Our pledge
We minimise data collection, encrypt assets in transit and at rest, and restrict access through ISO 27001/27701 controls, zero-trust networking, and auditable playbooks.
ISO 27001 · 27701
Access reviews every 30 days
What this notice covers
This notice explains how Danpol Ltd. collects, uses, shares, and protects personal data provided by clients, suppliers, councils, trainees, and job applicants. It applies to danpol.co.uk, mobilisation portals, tender submissions, third-party data rooms, and collaboration tools operated by Danpol Ltd.
Data controller & DPO desk
Danpol Ltd., 950 Great West Road, Brentford, TW8 9ES, United Kingdom. Privacy stewarded by the Mobilisation Governance Team.
Rapid response
Breach notifications issued within 72 hours after detection. Clients receive mirrored updates through their nominated contact channel.
Categories of data we process
| Category | Examples | Purpose & retention |
|---|---|---|
| Identity & verification | Names, signature images, proof-of-right-to-work files, credential IDs | Regulatory compliance, mobilisation rosters. Held for engagement + 7 years. |
| Professional data | Role, qualifications, induction history, site access permissions | Project staffing, health & safety governance. Held for project lifecycle + 5 years. |
| Communications | Email, chat transcripts, recorded approvals | Audit trails, dispute resolution. Retained for 36 months unless policy requires longer. |
| Telemetry & device | IP address, browser agent, access timestamps | Security monitoring, incident response. Aggregated within 12 months. |
Lawful bases for processing
We rely on contract performance, legitimate interest, legal obligation, and explicit consent where required (e.g., safety passport enrolment). Automated decisioning is limited to credential validity checks; final deployment decisions always involve a human mobilisation lead.
Contract
Mobilisation briefs, supplier onboarding, and council reporting require verified data so we can deliver promised services.
Legitimate interest
We secure our premises, IT estate, and project telemetry to protect staff, clients, and the public.
Legal obligation
We must retain certain documents to satisfy HSE, HMRC, and infrastructure owner requirements.
Consent
Used for optional briefings, marketing updates, and innovation labs. You can withdraw consent at any time.
Your rights & controls
You can invoke UK GDPR rights by emailing privacy@danpol.co.uk or writing to our Brentford office. We respond within 30 days.
Access
Receive a copy of data we hold about you and understand the processing context.
Rectification
Correct inaccurate or incomplete records so crews deploy with accurate information.
Erasure
Request deletion when data is no longer required and no legal duty prevents removal.
Objection & restriction
Pause processing while we review concerns or opt out of non-essential updates.
Vendors & safeguards
Core platforms (UK/EU hosting)
Microsoft 365, Atlassian, and AWS London power secure collaboration. Contracts include ICO-compliant SCCs and audit clauses.
Specialist mobilisation tooling
Telemetry dashboards, safety passport issuers, and travel logistics partners receive only scoped data via encrypted APIs.
International transfers
When data leaves the UK, we rely on adequacy decisions or Standard Contractual Clauses plus encryption-in-use policies.
Talk to us
Privacy Desk
Danpol Ltd., 950 Great West Road, Brentford, TW8 9ES, United Kingdom.
Prefer the ICO? Visit ico.org.uk.