Data Protection Policy & Statement 2018


All personal data held by this Company has been given voluntarily by customers, persons enquiring, employees, sub-contractors, suppliers and contractors, only for the purposes of providing quotations, agreeing contracts, or general enquiries. Data is used only in relation to the above. No personal details are sought via other means or without the knowledge of the person concerned. No personal data is used for any other purposes, such as sales or marketing. No personal details are released, sold, or otherwise used inappropriately. All personal data is stored safely.

Details this Company Holds:

1)      Names, addresses, phone numbers and email addresses of all customers, including contractors, from the last 10 years, and potential customers for whom we have carried out a quotation in the last 5 years.

2)      Names, addresses, phone numbers, email addresses of individuals from contractors and other supplier companies from the last 10 years.

3)      Company name, registered office, invoice address, company registration number, VAT number, phone numbers, email addresses, year commenced trading, number of staff employed of supplier companies and contractors.

4)      Names, addresses, phone numbers, email addresses, national insurance numbers and bank details of employees (bank details held only on secure Sage system).

5)      Names, addresses, phone numbers, email addresses, national insurance numbers, UTR numbers, insurance details and bank details of sub-contractors (bank details held only on secure Sage system).

Data Storage:

Electronic Storage:

-         We store details given voluntarily by those customers or potential customers in quotation folders (which become contract folders upon an order), saved on up to three desktop and two laptop computers, kept at our office, and up to 4 mass-storage device back-ups, which are stored both in the office and at a home premises.

-        No documents are held online except for email. There are 7 email addresses which may hold data:,,,,,, Email addresses other than those listed above claiming to be from our Company are not genuine.

-        Emails are not deleted unless requested. All emails are also backed up and saved offline on the devices listed above.

-        All office computers are maintained with up to date anti-virus software, and we comply with all security measures for individual programmes (eg, Microsoft Office, Sage, etc)

Hard-Copy Storage

-        We store hard copies of all quotation and contract folders. These folders are stored securely in a locked room at the office premises.

-        Completed contract folders must be kept due to the 10 year guarantee which comes with all new and re-roofing contracts, effectively meaning all contracts less than 10 years old are still ‘live’.

-        Completed contract folders are destroyed by shredder 10 years after completion date.

-        Quotation folders which have not been accepted or amended are destroyed by shredder after 5 years.

-        No folders or files with customer details leave the office premises, with the exception of Safety Packs (Risk Assessments, Method Statements, Construction Phase Health & Safety Plans, Fire Plans, COSHH Assessments, etc) which remain in Greenough & Sons vehicles on site, and are returned to office on completion of contract and placed in completed contract folder for storage.

Data we share:

-        Names, addresses and phone numbers of customers are shared via conversation, email or phone with employees (and also printed on Safety Pack documents), sub-contractors and suppliers who are working on that property and must be in contact with customer.

-        Names and phone numbers of employees are shared amongst all employees, sub-contractors and occasionally with customers, contractors and suppliers, via conversation, phone and messaging services (eg, WhatsApp).

-        Names, addresses, phone numbers and email addresses of suppliers, individuals employed by suppliers, and contractors, and individuals employed by contractors, are shared with customers, employees, sub-contractors, and other suppliers and contractors.


Data Protection:

Electronic data protection:

-          All devices and software are kept up to date with relevant updates and security software.

-          All devices are kept in the office overnight which is locked and protected by CCTV.

-          Mass storage devices with copies of all folders are also kept at a home premises overnight.

-          The Company does not store customer details on a database or spreadsheet, all customer details remain separately within each contract folder.

-          No details are used for any sales or marketing purposes. The Company does not carry out any targeted marketing or e-marketing.

Hard-Copy data protection:

-          All folders and files with any details are stored in secured cabinets which are locked overnight.

-          No details are used for any sales or marketing purposes.

-          The office is locked and protected by CCTV.

Under GDPR, you have the right to request access to information that we hold or withdraw consent to holding this information. To make a request for your personal information please feel free to contact us.

You also have the right to:

- Object to processing of personal data that is likely to cause, or is causing, damage or distress

- Prevent processing for purpose of direct marketing

- Object to decisions being taken by automated means

- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and claim compensation for damages caused by a breach of GDPR.

If you are concerned regarding the way we collect or use your personal data, we advise that you raise your concerns with us in the first instance. Alternatively, you can contact the Information Commissioner's Office.

Many Thanks,

Tom Greenough

Data Protection & HR Manager