DATA PRIVACY POLICY
Revision Control
Rev. 1 – Initial Issue – 27 Aug 2025 – K.M
Rev. 2 – GDPR Update – 26 Feb 2026 – K.M
Introduction
This DATA PRIVACY POLICY explains what Express Communications Services Limited (ExComS) does with your personal data, whether we are providing you with a service (Candidates – Engineers, Contractors, Consultants and Technicians), receiving a service from you (Suppliers), you are visiting our website (Website Users), or are continuing our relationship in a renewed capacity (Clients). All parties are collectively referred to as “Data Subjects”.
Legal Framework
This Policy aligns with:
– UK GDPR
– Data Protection Act 2018
ExComS may act as either:
– Data Controller
– Data Processor
depending on the nature of the service relationship.
Lawful Basis for Processing
ExComS processes personal data under one or more of the following legal bases:
– Contractual necessity
– Legal obligation
– Legitimate business interest
– Consent (where required)
We only collect data necessary for service delivery (Data Minimisation).
Data We Collect
ExComS may collect professional, identification, contact, financial, employment and compliance-related data required for recruitment, service delivery, and legal obligations.
Sensitive data (GDPR Article 9) will only be processed with explicit consent where required.
How We Collect Data
Data may be collected:
– Directly from individuals
– From clients
– From suppliers
– From third-party platforms
– Through website interaction
– Through operational systems (e.g. attendance tracking where applicable)
Use of Personal Data
We use personal data for:
– Recruitment
– Service delivery
– Compliance
– Legal defence
– Communication
– Equal opportunity monitoring
– Business relationship management
International Data Transfers
As ExComS operates globally, personal data may be transferred outside the UK/EEA.
Where this occurs, safeguards include:
– Standard Contractual Clauses (SCCs)
– Adequacy decisions
– Confidentiality agreements with contractors and partners
Automated Decision-Making
ExComS does not make decisions based solely on automated processing that produce legal or significant effects on individuals.
Children’s Data
Our services are not directed toward individuals under 18 and we do not knowingly collect children’s personal data.
Data Sharing
Personal data may be shared with:
– Clients
– Contractors
– Service providers
– Cloud platforms
Only where necessary for service delivery and subject to confidentiality safeguards.
Security Measures
ExComS applies industry-standard technical and organisational measures including:
– Access controls
– Role-based permissions
– Secure cloud storage
– Encryption where applicable
– Firewalls and VPN protection
Data Retention
Personal data is retained for up to seven years for:
– Contractual purposes
– Tax compliance
– Audit requirements
– Legal defence
Data Breach Response
In the event of a personal data breach, ExComS will assess risk and notify relevant authorities and affected individuals where legally required.
Your Rights
You have the right to:
– Access your data
– Rectify inaccuracies
– Request deletion
– Restrict processing
– Object to processing
– Withdraw consent
Supervisory Authority
You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Contact
For privacy queries or requests, contact:
Data Protection Officer
Email: [email protected]