MRF Contracting

GDPR Policy

1. Introduction

At MRF Contracting, we are committed to protecting the privacy and personal data of our customers, employees, suppliers, and any other individuals whose data we may process. This General Data Protection Regulation (GDPR) policy outlines our approach to data protection, including the collection, storage, processing, and sharing of personal data. We aim to ensure compliance with the GDPR and other relevant data protection laws and regulations applicable in the UK.

2. Data Controller

MRF Contracting acts as the Data Controller for all personal data we collect, process, and store. This means we are responsible for determining the purposes and means of processing personal data.

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who oversees data protection matters and ensures compliance with relevant laws and regulations. The DPO can be contacted at [email protected]

4. Principles of Data Protection

We adhere to the following principles concerning data protection:

i) Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently. We inform individuals about the purposes of data processing and obtain their consent where necessary.
ii) Purpose Limitation: Personal data is collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
iii) Data Minimization: We only collect and process personal data that is necessary for the purposes identified.
iv) Accuracy: We strive to keep personal data accurate and up-to-date. Individuals have the right to request rectification of any inaccuracies.
v) Storage Limitation: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and in accordance with our data retention policy.
vi) Integrity and Confidentiality: We implement appropriate technical and organisational measures to ensure the security, confidentiality, and integrity of personal data.

5. Data Collection and Processing

We collect and process personal data from individuals for the following purposes:
i) Customer information, including names, addresses, contact details, and project details, to manage and deliver construction services.
ii) Employee information, including employment contracts, payroll data, and contact details, for the administration of employment contracts and legal obligations.
iii) Supplier information, including contact details and financial data, for managing supplier relationships and payments.
iv) Marketing and Communication: We may use contact details to inform individuals about our services, promotions, and updates, with their prior consent or in accordance with the law.

6. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:
i) Performance of a contract: When processing is necessary to fulfil contractual obligations with customers or suppliers.
ii) Legal obligation: When processing is necessary to comply with legal obligations, such as tax and employment laws.
iii) Consent: When individuals have given clear consent for specific processing activities.
iv) Legitimate interests: When processing is necessary for our legitimate interests, provided that these interests do not override the individual’s rights and freedoms.

7. Data Subject Rights

We respect individuals’ rights regarding their personal data and will promptly respond to any requests related to these rights, including:
i) Right of Access: Individuals can request access to their personal data we hold.
ii) Right to Rectification: Individuals can request the correction of inaccurate or incomplete data.
iii) Right to Erasure: Individuals can request the deletion of their personal data under certain circumstances.
iv) Right to Restriction of Processing: Individuals can request restrictions on the processing of their data under certain circumstances.
v) Right to Data Portability: Individuals can request their personal data in a structured,
machine-readable format.
vi) Right to Object: Individuals can object to the processing of their data in specific situations.

8. Data Security

We implement appropriate technical and organisational measures to ensure the security and confidentiality of personal data, including access controls, encryption, and regular data backups.

9. Data Sharing and Transfers

We may share personal data with third-party service providers, contractors, or legal authorities when necessary to fulfil our contractual obligations or legal requirements. Data transfers outside the European Economic Area (EEA) will only occur with adequate safeguards in place.

10. Data Breach Notification

In the event of a data breach that may pose a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and affected individuals within 72 hours of becoming aware of the breach.

11. Training and Compliance

We provide regular training to employees and personnel involved in data processing to ensure GDPR compliance.

12. Review and Update

This GDPR policy will be reviewed and updated periodically to ensure continued compliance with data protection laws and changes in our business practices.

By implementing this GDPR policy, we demonstrate our commitment to safeguarding personal data and maintaining the privacy of individuals associated with MRF Contracting.

Proud to be certified by

Building a sustainable tomorrow, today

MRF Contracting is a leading provider of land-based services to environmental, utility and infrastructure clients throughout the UK.

Head office

Monkton Road Farm, Seamark Road, Birchington, Kent, CT70JL

Links

Get in touch

Facebook Linkedin

 © MRF Contracting 2025. All Rights Reserved.