Privacy & data protection
What do we mean?
Data protection and privacy laws regulate the collection, storage, disposal, use and disclosure of personal information (such as names, addresses, dates of births, national insurance or social security numbers, job titles or photographs), which can identify a living person. Whilst there are international standards, laws do vary from country to country. Wherever we gather, hold and use personal information, we must always comply with that country’s data protection laws whilst also complying with our own standards and policies on protecting personal information.
It can be easy to forget that the data and records we hold and use may contain personal information. We only collect, retain and use personal information required for our legitimate interests, or as permitted by data protection laws. Those with access to it must only use it in an authorised way.
We take particular care with sensitive personal information such as medical information. We work to ensure appropriate standards of data protection are in place across all our businesses worldwide.
If you’re in any doubt about any aspect of this, always seek advice and approval from your Legal, Compliance or Business Integrity contact, your data protection officer (if any) or another data protection and privacy expert. For more guidance, see your local data protection or information security policies.
Protect personal information and keep it confidential and secure
Use it only in ways individuals would reasonably expect, and let them know what we intend to use it for and the people we may share it with
Make sure it’s only shared with people who have a legitimate need to know or with the consent of those whose information we hold
Promptly report any loss of personal information e.g. a laptop or memory stick containing a database of employee details
Ensure personal information is securely deleted or destroyed when it is no longer required or in accordance with Balfour Beatty’s document retention and disposal guidance
Carry out recruitment and selection procedures in strict accordance with the Company’s Recruitment Policy
Check references for job applicants without first obtaining consent
Use or support databases of “blacklisted” people or supply information to such databases
Transfer personal information outside its country of origin or give other third parties access to it without ensuring that the transfer is permitted under data protection laws