1. Introduction

1.1 – Skanska, Costain, STRABAG (SCS JV) (the “JV”) are committed to respecting your privacy.

1.2 – This privacy policy (the “Policy”) explains how we will collect, store, use and otherwise process any personal data you provide via our website (www.scsrailways.co.uk), via email or when you otherwise communicate with us (including in the course of the services we provide or the running of our business).

1.3 – This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.

1.4 – The data controller is the JV.

1.5 – In this Policy, Data Protection Law means the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and any equivalent legislation amending, supplementing or replacing the GDPR.

2. Scope

2.1 – This Policy applies to any persons that provide personal data through the methods described in paragraph 1.2. This may include our current and prospective clients’ personnel; our joint venture partners’ personnel; third parties with whom we have contact by virtue of providing our services (e.g. third-party payers of invoices); contractors/ suppliers and their personnel; those with whom we work in the context of our corporate responsibility initiatives; those who submit correspondence to us or whose details are otherwise entered into our systems and portals; and any visitor to our offices and projects.

2.2 – Where you provide personal data about you, your personnel or other third parties (e.g. if you are a recruitment agent), you warrant that you have the consent of the individual to do this and that the information is accurate and up-to-date. You will inform us if the wishes of the individual or any information changes.

2.3 – Pages of the JV website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the JV does not accept any responsibility or liability for these policies or use of the website. Please check these policies before you submit any personal data to these websites.

3. Collection and use of personal data

3.1 – Your personal data will be collected in accordance to GDPR article 5.1(c) and  only be processed for the purposes set out below and in accordance with GDPR article 3.2. The JV may hold and process your personal data for the following purposes:

    • record and respond to any communication you have made with us including by way of telephone, through the website, email address of the JV, any other electronic form of communication and post;
    • for administration purposes and access to our systems and portals;
    • help us develop the website to be more useful to you, to keep it safe and secure;
    • to respond to any problems, you report with our website;
    • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
    • to comply with any legal obligations which apply to us or policies that we have in place; and
    • as necessary to prevent illegal activity or to protect our interests or the interests of a third party such as our clients.

3.6 – We rely on one or more of the following legal basis for processing your personal data:

    • for the performance of, or entry into, a contract with you or a third party (such as your personnel);
    • to comply with our legal and regulatory obligations;
    • we have a legitimate interest in doing so and where our legitimate interests are not overridden by your (or the relevant individual’s) rights and interest in accordance with GDPR article 3. These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and projects and ascertaining compliance with our policies and procedures;
    • where processing of special category data is necessary in the context of the establishment, exercise or defence of legal claims or in the substantial public interest; and
    • where we have obtained your express consent to do so. We will explain at the time we collect your consent that you may withdraw your consent at any time in accordance with the information we provide to you at that time.

4. Sharing your data and security

4.1 – For the purposes set out above, the JV may transfer personal data to third parties. These include our clients, joint venture partners, sub-contractors or suppliers including our website operator, professional advisors, insurers and regulatory bodies. This will be for one of the following reasons: you specifically request that we do this; it is necessary to provide information or services to you; for our legitimate interests (including the sale of the business or assets) or the legitimate interests of a third party (such as our client); in the public interest; or to carry out our legal or regulatory obligations.

4.2 – Personal data may be shared between the parties listed in paragraph 4.1 above and/or the relevant entities within the JV parties. Where personal data is shared with other parties and/or outside the European Economic Area, the JV will ensure continued compliance with Data Protection Law.

4.3 – We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.

4.4 – The JV has put in place measures to ensure the security of the information collected and its correct use. These are appropriate to the nature of the information and to prevent unauthorised access. All incoming emails are scanned using virus-checking software. The software will also block unsolicited marketing email (spam) and emails which have potentially inappropriate attachments. All personal data you register on our website will be located behind a firewall. Once we have received your information, we follow strict security procedures as to how your personal data is stored and who sees it, to help stop any unauthorised person getting hold of it. Access to your personal data will only be given to those who strictly need such access.

5. Retention

5.1 – We will keep your personal data stored on our systems for only as long as is necessary to achieve the objectives at paragraph 3 of this Policy, albeit we may keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons.

5.2 – The third parties we engage to provide services on our behalf will keep your personal data stored on their systems for as long as is necessary to provide the services to you or for such purposes that the personal data was disclosed for.

6. Withdrawing consent

6.1 – Where you have provided consent for us to process your personal data, you may withdraw your consent to this processing at any time by contacting us at [email protected].

6.2 – If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.

7. Data portability

7.1 – Where you have provided personal data to the JVin  structure, commonly used and machine readable format and  processed on the basis of consent and by automated means, you can ask to receive that personal data in a structured, commonly used and machine-readable format.

8. Access your personal data

8.1 – You can request confirmation of whether we hold personal data about you, the details of the personal data and access to that personal data. Your request will be processed and the information to which you are entitled will be provided to you no later than one month (except in extenuating circumstances) from when we receive your request, subject to the requirements and exemptions of Data Protection Law. If such extenuating circumstances mean we are unable to comply with your request within one month, we will tell you as soon as possible about this delay.

8.2 – Examples of exceptions, where the JV (by law) does not provide access to personal data include:

    • references written by the JV;
    • any data from which a third party can be identified;
    • any data held for the purposes of management forecasting or planning;
    • any data prejudicing ongoing negotiations with the employee; and/or
    • any data protected by legal privilege.

9. Request your data is rectified

9.1 – Where your personal data is inaccurate or where you would like us to complete any incomplete information, you can provide us with a statement that sets out the details of your request for rectification.

10. Request your data is deleted

10.1 – You can request that the JV deletes your personal data where it does not have grounds to continue processing your personal data. The JV will be unable to comply with your request in certain circumstances including, for example, if the JV has a legal obligation to continue processing the data.

10.2 – To exercise any of the above rights, you should make your request via email at [email protected].

11. Object to processing

11.1 – You can object to the JV processing your personal data where (i) the JV is processing your personal data based on its legitimate interests or (ii) you have grounds to believe that the JV no longer needs the personal data for the purposes or (iii) the processing is unlawful or (iv) you have contested the accuracy of the personal data.

11.2 – To exercise any of the above rights, you should make your request via email at [email protected].

12. Concerns

12.1 – If you have concerns around the use of your personal data in the context of this policy, please email us at [email protected].

Cookies Policy

What are cookies? It is a technology which can be used to provide you with tailored information when visiting the JV website. A cookie is an element of data the website will send to your browser, which will then be stored on your computer. This element of data is a piece of text, not a program. The website can only access the information from a cookie sent by website and it cannot access other cookies sent by other web sites or the information contained there. Additionally, we cannot learn your email address or any other information about you using a cookie. If you would like information about cookies and on how to restrict or block cookies, please visit www.allaboutcookies.org.

Why does the website use cookies? The JV uses cookies to track usage of the website and to customise your experience when you are visiting the website. By tracking usage, we can best determine what features of the website best serve you.

What benefits do I receive from cookies? Overall, the use of cookies helps to give you a customised experience when visiting the website. Using cookies, we will know what’s working and what’s not. That information is then used to keep our website fresh and relevant to you. Cookies also allow for the personalisation of any online services we may provide to you.

May I decline to accept a cookie? You may decline to accept cookies, simply selecting the opt out options on the cookies banner.

Azure Analytics This website uses Azure Analytics, a web analytics service provided by Microsoft, Inc. Azure Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Microsoft. Microsoft may use this information for evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft’s behalf. Microsoft will not associate your IP address with any other data held by Microsoft. You may refuse the use of cookies by opting out.

1. Introduction

1.1 – Skanska, Costain, STRABAG (SCS JV) (the “JV”) are committed to respecting your privacy.

1.2 – This privacy policy (the “Policy”) explains how we will collect, store, use and otherwise process any personal data you provide via our website (www.scsrailways.co.uk), via email or when you otherwise communicate with us (including in the course of the services we provide or the running of our business).

1.3 – This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.

1.4 – The data controller is the JV.

1.5 – In this Policy, Data Protection Law means the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and any equivalent legislation amending, supplementing or replacing the GDPR.

2. Scope

2.1 – This Policy applies to any persons that provide personal data through the methods described in paragraph 1.2. This may include our current and prospective clients’ personnel; our joint venture partners’ personnel; third parties with whom we have contact by virtue of providing our services (e.g. third-party payers of invoices); contractors/ suppliers and their personnel; those with whom we work in the context of our corporate responsibility initiatives; those who submit correspondence to us or whose details are otherwise entered into our systems and portals; and any visitor to our offices and projects.

2.2 – Where you provide personal data about you, your personnel or other third parties (e.g. if you are a recruitment agent), you warrant that you have the consent of the individual to do this and that the information is accurate and up-to-date. You will inform us if the wishes of the individual or any information changes.

2.3 – Pages of the JV website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the JV does not accept any responsibility or liability for these policies or use of the website. Please check these policies before you submit any personal data to these websites.

3. Collection and use of personal data

3.1 – Your personal data will be collected in accordance to GDPR article 5.1(c) and  only be processed for the purposes set out below and in accordance with GDPR article 3.2. The JV may hold and process your personal data for the following purposes:

    • record and respond to any communication you have made with us including by way of telephone, through the website, email address of the JV, any other electronic form of communication and post;
    • for administration purposes and access to our systems and portals;
    • help us develop the website to be more useful to you, to keep it safe and secure;
    • to respond to any problems, you report with our website;
    • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
    • to comply with any legal obligations which apply to us or policies that we have in place; and
    • as necessary to prevent illegal activity or to protect our interests or the interests of a third party such as our clients.

3.6 – We rely on one or more of the following legal basis for processing your personal data:

    • for the performance of, or entry into, a contract with you or a third party (such as your personnel);
    • to comply with our legal and regulatory obligations;
    • we have a legitimate interest in doing so and where our legitimate interests are not overridden by your (or the relevant individual’s) rights and interest in accordance with GDPR article 3. These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and projects and ascertaining compliance with our policies and procedures;
    • where processing of special category data is necessary in the context of the establishment, exercise or defence of legal claims or in the substantial public interest; and
    • where we have obtained your express consent to do so. We will explain at the time we collect your consent that you may withdraw your consent at any time in accordance with the information we provide to you at that time.

4. Sharing your data and security

4.1 – For the purposes set out above, the JV may transfer personal data to third parties. These include our clients, joint venture partners, sub-contractors or suppliers including our website operator, professional advisors, insurers and regulatory bodies. This will be for one of the following reasons: you specifically request that we do this; it is necessary to provide information or services to you; for our legitimate interests (including the sale of the business or assets) or the legitimate interests of a third party (such as our client); in the public interest; or to carry out our legal or regulatory obligations.

4.2 – Personal data may be shared between the parties listed in paragraph 4.1 above and/or the relevant entities within the JV parties. Where personal data is shared with other parties and/or outside the European Economic Area, the JV will ensure continued compliance with Data Protection Law.

4.3 – We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.

4.4 – The JV has put in place measures to ensure the security of the information collected and its correct use. These are appropriate to the nature of the information and to prevent unauthorised access. All incoming emails are scanned using virus-checking software. The software will also block unsolicited marketing email (spam) and emails which have potentially inappropriate attachments. All personal data you register on our website will be located behind a firewall. Once we have received your information, we follow strict security procedures as to how your personal data is stored and who sees it, to help stop any unauthorised person getting hold of it. Access to your personal data will only be given to those who strictly need such access.

5. Retention

5.1 – We will keep your personal data stored on our systems for only as long as is necessary to achieve the objectives at paragraph 3 of this Policy, albeit we may keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons.

5.2 – The third parties we engage to provide services on our behalf will keep your personal data stored on their systems for as long as is necessary to provide the services to you or for such purposes that the personal data was disclosed for.

6. Withdrawing consent

6.1 – Where you have provided consent for us to process your personal data, you may withdraw your consent to this processing at any time by contacting us at [email protected].

6.2 – If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.

7. Data portability

7.1 – Where you have provided personal data to the JVin  structure, commonly used and machine readable format and  processed on the basis of consent and by automated means, you can ask to receive that personal data in a structured, commonly used and machine-readable format.

8. Access your personal data

8.1 – You can request confirmation of whether we hold personal data about you, the details of the personal data and access to that personal data. Your request will be processed and the information to which you are entitled will be provided to you no later than one month (except in extenuating circumstances) from when we receive your request, subject to the requirements and exemptions of Data Protection Law. If such extenuating circumstances mean we are unable to comply with your request within one month, we will tell you as soon as possible about this delay.

8.2 – Examples of exceptions, where the JV (by law) does not provide access to personal data include:

    • references written by the JV;
    • any data from which a third party can be identified;
    • any data held for the purposes of management forecasting or planning;
    • any data prejudicing ongoing negotiations with the employee; and/or
    • any data protected by legal privilege.

9. Request your data is rectified

9.1 – Where your personal data is inaccurate or where you would like us to complete any incomplete information, you can provide us with a statement that sets out the details of your request for rectification.

10. Request your data is deleted

10.1 – You can request that the JV deletes your personal data where it does not have grounds to continue processing your personal data. The JV will be unable to comply with your request in certain circumstances including, for example, if the JV has a legal obligation to continue processing the data.

10.2 – To exercise any of the above rights, you should make your request via email at [email protected].

11. Object to processing

11.1 – You can object to the JV processing your personal data where (i) the JV is processing your personal data based on its legitimate interests or (ii) you have grounds to believe that the JV no longer needs the personal data for the purposes or (iii) the processing is unlawful or (iv) you have contested the accuracy of the personal data.

11.2 – To exercise any of the above rights, you should make your request via email at [email protected].

12. Concerns

12.1 – If you have concerns around the use of your personal data in the context of this policy, please email us at [email protected].

Cookies Policy

What are cookies? It is a technology which can be used to provide you with tailored information when visiting the JV website. A cookie is an element of data the website will send to your browser, which will then be stored on your computer. This element of data is a piece of text, not a program. The website can only access the information from a cookie sent by website and it cannot access other cookies sent by other web sites or the information contained there. Additionally, we cannot learn your email address or any other information about you using a cookie. If you would like information about cookies and on how to restrict or block cookies, please visit www.allaboutcookies.org.

Why does the website use cookies? The JV uses cookies to track usage of the website and to customise your experience when you are visiting the website. By tracking usage, we can best determine what features of the website best serve you.

What benefits do I receive from cookies? Overall, the use of cookies helps to give you a customised experience when visiting the website. Using cookies, we will know what’s working and what’s not. That information is then used to keep our website fresh and relevant to you. Cookies also allow for the personalisation of any online services we may provide to you.

May I decline to accept a cookie? You may decline to accept cookies, simply selecting the opt out options on the cookies banner.

Azure Analytics This website uses Azure Analytics, a web analytics service provided by Microsoft, Inc. Azure Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Microsoft. Microsoft may use this information for evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft’s behalf. Microsoft will not associate your IP address with any other data held by Microsoft. You may refuse the use of cookies by opting out.