Skip to content

Privacy Policy

This privacy policy (the “privacy policy”) provides details of the way in which Leviat Limited (“the company”,) processes personal data when you work for the company or when you do business with the company.

Personal data is processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and other applicable national and European privacy legislation and regulations (together the “data protection law”). The relevant local data protection regulator is the Information Commissioner’s Office.

The glossary in the Annex defines some of the terms used in this policy.

1. SCOPE

This privacy policy applies to all personal data we process as a data controller.

To the extent the company decides why and how personal data is processed, the company is a data controller of such personal data.

The company may process personal data of, for example, employees, former employees, temporary workers, self-employed persons, job applicants, contractors, suppliers, customers, and visitors.

2. PURPOSE

The purpose of this privacy policy is to explain what personal data we process and how and why we process it. In addition, this privacy policy outlines our duties and responsibilities regarding its protection.

This privacy policy is not an exhaustive statement of our data protection practices but we will provide notice of variations to the extent practicable.

3. TYPES OF PERSONAL DATA

3.1 Employees and Contractors

The company collects and processes personal data in relation to our employees, candidates for employment and contractors, as well as our former employees and former contractors. This personal data includes: personal details such as name, date of birth, social security number, bank account details, next of kin, details of social media accounts, visa / passport data; contact details such as address and phone number(s); personnel file details including, for example, terms and conditions of employment, training, performance evaluations, promotions, personal development plans, conduct and disciplinary data, work location, salary information, bank account details and tax and social security numbers, security clearances; employment history/application details such as educational history and employment history; editorial or journalistic content such as links to works e.g. links to video files or audio files; CCTV imagery; medical information such as medical certificates and sick notes; family details such as names and dates of birth of children (e.g. relevant if an individual is applying for parental leave); details required for pension; details regarding trade union membership; and performance related data such as performance management ratings for managers and annual incremental salary reviews of employees, psychometric testing, etc. The above list is not exhaustive but covers the most commonly collected, used and otherwise processed personal data.

3.2 Suppliers and Customers

The company collects and processes personal data in relation to individuals who are, and/or are working with, our suppliers and customers. This personal data may include: personal details such as name, title, position, work identification numbers, department, business unit (including contact data collected for training / verification); and contact details such as email address, telephone number(s) and work location; and tax information such as vat / tax numbers.

3.3 Special Categories of Personal Data

The types of special categories of personal data that the company may process includes, without limitation, health data, information on criminal convictions and biometric data. The company processes all personal data in accordance with data protection law, and, in particular, any special categories of personal data.

4. PURPOSES OF PROCESSING

The company processes personal data for the purpose(s) for which the personal data has been obtained.

Common examples of the reasons why the company processes personal data include: payroll and benefit administration; HR, performance and talent management; operational performance and management; marketing and PR; improving and monitoring health and safety; improvement of business products and services; research and statistical analysis; business strategy; internal audits or investigations; prevention and detection of unlawful and/or criminal behaviour towards us or our customers and employees; and/or fulfilling legal obligations. We may process personal data for other reasons from time to time. The company tries to ensure individuals are informed about the purpose(s) for processing their personal data at the time the company collects consent. Where this is not possible or practicable, the company tries to inform you as soon as possible after the processing of personal data. Individuals have the right to withdraw consent at any time.

5. PROFILING

The company may process the personal data of various individuals (for example, employees, contractors, customers and candidates for employment) for talent management and workforce evaluation (to potentially include attendance and performance analysis) or for marketing analysis.

The company engages in such processing where: (a) expressly authorised by national law (including for fraud and tax evasion monitoring); (b) necessary for the entering into or performance of a contract; or (c) the individual has given appropriate consent.

6. INDIVIDUAL RIGHTS

Individuals have certain rights under data protection law.

6.1 Inspection and Access: you can request from us a summary and a copy of your personal data which we process or which is processed on our behalf;

6.2 Correction/Addition/Removal: where you believe your personal data is inaccurate or incomplete, you are entitled to request us to correct, amend or delete your personal data;

6.3 Objection: you may object to us processing your personal data based on our legitimate reasons for processing;

6.4 Restriction: you may request that we restrict the processing of your personal data where the accuracy of your personal data is contested, our processing is unlawful, you believe we no longer need the personal data or you have objected to processing; and

6.5 Automated Decision Making: where the company undertakes automated decision making (including profiling), which significantly affects you, you are entitled to object to such decision-making.

The company’s Individual Rights Procedure, available on request, explains how the above requests can be made and how the company will manage these requests.

7. SECURITY

7.1 Security Measures

The company has technical and organisational measures in place to protect personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access.

Personal data is held securely using a range of security measures including, as appropriate, physical measures such as locked filing cabinets, and various IT measures.

For more information on the company’s security measures, please see the Information Security Policy, available on request.

7.2 Personal Data Breach

The company will manage a data breach in accordance with the personal data breach reporting procedure. All data breaches should be reported to the company's Data Protection Officer at dataprivacy.uk@leviat.com 

8. DISCLOSING PERSONAL DATA

From time to time, the company may disclose personal data to third parties, or allow third parties to access personal data which we process (for example where a law enforcement agency or regulatory authority submits a valid request for access to personal data).

The company may also share personal data: (a) with another member of the CRH Group (including our subsidiaries, our ultimate holding company and its subsidiaries); (b) with selected third parties including business partners, suppliers and sub-contractors; (c) with third parties when we sell or buy any business or assets; or (d) if the company is under a legal obligation to disclose personal data. This includes exchanging information with other companies and organisations for the purposes of fraud prevention.

Where the company enters into agreements with third parties to process personal data on our behalf it will ensure that the appropriate contractual protections are in place to safeguard it. Examples include communications providers, payroll service providers, occupational health providers, marketing or recruitment agencies, operators of data centers used by the company, etc.

9. DATA RETENTION

The company keeps personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data are processed. Personal data is retained in accordance with relevant laws and company guidelines.

10. DATA TRANSFERS OUTSIDE THE EEA

From time to time the company may need to transfer the personal data outside the EEA. This transfer will occur in accordance with applicable data protection law. The company takes reasonable steps to ensure that the personal data is treated securely and in accordance with this privacy policy when transferred outside the EEA.

11. ROLES AND RESPONSIBILITIES

The company is responsible for the processing of personal data. The company’s managing director has overall responsibility for the company’s compliance with this privacy policy and will designate a primary point of contact in relation to (i) the processing of personal data of the company’s current and former employees and contractors; (ii) the processing of personal data of business contacts; and (iii) the preservation of the security and integrity of the personal data processed by the company.

CRH Legal and Compliance shall provide support to the company by providing legal advice and guidance in interpreting the data protection law and this privacy policy on a local level.

All company employees must comply with the most up-to-date version of this privacy policy, as published from time to time. If employees are found to have intentionally violated this privacy policy, they may be subject to disciplinary processes, up to and including dismissal.

12. COMPLAINTS PROCEDURE

You can ask a question or make a complaint about this privacy policy or the processing of your personal data by contacting the company's Data Protection Officer at dataprivacy.uk@leviat.com. While you may make a complaint in respect of our compliance with data protection law to the relevant data protection regulator (the Information Commissioner’s Office), we request that you contact the company's Data Protection Officer in the first instance to give us the opportunity to address any concerns that you may have.

13. ASSOCIATED POLICIES

This policy should be read in conjunction with the following policies and procedures:

• Individual Rights Procedure (available on request)
• Personal Data Breach Procedure (available on request)
• Information Security Policy (available on request)
• Website Privacy Statement

Annex - GLOSSARY
In this privacy policy, the terms below have the following meaning:

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“Data controller” means the entity that decides why and how personal data is processed.

“European Economic Area” or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein, and Norway.

“Personal data” is any information relating to a living individual which allows the identification of that individual. A person is identifiable if his/her identity can reasonably be established from the data without any disproportionate effort. Personal data can include:

Employees and Contractors

1. Personal details such as name, date of birth, bank account details, next of kin, details of social media accounts;

2. Contact details such as address and phone number(s);

3. Personnel file details including, e.g., terms and conditions of employment, training, performance evaluations, promotions, personal development plans, conduct and disciplinary data, work location, salary information, bank account details and tax and personally identifiable numbers such as a social security numbers;

4. Employment history/application details such as educational history and employment history;

5. Editorial or journalistic content such as links to works, e.g. Links to show-reels or audio files;

6. Medical information such as medical certificates and sick notes;

7. Family details such as names and dates of birth of children, e.g. Relevant if an individual is applying for parental leave;

8. Details required for pension;

9. Details regarding trade union membership; and

10. Performance related data such as performance management ratings for managers and annual incremental salary reviews of employees, psychometric testing, etc.

Suppliers and Customers

1. Personal details such as name, title, position, work identification numbers, department, business unit;

2. Contact details such as email address, telephone number(s),

3. Work location; and

4. Tax information such as vat / tax numbers.

“Processing” includes collecting, using, recording, organising, altering, disclosing, destroying or holding personal data in any way. Processing can be done either manually or by using automated systems such as information technology systems and “process” and “processing” shall be interpreted accordingly.

“Profiling” is the automated processing of personal data for the purpose of assessing certain aspects relating to an individual so as to analyse or predict the individual’s performance, decisions or behaviour.

“Special Categories of Personal Data” are types of personal data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special categories of personal data also include the processing of genetic data, biometric data (for example, fingerprints or facial images), health data, data concerning sex life or sexual orientation and any personal data relating to criminal convictions or offences.

Latest News

Celebrating the future of bricklaying at the ABC Awards 2024

Leviat reaffirmed its commitment to the future of the UK bricklaying industry at the 2024 Association of Brickwork Contractors Awards late last month, again sponsoring the popular ‘Bricklaying Apprentice of the Year’ category.

Season's Greetings from Leviat

As 2023 draws to a close, Leviat would like to wish our wonderful customers and exceptional team a season filled with an abundance of joy, warmth, and cherished moments with your loved ones!