CROWN ROOFING s CLADDING LIMITED (Company Registration No. 671086) whose registered office is at Lough Dan Lodge, Roundwood, Co. Wicklow. A98 K753 (“Crown”, “we”, “our”, or “us”) is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
This Data Protection Policy outlines how we collect, use, store, and protect personal data relating to our subcontractors and their employees.
This Policy applies to all personal data processed by Crown relating to Subcontractors and their employees (including permanent and temporary staff) whose personal data we collect in the course of business operations.
• Crown Roofing and Cladding Limited: this Privacy Policy shall apply to and be binding upon all entities, subsidiaries, affiliates, and associated companies of Crown Roofing and Cladding Limited, including but not limited to (Crown Roofing and Cladding ApS, Crown Roofing and Cladding GmbH, Crown Roofing and Cladding UK Ltd, Crown RC Filial, Crown Roofing and Cladding Oy, Crown Roofing and Cladding B.V.), whether existing at the date of this Privacy Policy or subsequently formed or acquired.• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, including collection, storage, use, and disclosure.
• Data Subject: A natural person whose personal data is processed.
• Controller: Crown is the controller of the personal data it processes.
• Data Processor: A third party that processes data on behalf of Crown.
We are committed to processing personal data in compliance with the GDPR principles:
• Lawfulness, Fairness, and Transparency: Processing is lawful, fair, and transparent.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
• Data Minimisation: Only data necessary for the purposes stated are collected.
• Accuracy: Data is accurate and kept up to date.
• Storage Limitation: Data is retained only as long as necessary.
• Integrity and Confidentiality: Data is processed securely.
• Accountability: We are responsible for and can demonstrate compliance.
We will only process personal data where a lawful basis applies, such as:
• Performance of a Contract: Managing subcontractor agreements;
• Legal Obligation: Compliance with employment, tax, insurance, health and safety laws and regulations;
• Legitimate Interests: Managing our business operations (e.g., site safety and security, compliance monitoring, manage access to our sites and facilities).
The personal data we collect from our Subcontractors and their employees includes but is not limited to :
• Identification details: Full name, date of birth, photograph, tax number, social security number
• Contact information: Phone number, email address, and home address
• Employment information: Job title, work schedule, qualifications, completed trainings and employment history
• Financial information: Payslips, bank details for payment processing where applicable
• Health and safety information: Records of work-related injuries or illnesses
• Access control data: Site entry and exit logs, and CCTV footage where applicable
• Data the employees volunteered
• Photos and videos
• When controlled by Crown, CCTV footage or records containing personal images of the employees of our subcontractors when attending our sites and offices.
We do not collect sensitive (“special category”) data unless necessary and with appropriate safeguards.
We may share personal data with:
• Regulatory bodies (e.g., Revenue Commissioners, Health and Safety Authorities)
• Professional advisers (legal, insurance, audit)
• Service providers (payroll processors, HR systems, security services)
• Clients (for site compliance and access purposes)
• IT service providers and cloud storage providers (acting as processors under contract)
All data sharing is governed by appropriate data sharing agreements or contracts as required under GDPR.
Personal data is retained for no longer than necessary for the purposes for which it was collected. Typically, personal data related to subcontractor employees will be retained for 6 years following the end of a project or contractual relationship, in line with legal limitation periods, unless a longer retention period is required by law.
Retention schedules are reviewed regularly.
G. Data Security
We have implemented appropriate technical and organisational measures to protect personal data, including:
• Secure servers and encrypted storage
• Controlled access to personal data
• Staff training on data protection
• Regular reviews and audits of data processing activities.
Individuals whose personal data we process have the following rights under GDPR:
• Right of access
• Right to rectification
• Right to erasure (the “right to be forgotten”)
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with the Data Protection Commission (DPC) in Ireland.
Requests to exercise these rights can be submitted to our Data Protection Officer, Emma O’Gorman Wall.
We generally do not transfer personal data outside the European Economic Area (EEA). If it becomes necessary, we will ensure that appropriate safeguards are in place.
We offer website visitors the option to subscribe to our marketing communications, including newsletters, company updates, and promotions. Subscription is entirely voluntary.
When you subscribe to our newsletter via the Website, we collect the following personal data:
• First and last name
• Email address
No additional personal data is collected for marketing purposes.
Subscription to the Crown Newsletter is based on explicit consent. Consent is provided by actively signing up and ticking a consent box. No pre-ticked boxes are used.
The legal basis for processing personal data for marketing and newsletter communications is consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time.
Newsletter subscriber data is stored and managed using Mailchimp, which acts as a third-party data processor on our behalf. Mailchimp processes personal data in accordance with our instructions and applicable data protection laws.
All marketing and newsletter emails include an unsubscribe link. You can unsubscribe at any time by clicking this link, which will result in immediate removal from the relevant mailing list.
Crown is responsible for the content of marketing communications and newsletters published on or distributed via the Website. The technical development and structural maintenance of the Website are carried out by our appointed web development agency.
We use cookies and similar technologies to operate and secure the Website, analyse usage, and improve functionality.
• Strictly necessary cookies are always enabled to ensure basic website operation and security.
• Analytical and functional cookies are used only with your consent.
We may use third-party analytics services such as Google Analytics. Data collected via cookies is processed in accordance with applicable data protection rules and user consent choices.
All employees and contractors of Crown’s Subcontractors shall comply with this policy and complete any required data protection training. The Compliance Officer oversees compliance and handles queries related to this policy.
Contact Information:
• Compliance Officer: Vera Moreva
• Email: v.moreva@crown.global
This policy is controlled and maintained within our Quality, Environment, Health, and Safety (QEHS) Management System and is available to all employees. It is also accessible to interested parties and members of the public upon request.