blu-3 Group (blu-3) are an award-winning fully integrated construction and utility services company, providing expertise and extensive knowledge to the UK’s and Europe’s largest construction projects.
blu-3 are committed to protecting and respecting your privacy, and this Privacy Policy explains how we use any personal data we collect about you when you use this website and our services.
The blu-3 Group consists of the parent company Blu3 (Holdings) Limited (with registered company number 05513280 and registered address at Eden House 454 New Hythe Lane, Larkfield, Aylesford, Kent, England, ME20 7UH) together with a number of subsidiaries and branches based in the UK and Europe. This Privacy Policy applies to each and every subsidiary and branch irrespective of location or jurisdiction.
For the purpose of the Data Protection Act 2018 (the Act) and the General Data Protection Regulations (GDPR) from 25 May 2018 (to the extent that this remains applicable following the UK’s exit from the European Union), the data controller is blu-3 (UK) Limited, Eden House, 454 New Hythe Lane, Larkfield, Aylesford, Kent, ME20 7UH, a subsidiary of the parent company.
Topics:
- How do we collect your personal data?
- What personal data do we collect?
- What is the lawful basis for collecting your personal data?
- How will we use your personal data?
- Where is your personal data stored?
- Keeping your personal data secure
- Data subject rights
- Other websites
- Changes to our Privacy Policy
- How to contact us
- Complaints
How do we collect your personal data?
We collect your personal data when you make an enquiry with us via our get in touch form regarding our services and via the apply online platform regarding our careers opportunities. Your personal data is also collected by cookies which is detailed further below.
What personal data do we collect?
When making an enquiry via the get in touch form and/or apply online platform, the personal data we collect from this includes but is not limited to your name, email address, contact number and any other personal data that may be within the contents of your message and attached resume if applicable. We collect this personal data to deal with your enquiry and/or application. Cookies on our website collect personal data such as when you, as a user, has returned to the website and your site preferences without knowing your exact identity. Cookies collect personal data only when this data has been placed by yourself on our website, for example via the get in touch form and apply online platform.
What is the lawful basis for collecting your personal data?
blu-3 relies on the lawful basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR to process the personal data that is collected from using our website. It is in our and your legitimate interest that we deal with and resolve any enquiry made and that to do so we require the personal data provided to be processed accordingly. Additionally, the lawful basis we rely on for processing your personal data collected from the apply online platform to assess your suitability for an applied role, is Article 6(1)(b) of the GDPR which relates to processing necessary to perform a contract or to take steps at your request before entering a contract.
How will we use your personal data?
We collect personal data about you to handle your enquiry and/or process your application. We will not share your personal data for marketing purposes with other companies or third parties.
Transfers and processing of personal data may be carried out between the companies and branches of the blu-3 Group. We may also share your personal data with third parties who will process such as either a data controller or as our data processor and this will depend on the purposes of our sharing such personal data with such third party. We will only share your personal data in compliance with the applicable data protection laws and regulatory requirements.
We may also share your personal data with third parties to comply with any legal obligations or regulatory requirements. In the event of a merger, acquisition, or asset sale, we may transfer personal data to the involved third party whilst ensuring its protection.
We may transfer your personal data outside of the EEA where we are satisfied that appropriate safeguards are in place for the transferring and processing of your personal data.
We will not share your personal data for marketing purposes with other companies or third parties.
Where is your personal data stored?
We store your personal data in digital format on secure cloud servers and systems hosted in the UK, Europe, and the European Economic Area (EEA). Access to personal data is highly restricted internally for approved business purposes only. Any personal data collected in paper form (e.g. call back request, general enquiry, etc.) are securely filed at our office locations in the UK and Europe. Personal data is retained for a maximum period of 2 years unless required for specific legal or regulatory purposes.
The personal data that we collect, process, transfer, and share in accordance with this Privacy Policy, may also be stored outside of the UK. We will only do so on the basis that anyone to whom we transfer and share your personal data protects it just as we would and that they are subject to the appropriate safeguards in the protection of your personal data.
Where personal data is stored outside of the EEA, we will only do so where;
- the European Commission has determined that the country, organisation, or individual to whom the personal data is shared will protect such personal data adequately, and/or
- such transfer has been authorised by the relevant data protection authority, and/or
- we have entered into a contract with the organisation or individual with whom we are sharing your personal data, on terms as approved by the European Commission, to ensure your personal data is adequately protected.
Keeping your personal data secure
Transmitting personal data over the internet is generally not completely secure but we have procedures and security in place to keep your personal data secure once it is in our systems.
Data Subject Rights
In brief, the GDPR and the Act provides the following rights for individuals;
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Automated decision making and profiling rights
The right to be informed
You have the right to be informed about the collection, purpose and use of your personal data unless you have the information already or if it would involve a disproportionate effort to inform you.
The right of access
You have the right to access your personal data that we hold about you. This is commonly known as a data subject access request and when made we have one month to respond. No fee is charged to you for making such a request, only if the request is manifestly unfounded or excessive and where further copies of your data is requested following the initial request.
The right to rectification
You have the right to have any inaccurate personal data rectified and any incomplete personal data completed. Such a request can be made verbally or in writing and we have one calendar month to respond. However, we can refuse such a request where it is manifestly unfounded or excessive. In such a circumstance we can charge a reasonable fee for complying with the request or we can refuse to deal with it.
The right to erasure
You have the right to have your personal data erased. This is also known as the right to be forgotten. This request can be made verbally or in writing and we have one month to comply. However, this is a qualified right and in certain circumstances a request to erasure can be refused in part or entirely. The request can be refused where it is necessary for us to retain it to exercise the right to freedom of expression, compliance with a legal obligation, for public interest, archiving purposes and for legal claims.
The right to restrict processing
You have the right to request that the processing of your personal data is restricted. Where personal data is restricted, it can be stored by us, but it cannot be used. Such a request can be made verbally or in writing and we have one calendar month to comply. However, this is a qualified right, and the request can be refused where it is manifestly unfounded or excessive. In these cases, we can charge a reasonable fee for complying with the request or we can refuse to deal with it entirely or in part.
The right to data portability
This right provides that you can obtain and reuse your personal data for your own purposes across different services. We have one month to comply with this request. This right is not absolute and can be refused where the request is manifestly unfounded or excessive. In these circumstances the request can be refused, or a reasonable fee can be charged where we comply with the request.
The right to object
This right allows you to object to the processing of your personal data in certain circumstances. The right is absolute with regards to processing of personal data for direct marketing purposes. An objection can be made verbally or in writing and we have one calendar month to respond.
Excluding direct marketing purposes, we may argue that processing of personal data can continue if we have a compelling reason such as having a legitimate ground which overrides your rights, interests, and freedoms or where the processing is for the establishment, exercise or defect of a legal claim. We can also refuse to comply with this right if the request is manifestly unfounded or excessive. If we decide to comply, a reasonable fee can be charged.
Automated decision making and profiling rights
This involves a decision being made by automated means without any human intervention. You have the right not to be subject to such processing in certain circumstances. This right is not absolute, and the processing can continue where it is necessary to enter into or perform a contract or if it has been legally authorised such as for the prevention of fraud tax evasion.
Other websites
Our website contains links to other websites. This Privacy Policy does not cover the links within this site linking to other websites. We encourage you to read to read the privacy statements on the other websites you visit.
Changes to our Privacy Policy
We keep our Privacy Policy under regular review and we will place any updates on this web page. This Privacy Policy was last updated on 10/06/2021.
How to contact us
Please contact us by email, post, or telephone if you have any questions about our Privacy Policy or personal data we hold about you, or if you wish to exercise any of the rights available to you;
Data Protection Officer
blu-3 (UK) Limited
Eden House
454 New Hythe Lane
Larkfield Aylesford Kent
ME20 7UH
Complaints
If you feel that your personal data has not or is not being handled appropriately or in compliance with the law, you can contact the Information Commissioners Office in the UK at ico.org.uk/concerns to file a complaint.