UK GDPR

SPIE UK (“SPIE”, “we”, “us” or “our”) is strongly committed to protecting personal data. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Personal data is any information relating to an identified or identifiable living person. SPIE UK processes personal data for a number of purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

The objective of this Privacy Notice is to be transparent about how and why we process your personal data.

The Data Protection Act 2018 (DPA 2018) enacted the EU GDPR requirements in UK law. The UK government EU Exit Regulations amend the DPA 2018 and merge it with the requirements of the EU GDPR to form a UK data protection regime, this regime is known as ‘the UK GDPR’.

Who we are

SPIE UK collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK General Data Protection Regulation (UK GDPR) and we are responsible as ‘controller’ of that personal information for the purposes of data protection law.

The personal information we collect and use

In the course of performance of our business functions we collect the following personal information when you provide it to us:

1. Employees

We collect personal data concerning our employees as part of the administration, management and promotion of our business activities. The information collected may include identification documentation such as passports, driving licence details, home address and other contact details and employment history.

2. Recruitment applicants

When applying for a role at SPIE UK, applicants should refer to the information made available when applying for a job for details about why and how personal data is collected and processed.

3. Suppliers (including subcontractors and individuals associated with our supplier and subcontractors)

We collect and process data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our customers.

We use personal data for the following purposes:

• Receiving services
• Providing professional services
• Administering, managing and developing our businesses and services
• Security, quality and risk management activities
• Providing our suppliers with information about us and our services
• Complying with relevant law and regulations

4. Customers (and individuals associated with our customers)

SPIE UK collects only the personal data necessary for agreed purposes and we ask our customers to only share personal data where it is strictly needed for those purposes.

We use personal data for the following purposes:

• Providing professional services
• Administering, managing and developing our businesses and services
• Security, quality and risk management activities
• Providing our customers with information about us and our services
• Complying with relevant law and regulations

5. Visitors to our website

Visitors to our website are generally in control of the data shared with us. We may collect, store and use the following kinds of data:

• Information about your computer and about your visits to and use of the website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
• Information relating to any transactions carried out between you and us on or in relation to this website
• Information that you provide to us for the purposes of subscribing to our website services, email notifications and/or newsletters
• Any other information that you choose to send to us

Personal data submitted to our website may be used for the following purposes:

• To administer the website
• Improve your browsing experience by personalising the website
• Enable your use of the services available on the website
• Send you general (non-marketing) commercial information
• Send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you, where you have specifically consented to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications)

Who we share your personal information with

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security measures in place to protect the data and to comply with our obligations as data controller.

Personal data held by us may be transferred to:

• Other SPIE subsidiaries including to SPIE Group in France
• Third party organisations that provide data processing or IT services to us
• Third party organisations that assist us in providing goods and services
• Auditors and other professional advisors
• Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
  

Transferring data outside of the UK

To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK:

• with our offices within our group located outside the UK
• with your and our service providers located outside the UK
• where there is an international dimension to the service we are providing to you

These transfers are subject to rules under UK data protection law. This means we can only transfer your personal information to a country or international organisation outside the UK where:

• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
• a specific exception applies under data protection law

Transfers with appropriate safeguards

In relation to transfers between our group within the EU, the safeguards may instead include the use of standard contractual clauses that apply to SPIE.

Transfers under an exception

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal information on this ground.

Your rights

Under the UK GDPR you have a number of important rights. In summary, those include rights to:

• fair processing of information and transparency over how we use your personal information
• access to your personal information
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal information concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

• write to us
• let us have enough information to identify you
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
• let us know the information to which your request relates

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to contact us

The data controller is SPIE UK Limited.

If you have any questions about this privacy notice or how and why we process data please contact us at:

Data Protection Officer
SPIE UK Limited
1 Old Park Lane
Urmston
Manchester
M41 7HA

By email: dataprotection.uk@spie.com

How to complain

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please contact the Data Protection Officer with the details of your complaint. We will look into and respond to any complaints we receive.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) who is the UK data protection regulator. For further information on your rights and how to complain to the ICO, please refer to the ICO website.

Changes to this privacy notice

This privacy notice was published on 27/08/2021.

We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.