Privacy Policy

Introduction
This privacy policy sets out how Linaker uses and protects your personal data.

The Information We Collect
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes [first name, last name, any previous names, username or similar identifier, marital status, title, date of birth and gender].
• Contact Data includes [billing address, delivery address, email address and telephone numbers].
• Financial Data includes [bank account and payment card details].
• Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
• Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website].
• Profile Data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
• Usage Data includes [information about how you interact with and use our website, products and services].
• Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:

• To carry out our obligations arising from any agreement entered between you and us.
• To notify you about changes to our service.
• For the detection and prevention of fraud, crime, or other malpractice.
• To conduct market or customer satisfaction research or statistical analysis.
• For audit and record keeping purposes.
• In connection with legal proceedings.
• We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law.
• To respond to your queries or comments.
Depending upon the nature of our relationship with you, we may collect different information, and these differences are outlined below.

Customers
We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you, and for certain other purposes explained below. We do not knowingly set out to collect personal data, it is only provided to us by you by contacting us via our website, by phone, or by email. Once collected, this data is only used to deliver the service and respond to you, answering any questions you have. We do not collect sensitive data – financial, health, or information about children. This does, however, include name, phone number, email, etc.
We collect and process the following information relating to our customers:
• Information collected includes information provided at the time of requesting or registering for our services or for any other reason if you need to make a com-plaint or report a problem.
• Examples of information we collect from you are names, email addresses, and telephone numbers, and this is done at the point of requesting our services.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes.
• We also hold bank details as part of our invoicing and accounting procedures.
Additionally, we may collect non-personal information such as geographical location. This is collected as part of the services we provide and is not held for any other purpose. You cannot be identified from this information, and it is only used to assist us in providing an effective service.

Employees
We will collect information relevant to our legal obligations as an employer and may include your name, date of birth, phone number, and email, in addition to address, bank account details, and employment information.

Suppliers
We will collect information relevant to our status as a customer of yours and may include your name, phone number, and email, in addition to address, bank account details, and information relating to the services and products you provide us.

Why we need it
We need to know your personal data in order to reply to you and provide you with services. We will not collect any personal data from you that we do not need to. The lawful basis for processing data identified by Linaker includes:
Legal obligations – (for example, as an employer or as part of obligations with regard to HMRC)
Performance of a contract (especially with regard to our customers and our suppliers)
Legitimate interest – (such as when we ask for your feedback or advice on how to continually improve)
Consent – (only used when sensitive information is required to be processed by us or as part of marketing initiatives)

What we do with it
The personal data we process is processed and hosted in the UK, EEA, and on some occasions, in the US. The necessary arrangements for all non-EEA transfers have been reviewed and found to be adequate – these parties are all registered on the EU-US PrivacyShield initiative. Third parties will have access to your personal data only when they are under contract and following the signature of a non-disclosure agreement and only in line with the services these third parties are contracted to do so in order for Linaker to function as a business. These third parties include:

Data subject – What we may do with personal data

Customers (website, phone, and app users) – Data will be disclosed to designated consultants and management personnel on a project-by-project basis so that they can complete the service requested;
Auditors, consultants, and specialist service providers for the purposes of ensuring Linaker operate legally and safely. These include hosting and IT services providers critical to the infrastructure of our businesses;
Linaker personnel so as they can assist with the delivery of the service requested or respond to any contact from customers;
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services purchased from Linaker and on an exceptional basis);
Police and other regulatory authorities (upon receipt of a proper and justified request).

Employees – Data will be disclosed to designated consultants and management personnel on a project-by-project basis so that they can complete the service requested;
Auditors, consultants, and specialist service providers for the purposes of ensuring Linaker operate legally and safely. These include hosting and IT services providers critical to the infrastructure of our businesses. Other Linaker personnel;
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to Linaker and on an exceptional basis);
Police and other regulatory authorities (upon receipt of a proper and justified request).

Suppliers – Auditors, consultants, and specialist service providers for the purposes of ensuring Linaker operates legally and safely. These include hosting and IT services providers critical to the infrastructure of our businesses;
Linaker personnel so as they can assist with the delivery of the service requested or respond to any contact from customers;
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to Linaker and on an exceptional basis);
Police and other regulatory authorities (upon receipt of a proper and justified request).

If there is a duty to disclose or share your personal data in order to comply with any legal obligation, to enforce or apply our terms and conditions of supply and/or any other agreements, or to protect the rights, property, or safety of Linaker personnel, our customers, or others.

How long do we keep it?
Service user personal data will be retained for no more than three years following each use of our service unless you exercise your rights highlighted below.
Similarly, we are required to keep any complaint and query records for the same period of time.
Employee data will be retained for six years from the end of their employment with Linaker and financial data will be retained for six years from the date of the transaction or record.
Of course, we will look to retain records for no longer than is necessary and will dispose of all records securely.

How do we keep it secure?
We use a wide range of organisational and technical measures to keep all of our information secure. These include (but are not limited to):
• Password protection on mobile devices, files, folders, and assets.
• Restricted access to files with sensitive information.
• Anti-virus and anti-malware programmes.
• Use of encrypted platforms to store data.
• Access restriction protocols for information assets.
• Use of in-house data storage arrangements where possible to minimise data transfers.
Another key part of our arrangements is to use systems providers underpinned by robust and resilient data processing agreements, who enable us to work smartly and securely. These service providers include Microsoft, Xerox, and Adobe DocuSign.

What we would also like to do with it
We only use data collected for the reason it was collected. If you are a customer, we use this data to deliver the service to you and do not collect personal data for marketing purposes. If you are interested in our services or projects and have an interest in learning more about us, we may, on occasion, contact you and we publish articles from time to time and simply post these on our website and/or on social media sites to assist and generate interest in our business. We will not record any personal data that may be used by cookies in order for this website to interact with you.

What are your data subject access rights?
You have the right to the following:
• The right to be informed – data subjects must be aware of what personal data we have about them and what we are doing with it.
• The right of access – data subjects can request we provide them with the per-sonal data we have about them.
• The right to rectification – Data subjects can have their personal data rectified if it is inaccurate or incomplete.
• The right to erasure (or the ‘right to be forgotten’) – Data subjects have the right for their data to be erased where the personal data is no longer necessary in re-lation to the purpose for which it was collected/processed if consent is with-drawn or there is no overriding legitimate interest to continue processing.
• The right to restrict processing – Data subjects have the right to restrict the pro-cessing of personal data where they have contested its accuracy, where they have objected to the processing, and we are considering whether we have a legitimate ground that overrides this and where processing is unlawful.
• The right to data portability – The right to data portability allows data subjects to move, copy, or transfer personal data easily from one IT environment to an-other in a safe and secure way without hindrance to usability.
• The right to object – Data subjects have the right to object to processing based on legitimate interests, including profiling and direct marketing.
• Rights relating to automated decision-making and profiling – Data subjects have the right not to be subject to a decision when it is based on automated pro-cessing, and it produces a legal effect or a similarly significant effect on the indi-vidual.
We keep our privacy policy under regular review. [This version was last updated on 11th February 2025. Historic versions of this policy can be obtained by contacting us.] It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

If at any point you believe the information, we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer, who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office.
You can contact Linaker’s Data Protection Officer at dpo@linaker.com , 01737 645 300, or by post by writing to Linaker Ltd, 8 Station Road East, Oxted, Surrey, RH8 0BT.