Privacy Policy
For the duration of this policy, the term “SRC” refers to Sherwood Roofing Limited.
At SRC, we are committed to protecting and respecting your privacy, whether you are a customer, supplier, employee, subcontractor, or visitor to our website. This policy explains how we collect, use, store, and protect your personal data both offline and online, including through our website.
SRC is firmly committed to complying with data protection legislation relevant to our business activities and responsibilities. We retain data pertaining to employees, labour-only sub-contractors, customers, suppliers, and website users only to the extent necessary for the purposes collected and in compliance with legislation such as tax, health and safety, and data protection regulations. The Directors share joint responsibility for ensuring compliance with the UK GDPR and the Data Protection Act 2018. Designated personnel receive training on data protection requirements, company systems for acquiring, maintaining, and safeguarding data, as well as the identification of data breaches and associated reporting procedures. All personnel are briefed on this policy during their induction.
Legal Definitions
For the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018:
Personal data means any information relating to an identified or identifiable natural person.
Sensitive personal data refers to special categories of data including racial or ethnic origin, political opinions, religious beliefs, health information, and biometric data.
Processing means any operation performed on personal data, including collection, storage, and destruction.
Data subject means the individual to whom the personal data relates.
Data Protection Principles
Our systems are designed to align with the data protection principles outlined in legislation, ensuring that information is used fairly, lawfully, and transparently; used for specified, explicit purposes; adequate, relevant, and limited to what is necessary; accurate and kept up to date; retained no longer than necessary; and handled with appropriate security measures to protect against unlawful or unauthorised processing, access, loss, destruction, or damage.
Data Collected Through Our Website
When you use our website, we may collect personal details you provide via forms, such as your name, phone number, email address, and enquiry details. We may also collect technical data including your IP address, browser type, device type, and pages visited, as well as cookies and tracking data as set out in our cookies policy. We only collect data that is necessary to respond to your enquiry, provide our services, or improve your experience on the site.
Cookies Policy
Our website uses cookies to ensure the site functions properly, to analyse visitor usage patterns for performance improvements, and to remember your preferences for future visits. You can disable cookies through your browser settings, but some features may not function correctly as a result.
How We Use Website Data
We may use data collected via the website to respond to enquiries, provide requested services or quotations, send relevant updates if you have opted in, improve website functionality and user experience, and comply with legal or regulatory requirements.
Legal Basis for Processing Website Data
We process website data based on consent when you submit a contact form or agree to cookies, legitimate interest in improving our services and site, and legal obligations where required by law.
Rights of Data Subjects
All individuals whose data we process, including website users, have the right to be informed about how their data is used, the right of access to their data, the right to rectification of inaccurate or incomplete data, the right to erasure when data is no longer needed, the right to restrict processing under certain circumstances, the right to data portability, the right to object to processing based on legitimate interests or for direct marketing, and rights related to automated decision making and profiling.
Data Retention and Disposal
Specific retention periods are applied to ensure compliance. Tax records are retained for six years, accident records for three years from the date of occurrence, contact form submissions for up to twelve months unless required for ongoing services or legal purposes, and website analytics data for up to twenty-six months. Cookies are stored according to their type and expiry times can be managed through browser settings. All personal data is securely destroyed after the retention period using methods such as shredding or data wiping.
Security Measures
We implement technical and organisational measures to ensure data security, including encryption of sensitive data, secure server technology (SSL), firewalls, access controls and user authentication, regular security audits, and data access logs to monitor and control access.
Data Breach Management
In the event of a data breach, we will identify and contain the breach immediately, assess the risk to individuals, notify the Information Commissioner’s Office (ICO) within seventy-two hours if necessary, and notify affected individuals where there is a high risk to their rights and freedoms. All breaches will be documented along with actions taken to prevent recurrence.
Third-Party Data Sharing
Data is only shared with third parties under lawful conditions, such as payroll, insurance processing, or website hosting and IT support. Written contracts are in place to ensure compliance with GDPR and third parties are subject to due diligence to confirm their adherence to data protection standards.