GWC Logo

Data Protection Policy

Policy Statement

GWC is committed to protecting the privacy and security of personal information for all clients, contractors, suppliers, employees, website users and contacts.

Our Privacy Notice describes how we obtain, use, store and use personal information during and after working relationships with us, in accordance with data protection law, including the General Data Protection Regulation (GDPR).

Sensitive or private information belonging to GWC, our employees, suppliers or clients, whether heard, seen or read is treated as confidential. It will not be disclosed to any third party, unless it is already in the public domain or the owner has given specific permission to disclose it.

This policy helps ensure that we do not breach the General Data Protection Regulation (GDPR), which provides strict rules in this area.

Any personal information we have access to will always be kept secure in accordance with GDPR and we ensure it is never transferred by any media that is not secured or encrypted.

Confidential information is kept locked away when not in use and employees are advised to always lock their screens when leaving their PC/Laptop.


Privacy Notice

GWC is aware of its obligations under the General Data Protection Regulation (GDPR) and current data protection legislation, and is committed to processing your data securely and transparently. This privacy notice sets out, in line with data protection obligations, the types of data that we hold on you as an employee or contractor, client/supplier to the Company. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

Data controller details:

The Company is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:

Unit 4, 30 Breakfield, Coulsdon, Surrey CR5 2HS

T: 020 8660 0080 E:

Data protection principles

We are committed to complying with all relevant data protection legislation and therefore we:

  • will ensure we only process your data where strictly necessary or where we have your explicit consent to do so;
  • will only collect data for specific and legitimate purposes and will not use collected data other than for those purposes intended, without your specific consent;
  • will not collect more data than we need to for those specific purposes;
  • will ensure all data held is accurate and up to date;
  • will not keep data longer than is necessary for the purposes for which it was collected;
  • will take appropriate security measures to protect against unlawful or unauthorised processing of data;
  • will ensure all employees who have access to data are trained and aware of these obligations;
  • will ensure that all parties who have access to data comply with the obligations set out under this legislation and policy.

Data Breaches

If the Company discovers that there has been a data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to protected personal data, it will consider whether it poses a risk to people. If we consider the risk to people’s rights and freedoms to be severe, we will:

  • Notify individuals about the likely consequences and mitigation measures we have taken without delay;
  • Report it to the Information Commissioner’s Office within 72 hours;
  • Investigate and document the breach.

Data Protection Officer

The Company’s Data Protection Officer is Graeme Coote.

Making a complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

Full Data Protection Policy

If you would like to see our full Data Protection Policy please email bushi@gwcoote, who will forward you a copy.