclose your data with external third-parties including professional authorities and advisers insofar as reasonably necessary for the purposes of obtaining professional advice, or the establishment of legal processes in accordance to our legal obligations to you. In addition, we may need to disclose your data with suppliers and subcontractors in order to deliver the goods and / or services that support the contractual obligations we have entered in with you.
In addition to the specific disclosures of personal data as set out in this policy, we may disclose your personal data where such disclosure is necessary to fulfil a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Retaining and storage of Personal Data storage
The data that we collect is stored on a secure server sited within our Headquarters office in Sevenoaks, Kent. A back up of such information is made and maintained by Akita Systems Limited, being held remotely on secure back up servers in Kent.
Access to your personal data is limited to those employees, agents, contractors and other third parties that have a genuine business need to know and is subject to a duty of confidentiality. Data and business information is backed up daily and is held in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act (DPA), and the Privacy and Electronic Communication Regulations (PECR).
International transfer of Personal Data
The provision of client services to global offices may require the transference of project information, and personal data being transferred to some countries that sit outside of EEA regulations. In this situation, any such transfer of data will be carried out in compliance with EEA regulations, or regarding the country of origin’s legal requirements.
Where a country lacks at least equal legislation directives, Rubicon Commercial may elect to implement the EEA regulations, or initiate contractual clauses as data protection safeguards.
All data and business information transferred out internationally is stored and ‘backed up’ on our Company server.
Disclosure of Personal Data
We never intentionally pass on, sell or swap your data for marketing purposes to third parties;
Data is shared with third parties only where there is a ‘legitimate interest’ and ‘necessary’ requirement for third parties to provide goods and services in support of your business requirement, or our statutory or legal obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with both our Company procedures and the current data protection legislation. Our third-party service providers are contractually obliged to respect the requirements of GDPR and not process your personal data for their own purposes, and only process your personal data in accordance with our specific instructions.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for including to satisfy any legal, accounting, regulatory, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the Company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Rubicon Commercial may periodically issue promotional material such as news flashes, information surveys, questionnaires, relevant case studies or other information that we believe may be of interest to you.
Contact with you may be made via email, mobile phone, text message, business landline or through postal services. Promotional material may be sent via the email address that you have provided us with.
You can opt out of receiving direct marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications. We will retain your personal information until we receive a request to ‘opt-out’ at which point your personal data will be deleted and removed from our database.
When you visit www.rubiconinteriors.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is processed in a way that does not identify anyone.
We do not request Google to make any attempt to find out the identities of those visiting our website.
Changes to this policy
Rubicon Commercial may from time to time, elect to amend this policy to reflect significant changes to legislation or working practices. The revised policy will be made available on our Company website, and, where appropriate, may be notified to you by email.
Should you have a grievance in the way that we have controlled or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns and self-report the grievance to the ICO, where necessary. Please contact us in the first instance and we will work with you to rectify the situation.