Privacy and cookies policy
1.1 Costain Group PLC and its subsidiary companies (the “Company”) are committed to respecting your privacy.
1.3 This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.
1.4 The data controller is the Company.
1.5 In this Policy, Data Protection Law means the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and any equivalent legislation amending, supplementing or replacing the GDPR.
2.1 This Policy applies to any persons that provide personal data through the methods described in paragraph 1.2. This may include our current and prospective clients’ personnel; our joint venture partners’ personnel; third parties with whom we have contact by virtue of providing our services (e.g. third party payers of invoices); contractors/ suppliers and their personnel; those with whom we work in the context of our corporate responsibility initiatives; those who submit correspondence to us or whose details are otherwise entered into our systems and portals; and any visitor to our offices and projects.
2.2 Where you provide personal data about you, your personnel or other third parties (e.g. if you are a recruitment agent), you warrant that you have the consent of the individual to do this and that the information is accurate and up-to-date. You will inform us if the wishes of the individual or any information changes.
2.3 Pages of the Company website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the Company does not accept any responsibility or liability for these policies or use of the website. Please check these policies before you submit any personal data to these websites.
3. Collection and use of personal data
3.1 Your personal data will only be processed for the purposes set out below and in accordance with Data Protection Law. The Company will not process your personal data in any manner incompatible with these purposes unless we are required to do so by law.
3.2 The Company may hold and process your personal data for the following purposes:
- record and respond to any communication you have made with us including by way of telephone, through the website, email address of the Company, any other electronic form of communication and post;
- provide you with information that you have requested or to send you subscriptions that you have requested (such as the Costain news alerts);
- manage our relationship with you or third parties (such as your personnel) including for administration, accounting and relationship management purposes;
- process any application you (or your representative) has submitted for an employment or other opportunity (such as agency or volunteering work) with the Company;
- equal opportunities monitoring information (including information about your gender, race, ethnicity, sexual orientation and disabilities);
- on-boarding with the Company and pre-employment screening such as reference checks, right to work checks and criminal conviction checks;
- for administration purposes and access to our systems and portals;
- help us develop the website to be more useful to you, to keep it safe and secure;
- to respond to any problems you report with our website;
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
- to allow you to participate in interactive features on our website when you choose to do so;
- for the security of our business including photographic images, video recording, and administration of any attendance to our offices and projects;
- to comply with any legal obligations which apply to us or policies that we have in place; and
- as necessary to prevent illegal activity or to protect our interests or the interests of a third party such as our clients.
3.3 Special categories of personal data (such as information about your health) will be processed where the Company needs to carry out its legal obligations; to run the business; where the processing is necessary for the assessment of your working capacity, occupational health or obtaining a medical diagnosis; or where it is needed in the public interest (such as equal opportunities monitoring). In exceptional circumstances, we may process this data with your explicit consent.
3.4 We rely on one or more of the following legal basis for processing your personal data:
- for the performance of, or entry into, a contract with you or a third party (such as your personnel);
- to comply with our legal and regulatory obligations;
- we have a legitimate interest in doing so and where our legitimate interests are not overridden by your (or the relevant individual’s) interest. These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and projects and ascertaining compliance with our policies and procedures;
- where processing of special category data is necessary in the context of the establishment, exercise or defence of legal claims or in the substantial public interest; and
- where we have obtained your express consent to do so. We will explain at the time we collect your consent that you may withdraw your consent at any time in accordance with the information we provide to you at that time.
4. Sharing your data and security
4.1 For the purposes set out above, the Company may transfer personal data to third parties. These include our clients, joint venture partners, sub-contractors or suppliers including our website operator, professional advisors, insurers and regulatory bodies. This will be for one of the following reasons: you specifically request that we do this; it is necessary to provide information or services to you; for our legitimate interests (including the sale of the business or assets) or the legitimate interests of a third party (such as our client); in the public interest; or to carry out our legal or regulatory obligations.
4.2 Personal data may be shared between the parties listed in paragraph 4.1 above and/or the relevant entities within the Company's group. Where personal data is shared with other parties and/or outside the European Economic Area, the Company will ensure continued compliance with Data Protection Law.
4.3 We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.
4.4 The Company has put in place measures to ensure the security of the information collected and its correct use. These are appropriate to the nature of the information and to prevent unauthorised access. All incoming emails are scanned using virus-checking software. The software will also block unsolicited marketing email (spam) and emails which have potentially inappropriate attachments. All personal data you register on our website will be located behind a firewall. Once we have received your information, we follow strict security procedures as to how your personal data is stored and who sees it, to help stop any unauthorised person getting hold of it. Access to your personal data will only be given to those who strictly need such access.
5.1 We will keep your personal data stored on our systems for only as long as is necessary to achieve the objectives at paragraph 3 of this Policy, albeit we may keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for statistical purposes.
5.2 The third parties we engage to provide services on our behalf will keep your personal data stored on their systems for as long as is necessary to provide the services to you or for such purposes that the personal data was disclosed for.
6. Withdrawing consent
6.1 Where you have provided consent for us to process your personal data, you may withdraw your consent to this processing at any time by contacting us at email@example.com.
6.2 If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.
7. Data portability
7.1 Where you have provided personal data to the Company, which is processed on the basis of consent and by automated means, you can ask to receive that personal data in a structured, commonly used and machine-readable format.
8. Access your personal data
8.1 You can request confirmation of whether we hold personal data about you, the details of the personal data and access to that personal data. Your request will be processed and the information to which you are entitled will be provided to you no later than one month (except in extenuating circumstances) from when we receive your request, subject to the requirements and exemptions of Data Protection Law. If such extenuating circumstances mean we are unable to comply with your request within one month, we will tell you as soon as possible about this delay.
8.2 Examples of exceptions, where the Company (by law) does not provide access to personal data include:
- references written by the Company;
- any data from which a third party can be identified;
- any data held for the purposes of management forecasting or planning;
- any data prejudicing ongoing negotiations with the employee; and/or
- any data protected by legal privilege.
9. Request your data is rectified
9.1 Where your personal data is inaccurate or where you would like us to complete any incomplete information, you can provide us with a statement that sets out the details of your request for rectification.
10. Request your data is deleted
10.1 You can request that the Company deletes your personal data where it does not have grounds to continue processing your personal data. The Company will be unable to comply with your request in certain circumstances including, for example, if the Company has a legal obligation to continue processing the data.
11. Object to processing
11.1 You can object to the Company processing your personal data where (i) the Company is processing your personal data on the basis of its legitimate interests or (ii) you have grounds to believe that the Company no longer needs the personal data for the purposes or (iii) the processing is unlawful or (iv) you have contested the accuracy of the personal data.
11.2 To exercise any of the above rights, you should make your request via post to Costain Group PLC, Costain House, Vanwall Business Park, Maidenhead, Berkshire, SL6 4UB. Please mark the letter for the attention of the Legal Department.
12. Social plug-ins
Social plug-ins from Facebook
12.1 We use social plug-ins from facebook.com, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. You can recognise these plug-ins by their Facebook logo.
Social plug-ins from Twitter
Social plug-ins from LinkedIn
12.4 We use plug-ins which are provided by LinkedIn Corporation (LinkedIn), 2029 Stierlin Court, Mountain View, CA 94043, USA. These plug-ins can be identified by the LinkedIn logo and the LinkedIn “Share” button. If you access our website using this plug-in, your browser sets up a direct connection to the LinkedIn servers. LinkedIn receives information that you (your IP-address) has accessed our website. If you click on the LinkedIn “Share” button while you are logged in on your LinkedIn account, you can link certain content on your LinkedIn-Profile which enables LinkedIn to allocate the visit to our website to your LinkedIn account. We do not know the content of the data transferred to LinkedIn or how LinkedIn uses such data.
13.1 If you have concerns around the use of your personal data in the context of this policy, please address your concerns to the Costain Legal Department at Costain Group PLC, Costain House, Vanwall Business Park, Maidenhead, Berkshire, SL6 4UB.
13.2 If you remain dissatisfied following the response of the Costain Legal Department, you can address your concerns to the Information Commissioner’s Office.
1. What are cookies?
There is a technology called "cookies" which can be used to provide you with tailored information when visiting the Company website. A cookie is an element of data the website will send to your browser, which will then be stored on your computer. This element of data is a piece of text, not a program. The website can only access the information from a cookie sent by website and it cannot access other cookies sent by other web sites or the information contained there. Additionally, we cannot learn your email address or any other information about you through the use of a cookie.
3. What benefits do I receive from cookies?
4. May I decline to accept a cookie?
You may decline to accept cookies sent by the website by changing the settings of your browser to reject cookies or you can also use the cookie panel to make your choice.
5. Google Analytics
Last updated on: 21 May 2018