Gunning London Ltd is a Principal Contractor carrying out internal and external repairs, redecoration and refurbishment contracts. This notice describes how we collect, use and manage personal data including how information may be shared and how confidentiality is maintained.

We review this notice on an annual basis or when there are changes in how we process personal data. It was last updated on 25 May 2018. 

About us

Our registered address is 11 Pollyte Works Wantz Road, Dagenham, Essex, England, RM10 8PS; company number 04388873. We act as a ‘Data Controller’ for personal data; when we refer to personal data, we mean information that can or has the potential to identify an individual.

If you have any questions about this notice or our privacy practices send an email office@gunning.london or write to us at our registered address or call 020 8593 8916.

How do we collect personal data?

We obtain personal data in electronic or paper form you when you:

  • want to work for us – details you provide to us, this is typically name, contact details and work history
  • work for us – details include name, data of birth, contact details, National Insurance Number, details for criminal records check (for vetting purposes, where permissible and in accordance with applicable law) and IT related information related to your access to our systems
  • are a sub-contractor – details include name, data of birth, contact details, National Insurance Number, details for criminal records check (for vetting purposes, where permissible and in accordance with applicable law) and IT related information related to your access to our systems 
  • are a client – name and contact details
  • are a potential client – name and contact details
  • provide us with goods or services – name, contact details and bank account
  • visit our office – CCTV
  • use our websites – IP address, browser and other details of the devices you use

How is personal data used?

UseLawful basis for processing
Recruit staff and sub-contractorsLegitimate Interest to assess suitably for a role, under Employment law and Consent
Manage and pay staff and sub-contractorsFulfil a Contract, Consent, Employment law and 
Legitimate Interest to a) improve workforce management and how it is deployed, inform the development of recruitment and retention policies and allow better financial modelling and b) keep basic details of ex-members of staff and ex-sub-contractors to answer questions after they leave
Issue invoices to ClientsFulfil a Contract and Legitimate Interest to answer questions about what was done after you are no longer a Client 
To win new workLegitimate Interest to respond to requests for information about our services and follow up on meetings
Pay Supplier InvoicesFulfil a Contract and Legitimate Interest to answer questions about what was done after you are no longer a Supplier
Manage our websiteLegitimate Interest to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research of the most visited parts of the sites, statistical and survey purposes
Office security Legitimate Interest for using CCTV

Data Retention

We retain personal information for as long as we reasonably require it for legal and business purposes. 

Sharing of information

We share and allow access to personal data where there is a justified business reason or there is a legal obligation or duty to do this, e.g. with the police, for fraud protection or to enforce or apply our contractual terms (we process personal data in these circumstances on the basis on Legitimate Interest for preventing crime or suspected criminal activity, or enforcing our terms). 

  • To manage our Business – our Accountants  and the EasyBOP and Xero platforms
  • To make payments – Natwest and Nest (pensions)
  • To manage staff – our outsourced HR company and Eurocom CI (DBS checks)
  • To manage our IT – our outsourced IT support company and Microsoft (we use Office365)
  • To collect debts – third party debt collectors

Our security measures

We have physical, technical and administrative controls in place to protect personal data from unauthorised access, use and disclosure. We evaluate these safeguards on a regular basis to minimise risks from new security threats as they become known. 

We use carefully selected partners to provide us with services including the support of IT and computer systems. Our contractual terms with these suppliers include confidentiality clauses to respect the privacy of any personal data they may need to access to perform their duties.

Your rights

Individuals have the following rights over their personal data:

  • to receive a copy, and information about its use
  • to have it corrected
  • to have it erased when we have no lawful basis to continue processing it 
  • to restrict its use
  • data portability – to receive a copy of information you have provided to us in electronic format (where processing is done under Consent or Performance of a Contract)
  • to object to its use (where processing is done under Legitimate Interest) 
  • to object to automated decision-making and profiling

Please use the contact details at the top of this notice if you want to exercise any of your rights. We consider each request in accordance with all applicable data protection laws and regulations and may ask you to provide proof of your identity before taking any actions.

We aim to meet the highest standards when collecting and using personal data and take any complaints we receive about this very seriously. You have the right to make a complaint about the way we have processed your personal data with the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns. But we would like the opportunity to respond to any issues before you do this.