Privacy Policy

This privacy notice tells you what to expect us to do with your personal information.

 

Contact details 

Post – Sandrock Services Ltd 

10 Hurstake Road 

Riverbank 

Newport 

Isle of Wight 

PO30 5UU 

Telephone – 01983864246 

Email – accounts@sandrockservices.co.uk 

 

What information we collect, use, and why 

We collect or use the following information to provide services and goods, including delivery

  • Names and contact details
  • Addresses
  • Purchase or account history
  • Payment details (including card or bank information for transfers and direct debits) Credit reference information
  • Health and safety information
  • Account information
  • Website user information (including user journeys and cookie tracking) Photographs or video recordings
  • Records of meetings and decisions
  • Identification documents
  • Information relating to compliments or complaints
  • Information relating to sponsorship 

 

We collect or use the following information for the operation of customer accounts and guarantees

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits) Purchase history
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences 

 

We collect or use the following information for service updates or marketing purposes

  • Names and contact details
  • Addresses
  • Marketing preferences
  • Location data
  • Recorded images, such as photos or videos
  • Purchase or viewing history
  • IP addresses
  • Website and app user journey information
  • Information relating to sponsorship
  • Records of consent, where appropriate 

 

We collect or use the following information for research or archiving purposes

  • Names and contact details
  • Addresses
  • Location data
  • Recorded images, such as photos or videos
  • Purchase or viewing history
  • IP addresses
  • Website and app user journey information
  • Personal information used for administration of research
  • Personal information used for the purpose of research
  • Records of consent, where appropriate 

 

We collect or use the following information to comply with legal requirements

  • Name
  • Contact information
  • Identification documents
  • Financial transaction information
  • Criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks)
  • Health and safety information 

 

We collect or use the following information for recruitment purposes

  • Contact details (e.g. name, address, telephone number or personal email address) Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history (e.g. job application, employment references or secondary employment Education history (e.g. qualifications)
  • Right to work information
  • Details of any criminal convictions (e.g. Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks)
  • Security clearance details (e.g. basic checks and higher security clearance) Lawful bases

 

Our lawful bases for collecting or using personal information to provide services and goods are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests 

 

Our lawful bases for collecting or using personal information for the operation of customer accounts  and guarantees are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests 

 

Our lawful bases for collecting or using personal information for service updates or marketing  purposes are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests 

 

Our lawful bases for collecting or using personal information for research or archiving purposes are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests 

 

Our lawful bases for collecting or using personal information for legal requirements are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests 

 

Our lawful bases for collecting or using personal information for recruitment purposes are: 

  • Consent
  • Contract
  • Legal obligation
  • Vital interests

 

Where we get personal information from 

  • People directly
  • CCTV footage, or other recorded images
  • Health care providers
  • Insurance companies
  • Legal and judicial sector organisations
  • Schools, colleges, universities or other education organisations
  • Councils and other public sector organisations
  • Publicly available sources
  • Previous employers

 

How long we keep information 

All stated records will be retained for 7 years, unless otherwise specified by a customer or are related to the  governance of Sandrock Services Ltd. 

 

 

Who we share information with 

 

Data processors 

Data Swift – This data processor does the following activities for us: Data Swift is company contracted  to provide IT Support – IT Security and Monitoring 

Bright HR – This data processor does the following activities for us: Bright HR provide software which  manages HR related tasks/requirements 

Xero – This data processor does the following activities for us: Finance and Accounting provide  software which manages accounting related requirements. 

Sage – This data processor does the following activities for us: Payroll provide software which  manages accounting related requirements. 

Others we share personal information with 

  • Insurance companies
  • Organisations we need to share information with for safeguarding reasons Professional or legal advisors
  • Relevant regulatory authorities
  • External auditors or inspectors
  • Warranty and guarantee providers
  • Organisations we’re legally obliged to share personal information with
  • Emergency services (where necessary)
  • Publicly on our website, social media or other marketing and information media (where appropriate)
  • Previous employers

 

Sharing information outside the UK 

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply  with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more  information. 

Your data protection rights 

Under data protection law, you have rights including: 

Your right of access – You have the right to ask us for copies of your personal data.

Your right to rectification – You have the right to ask us to rectify personal data you think is  inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances. 

Your right to restriction of processing – You have the right to ask us to restrict the processing of  your personal data in certain circumstances. 

Your right to object to processing – You have the right to object to the processing of your personal  data in certain circumstances. 

Your right to data portability – You have the right to ask that we transfer the personal data you gave  us to another organisation, or to you, in certain circumstances. 

Your right to withdraw consent – When we use consent as our lawful basis you have the right to  withdraw your consent. 

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one  calendar month to respond to you. 

To make a data protection rights request, please contact us using the contact details at the top of this  privacy notice. 

 

 

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using  the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also  complain to the ICO. 

The ICO’s address:  

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint 

 

Last updated 

12 June 2024