indeo
indeo
  • Home
  • About Indeo
  • Indeo for homeowners
  • Indeo for trade
  • Professional services
  • Construction recruitment
  • Job seekers
  • Construction materials
  • Tool & vehicle hire
  • Contracting to trade
  • Contact Indeo

Privacy Policy

 

  1. Application
    1. This policy is for the following companies which will be collectively known as Indeo:
      1. Indeo Limited
      2. Indeo Construction Services Limited
      3. Indeo Professional Services Limited
      4. Indeo Contracting Limited
      5. Indeo Technologies Limited
      6. Indeo Equipment Limited
    2. This policy applies to:
      1. All employees of Indeo
      2. All contractors, subcontractors, suppliers and anyone else who provides work to or on behalf of Indeo
  2. Definition
    1. Organisations such as Indeo that process personal data are required by law to comply with data protection legislation which creates the standards for the fair and lawful processing of such data.
    2. The following defined terms will be used throughout this policy:
      1. Controller – As defined by the Information Commissioner’s Office, Controllers are the main decision-makers – they exercise overall control over the purposes and means of the processing of personal data. If two or more controllers jointly determine the purposes and means of the processing of the same personal data, they are joint controllers. However, they are not joint controllers if they are processing the same data for different purposes.
      2. Data – means information that is stored either electronically or physically.
      3. Data Protection Legislation – means the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation 2016/679 (the “GDPR”).
      4. Data Subject – means the identified or identifiable natural person or organisation
      5. Data Users – means those Indeo employees who are required to use and process the Personal Data collected. This policy requires that Data Users must protect the Personal Data and follow all required procedures in relation to this data.
      6. Data Protection Officer – A DPO can monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for Data Subjects and the Information Commissioner’s Office (ICO). It is not compulsory for the activities that Indeo wish to undertake and therefore there is no DPO within this policy.
      7. Personal Data – under UK GDPR, this means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
      8. Processor – under UK GDPR, this means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  3. Policy
    1. This policy is designed to ensure we (or another organisation on our behalf) collect, store and use Personal Data such that:
      1. It has been obtained legally and fairly
      2. It is both accurate and relevant
      3. It is used for specific and relevant purposes to our business
      4. It is securely stored
      5. It is kept for no longer than is necessary
    2. Our policy also extends to the rights that individuals and organisations have in regards to the Personal Data we collect on them:
      1. The right to obtain confirmation that their data is collected, stored and used
      2. The right to access this data
      3. The right to change the data if it needs correcting
      4. The right to request deletion of the data
    3. This policy applies to all Data Users including all Indeo employees and any external Processors and may be updated at any time to reflect changes in the work Indeo do, changes in the law, or for any other reason.
    4. At the time of this revision of the Data protection and privacy policy, there is no assigned Data Protection Officer for Indeo due to the activities it undertakes.
  4. Purpose of the policy
    1. Every individual has a right to how their Personal Data is handled and processed. Indeo will, as part of how it delivers its business, collect and process Personal Data on its users, suppliers, employees and other third parties. We recognise that there is not just a legal requirement to collect and process this Personal Data correctly but there is also an obligation to the individuals and organisations we work with and who work for us to ensure their data is safe and used correctly in accordance with this policy.
  5. Objectives
    1. Examples of the data collected, stored and used by Indeo include:
      1. Personal data
      2. Commercially sensitive data
      3. Business management information
      4. Productivity data
      5. Industry know how
    2. These are the key areas of data that are vital to the successful running of Indeo and it is therefore the policy that all data is treated with the same level of severity in terms of how it is collected, stored and handled.
    3. The objectives therefore are:
      1. To coordinate how data is collected and stored
      2. To promote confidence in our ability to collect and store this data securely
      3. To provide assurances for third parties
      4. To comply with the law
      5. To provide a standard for all Indeo employees to meet
    4. Indeo are entitled under law to use Personal Data for management and administrative purposes. We will however ensure that this is not misused or used without permission.
    5. Where Personal Data in connection with you is sought, you will be informed how and why this information is being collected and stored.
    6. Anyone collecting, storing and using Personal Data must comply with Data Protection Legislation and therefore this Personal Data must be:
      1. Collected, stored and used fairly and lawfully
      2. Collected for specific and legitimate reasons and not processed beyond those reasons
      3. Relevant and limited to what it is necessary for
      4. Accurate and, where possible, kept up to date. If not possible to be kept up to date, it must be deleted if it is known to be incorrect.
      5. Permitting identification for as long as is necessary
      6. Used in line with the rights of the individual under the Data Protection Legislation and allows the individual to access, change and delete the Personal Data if reasonably requested to do so.
      7. Processed in a manner that is appropriate and secure.
      8. Not transferred to countries outside of the UK
  6. Fair and lawful processing
    1. Data Protection Legislation allows for the processing of Personal Data, it does not prevent it. However, this processing must be fair and must not adversely affect the individual or organisation of which the data has been collected.
    2. We will process this Personal Data fairly, legally and transparently.
    3. Additional protections need to be met when processing Special Categories of Data. Special Categories are defined by UK GDPR as:
      1. personal data revealing racial or ethnic origin;
      2. personal data revealing political opinions;
      3. personal data revealing religious or philosophical beliefs;
      4. personal data revealing trade union membership;
      5. genetic data;
      6. biometric data (where used for identification purposes);
      7. data concerning health;
      8. data concerning a person’s sex life; and
      9. data concerning a person’s sexual orientation
    4. Further protections still will need to be met when processing Criminal Offence data. This covers a wide range of data relating to offences, suspected offences and unproven allegations. It can include anything in the context of:
      1. Criminal activity
      2. Allegations
      3. Investigations
      4. Proceedings
      5. Personal Data about penalties
      6. Conditions or restrictions placed on an individual as part of the criminal justice process
      7. Civil measures which may lead to a criminal penalty if not adhered to
  7. Purpose Limitation when Processing Personal Data
    1. Data must only be processed for specific and legitimate reasons and not processed any further that it no longer complies with those reasons.
    2. In our operations, we may collect any data that is listed within this policy and this may be collected either directly (from emails, forms etc direct from the individual or organisation that the Personal Data relates to) or indirectly (from any source other than the individual or organisation that the Personal Data relates to).
    3. The specific purposes for which the Personal Data will be processed is identified in table 1 at the end of this policy document. 
  8. Notifying Data Subjects
    1. Collection of Personal Data must be notified by the Controller either before it is collected or as soon as practicable after it has been collected. 
    2. When collecting Personal Data from individuals or organisations, we will inform them about:
      1. The purposes of why the Personal Data is being collected and Processed
      2. The third parties we may share the Personal Data with
      3. The options for the Data Subject of what they may request of their data
      4. The Personal Data we receive on a Data Subject from third parties and what we as Controller of that information will do with that data.
  9. Relevant and non-excessive Processing
    1. Personal Data will only be collected and Processed to the extent that it is relevant and limited to what is necessary in relation to the purposes for which it is Processed.
  10. Accuracy of data
    1. Best endeavours will be made to ensure the accuracy of the Personal Data stored and Processed. If data is known to be incorrect, efforts will be made to correct it and if this is not possible, the data will be deleted if reasonable to do so.
  11. Data retention
    1. Personal Data which allows for the identification of the Data Subject must not be kept longer than is reasonable for the purposes which the Personal Data is collected for. 
    2. For example, if data is collected for a specific contract, the data must be stored in accordance with the Indeo policies. However, if the data is collected for a specific marketing campaign, the data must be removed once the campaign has been completed.
    3. All reasonable steps must be taken to totally remove the Personal Data upon the requirement to delete it.
  12. Processing in line with Data Subjects rights
    1. Data Subjects have the right to request access to the Personal Data we hold on them and whether or not this is being Processed. Where it is the case, they have the right to access the Personal Data and the following information:
      1. The purpose for the Processing
      2. The Personal Data categories
      3. The third parties or categories of third party that the information will be shared with
      4. If the information is available, the duration for which the data will be stored
      5. The existence of the right to request the erasure, amendment or rectification of the Personal Data or to object to the Processing of it
      6. The right to lodge a complaint with the supervisory authority
      7. The source of where the Personal Data was obtained if this information has been stored
      8. Which countries the Personal Data has been or may be shared
    2. The access request may come in any form including written or verbal communication. However, Indeo must be able to validate the authenticity of the request and must therefore ensure that the Data Subject is the same identifiable individual as the Data Subject the request is about.
    3. Response to a request will be provided in an electronic communication only. 
    4. Where the request is excessive or requires verbal or non electronic written communication, Indeo reserve the right to recover its cost from the Data Subject.
    5. Data Subjects also have the right to have their Personal Data erased, rectified, amended or completed as follows:
      1. The Data Subject may request deletion of some of or all of their Personal Data but this is subject to what data we will need to retain. For example, record keeping of works done will need information keeping in line with Indeo policies to ensure legal obligations are upheld and records are kept.
      2. Data Subject may also request rectification of their Personal Data where there are inaccuracies or where the information has now changed.
      3. Consent by the Data Subject for use of their information may be withdrawn at any time. 
      4. The Data Subject has a right to be informed of how the Personal Data is used.
      5. Further to the point above, the Data Subject may then restrict the Processing of their Personal Data as far as is reasonable for the business operations of Indeo.
      6. They may also object to the use of their Personal Data
      7. Data Subjects may ask that their Personal Data is ported to another organisation
  13. Data Security
    1. Personal Data may only be Processed in a manner that ensures the appropriate security of such data and where possible, must protect against accidental release, loss, damage or inappropriate use of the data.
    2. Policies and procedures will be in place for maintaining the security of data from original collection to final destruction.
    3. All data collected shall be protected with confidentiality, integrity and availability.
      1. Confidentiality ensures that only those who need to see the data do so
      2. Integrity ensures that all information will be as relevant and accurate as possible
      3. Availability means that all Personal Data is available to a Data Subject should it be relevant for disclosure upon on a request
    4. Security measures for Personal Data include:
      1. A paper free approach to working which will result in zero risk of physical copies of data being lost or misplaced.
      2. Entry controls to critical electronic documents
      3. When Data Users are in an environment where others may see the screen then they are asked not to have these critical documents open
      4. Computer security to be installed on all devices and only Indeo devices may access Indeo networks
      5. Training of staff on how to keep data secure
  14. Transferring Personal Data to a company outside of the UK
    1. Personal Data is not to be transferred outside of the European Economic Area
  15. Disclosure to Third Parties of Personal Data we have
    1. Indeo reserve the right to disclose Personal Data to third parties where:
      1. The business sells or purchases any assets
      2. If we are required to in order to comply with any legal obligation, enforcement or similar
      3. Any reason set out in table 1 (at the end of this policy document)
  16. Changes to this policy
    1. Indeo may be required to change this policy in accordance with legal obligations or due to changes in the way the business is operated. We therefore reserve the right to change this policy for any reason.
  17. Responsibilities
    1. Managers
      1. Managers of all levels are responsible for the collection and Processing of Personal Data.
      2. They are also responsible for all communications to their teams of how this is to be used and for communications to Data Subjects.
      3. When receiving a request from a Data Subject, it is the managers duty to send a holding email as soon as possible to confirm that the request is being dealt with. A further response should be given within 30 calendar days to either confirm the outcome of the request or to confirm that more time is required.
    2. Everyone else
      1. Everyone else, whether employed directly, via agency or via contract, is required to be mindful of everything within this policy when handling Personal Data. 
      2. They are also required to inform their manager whenever they are handling this Personal Data and take every practical step to avoid potential release or mishandling of this information.
      3. Everyone is also responsible for providing updates to Indeo of their own Personal Data changes to ensure the business holds the most up to date relevant information.
      4. Finally, it is everyone’s duty to understand the relevant Data Protection Legislation and the information within this Policy and to conduct their every day work in accordance with both.
    3. Statutory role
      1. The Indeo individual who has ultimate responsibility for the company complying with Data Protection Legislation is the Director.
  18. Data breaches
    1. If you become aware of a breach or a suspected breach, you are required to immediately report this to the Director, whose contact details are at the end of this document. 
    2. A breach includes both non compliance with either Data Protection Legislation or this policy or a breach could be the loss of Personal Data.
      1. Data breaches could include:
      2. Loss of theft of IT equipment
      3. Unauthorised access to either office or IT equipment
      4. Unauthorised access to an IT account
      5. Ransomware attack
      6. Lack of protection to allow unauthorised accounts to access information
      7. Unforeseen circumstances
      8. Hacking
  19. Relevant contacts
    1. hello@indeo.co.uk

Copyright © 2025 indeo LIMITED - All Rights Reserved.

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept