Watts Group Limited (Watts) is an independent provider of building surveying, cost management and project management services to the property and construction industry in the UK and Ireland. This Privacy Notice explains how we store and use personal data collected, for example when:
We collect personal data from potential, current and former clients/suppliers and other individuals with an interest in the property and construction industry to fulfil our stated purposes. The data routinely collected usually includes some or all of the following: Contact Name, Company Name, Office Address, Job Title, Telephone Number(s) and Email Address. All your personal data will be placed on our Client Relationship Management (CRM) system and protected in accordance with our Cyber Essentials Plus accreditation.
Documents obtained to help confirm your identity and substance during our Know Your Client (KYC) checks are stored in our ‘SharePoint’ browser-based collaboration and document management system.
We do not collect any personal data from third party data vendors and do not sell any data to these organisations.
We deploy multiple layers of protection both to computers, the networks and at the boundary of our networks with Enterprise grade products and cloud services from the likes of Checkpoint, Mimecast and Mobile iron. Appropriate levels of virus protection are also used to ensure all our systems are in line with ISO 27001 requirements and our Cyber Essentials Plus certification. Our email systems are also protected by Targeted Threat management systems, to reduce the risk of phishing attacks on staff.
We use the personal data collected for a range of different business purposes but primarily to meet our regulatory and contractual obligations. It is also used in a way we believe you should reasonably expect us to use the data which does not materially impact your rights, freedom or interests. For example, we use the following lawful basis to process personal data:
Watts’ employees will have access to the personal data held in our CRM and SharePoint systems in order to perform their service delivery or support role functions. Access is gained via individual secure Active Directory managed (AD) password protected user accounts.
Access to electronic information is further controlled by AD security groups, so for example, only staff working in our Belfast office can access Belfast office team data.
We may use competent suppliers to deliver services on our behalf or to help us provide services to you (e.g. sub-consultants, couriers etc.). We may also use external providers to carry out identity/credit checks and collect debts for us. Where services are outsourced in this way, we will still control your personal data and we have strict controls in place to make sure it is properly protected.
We will retain the data you give us, for differing periods of time, dependent on the reason you have supplied it to us, whether there is a need to retain the data and in accordance with our data retention policy. All such time frames are guided by industry best practice and other relevant legislation.
If we contact you because we believe we have a legitimate interest to do so, you will be given the opportunity to opt-out of receiving future communications when you receive the first and subsequent messages. You will also be able to check and amend the information we hold using a form access via a hyperlink in the email.
You can also contact us at any time to access your personal data so you are aware of and can verify the lawfulness of the processing we undertake – please use the contact details in the ‘How to contact us’ section below.
In common with many other companies, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. They help us to collect statistical data about our users’ browsing actions and patterns but they do not identify any individual. They enable us to:
We use secure cloud-based services for hosting the data but none of this infrastructure is knowingly based outside the EEA. If we subsequently do this, our contracts with third parties stipulate the standards they must follow so we can store or process your information under the guiding principles of this Privacy Notice and all applicable laws.
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to:
If you want to make a complaint on how we have handled your personal data, please use the contact details above so we can investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work; that is the information commissioner in the UK.
This Privacy Notice is periodically reviewed and amended as necessary to make sure that it remains suitable and effective; it was last updated in January 2020. Any changes we may make in the future will be posted on this page, and where appropriate, notified to you by e-mail.