top of page





It is John Stacey & Sons Ltd company policy to take all necessary steps to ensure that all personal data, held by the company about employees, customers and suppliers is processed fairly and lawfully.  John Stacey & Sons Ltd will take all necessary steps to implement GDPR.


We are required, under the new GDPR legislation, to notify you of the information we hold on you and what it is used, by us, for.


Employee Information


  • Personal data, including name, title, telephone numbers, next of kin, gender, date of birth and address.

  • Information including NI number, bank details, earnings, HR notes, letters, training history and certificates held, ID, information about your health, accident and incident reports, drugs and alcohol results and criminal offences.


Customers and Suppliers


  • Company name, trading name, first name and last name.

  • Contact details, telephone number, email addresses, fax and mobile numbers.

  • Invoice address and delivery addresses.

  • Insurance documents, quotes, orders, invoices and credit notes.

  • Payment details, payment history and bank details.

  • Trading history.


This information is collected from you as an employee, customer or supplier. Should you choose not to provide the necessary information we require, this could result in us not meeting our obligations.


What the information is used for


To run our business in an efficient manner.


How long is the information kept


We will keep your information as long as necessary for us to fulfil our legal and business requirements.  This information is held purely to fulfil all contracts of employment and maintain our trading relationships and general communication.

We will not share this information with anyone who is not involved in our business.


How is the information stored


All data is stored on password protected servers and is backed up by secure back up procedures using up to date security software and IT protection which contains a firewall.


Your Rights


If you consent to us holding your information then no further action is required.

To withdraw your consent please contact us in writing.


Additional information


The internet is not a secure means of sending personal information.  Therefore, we cannot accept responsibility for any unauthorised access resulting in a loss of information, if it is beyond our control.


Monitoring and review


This statement is effective from 25 May 2018.

The Directors have overall responsibility to monitor the company ‘Privacy Policy Statement’ which forms part of the company’s overall Policy and Procedure Manuals.

These are reviewed on a regular basis and may be subject to change as the company grows.

This policy can be found on our website:


K A Brown

Company Secretary

bottom of page