Privacy Policy

DATA PRIVACY POLICY. 1

Our Company, Policy & the ICO.. 1

Data Privacy Policy. 1

Data Controller. 1

Policy Version. 2

Complaints to the ICO.. 2

How we will use information about you. 2

Visitors to our Website. 2

People who make a complaint. 2

Job Applicants & Current/Former Employees. 2

Applications. 2

Offers of Employment. 3

HR Files. 3

Temporary Staff/Work Experience. 3

Disclosure of Personal Information. 3

Transfers of data outside the EEA. 3

Your Data Protection Rights. 4

Our Company, Policy & the ICO

Data Privacy Policy

Rock Management Services Limited (“RockMS”) is committed to protecting the privacy and security of your personal information (collectively referred to as “we”, “us” or “our”).

This Privacy Policy (“Policy”) sets out how we collect and use personal information about you during and after your relationship with us, in accordance with the UK GDPR (“GDPR”).  This includes whether you become one of our clients or contact us in another way and gives details of what to expect when you interact with us online and how and what happens if we collect personal information through these interactions.

You should read this Policy, together with any other privacy information we provide when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. Please note this Policy does not form part of any contract to provide services you may have with us.

We might amend this Policy at any time, so if required, please check this page frequently to ensure that you are referring to the latest version of this Policy.

Data Controller

RockMS is predominately a Data Processor, but in certain circumstances is also a Data Controller.  Our ICO Registration Number is Z1376090.  This means that we are responsible for deciding how we process personal information about you.  If you have any questions or concerns about this Policy, you should contact our Data Protection Officer (“DPO”).  Our DPO is Judy Matthews.  She can be contacted most easily by email to judy@rockms.co.uk.

Policy Version

This Policy was last updated on 7 October 2021.

Complaints to the ICO

You have the right to make a complaint at any time to the ICO at https://ico.org.uk/.   We hope that you would not feel the need to do so if you spoke to us first, so please consider contacting us to discuss any concerns before you approach the ICO. 

How we will use information about you

We will only use your personal information when the law allows us to.  Mostly this will be:-

  • where we need to carry out a contract we have entered into with you.
  • where we need to comply with a legal obligation.
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • where we need to protect your interests (or someone else’s interests).
  • where it is needed for official purposes.

Generally, we do not rely on consent as a legal basis for processing of personal data.  We may process your personal data without your knowledge or consent, but only where this is required or permitted by law. Where your consent is required, we will provide you with full details of the information that we would like and the reason we need it, so that you can consider whether you want to consent.  It is not a condition of any contract with us that you agree to any request for consent from us and you will be able to withdraw your consent at any time.

Visitors to our website

We do not currently have a mailing list.  In any event, your data will never be disclosed to third parties without your consent.  If you do use our website and provide any personal information (ie; contact information through the Contact Us form), then we will only hold this information for the shortest amount of time for the purposes of contacting you to discuss your enquiry.  If, for example, you become a client of ours, your information will be retained as part of your client record and processed accordingly.  If your information is not required for any lawful purpose after we have contacted you, your contact information will be deleted. 

People who make a complaint

If you submit a complaint to us, we will use the information you provide for the purposes of investigating and responding to the complaint.  Once your complaint is closed, we will delete your information within 12 months, subject to any other obligations on us relating to the information which is the subject of the complaint.

Job Applicants & Current/Former Employees

Any information you provide us will only be retained to the extent that is required.

Applications

If you apply for a job, we will require your contact details as well as details about your previous experience, education, referees and may also ask you for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.  You will be asked to provide equal opportunities information.  This is not mandatory.  This information will not be made available to any staff outside of our recruitment team in a way which can identify you.  Any equal opportunities information you do provide, will be used only to produce and monitor equal opportunities statistics.

If your application is not successful, all the information we have about you will be destroyed after 12 months, unless you authorise us to retain the information in connection with any other opportunities that may arise in the future.

Offers of Employment

If we make an offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks before you will be able to commence work with us. We ask for this information as we are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

Information we will require includes:-

  • Proof of identification
  • Proof of qualifications
  • We may contact your referees; and
  • We may ask you to complete an occupational health questionnaire
  • Emergency contact information

For the purposes of payroll, we will ask you to provide:-

  • Bank details
  • Tax code information; and
  • Details to enrol you for your occupational pension

HR Files

All of our HR files are confidential to the extent of only being accessible by senior management staff and relevant HR/Finance staff as required.  As an employee, we will retain your HR file for 6 years after your employment terminates with us, in order to comply with our statutory obligations. 

Temporary Staff/Work Experience

If you provide us with information in connection with an application for temporary work/work experience, if your application is not successful or after your time with us comes to an end, all the information we have about you will be destroyed after 12 months, unless you authorise us to retain the information in connection with any other opportunities that may arise in the future.

Disclosure of Personal Information

We will only disclose personal data to third parties where permitted to do so by law and in the normal course of our business.  There are times where it will not be realistic to get your express permission in connection with each and every disclosure. If you have any concerns that any of your data has been incorrectly shared, then this should be raised with us through our standard procedures (ie; the Complaints Procedure in respect of clients and the Grievance Procedure in respect of employees).

Transfers of data outside the EEA

We may also be required to transfer your personal data outside the EEA. The UK GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined.  We transfer personal data originating in one country across borders when we transmit, send, view or access that data in or to a different country.

We will only transfer your personal information outside the EEA if one of the following applies:-

  • If the relevant country has been deemed, in accordance with UK GDPR, to have relevant equivalent standards of data privacy regulations in place
  • If appropriate safeguards are in place – such as the use of binding corporate rules which are in a format approved under UK GDPR
  • If you have expressly consented
  • If it is necessary for a relevant reason, and you are not physically or legally able to provide consent.

We can provide further information about potential transfers of personal information outside of the EEA on request.

Your Data Protection Rights

The UK GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

You can find further information about your rights and how they can be used on the ICO website at Your data matters | ICO

If you ask us to provide you access to your personal information then we will provide this to you without any charge – unless your request is clearly unfounded or excessive, in which case, we will advise you of any relevant charges or confirm the reasons as to why we will not agree to carry out your request.

If you want to exercise any of your data protection rights, then please use the contact details provided above.