31st July 2019

Data Protection & Privacy Policy

The Data Protection Act 1998 was introduced to regulate personal data held on computers or within a manual filing system. The company is responsible to ensure that the documents held are relevant, accurate and where necessary, kept up to date. Any data held shall be processed fairly and lawfully and in accordance with rights of data subject under the act. Where personal data ID used, you will have the right, upon written request, to be told what personal/company data about you is held.

With effect from 25th May 2018 the will be superseded by the new General Data Protection regulation (GDPR) as such, we are obliged to update our policy.

The right to be informed is an integral element of transparency under the GDPR. Matrix BES Ltd will be clear and open with individuals about how they collect and use personal data. Although the word “transparency” is not actually used in the Data Protection Act it has always been an implicit requirement. It is closely linked with the fairness element of the first principle of the 1998 Act which, amongst other things, obliges Matrix BES Ltd to give individuals certain information about how we intend to use their personal data.

The GDPR places greater emphasis on transparency and states that the information we hold should be processed lawfully and fairly.

Matrix BES Ltd is a Building Engineering Services company and as such we deal with many customers, suppliers and subcontractors. When we carry out work for you or you work with us you will be asked for some of your company/personal information. This data is then stored within secure electronic systems and backed up by cloud. Data is retained for the duration of the customer’s/supplier/subcontractor business relationship with Matrix BES Ltd. Matrix BES Ltd reserves the right to check any company details are legitimate before any contract to work with our company is undertaken.


All financial data is kept by us for 6 years pursuant to HMRC law. After 7 years the paperwork is securely destroyed. Digital data may be stored longer. Project information could be kept up to 12 years, in line with the policy procedures below.

Our policy procedure includes the following:

  • Data will only be used for the purpose for which it was provided.
  • Business data provided will be shared with employees and consultants within the business only.
  • Digital data will be stored on personal computers with up to date software and password protected by the operative.
  • Personal computers will be under the control of set employees with the instruction to safeguard the computer.
  • Any other device used to access the data will be password protected.
  • All digital data will be stored on cloud facilities and will be held in accordance with their terms and conditions. We currently use Microsoft One Drive.
  • When data is stored on paper, it will be filed in a secure place where unauthorised persons do not have access.
  • Employees will be forbidden to transfer or share data outside of the business.

Other third parties

Aside from our trusted service providers, Matrix BES Ltd will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer’s/supplier’s/subcontractor’s data to other organisations for marketing purposes. We may share your data with:

Government bodies, regulators, law enforcement agencies, courts/tribunals and
insurers where we are required to do so;

  • to comply with our legal obligations;
  • to exercise our legal rights (i.e. in court cases);
  • for the prevention, detection, investigation of crime or prosecution of offenders;
  • for the protection of our employees and customers.

International transfer

All our trusted service partners are located within the European Economic Area (EEA). We do not share any personal data outside of the EEA.

Right to erasure

You have the right to have your personal data erased and to prevent processing in a range of specified circumstances. This can only normally be refused based on public interest requirements and in situations in which we must ensure compliance with legal and auditory regulations.

We will not be able to erase personal data whilst we are still providing our services to you. This can only be done once you cancel the service or once the service is completed.

Right to complain

You have the right to complain to us directly by contacting us using the information in the contact section below.

You have the right to complain directly to the Information Commissioner’s Office (ICO), which is the regulatory authority that deals with personal data and ensures that personal data is used in a lawful way by public sector bodies, commercial businesses and organisations that process personal data.

You can register a complaint with the ICO by using the link below:

https://ico.org.uk/concerns/ or calling the ICO on 0303 123 1113.