YOUR PRIVACY MATTERS
Behind every winning bid is a strong story. It’s what we do.

WE HANDLE YOUR DATA WITH CARE

We’re ‘people’ people who rely on maintaining great relationships. Transparency is key to our business ethic and we want to make sure you’re in control of what data we collect about you, how it’s used and who it’s shared with.

If, after reading this statement, you have more questions, please email accounts@blue-edge.co.uk or call our office on 01273 328 125.

Table of Contents

1. INTRODUCTION

WHO ARE WE?

Blue Edge is a trading name of The Blue Consult Ltd. We’re a communications agency which works to create winning bids for top-tier contractors in the construction and engineering industries.

As an agency, we rely on our widespread network of specialists, and our ongoing relationships with them and our clients.

WHO DOES THIS PRIVACY POLICY APPLY TO?

This privacy policy applies to any potential, current and past members of this community. Specifically, we collect and process data belonging to these people:

Direct Candidates
People who have applied for a position within the Blue Edge team.

Indirect Candidates
People whom Blue Edge are approaching to potentially join the Blue Edge team or network of Associates.

Employees
Current and past staff members.

Associates
People who work/have worked for Blue Edge on an intermittent basis as private contractors.

Prospective Associates
People who have contacted us because they are interested in becoming an Associate.

Clients
People who represent the companies we are currently contracted with.

Prospective Clients
People who represent the companies we are looking to develop a relationship with for future contracts.

Suppliers
People who represent companies that provide services or products essential to our day-to-day business activities or fulfilling contract terms.

Emergency Contacts
People whose details we have been given as ‘next of kin’ contacts to be used in case of an emergency.

WHAT ARE OUR ROLES REGARDING YOUR DATA?

If your relationship with Blue Edge falls into one of the above listed categories, The Blue Consult Ltd. will be the Controller of your personal data as provided to us, collected by us, or processed in connection with our services.

If you are in a contract with Blue Edge as an Employee, Associate, Client, Supplier or Emergency Contact, we may need to share your data with other parties for the purposes of fulfilling our contractual terms. A party using or storing individuals’ information provided to them by Blue Edge will be the Processor of your personal data. The Processors who will be handling your information are detailed in our Employee Handbook, Consultancy Agreements and individual Supplier contracts.

Here is a quick reference guide as to who you can expect your data to be processed by:

Direct/ Indirect Candidates
Data may be shared with and processed by appointed Recruitment Agencies, you will be advised which agency and asked permission before we share your personal data.

Employees
Data may be shared with Government/ Legal Bodies (such as Disclosure Scotland) and our Payroll Company. In case of emergency, your details may also need to be shared with emergency services. Further information is found in our Employee Handbook and will be explained to you in detail at induction.

Associates/ Prospective Associates
If you have signed a Consultancy Agreement with Blue Edge, you will find details of the Data Processors we expect to share your data with in Section 8 Data Protection. When you are placed on an Assignment, we will share your details with our Client and vice versa. The Client’s contact details will be provided to you in your Assignment Schedule which forms an addendum to the Consultancy Agreement and is emailed to you at the start of each placement.

If you have not signed a Consultancy Agreement with Blue Edge, your data will only be shared with Clients after you have given your express permission by email.

Clients
Your personal data may need to be shared with other parties involved in the fulfilment of our contractual agreement. When we provide on-site support to your team, we will always need to share your contact details with the Associates who will be working with you.

There may also be specific circumstances where we need to share your data with Suppliers. For example, if we are hosting an event for your company, we may need to provide your details to the venue for contact purposes. In such cases, we will always obtain your express permission by email to share your data.

Prospective Clients
We collect the names, business email addresses and business telephone numbers of contacts at companies we would like to work with in the near future. We take care not to store unnecessary information. This data is maintained on a secure database and reviewed each year to make sure that it is still relevant and required. Information collected in this way is NOT shared with third parties.

Suppliers
The personal data of relevant contacts working for our Suppliers are collected in order to fulfil the terms of our contract with you or your contract with Blue Edge. In some instances, we collect and store the names, business email address and business telephone numbers of Suppliers we have worked with, or whom we would like to work with in the near future. This data is maintained on a secure database and reviewed each year to ensure that it is relevant and required. Supplier information is ONLY shared with third parties when it is a contractual or legal requirement to do so. In any other circumstance, such as providing recommendations to partnering companies, we would always seek your express permission by email before sharing your data.

Emergency Contacts
When we employ people or place Associates on assignments, we also ask them to provide the personal contact details of the individual they would like us to contact in case of an emergency at Blue Edge or Client premises. In this case, the Employee or Associate providing the information is considered to be the Controller of that data, and Blue Edge is the Processor. This means that it is up to the Controller to guarantee that they have permission to provide this data to Blue Edge for the sole purpose of emergency contact. This information is only shared with emergency services when the situation requires.

WHAT HAPPENS IF THIS POLICY CHANGES?

We’re serious about our responsibility to protect your data so this policy will be subject to review every year. We reserve the right to update it at any time, as we improve our processes.

In the event of any changes, we will notify you by:

Once we have notified you about changes to our Privacy Policy, the collection, use and sharing of your personal data will be subject to the updated terms.

2. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?

IF YOU APPLY FOR A JOB WITH US

Direct Candidates
We want to make sure that a job with us is right for you and that you’re a good fit for our team. To do this, we need to collect the following data to assess your skills and experience against the position criteria. Depending on how far we go through the application process, we may ask you for:

We store Direct Candidate details on our database for one year or longer with your permission. This means we can contact you if a similar position becomes available that year or check whether you want to be considered for future positions further down the line.

WHEN WE APPROACH YOU TO APPLY FOR A JOB WITH US

Indirect Candidates
We rely on a strong network of talented individuals. You may hear from us if we think you’d make a great addition to our team. You may have been recommended to us by another contact in our network, or perhaps we have worked with you in another capacity, as a supplier or client.

In these cases, discretion is paramount so we research your experience using LinkedIn whilst we prepare to approach you. This means we will temporarily store the following details until you either start the application process (become a direct candidate) or declare that you are not interested in working with us.

Data stored for this purpose is kept on our secure database and reviewed every year. If you declare that you are not interested, or the data is considered no longer relevant, it will be anonymised or deleted, depending on the circumstance.

IF YOU’RE CURRENTLY EMPLOYED US

Employees
You are obliged to provide certain information in order for us to fulfil our legal duties as your employer. The data we collect is summarised below but will be explained to you at induction. Further information is contained in the Company Handbook.

Data collected about current employees is stored on our secure server and in physical, locked archives off-site.

To fulfil the legal requirements of our contract with you, we need to maintain this data for the duration of your employment and for up to 6 years after you leave. This is because we use some of your data to inform other reports which we are legally obliged to send to authorities. After this time has expired, we will review the data we hold on an annual basis. If the data is judged to be no longer relevant we will delete it from our records. Or, if we need to retain it for longer, we will ask your permission. If you are unresponsive to our request and we still need to keep your information, we will anonymise it and notify you that this is what we have done.

IF YOU USED TO BE EMPLOYED BY US

Ex-Employees
We may hold some of your personal data for 6 years after you leave our employment. This is so that we can ensure legal compliance with the authorities we report to (e.g. HMRC).

The personal date we hold, may include:

After 6 years, your data will be reviewed on an annual basis and either anonymised, or deleted.

IF YOU’RE WORKING ON OUR BEHALF

Associates
You are obliged to provide certain data to enable us to fulfil the terms of our Consultancy Agreement and any subsequent Assignment Schedule with you. Keeping this personal data ensures that we can pay you for your services.

We store these details for the duration of your contract with us and for up to 1 year after contract termination. After this time, your personal data will be reviewed annually and either maintained with your permission, anonymised or deleted.

WHEN YOU APPLY TO WORK ON OUR BEHALF

Prospective Associates
Before we enter into a Consultancy Agreement with you, we may temporarily store the following details on our database:

We store these for up to a year or until you sign a Consultancy Agreement with us. After this time, your personal data will be reviewed annually and either maintained with your permission, anonymised or deleted.

WHEN YOU’RE USING OUR SERVICES

Clients
We are required to store the following personal data of individuals representing our clients so that we may fulfil our contractual obligations. The details we keep may include:

This information is stored for the duration of our contract with you and for up to 2 years afterwards. Following this period, your data will be reviewed annually and either maintained with your permission or deleted.

WHEN WE’RE OFFERING OUR SERVICES TO YOU

Prospective Clients
Most of our business comes from referrals but there are times when we want to introduce ourselves to new potential clients. We don’t believe in cold calling or sending out blanket emails. We prefer to only contact the people who we know will find our services helpful. Making sure that we are targeting relevant individuals requires us to research and collect data that we store without permission until we enter into a contract or we find a more relevant target contact.

The personal data we collect to achieve this aim, may include:

Data stored in this way is reviewed every 2 years and deleted once determined as no longer relevant.

WHEN WE’RE USING YOUR SERVICES

Suppliers
In most cases, the data we process for the fulfilment of Supplier Contracts is determined by our specific agreement with each Supplier. We typically store the following personal details of Supplier contacts whose services we are currently using or will be likely to need in the future.

Data stored in this way is reviewed every 2 years and deleted once determined as no longer relevant.

IF YOU’RE INVOLVED IN AN EMERGENCY

Emergency Contacts
If your details have been provided to us as an emergency contact, it is the responsibility of the Associate/ Employee to obtain your permission for us to store this information.

These are the details we store for this purpose:

This data is kept for the duration of the Associate/ Employee’s contract with us and deleted at contract end.

3. HOW DO WE SHARE INFORMATION?

EMAIL

Associate/ Client/ Candidate information is often shared between Blue Edge, our clients and our Data Processors by email. We use a secure web-based client and keep information shared in this way to a minimum. Most often, the data emailed to these parties includes your name, telephone number(s) and email address. We also file email correspondence relevant to the delivery of contracts and our performance. In the case of Associates, we may also email a Blue Edge copy of your CV to clients, with your permission.

PHONE

We sometimes give names, email addresses and telephone numbers in calls with our Clients, Associates and Suppliers. We obtain indemnities from the parties we are providing this information to, making sure that they know and accept their obligations to store and use this information responsibly and in line with GDPR.

SECURE PLATFORMS

Supplier, Associate, Client and Employee information may need to be shared for Accounting and Reporting purposes. In these cases, the data is shared using secure online platforms such as cloud-based Accounting Systems which are maintained be Blue Edge or the Processor, depending on the circumstance.

POST

We very rarely share information by post but when we are required to send copies of personal identification documents or other sensitive data, we use recorded delivery to ensure data security where possible.

4. YOUR DUTIES & CHOICES

DATA RETENTION

We keep your data for as long as is necessary for the fulfilment of contractual obligations, or for as long as is relevant to our business activity.

Direct/ Indirect Candidates
Your personal data will be kept for up to 1 year, after which time it will be reviewed and either:

Employees (Past and Present)
Your personal data will be kept for the duration of your employment and for up to 6 years thereafter, for reporting and accounting purposes. After this time, your data will be reviewed and either:

Associates
Your personal data will be kept for the duration of your Consultancy Agreement and for up to 1 year after termination. After this it will be reviewed on a yearly basis and either:

Prospective Associates
Your personal data will be kept for up to 1 year after you initially register with us, after this time it will be reviewed on a yearly basis and either:

Clients
Personal data of Client representatives will be kept for the duration of our Contract with the client, or until an alternative contact is specified (for example, if you leave the company and handover to another person). After our contract is completed, we will retain your details for up to 2 years, after which time your data will be reviewed on an annual basis and either:

Prospective Clients
Personal data belonging to representatives of Prospective Clients is kept for as long as is determined relevant to our business activity. Your data will be reviewed every 2 years and deleted if it becomes irrelevant.

Suppliers
Personal data belonging to representatives of Supplier companies will be reviewed every 2 years and deleted if it is determined to be no longer relevant.

Emergency Contacts
The personal details supplied to us for use in case of an emergency involving one of our Employees or Associates will be retained for the duration of our contract with the Associate/ Employee and deleted at contract end.

A NOTE TO DATA PROCESSORS

If we provide personal data to you for processing in relation to our services or contracts, it is your responsibility to ensure the security, safe storage, and appropriate use of that information. Prior to processing data controlled by us, we require you to complete an Indemnity Form confirming your compliance with GDPR regulations.

You should receive an Indemnity Form by email.

If you have not received an Indemnity Form, please email accounts@blue-edge.co.uk to request a new one.

ACCESSING AND CONTROLLING YOUR PERSONAL DATA

Your personal data belongs to you and you are in control of how we use it.
If you’re not happy with how we are using your data or if some of your data is no longer relevant, you can ask us to:

Delete It
You can ask us to delete all or some of your personal data from our records.
e.g. if we no longer have a legal reason to keep it, or if you simply don’t want us to be able to contact you.
Deletion requests are processed case-by-case. This is because, if you are in a contractual agreement with us, deletion of your data may mean termination of that contract.
We will always explain the repercussions of your deletion request before complying. Once you have confirmed your understanding we will proceed to remove your personal data from our records.

You can ask for your data to be deleted at any time by emailing this address:
accounts@blue-edge.co.uk

Please quote: ‘Deletion Request’ in the Subject line.

Change or Correct It
If you are happy for us to keep your data but are aware that all or some of it is inaccurate, you may ask us to change or update it at any time by completing a new GDPR Compliance Form or by emailing accounts@blue-edge.co.uk.

Restrict It
If your personal data is inaccurate or unlawfully held, you can ask us to stop using all or some of it. In cases where we need to maintain information about you, we will seek to anonymise it before continuing to use it to fulfil our legal/ contractual obligations. Otherwise, we will delete the data you ask us to remove and comply with your request to stop using it.

Access It
You may request a copy of the personal data we’re storing about you. This can be requested at any time by emailing accounts@blue-edge.co.uk. We aim to respond to all requests within 7 – 10 working days and the timeframe compliance will be agreed with you on a case-by-case basis (as it depends on how far-reaching the requested changes will be).

5. OTHER IMPORTANT INFORMATION

SECURITY

We do our utmost to protect your personal data by using secure systems and regularly monitoring and improving our data-handling processes. However, we cannot guarantee that your data may not be compromised if our safeguards are breached. In-line with GDPR, we will report any breach as soon as we can, within 72-hours of becoming aware of it.

LEGAL BASES

We use the following legal bases to justify our collection and use of your personal data. We only collect and process your details if there is a legal basis to do so.

Consent
Where you have given us your explicit consent to store your personal data. This is particularly relevant to Direct Candidates and Prospective Associates. You may withdraw or decline your consent at any time by emailing accounts@blue-edge.co.uk.

Contract
Where processing your personal data is necessary for the performance of a contract with you. For example, to use your services as an Associate or Supplier, to deliver our services to you as a Client or to be able to work with you as an Employee.

Legitimate Interest
Where keeping your personal data is necessary for pursuing new business or procuring new services. This is particularly relevant to Prospective Client or possible future Supplier and you may, at any time, object to us using your data in this way. See Accessing and Controlling Your Personal Data.

Compliance with Legal Obligations
Where processing your personal data is necessary to comply with legal obligations set by the authorities, e.g., maintaining Past Employee records for criminal record checks, tax purposes, etc.

Vital Interest
Where processing your personal data is necessary to protect the vital interests of you or your relative (where you are listed as the Emergency Contact). This only applies to emergency ‘life-or-death’ situations.

CONTACT US

Your opinions matter. If you have any questions or concerns regarding this policy, please contact us by email or phone.

E: accounts@blue-edge.co.uk
T: 01273 328 125