nmcn plc, along with our subsidiary Nomenca Limited, are one of the country’s leading construction companies who work in partnership with our customers to deliver major built environment and critical national infrastructure projects across the UK. To do this we need to process varying degrees of personal data on our employees, contractors, business partners, suppliers, website visitors and members of the public. With the exception of historical contractual documentation Nomenca does not process any personal data.
We are committed to protecting your privacy and complying with the UK Data Protection Act 2018, UK and EU General Data Protection Regulation (collectively referred to as the GDPR) and all other relevant current and future data protection legislation.
We believe in protecting the confidentiality and security of information we collect about you. This Privacy Notice is intended to bring to your attention our practices relating to the collection, processing and disclosure of personal information.
This policy is intended to inform non nmcn employees how we use their data, how we use personal data of employees is detailed within our internal Employee Privacy Notice.
For the purposes of this Privacy Notice, the term “personal information” refers to personal information relating directly or indirectly to an identifiable person.
This website is owned and operated by nmcn plc; a public limited company registered in England under company registration number 00425188. We are registered with the UK Information Commissioner’s Office under registration number Z9681677 and in Jersey under the registration number 65968.
To facilitate the interactions between us and your interest in nmcn, we may collect and process the following data about you:
The information that is processed about you is dependent on the purpose and channel of your enquiry. This includes:
Some of the information we collect about you may include your sensitive personal data as defined in the GDPR (please see section 4 below for more details).
In the main we will collect your personal data directly from yourself, however, your information may be received from third parties such as your employer, a personal representative or recruitment company. We may collect your personal data when you contact us through our website, by telephone, post, email or through any other means. Your image may be captured if you visit any of our sites or offices and if it is necessary to issue you with a temporary pass card.
We may use publicly accessible information to verify information we are provided with and to manage and expand our business.
The GDPR provides a definition for special category data, more commonly referred to as “sensitive personal data”. This relates to information concerning an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences.
We will collect sensitive personal data in accordance with the relevant basis for processing under GDPR, this may include explicit consent or another of the other valid lawful bases. For example, a member of the public may contact us stating that they need 24-hour access to the road as they require an ambulance regularly, we would capture and retain this information using the explicit consent of the individual, however, if we believed that an individual’s life was in danger, consent would not be necessary to process and share their sensitive personal information.
Some of our construction sites use biometric information to control access, this may mean utilising fingerprint or facial recognition technology. We shall rely on explicit consent to capture and use this information; however alternative access controls will be made available should the individual request this.
In recruitment some sensitive data may be requested on a purely voluntary and anonymous basis for equality monitoring purposes.
We will use the information held about you for the purposes for which it was provided to us as stated at the point of collection (or as may be obvious in the context of collection). Your personal data will be used by us in the following ways:
We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
In order to process your persona data, we must have a lawful reason, the main lawful reasons nmcn utilise to process your personal information are: –
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Our legitimate interests are those indicated with a “*” above, and we consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on.
However, you can object to processing on any of these bases at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see “Your rights” below.
If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We may need to transfer your details outside of the EU and UK and to other affiliates or locations in our organisation. We will remind you of these privacy terms if you apply for a job with us. For some positions we may ask some pre-qualification questions, such as do you have a driving licence, however no automated decision making takes place during the recruitment process. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment, employment is subject to satisfactory references.
During the recruitment process you will be invited to provide special category information about yourself including details of your religion, sexuality and ethnic origin. This is wholly voluntary and will purely be used for statistical purposes to assist with our equal opportunities ambition. For some positions you may be invited to take a psychometric test to assist us with our decision making, this is not mandatory and will be performed with your explicit consent.
We may retain details of candidates who may be of interest to us, either now or in the future, usually for a period of 12 months; on the anniversary of your application, you will be invited to extend the retention period further. We are happy to delete your information sooner, just contact us using the contact details below or email email@example.com.
We may use third parties to consider potential hires. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you. These background checks may require a 3rd party to contact you and obtain information.
You have the following rights under the General Data Protection Regulation (GDPR):
Please note that these rights may be subject to some conditions and exceptions. To exercise any of these rights and make such a request, please use the contact details provided below.
You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office whose contact details can be found here: https://ico.org.uk/
Marketing communications and social media
If you have given permission, we may contact you by mail, telephone and email about our products and services and invitations to events which may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by clicking the “Unsubscribe” option in any of the marketing communications we send you or by contacting us by email or telephone.
It may be necessary to disclose or share your personal data with either internal and external parties. We will only do this where it is strictly necessary for example in connection with our legitimate business activities, to enforce our policies, comply with our legal obligations or in the interests of security, public interest or law enforcement. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority. We may also disclose data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests.
We share your information with third parties who help deliver our products and services to you. Examples include hosting our web servers, analysing data, providing marketing and legal assistance, access control services, CCTV monitoring and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose.
We may also share your personal data:
Similarly, your personal information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.
Our website may, from time to time, contain links to other websites, mainly those of our partners and clients, but also those of other third parties. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before either agreeing to their terms or before you submit any personal data to these websites or use them.
We shall ask for your permission before we use any non-essential cookies by way of our cookie banner when you first arrive at the site.
If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure.
Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
We have put in place security measures that we consider to be reasonable to protect the security of your personal information and keep it confidential and to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data.
We review these measures regularly to make sure they remain appropriate. While no system is completely secure, we believe the measures implemented by nmcn reduce our vulnerability to security problems to a level appropriate to the type of data involved. We cannot guarantee the security of any third-party application you may use to transmit your data (for example, internet browsers).
We will keep your personal information for at least as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal, regulatory and professional obligations. As a rule of thumb, we will keep your personal information for as long as is necessary, including:
We endeavour to process your personal data within the UK, or EEA, however, we may need to transfer your personal data to Jersey in relation to any construction activities on the island. Any transfer of your data will be subject to a European Commission approved contract or agreement which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
If you have any further questions about the way we manage your data, you wish to activate any of your rights or have a complaint regarding our data protection practices you can contact the nmcn Data Protection Officer using any of the channels below:
Call: 01623 518823
Write: Data Protection Officer, nmcn, Nunn Close, The County Estate, Huthwaite, Sutton-in-Ashfield, Nottinghamshire, NG17 2HW
nmcn plc a public limited company registered in England under company registration number 00425188. Registered with the UK Information Commissioner’s Office under registration number Z9681677 and in Jersey under the registration number 65968.
Information Commissioner’s details
Should you remain unsatisfied you can contact the appropriate data protection regulator listed below.
UK Information Commissioner:
Tel: +44(0)303 123 1113 or visit ICO website
Jersey Office of the Information Commissioner:
Tel: +44 (0)1534 716530 or visit JOIC website