Who we are

This is the privacy policy for Engineering Integration
Registered office address: 48 Hucclecote Road
Gloucester
GL3 3RS
Phone: +44(0) 330 133 9065
Email: co-ordinator@engineeringintegration.com

Who to contact regarding your data and privacy.

Please contact us using the details above.

 

MS/P/17 DATA PROTECTION POLICY STATEMENT (GDPR)

Engineering Integration Ltd is a Consultant operating in the Civil Engineering industry, specifically within the rail environment.  The company has committed to provide a service, which combines quality and technical excellence.

Engineering Integration Ltd is committed to ensuring that the privacy of the individual is respected and that all personal data that is processed by our organisation is dealt with in accordance with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other related legislation.

This policy sets out our commitment to data protection and individual rights and obligations in relation to personal data. This policy should be read in conjunction with MS/P/20 IT Security Policy, MS/P/16 Password Policy for ei and the ei Quality Management System Section 7.0 Control of Documents, Records and Information Management.

 

Please note where reference is made to Staff, Staff Members, Managers or Employees, this also applies to consultants and suppliers working on behalf of Engineering Integration Ltd. All of whom should be aware of this document. Anyone working for Engineering Integration who is involved in any aspect of processing managing or analysing personal data must adhere to the policy herein.

Ultimately it is the responsibility of the Directors of Engineering Integration Ltd to ensure GDPR compliance. Our Data Protection Officer at the time off issuing this policy is The Business Manager.

Any questions about this policy should be addressed to them.  If they are no longer the Data Protection Officer, you can find out who is by contacting: Office@engineeringintegration.com.

Scope

This policy applies to the personal data of, employees workers, students, consultants, job applicants and former employees referred to as personal data. This policy also includes a section on the processing of client’s personal data.

Definitions

Personal data: is any information that relates to a living individual who can be identified from that information.

Processing: is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.

Special categories of personal data: means information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexual orientation and genetic and biometric data.

Criminal records data: means information about an individual's criminal convictions and offences, and information relating to criminal information allegations and proceedings.

 

Data Privacy Policy

Principles

Engineering integration Ltd (ei) processes HR related personal data in accordance with the following data protection principles:

  • Processes personal data lawfully, fairly and in a transparent manner.
  • Collects personal data only for specified, explicit and legitimate purposes.
  • Processes personal data only when it is adequate, relevant and limited to that which is necessary for the purpose of processing.
  • Keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted immediately.
  • Keeps personal data only for the period necessary for processing.
  • Adopts appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing, accidental loss destruction or damage.

Communications

ei informs individuals of the reasons for processing their personal data, how it uses that data and the legal basis for processing within the ei Privacy Notice. ei will not process personal data of individuals for any other reason. Where ei relies on its legitimate interests as the basis for processing data, we will carry out an assessment to ensure that the business interests do not override the rights and freedoms of individuals.

Where ei processes special categories of personal data or criminal records data to perform obligations or to exercise rights in employment law, this is implemented in accordance with GDPR regulations regarding special categories of data and criminal records data.

Data Storage

ei will update personal data promptly if an individual advises that his/her information has changed or is inaccurate.

Personal data gathered during the employment or assignment is held in the individual’s personal file (in hard copy, electronic form or both).

IT Data

Arrangements for IT Data protection is detailed in the MS P 20 IT Security Policy ei 2025,   MS P 18 IT Systems BYOD policy 2025.

Data Protection Training

Arrangements

Data Retention

ei will only retain personal information for as long as is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for persona data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of persona data, the purposes for which we process personal data and whether we can achieve those objectives through other means, and the applicable legal requirements.

ei keeps a record of its processing activities in respect of HR related personal data in accordance with the requirements of the GDPR. Please refer to the ei Data Retention and Erasure Policy for further information.

Individual Rights

As a data subject, individuals have a number of rights in relation to their personal data.

Access requests: Individuals have the right to make a Subject access Request (SAR). If an individual makes a SAR ei can tell him/her:

  • Whether or not his/her data is processed and if so, why, the categories of personal data concerned and the source of the data if it is not collected from the individual.
  • To whom his/her data is or may be disclosed including the recipients located outside the UK. And the safeguards that apply to such transfers.
  • How long a SAR will usually take to be processed.
  • His/her rights to rectification or erasure of data, or to restrict or object to processing
  • His/her right to complain to the Information Commissioners Office if he/she thinks ei has failed to comply with his/her data protection rights; and
  • Whether or not ei carries out automated decision making and the logic involved in any such decision making

ei will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made the request electronically unless he/she agrees otherwise.

The ultimate responsibility for quality is with the directors. The policy and its implementation will be reviewed annually. It will be revised and updated as necessary.

 

Signed on Behalf of the Directors

J Mason.          Director.

12/02/2025