Information and Assets

Data protection

Three modern buildings with contrasting facades

We respect the right to privacy and take all appropriate precautions to protect the personal data entrusted to us. We process personal data responsibly and in accordance with data protection legislation.

This means that we:

Ensure that our use of personal data complies with applicable law. This includes activities such as collecting, recording, structuring, storing, retrieving, reviewing, disclosing, transferring, erasing or destroying data, or a combination of these
Ensure that those entrusting us with their personal data understand why we’re using it and what we plan to do with it
Do not retain personal data longer than is necessary to fulfill the specific purpose for which it was collected, and handle the data confidentially and securely
Understand that personal data should be accessed only by those who are authorized to see it and have a legitimate reason to do so

A modern building with a glass facade with two workers on a building maintenance platform

This is information relating to a living person or that can be used to identify them, either directly or indirectly. It could include contact information (such as a phone number or email address), names of family members, healthcare information, passport or identity numbers, IP addresses, account numbers or photos.

A data center with rows of server racks filled with equipment and cables running along the sides

In order to manage resources, I need to keep a list of our craft workers on my project. I’d like to add as much detail as possible, such as ages, addresses and special skills of each listed worker. But I want to ensure we comply with applicable law. What should I consider?

Personal data must be used for specific, legitimate purposes only. Compile only the personal data necessary to fulfill the purpose of the workers list. Seek guidance from your Data Protection manager or HR or Legal teams where necessary. Some personal data collection may require additional protective measures. Share the workers list strictly on a need-to-know basis, such as with the managers responsible for allocating the assignments.

A series of rectangular white stepping stones arranged in a staggered pattern across green lawn

My team is working on a project that legitimately collects personal data. I think it’s best to save all data just in case it might become useful later. Is there anything wrong with this practice?

Yes. Do not store personal data longer than necessary for the specific purpose for which it was collected. You should not retain the data “just in case.” Make regular reviews of personal data records and securely dispose of or delete any personal data that is out of date, irrelevant or no longer required.