This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR) 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
This privacy notice sets out the rights and freedoms of “data subjects”, (referred to as “you” or “client”) and Acorn Maintenance Services Limited “data controller” (referred to as “we”, “us” or “our”).
Who are we?
Acorn Maintenance Services Limited is a Limited Company. Our office is located at Woodstock Farm, Ruins Barn Road, Sittingbourne, Kent ME9 8AA. Acorn Maintenance Services collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Our Data Protection Officer is Richard Greene.
Acorn Maintenance Services Limited is a company offering building services to both the general public and to carry out adaptations funded by local authority grants known as Disability Grant Funding. These works are carried out in domestic properties to help people with additional needs use everyday items such as showers, kitchens and ramps.
The personal information we collect and use
Information collected by us
In the course of providing these services, directly or indirectly through funding agents, we may collect personal information about clients:
Personal information (full name, address, contact details, including personal landlines and mobiles numbers). Together with 3rd party information, if required including, (carers and other family members contact information)
Medical information (VAT exemption forms completed with details a medical condition, that qualifies for VAT exemption, reports from an occupational therapist or other health practitioner, any other additional needs as required).
Whilst the majority of information you provide to us is required to be able to carry out our work, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation 2018, we, or the 3rd party funding agency will inform you whether you are required to provide certain information to us or if you have a choice in this.
We do not obtain personal information from other sources about you.
Sub-contractors and other suppliers
Information collected by us
In the course of providing our services, we may ask you to provide goods or services to us
Sub-contractors will be asked for proof of professional qualifications, HMRC status for verification and other personal information (name, address, trading style, Unique Tax Reference (UTR), National Insurance Number (NI), contact details, experience, emergency contact details)
Sub-contractors will also be asked to provide proof of current public and if required, employer’s liability insurance cover
How we use your personal information
We use your personal information to:
· Work with other teams and organisations to ensure work to clients’ property meets with their requirements and needs
· Comply with the law regarding data sharing
· Evaluate and quality assure the services we provide
· Carry out our obligations arising from any agreements entered into between our clients and us (which will most usually be for the provision of our services) where you may be a subcontractor, supplier or our client
· Personal information about payments to sub-contractors is shared with HMRC for the purposes of the Construction Industry Scheme (CIS) and by law
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Rights of Access, Correction, Erasure and Restriction
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us either by email or telephone.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully
Request correction of the personal data that we hold about you
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our Data Protection Point of Contact at email@example.com.
How long your personal data will be kept
We will hold your personal information securely and retain it for up to 7 years in line with Her Majesty’s Revenue and Customs (HMRC) audit requirements, after which the information is archived or deleted.
Reasons we can collect and use your personal information
If applicable, we have a legal obligation to collect information about your medical/physical needs to comply with regulation 701/7 VAT Reliefs for Disabled People. This information is held securely and would only be revealed upon formal request from HMRC regarding the VAT status of the work we have carried out.
Who we share your personal information with
We are not required to share your information with any 3rd party, except for above, nor do we share your information with any company, organisations or person within the European Union
We will share personal information with law enforcement or other authorities if required by applicable law.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.