Introduction 
We are 4K Contracts Limited (referred to as “4K”, “we”, “us” and “our” in this Privacy Policy), a company incorporated in England with company registration number 13967046 and whose registered office address is 4 Rosemary Lane, Lower Stondon, Beds, SG16 6NG 

The information set out in this Privacy Policy is provided to individuals whose personal data we process (“you” or “your”), in compliance with our obligations under Articles 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR). 

To make this information clear, we have divided the data we receive into the following groups and corresponding Schedules, where each of which refers to: the particular category of information we collect and retain; where we obtain the information from; the purpose and legal basis of processing and whom we will (if applicable) disclose the information to: 

Schedule 1
Data about our clients and all individuals in respect of whom we have acquired personal information in connection with any products or services offered by us include if B2B: (including directors, shareholders, consultants, employees or other personnel of our clients) 

Schedule 2 
Data about our suppliers and supplier personnel Schedule 3

Data about individuals who apply for employment or work experience with us Schedule 4 

Data about directors and staff of the firm, and former directors and staff and other individuals who spend time at the firm (such as consultants and secondees) 

In addition to the above, individuals who interact with us in any of the above capacities should also refer to the following: 

Schedule 5 
Data collected about staff and visitors to our office 

Data controller details 
We are the data controller in relation to the processing of the personal information that you provide to us. Our contact details are as follows: 

  • Address: 4 Rosemary Lane, Lower Stondon, Beds, SG16 6NG 
  • Email address: enquiries@4kcontracts.co.uk (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention). 

International transfers 
We will not transfer personal data relating to you to a country which is outside the European Economic Area (EEA) unless: 

  • the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45; 
  • appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA); or 
  • One of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary): 
    the transfer is necessary to perform, or to form, a contract to which we are a party: o with you; or o a third party where the contract is in your interests; 
  • the transfer is necessary for the establishment, exercise or defense of legal claims; 
  • you have provided your explicit consent to the transfer; or 
  • the transfer is of a limited nature and is necessary for the purpose of our compelling legitimate interests. 

Retention of personal data 
Our retention and deletion policy can be found in Schedule 6 

Your rights in respect of your personal data 
You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. From 25 May 2018, if you are based within the UK or the EEA or within another jurisdiction having similar data protection laws: 

  • you will have the following rights: 
    • right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and in certain circumstances, you will also have the following rights: o right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim); 
    • right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it; o right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and 
    • right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes. 
  • Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to carry out our contractual obligations to you or provide you with access to all or parts of our services. 
  • If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: www.ico.org.uk Security 
  • We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example: o where appropriate, data is encrypted when transiting on our system or stored on our databases; o we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and o we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud. 
  • However, whilst we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone. 

Changes to this Privacy Policy
We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this Privacy Policy on our website, so please try to read it when you visit the website (the “last updated” reference tells you when we last updated our Privacy Policy) 

Last Updated August 2022

Schedule 1

Data about our clients, and all individuals in respect of whom we have acquired personal information in connection with any products or services offered by us (including directors, shareholders, consultants, employees or other personnel of our clients)

What we collect:We may use your information for the follow-ing purposes, based on the following legal grounds:Recipients:
  • Contact details such as your name, home/work addresses, email address, landline/ mobile phone or fax numbers.
  • Employment information such as your position/ title, employment history, professional specialisms and qualifications
  • Payment information such as bank details and transaction history. 
  • Identification information contained in or provided to us as part of our client ID checks. This includes details included in copy personal photo and residential ID documents we receive.
  • If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of providing our services e.g. contacting individuals to obtain instructions and discuss work involved.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of communications in relation to establishing a client relationship, obtaining evidence of identity of our clients, communications regarding our service and fees, for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future) and sending information to you about products and services which we think may be of interest to you for marketing purposes. Please note you can unsubscribe from any electronic marketing communications at any time using the links provided in the emails we send to you.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • If it is necessary for the performance of our contract: for the purpose of making or receiving payments in the course of providing our services.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions, for insight purposes (e.g. to analyse market trends and demographics in relation to our fees), for establishing our client’s ability to pay costs and to develop the service which we offer to you or other individuals in the future).
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • If it is our legitimate business interests to do so: for the purposes of obtaining evidence of identity of our client and internal record keeping for administration purposes.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Consent: if disclosing to other organisations where we cannot rely on any legal obligation to do so.

Please note that personal information we are holding about you may be shared with and processed by:

  1. regulators or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
  2. credit reference and fraud prevention agencies;
  3. any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
  4. other parties and/or their professional advisers involved in a matter where required as part ofthe conduct ofthe services;
  5. our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  6. our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and platform providers, our bank, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested or which we believe may be of interest to you; 
  7. third parties as part of the arrangements for any event for which you have expressed an interest in attending; 
  8. third party analysis companies to help us improve our service and product range and to help us attract similar clients; 
  9. another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguards are in place;

Schedule 2

Data about suppliers and supplier personnel

What we collect:We may use your information for the following purposes, based on the following legal grounds:Recipients:
  • Contact details such as your name, home/work addresses, email address, landline/ mobile phone or fax numbers.
  • Employment information such as your position/ title, employment history, professional specialisms and qualifications
  • Payment information such as bank details and transaction history.
  • Identification information contained in or provided to us as part of our client ID checks. This includes details included in copy personal photo and residential ID documents we receive.
  • Identification information contained in or provided to us as part of our client ID checks. This includes details included in copy personal photo and residential ID documents we receive.
  • If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of receiving services from you e.g. contacting individuals where we need to do so to provide instructions and discuss work involved.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of communications in relation to establishing a client relationship, obtaining evidence of identity of our clients, communications regarding our service and fees, for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future) and sending information to you about products and services which we think may be of interest to you for marketing purposes. Please note you can unsubscribe from any electronic marketing communications at any time using the links provided in the emails we send to you.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • If it is necessary for the performance of our contract: for the purpose of making or receiving payments in the course of the supplier’s services.
  • If it is in our legitimate business interests to do so: for the purpose of enquiring, requesting or purchasing goods or services, for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions and for insight purposes (e.g. to analyse market trends and demographics in relation to our suppliers’ fees).
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.

Please note that personal information we are holding about you may be shared with and processed by: 

  1. our clients, in the course of providing services for and/ or performing our contractual obligations to clients; 
  2. regulators or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts; 
  3. credit reference and fraud prevention agencies; 
  4. any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order); 
  5. our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities; 
  6. our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and platform providers, our bank, payment processing providers);
  7. another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguards are in place

Schedule 3

Data about individuals who apply for employment or work experience with the firm.

What we collect:We may use your information for the following purposes, based on the following legal grounds:Recipients:
Contact details such as names, home and work addresses, landline/ mobile phone or fax numbers, email addresses, previous addresses.Our legitimate interest in processing such information for contacting individuals where we need to do so and for obtaining/verifying evidence of identity. We also carry out location mapping, for the purposes of assessing whether a candidate lives near the relevant work site.

Please note that personal information we are holding about you may be shared with and processed by: 

  1. recruitment agencies to communicate offer details (if any); 
  2. UK regulatory and law enforcement bodies, where required of us under UK law or regulation; and 
  3. our service providers (such as data storage, typing, administrative support and audit).

“Special categories of information” such as: 

  • information about your race or ethnicity. 
  • information about unspent convictions.

We will use your particularly sensitive personal information in the following ways, and based on the following legal grounds: 

  • Pursuant to Schedule 1, Part 2(8) of the Data Protection Act 2018, we may use information about your race or national or ethnic origin, for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment. In accordance with Schedule 1, Part 4, S.35-36 of the Data Protection Act 2018, 4K retains a policy document and records of processing of such information. 
  • Pursuant to Schedule 1, Part 1(1)(1) of the Data Protection Act 2018, we consider and process information about unspent convictions under our rights conferred by law in connection with employment (Exceptions Order to the Rehabilitation of Offenders Act 1974). In accordance with Schedule 1, Part 4, S.35- 36 of the Data Protection Act 2018, 4K retains a policy document and records of processing of such information.
  • Consent: we do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data (such as if we need to disclose it to certain recipients). If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Please note that personal information we are holding about you may be shared with and processed by our service providers (such as data storage, typing, administrative support and audit).
Employment related history and qualifications information such as position/title, date of birth, employment history and CV, references from previous employees, professional specialisms, education and qualifications, salary and benefits, disciplinary record.Our legitimate interest in processing such information for assessing their suitability for the role, or considering potential packages and offers.

Please note that personal information we are holding about you may be shared with and processed by: 

  1. recruitment agencies to communicate offer details (if any); and 
  2. our service providers (such as data storage, typing, administrative support and audit).
Personal information such as professional and personal interests and languages spoken.Our legitimate interest in processing such information for assessing their suitability for the role. 
  • Information contained in or provided to us as part of our recruitment or take on process such as details included in copy personal photographs and residential ID documents we receive. 
  • Visa documentation

Our legitimate interest in processing such information for obtaining/verifying evidence of identity. 

Compliance with a legal obligation in order to confirm that the individual is entitled to work in the UK and for the purpose of security and prevention of crime.

Please note that personal information we are holding about you may be shared with and processed by: 

  1. UK regulatory and law enforcement bodies, where required of us under UK law or regulation; and 
  2. our service providers (such as data storage, typing, administrative support and audit).

Schedule 4

Data about directors and staff of the firm, consultants, secondees, those on work experience, temporary staff, former directors and staff, next of kin, spouses, beneficiaries

What we collect:We may use your information for the following purposes, based on the following legal grounds:Recipients:
  • Contact details (work) such as name, work address, landline/ mobile phone or fax numbers, email address.
  • Contact details (personal) and other personal information such as home address, landline/mobile phone number, email address, previous addresses, emergency contact details, date of birth, marital status, next of kin, spouse, beneficiaries’ names and contact details.

“Special categories of information” such as:

  • information about your race or ethnicity; and
  • information about unspent convictions.
  • information about your health: information provided within our health questionnaire, details of medical conditions, health and sickness records such as details of any absences (other than holidays) from work including time on statutory parental leave and sick leave.
  • health data relating to your, spouse, children and/or other family members when added to firm’s private healthcare scheme.
  • biometric data (upon entry to a site).
  • Necessary for the performance of our contract in our capacity as your employer.
  • Necessary to protect the vital interests of the individual concerned for the purposes of security and prevention of crime.
  • Our legitimate interest in processing such information (work contact details) for contacting individuals where we need to do so in the individual’s capacity as employee, director or other member of staff.
  • Our legitimate interest in processing such information (personal contact details) for the purpose of contacting individuals where we need to do so in the individual’s capacity as employee, director/shareholder or other member of staff, in order to keep appropriate employment records, for obtaining/verifying evidence of identity or for contacting next of kin, spouses and beneficiaries if the circumstances require (such as in an emergency).
  • Compliance with a legal obligation to comply with right to work legislation.

We will use your particularly sensitive personal information in the following ways, and based on the following legal grounds:

  • Pursuant to Schedule 1, Part 2(8) of the Data Protection Act 2018, we may use information about your race or national or ethnic origin, for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment. In accordance with Schedule 1, Part 4, S.35-36 of the Data Protection Act 2018, 4K retains a policy document and records of processing of such information.

We will use your particularly sensitive personal information in the following ways, and based on the following legal grounds:

  • Pursuant to Schedule 1, Part 2(8) of the Data Protection Act 2018, we may use information about your race or national or ethnic origin, for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment. In accordance with Schedule 1, Part 4, S.35-36 of the Data Protection Act 2018, 4K retains a policy document and records of processing of such information.
  • Pursuant to Schedule 1, Part 1(1)(1) of the Data Protection Act 2018, we consider and process information about unspent convictions under our rights conferred by law in connection with employment (Exceptions Order to the Rehabilitation of Offenders Act 1974). In accordance with Schedule 1, Part 4, S.35-36 of the Data Protection Act 2018, 4K retains a policy document and records of processing of such information. We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws. We will also use information to administer benefits including statutory maternity pay, statutory sick pay and pensions.
  • Pursuant to Article 9(2)(h) GDPR, we will use information provided in health questionnaires to assess the working capacity of our employees/other members of staff.
  • Upon obtaining your consent, we will process biometric data (i.e. fingerprint scans) for the purpose of identification on site entry and for safety and security purposes. With your consent we will use your information to apply for optional benefits on your behalf (such as health insurance).
  • Necessary for the performance of the employment contract in order to keep appropriate employment records and carry out our contractual obligations as employer.

Please note that personal information we are holding about you may be shared with and processed by:

  1. our clients;
  2. other professional advisers of our clients;
  3. other parties and/or their professional advisers involved during the course of services provided to our clients;
  4. regulators or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
  5. credit reference and fraud prevention agencies;
  6. any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
  7. other parties and/or their professional advisers involved in a matter where required as part of the conduct of the services;
  8. our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
  9. our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and platform providers, data storage providers, typing service providers, administrative support, third party payroll processors, audit providers and our bank);
  10. third party providers of benefits (such as childcare vouchers, life insurers, pension providers);
  11. another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguard are in place);
  12. in respect of secondees, information may be shared with SHAPE, our global partner, for administration purposes, pursuant to and under the terms of our agreement with SHAPE which incorporates the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA; and
 Our legitimate interest in processing such information in order to keep appropriate employment records, for assessing their continued suitability for their role and for planning progression.

Please note that special categories of information will only be disclosed as follows:

  1. to our service providers (such as data storage, typing, administrative support and audit);
  2. information about race or ethnicity may be provided to our clients (particularly governmental clients) for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment;
  3. health data may be provided to medical professionals or third party providers of benefits (such as life insurers);
Payment and financial information such as bank details, transaction history, salary and benefits, life insurance, pension related information, tax-related information, National Insurance number, payroll documentation (P45 / P60 / P11D).

Necessary for the performance of the employment contract to pay or compensate the individual.

  • Our legitimate interest in processing such information in order to keep appropriate employment records and to allow the individual to receive pension and other benefits.
  • Consent in order to allow nominated family members or beneficiaries to receive benefits or insurance funds.
 

Information contained in or provided to us as part of our recruitment or take on process such as details included in copy personal photographs and residential ID documents we receive.

  • Visa documentation (right to work in the UK).
  • DBS check (basic disclosure).
  • Monitoring information such as images via CCTV, entrance/exit dates/ times, movement within the building via security card system.

Our legitimate interest in processing such information for obtaining/verifying evidence of identity.

  • Compliance with a legal obligation in order to confirm that the individual is entitled to work in the UK and for the purpose of security and prevention of crime.
  • Compliance with a legal obligation pursuant to Schedule 1, Part 1(1)(1)(a) of the Data Protection Act 2018 to satisfy our legal obligations as their employer or as the firm to which members belong and for security and prevention of crime purposes.
  • Our legitimate interest in maintaining a safe environment and in preventing and detecting crime.
  • Necessary to protect the vital interests of the individual concerned: for security purposes and in order to maintain a safe environment.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
 

Schedule 5

Data about visitors to our office

What we collect:We may use your information for the follow-ing purposes, based on the following legal grounds:Recipients:
  • Monitoring information such as images via CCTV, entrance/exit dates/ times, movement within the building via security card system. 
  • Dietary preferences (if catering is arranged).
  • If it is in our legitimate business interests to do so: for security purposes and pursuant to our legitimate interest in maintaining a safe environment, for the purpose of confirming attendance/location of the individual, for determining contract performance (in the case of employees and suppliers), and for use where catering is arranged (in the case of dietary preferences). 
  • Necessary to protect the vital interests of the individual concerned: for security purposes and in order to maintain a safe environment. 
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.

How we share information Please note that personal information we are holding about you may be shared with and processed by: 

  1. building management and law enforcement authorities, or other regulators or other third parties for the purposes of monitoring and/ or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts; 
  2. the relevant individual’s employer or agent; and 
  3. external caterers (in the case of dietary preferences).

Schedule 6

Retention and deletion policy

Unless we are required or permitted by law to hold on to your information for a specific retention period, we may retain your information for the following purposes and periods:

Category of personal dataPeriod for which personal data will be stored
  • Data about our clients, business contacts, and third parties involved in matters in relation to which we provide services to our clients. 
  • Data about our suppliers and supplier personnel. 
  • Data about individuals who apply for employment or work experience with us. 
  • Data about directors and staff of the firm, and former directors and staff and other individuals who spend time at the firm (such as consultants and secondees). 
  • CCTV. 

Contracts and general correspondence (emails, post and other communications) obtained in the course of providing our services: Such information will be stored for 12 years following completion of the services or termination or expiry of the contract with our client (whichever is later). Contact details for marketing purposes: Contact information relating to clients and contacts will be held for so long as we believe the information to remain accurate and the individual concerned remains a genuine connection of the firm, or of one of our directors and staff. We have a programme for reviewing our contacts regularly, and removing any information which is considered to be out of date or no longer relevant. 

Contracts and general correspondence (emails, post and other communications) obtained in the course of providing your services: Such information will be stored for 12 years following completion of the services or termination or expiry of your contract (whichever is later). 

Personal data obtained from employment or work experience applicants will be deleted after 8. 

Human resources (HR) records will be destroyed 8 years following employment. For the purposes of administration this will be actioned annually in December of each year. 

Personal data stored in private workspaces created for members of HR (including for appraisals, promotion and probation reviews) will be deleted 8 after creation. 

CCTV information is destroyed after 90 days