Privacy Policy

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of data protection law, the data controller is O’Neill and Brennan Construction Ltd.

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing our data protection practices. If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Data Protection Officer: David Benson

Email: [email protected]

Information We Collect

We may collect the following categories of personal data:

• Name, address, postcode, email address, and telephone number
• Education and work history (typically provided via CV/Resume or forms on our website)
• Information provided by employers or clients when you apply for a role or are considered for an opportunity
• References (where relevant and permitted)
• Information from publicly available sources (for example, professional networking sites, business websites, and public records)
• Information from credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks
• Information from third-party service providers used to support recruitment, screening, and compliance processes

Sources of Personal Data

We may collect personal data about you from:

• You directly (for example, when you submit a CV, complete a form on our website, or contact us)
• Employers or clients when you apply for a role or are considered for an opportunity
• Referees (where relevant and permitted)
• Publicly available sources (for example, professional networking sites, business websites, and public records)
• Credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks
• Third-party service providers used to support recruitment, screening, and compliance processes

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority – FCA Firm Reference Number: 742313
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority – FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

• Creditsafe Privacy / Transparency Notice: https://www.creditsafe.com/gb/en/legal/transparency-notice-customer-supplier.html
• TransUnion CRAIN: https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

Purposes for Which We Use Your Information

We collect and process information about you so that we can provide a reliable, personalised, and efficient recruitment service. Specifically, we use your personal data to:

• Assist you in finding employment and enable us to contact you regarding suitable opportunities
• Manage accounts, process orders, and deliver recruitment services
• Verify your identity and prevent fraud
• Conduct credit reference and affordability checks where required
• Comply with applicable legal, regulatory, accounting, and tax obligations
• Communicate with you about our services and, where you have opted in, send marketing communications

Recipients of Your Personal Data

In order to provide you with an efficient service, we may be required to share your personal data with third parties as part of the recruitment process. By submitting your personal information, either via our website or otherwise, you are explicitly authorising us to disclose information provided by you to outside third parties.

O’Neill and Brennan Construction Ltd will make every effort to contact you before releasing a copy of your CV to any client, although in some instances this may not be possible.

We may share personal data with:

• Customers or business partners (for example, prospective employers)
• Third-party service providers who support our recruitment, screening, and compliance processes
• Credit reference agencies (CRAs) where required
• Regulators or law enforcement bodies where required by law
• Professional advisers (including legal and accounting professionals)

We may also share personal information in aggregate (non-individual) form with potential advertisers or other bodies to display estimated numbers of users, typical ages, and locations. This information assists us in developing the most valuable service for our users.

International Transfers

We do not routinely transfer personal data outside the United Kingdom or the European Economic Area (EEA). Should any such transfers become necessary in the future, we will ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.

Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected and to meet any legal or regulatory obligations. Data used for credit reference or affordability checks is retained only for as long as required and is then securely deleted.

When personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention policies.

Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights in relation to your personal data:

Right of access – You have the right to request a copy of the personal data we hold about you and information about how it is used.

Right to rectification – You have the right to request that inaccurate or incomplete personal data is corrected.

Right to erasure (“right to be forgotten”) – You have the right to request that we delete your personal data where there is no lawful reason for us to continue processing it.

Right to restrict processing – You have the right to request that we limit how we use your personal data in certain circumstances.

Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer it to another organisation where technically feasible.

Right to object – You have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing.

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 2 of this Privacy Policy.

Right to Complain

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations. Personal data is required to:

• Enter into and perform contracts with customers, suppliers, or business partners
• Process orders, manage accounts, and deliver goods and services
• Verify identity and prevent fraud
• Comply with applicable legal, regulatory, accounting, and tax obligations

Consequences of not providing personal data:

If you choose not to provide the personal data we request, we may be unable to enter into a contract with you, fulfil orders, supply goods, or provide services. We may also be unable to conduct necessary verification, compliance, or fraud prevention checks, and as a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.

Automated Decision-Making and Profiling

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this Privacy Policy periodically. The date of the most recent update is shown at the top of this document.

Contact Us

If you have any questions about this Privacy Policy, or wish to exercise any of your rights under data protection law, please contact:

Data Protection Officer: David Benson

Email: [email protected]

Website: www.oneillandbrennan.com