Oxley  t: 0161 635 2016

Oxley Privacy Policy

We're GDPR Compliant

Oxley Privacy Notice

OXLEY (the “company”, “we”, “our”, or “us”) holds and processes data on all current and former clients, service users, agency workers, consultants, sub-contractors, suppliers and visitors to our sites and offices, and third parties whose information you provide us in connection with the business relationship (e.g. banking details, contact details, health and safety records, next-of-kin, emergency contact information and/or dependants) (“you or “your”)


The following Privacy Notice describes the categories of personal information we may process, how your Personal Information may be processed, and how your privacy is safeguarded during our relationship with you. It is intended to comply with our obligations to provide you with information about the Company’s processing of your Personal Information under privacy laws.


If you have any questions regarding the processing of your Personal Information or if you believe your privacy rights have been violated, please contact our Data Manager on info@ukbuildingcontractor.co.uk . If you are aware of an unauthorised disclosure of data, please also refer this to our Data Manager for guidance as to the applicable reporting requirements.


Access to Data

Within the company, your Personal Information can be accessed by or may be disclosed internally on a need-to-know basis to:


  • The purchasing, commercial or finance department who carry out the pre-qualification process
  • The board and senior management responsible for managing or making decisions in connection with your relationship with the company
  • Our pre-construction and project teams to facilitate your appointment and site inductions
  • Where necessary for the performance of specific tasks or system maintenance by staff in the company teams


Certain basic Personal Information, such as your name, job title, contact information and any published skills and experience profile may also be accessible to other employees. The security measures in place within the company to protect your data are set out below.


Your Person Information may be accessed by third parties with whom we work together. Examples of third parties with whom your data will be shared include tax authorities, regulatory bodies, the companies’ insurers, bankers, IT, lawyers, auditors, investors, consultants, site access providers, payment facilitators and other professional advisors. The company expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.


Where these third parties act as a Data Processor, they carry out their tasks on our behalf and upon our instructions for the above – mentioned purposes. In this case your Personal Information will only be disclosed to these parties to the extent necessary to provide the required services.


In addition, we may share Personal Information with national authorities to comply with a legal obligation to which we are subject. This is for example the case in the framework of imminent or pending legal proceedings or a statutory audit.


Processing of personal information

The company collects and processes your Personal Information for the purposes described in this Privacy Notice as set out in the Data Protection Policy, Personal Information means any information describing or relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. For example, it could be a photograph, email address, posts on social networking sites, medical information, computer IP address etc.


The company identified in your contract with us (whether issued by the Company or a third party) will be the data controller of your Personal Information. In addition, where processing of Personal Information is undertaken by other associated companies of the Company for their own independent purposes, these associated companies may be joint controllers of your Personal Information.




Personal Information


We may collect various types of Personal Information about you for the purposes described in this Privacy Notice including:


  • Contact Details: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, home address, home/mobile telephone number, email address, employer name, job title, employer address and employer telephone number
  • Induction Data: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, date of birth, age, home contact details, employer name, occupation, card accreditation schemes, medical conditions and next-of-kin/dependent contact information
  • Accident/Incident Data: your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, gender, date of birth, age, home contact details, national ID number, next-of-kin/dependent contact information, employer name, occupation, and accident/incident records (e.g. location, time, date, nature of injuries, medical history, hospital details)
  • Pre-qualification Data: names and contact details, qualifications, references, CV’s, application email/letter, vetting and verification information, and accident/incident records
  • Regulatory Data: records of your registration with any applicable regulatory authority, your regulated status and any regulatory references
  • Remuneration Data: your remuneration information (including hourly rate/contract pay information as applicable), bank account details and tax information
  • Monitoring Data (to the extent permitted by applicable laws): Closed circuit television footage, system and building/site login and access records, download and print records, call recordings, data caught by IT security programmes and filters.


Certain additional information may be collected where this is necessary and permitted by local applicable laws.


Special Categories of Personal Information

To the extent permitted by applicable laws the company may also collect and process a limited amount of Personal Information falling into special categories, sometimes called “sensitive personal data”. This term includes information relating to such matters as racial or ethnic origin, physical or mental health (including details of accommodations or adjustments), biometric data, genetic data, criminal records and information regarding criminal offences or proceedings.


How does the company collect data?

The company collects and records your Personal Information from a variety of sources, but mainly directly from you. You will usually provide this information directly to us through your participation in pre-construction negotiations, competitive tendering processes, pre-qualification processes, emails you send, through verbal information which may be recorded, or through site inductions.

We may also obtain some information from third parties, for example, references from previous clients, credit agencies, companies house or where we employ a third party to carry out a background check.

In some circumstances, data may be collected indirectly from monitoring devices or by other means (building/site access control/monitoring system, CCTV etc), if and to the extent permitted by applicable laws. In these circumstances, the data may be collected by the Company or a third-party provider of the relevant services. This type of data is generally not accessed on a routine basis but can be accessible if required. Access may occur in situations where the company is investigating criminal activity at our sites or offices or if the data is needed for compliance/valuation purposes.


Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and if particular information is required. Failure to provide any mandatory information could mean that we will not be able to carry out certain processes.


Apart from personal information relating to yourself, you may also provide the company with personal information of third parties, notably your staff or dependants and other family members for the purposes of pre-qualification to our supply chain and contacting your next-of-kin in an emergency. Before you provide such third party personal information to the company you must inform these third parties of any such data which you intend to provide and of the processing to be carried out by the company, as detailed in this privacy notice.


What is the purpose from which data is processed

Your personal information is collected and processed for various business purposes, in accordance with applicable laws. Data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. criminal investigations, validating payment claims). We may collect and process your personal information for various purposes, as set out in this Privacy Notice.


Where applicable data protection laws require us to your personal information based on a specific lawful justification, we generally process your personal information under one of the following bases:


  • The processing is necessary for the legitimate interests pursued by the company, expect where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information
  • The processing is necessary for compliance with a legal obligation to which the company is subject
  • The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract
  • We may on occasion process your personal information for legitimate interests pursued by a third party, except where such interests are overridden by your interests or fundamental rights and freedom which require protection of personal information. Additional information regarding specific processing of personal information may be notified to you individually or as set out in applicable policies.
  • Legal basis for processing data
  • The sensitive or special categories of personal information that may be processed by the company are set out in this privacy notice.
  • Where applicable, data protection laws require us to process such special categories of personal information based on a specific lawful justification, we process the same under one of the following bases:
  • The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or the company in the field of employment law, social security and social protection law, to the extent permissible under applicable laws
  • The processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of social care or treatment or the management of health or social care systems and services, to the extent of the applicable laws
  • The processing is necessary to protect your vital interest or of another person where you are physically or legally incapable of giving consent
  • The processing is necessary for the establishment, exercise or defence of legal claims


We may seek your consent to certain processing, if consent is required for the processing in question, it will be sought from your separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your appointment to agree to any request for consent from the company.


Your Rights

The company aims to ensure that all personal information is correct. You also have a responsibility to ensure that changes in personal/business circumstances are notified to the company so that we can ensure that your data is up-to-date.


You have the right to access any of your personal information that the company may hold and to request correction of inaccurate data relating to you. You furthermore have the right to request deletion of any irrelevant data we hold about you.


You have the right to receive all personal information which you have provided to the company in a structured, commonly used and machine-readable format, and to require us to transmit it to another controller where this is technically feasible.


You have the right to restrict our processing off your personal information, we will only process this restricted data with your consent or for the establishment, exercise or defence of legal claims.








Health & Safety

A. Oxley & Son Building Contractors Ltd


The Downs, Altrincham, Manchester  WA14 2PU

Contact Oxley

t: 0161 635 2016