Boden Group – Privacy Policy

Privacy Notice & Data Protection Policy

Last Updated: 22 October 2024

Boden Group Facilities Ltd (“Boden Group,” “Boden,” “we,” “us,” or “our”) respects your privacy and is committed to safeguarding your personal data. This policy outlines how we collect, use, share, and protect your information and explains your rights under UK data protection laws, including the UK GDPR and Data Protection Act 2018.

Our websites are not intended for access or use by children and we do not knowingly collect data relating to children.

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave any of our websites, we encourage you to read the privacy policy of any third-party website you visit.

Introduction

This privacy notice explains what personal information we collect, how we use it, and your rights regarding this information. It applies to all interactions you may have with us, including using our websites, customer services, staff recruitment, and management processes. It also covers interactions with our group companies, Boden Fire and Security Ltd and Boden Construction Ltd, with whom we have joint data controller arrangements.

Contact Information

If you have any questions about this policy or wish to exercise your data rights, please contact us:

Phone: 0845 646 0112
Email: info@bodengroup.co.uk
Postal Address: Boden Group, Unit B1 Woodside Court, Roundswell Business Park, Barnstaple, Devon EX31 3TJ
ICO Number: ZA443156

If you are not satisfied with our response, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk/make-a-complaint.

What Personal Data We Collect

We collect and use personal information based on your interactions with us. This includes:

General Customer Interactions:

Personal Identifiers: Names, addresses, date of birth, contact details
Financial Information: Payment details, credit reference information
Purchase History: Orders, service agreements, account information
Website Usage: IP addresses, user journey data, cookies

Customer Account Management & Guarantees:

Account details, purchase history, security information, marketing preferences

Marketing & Service Updates:

Contact details, location data, consent records, purchase/viewing history

Research & Archiving:

Data used for statistical, research, or archiving purposes, in line with legal requirements

Legal Compliance:

Identification documents, financial transactions, health and safety records, DBS checks

Staff Recruitment & Management:

Identity Data: Name, date of birth, gender, photographs (e.g., ID cards)
Contact Data: Address, phone number, email, emergency contact details
Employment Data: CV, employment history, education, references, right-to-work information, DBS checks, training records
Financial Data: Bank details, payroll information, National Insurance number
Health Data: Occupational health assessments
Security Data: CCTV images, security clearance details

Dealing with Complaints & Queries:

Personal identifiers, payment details, audio/video recordings, correspondence

Lawful Basis for Processing Your Data

Under UK data protection law, we must have a “lawful basis” to collect and use your personal data. Depending on the nature of your interaction with us, the lawful bases may include:

Consent: Where you have given clear consent for us to process your data for specific purposes (e.g., marketing)
Contract: When processing is necessary to fulfill a contract with you, or to take steps at your request before entering into a contract
Legal Obligation: When processing is necessary to comply with legal or regulatory obligations (e.g., health and safety regulations, right-to-work checks)
Legitimate Interests: When processing is necessary for our legitimate business interests, provided these interests are not overridden by your data protection rights

Your Rights: You have several rights under data protection law, including:

Access to your data
Correction of inaccurate information
Erasure (right to be forgotten)
Restriction of processing
Objection to data processing
Data portability
Withdrawal of consent at any time

To exercise any of these rights, contact us using the details above. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How We Collect Your Data

We gather personal data from various sources, including:

Direct Interactions: Forms, calls, emails, service contracts, and job applications
Third-Party Sources: Employment agencies, education institutions, insurance companies, previous employers, market research organisations
Automated Technologies: Cookies, tracking software, CCTV, and other recording devices

We may also obtain publicly available information, such as data from LinkedIn or other public websites.

How We Use Your Data

Your personal information is processed for the following purposes:

Customer Service & Delivery: To provide and deliver our services or goods, process payments, and manage orders
Staff Administration & Recruitment: For onboarding, training, payroll, and compliance
Marketing & Communications: To inform you of updates, services, promotions, or events, based on your consent and preferences
Legal Compliance: To fulfil regulatory and legal obligations
Business Operations & Research: To improve our services, understand market trends, and conduct research
Safety & Security: Using CCTV for security monitoring and safety assurance

Who We Share Your Information With

Your information may be shared with:

Data Processors: Companies that provide essential services, such as:

Sage: Payroll processing & payment processing
Clockwork: Systems management and supply chain operations
ConstructionLine: Supply chain onboarding and operations
Access Group: HR & training records, and company benefits information.
Lineal: Management of IT systems

Joint Controllers: Boden Fire and Security Ltd, Boden Construction Ltd for shared business functions
Service Providers: Insurance companies, health care providers, legal advisers, external auditors
Regulatory Bodies: HMRC, safeguarding organisations, financial authorities

Where necessary, we may transfer staff information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

Where necessary, our data processors may transfer staff information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.

How Long We Keep Your Information

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. For example:

Customer Data: Typically retained for 12 years after the end of the contract
Staff Records: Retained for 6 years after employment ends
Recruitment Data: Kept for 12 months if the candidate is unsuccessful, unless consent is provided for a longer period

Data Security

We implement appropriate measures to protect your personal data from accidental loss, unauthorised access, or misuse. Access is restricted to authorised personnel who are trained and subject to confidentiality obligations.

In the event of a data breach, we will notify you and the appropriate authorities as required by law.

Cookies

Our websites use cookies to personalise your experience and help us improve our services. Essential cookies enable the basic functionality of our sites, while non-essential cookies require your consent. You can manage your cookie preferences in your browser settings.

How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Boden Group – Privacy Policy

Boden Group – Privacy Policy

We’re here to support you

Useful Links

Policies