Privacy PolicyStoring and using your personal information and more

Horizon Structures Limited aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner's website as well as our professional guidelines and requirements.

The Data Protection Manager is Este Retief, who is supported by the Directors.

This Privacy Notice is available by email if you contact contact us.


You will be asked to provide personal information when you became a customer or staff member of Horizon Structures Limited. The purpose of us processing this data is to provide optimum professional service to you.

The categories of data we process are:

  • Personal data for the purposes of staff and self-employed team member management
  • Personal data for the purposes of marketing
  • Special category data including health records and details of criminal record checks for managing employees and contracted team members

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential.

If we intend to pass your personal details to a third party we will gain the individual's specific permission before this personal data is shared.

  • Personal data is stored in the UK whether in digital or hard copy format
  • Personal data is obtained when an individual/customer/company joins Horizon Structures Ltd, when an individual/client is referred to Horizon Structures Ltd and when an individual/client/company subscribes to an email list or newsletter.

The lawful basis for processing special category data such as employees' health data is:

  • Processing is necessary for the purposes of assessing the working capacity of the employee.

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject
  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

The retention period for data in customer records is a minimum of 12 years and may be longer in order to meet our legal requirements.

The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Data Retention procedure available from Horizon Structures Limited.

You have the following personal data rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (clinical records must be retained for a certain time period)
  • The right to restrict processing
  • The right to data portability
  • The right to object

Further details of these rights can be seen at the Information Commissioner's website. Here are some practical examples of your rights:

If you are a client or employee of Horizon Structures Limited you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your information within one month.

All personal data rights requests should be made in writing to the Office Manager, Este Retief or to one of the Directors.

We have carried out a Privacy Impact Assessment and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment.

Comments, suggestions and complaints

Please contact the Office Manager, Este Retief or one of the Directors (Mark Nolan, Mark Camidge or David Cook) at Horizon Structures Limited for a comment, suggestion or a complaint about your data processing. We take complaints very seriously.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner's Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who's misused personal data. You can also visit their website for information on how to make a data protection complaint.

Related practice procedures

You can also use these contact details to request copies of the following company policies or procedures:

  • Data Protection and Information Security Policy.

This policy was updated in May 2018. Please check back regularly for updates.