DSAR Privacy Policy


1 Introduction

Sir Robert McAlpine Limited (‘SRM’, ‘we’, us’ or ‘our’) is a ‘data controller’ meaning we are responsible for deciding how we hold and use personal information about you. You are seeing this notice because you are providing personal data to SRM. This notice makes you aware of how and why your personal data will be used and how long it will usually be retained for during and for the purposes of your Proof of Identity. It provides you with certain information that must be provided under legislation (including the Data Protection Act 2018 and the General Data Protection Regulation (679/2016/EU) (the “Legislation”)).

2 What Personal Data is being collected and Why?

Personal data is being collected to enable SRM to identify you for the processing of your Subject Access Request.

3 What is our lawful basis for processing Personal Data and how we use your data?

3.1. You have provided SRM with your data for the purposes of confirming your identity in relation to the processing your Subject Access Request. This ground for processing your data under the Legislation will therefore be on the basis of your legitimate interest.

3.2 We will comply with data protection laws and principles, including the GDPR. Your data will be:

  • used lawfully, fairly and in a transparent way;
  • collected only for valid purposes and not used in any way that is incompatible with those purposes;
  • relevant to the purposes we have told you about and limited only to those purposes;
  • accurate and kept up to date;
  • kept only as long as necessary for the purposes we have told you about; and
  • kept securely.


4 Data sharing

SRM will not share your data provided with third parties.

5 Data security

We have appropriate security measures in place to prevent your personal information from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

6 Data retention - How long will SRM use my information for?

6.1. We will retain your data only for as long as your Subject Access Request remains active and is necessary subject to any legal requirements where SRM is required to retain your data for a longer period. Data in relation to you Subject Access Request will not be used for any other purpose, including to be held within personnel files ‘just in case’ it may be needed again.