Sigma Group
Privacy Statement

Home » Privacy Policy
This privacy policy sets out how we Sigma Group process personal data. We take the privacy of your personal data very seriously and all data captured is held in accordance with the requirements of UK Data Protection Act 2018, UK GDPR and other data legislation such as The Privacy and Electronic Regulations 2003 (PECR)

Who we are

Sigma Group, incorporated in England covers all Sigma Group companies including Sigma Retail Solutions Ltd. 

If you have any requests about your personal data or queries about how we handle it you can contact us by emailing privacyteam@sigmagrp.co.uk or by post to; The Privacy Team, Sigma Group, Alpine Court, Glasshoughton, Castleford, West Yorkshire. WF10 4TL

Sigma acts as Data Controller for our own employee’s and contractors data. For the project and construction services we deliver we will process only very limited personal data as a Data Processor

Sigma are registered as a data processor with the ICO (Information Commissioners Office) ref:  ZA316239

Data collection

The data we collect and process is needed if you make use our services; you are an employee or subcontractor of Sigma; one of our clients; or a visitor. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice

Our privacy notice sets out the personal data we collect and manage when you interact with our services.

How do we collect this information? 

We collect personal information:

  • directly from clients  i.e those clients and their employees who use our services  
  • directly from our partners or joint venture projects;  
  • from publicly available sources: eg. networking, social media, internet services, referrals, other Corporate bodies
  • from guests, contractors or visitors 
  • from CCTV images

What data do we collect? 

We will only ever collect the information we need – including data that will be useful to help improve our services. We collect information as follows:

When you interact as with us to fulfil a project or use our services:

  • Contact details – Name, business email, business contact telephone numbers (mobile /landline); photo ID
  • Information about you – CVC details where provided (or necessary); relationship family details such as NOK if recorded;
  • Financial information – Bank account; NI + other HMRC details eg tax reference; payroll numbers; financial references
  • Pension benefits – Benefits accrued, investment choices and death benefit nomination forms
  • Technical data - - IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

When you visit our website

  • Contact details – Name, business email, business contact telephone numbers (mobile /landline);
  • Technical data - IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

For employees and contractors the personal data collected and used can be seen in our Employee Data Privacy Notice

Special Categories of data

We limit the collection of special category data, necessary for the services we provide and to meet legal requirements such a medical detail to fulfil H&S or Equal Opportunities legislation but also to help us eliminate gender bias and developing an inclusive culture that values everyone.

How do we use the data we collect?

Sigma is both a Data Controller and a Data Processor. Where the Company is a Data Processor we act on instruction from the Client Organisation and as defined in our service provision terms.

Any processing activities we undertake are fully compliant with UK and European data protection regulations and the Privacy of Electronic Commutations 

regulation (PECR) where needed for the marketing or promotional approaches we may undertake.

The personal data collected is needed in order to:

  • Carry out our obligations arising from any contracts entered into between you and us
  • Fulfil your requests – e.g amendments to files, questions or guidance.
  • Look into, and respond to, complaints, incidents, near misses, legal matters or any other issues.
  • Record any contact we have with you
  • To send occasional marketing communications
  • Provide a personalised service to you when you visit our websites – this could include customising the content and/or layout of our website and webpages for individual users.
  • Prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf.

If you are applying for a role with us we will provide details of personal data processing at the time of your application

.

Our Legal Basis to process

The personal data that is used is limited to the information we need and is processed mainly under the contracted agreements with you to provide the services we have agreed or the tasks you have requested or as needed for legal requirements. 

Additionally, there will be instances where we will process information using our legitimate interests where for example for occasional marketing and to keep you informed, or to grow our business and promote best practice in the industry

We will seek your consent where needed for the processing of data where the processing activity is not part of the agreed services or for the use of additional personal information for say case studies or testimonials

Keeping your information safe and secure. 

Sigma is committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the 

information we collect. We are certified to Cyber Essentials Plus https://www.ncsc.gov.uk/cyberessentials/overview

Our security controls include - access controls; network security; patch management; encryption; anti-virus software; data storage, location & authentication; back up; disaster recovery, data destruction and incident management

Third party access

Access to your personal information is only allowed when required by law or is required as part our fulfilling our service obligations.  

We do make use of carefully selected third-party service providers to help us fulfil our services and where we do the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

We use third party providers to:

  • Manage our recruitment process and associated ID checks
  • For employee and contractor training and education
  • For support in the administration of our warehouse and project managements systems and databases 
  • Financial accounting and payroll
  • Office and facilities management (e.g security access and passes)
  • For Health & Safety management
  • Internal and external auditors
  • For CCTV

International Data Transfers

We are a UK based company and following Brexit we will continue to store and process personal information mainly in the UK or EEA.

In any circumstance where we may have to transfer your personal data out of the UK or EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK
  • Where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards 
  • such as a detailed review of security measures and the use Standard Contractual Clauses (SCCs) approved by the UK

To receive information on the recipients of your data please contact privacyteam@sigmagrp.co.uk 

How long do we keep personal information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

Details of retention periods for other aspects of your personal information are available in our Register of Processing Activity and our data retention policy which is available from; privacyteam@sigmagrp.co.uk

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

How We use Cookies

Sigma like most organisations make use of Cookie technology and therefore we capture data using Cookies; a cookie consists of a piece of text sent by a web server to a web browser and stored by the browser.

When you visit our websites, we will record your IP address. This address will be matched against public and proprietary IP address databases to provide us with information about your visit. This information may identify the organisation to whom the IP address is registered but not individuals. In some limited cases i.e. single person companies, it may be possible to identify personal data from publicly available ICANNdata.

Your Internet browser has the in-built facility for storing small files – “Cookies” – that hold information which allows a website to recognise you as a user. Our website takes advantage of this facility to enhance your experience. We use a number of these cookies for analytical purposes, and these are described in detail below. By using the Sigma website, having accepted our website privacy and cookie policy; you consent to the use of cookies for these purposes

Cookies allow us to provide important site functionality, so you don’t have to re-enter lots of information. They also allow us to remember what links and pages have been clicked or viewed during a session. If you have provided us with personal data, completing a contact form for example, we may associate this personal data with other information. This will allow us to identify and record what is most relevant to you.

Most web browsers allow user privacy settings to block either all cookies, or third-party cookies. Blocking cookies will, however, have a negative impact upon the usability of many websites, including this one. Please visit www.aboutcookies.org for comprehensive information on how to change your cookie settings in a wide variety of different web browsers.

We use a combination of both session and persistent cookies. Session cookies keep track of your current visit and how you navigate the site, persistent cookies enable our website to recognise you as a repeat visitor when you return. The session cookies will be deleted from your computer when you close your browser. Persistent cookies will be removed on a pre-determined expiry date, or when deleted by you.

  • Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, and to use online forms.
  • Analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Marketing cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences. These cookies also record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website, the advertising displayed on it and communications sent more relevant to your interests.

Read our full Cookie Policy here.

Links to Other Websites

This privacy statement does not cover the links to other websites. We encourage you to read the privacy statements on the other websites you visit.

Controlling your personal information (Your Rights)

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (GDPR) in relation to your personal information. You may have the right to: 

  • be informed of how we will use your data as provided by this Policy
  • access the information held about you. Your right of access can be exercised in accordance with data protection law;
  • object to us processing or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time. 
  • ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
  • ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements.
  • Request a transfer of your personal information (again in certain circumstances).

If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy; are unhappy with any aspect of how we use your data or wish to remove your consent please contact us at: 

The Privacy Team, Sigma Group, Alpine Court, Glasshoughton, Castleford, West Yorkshire. WF10 4TL

OR by emailing privacyteam@sigmagrp.co.uk

OR calling: +44 (0) 845 521 0258

We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will always notify you if such a charge is being applied

Complaints

You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance. 

To register a complaint please email us at privacyteam@sigmagrp.co.uk

If you are unsatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk

Data Protection Officer

We have appointed a Data Privacy Team to oversee out compliance with data protection and ensure your rights are upheld in accordance with this policy statement

If you have any questions for the Team or about this privacy policy or how we handle your personal information please contact privacyteam@sigmagrp.co.uk

Changes to our Privacy Policy: 

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

This privacy policy was last updated in January 2023