Privacy Notice

WE ARE COMMITTED TO ENSURING THAT YOUR PRIVACY IS PROTECTED. WE WILL ONLY USE THE INFORMATION THAT WE COLLECT ABOUT YOU LAWFULLY.

INTRODUCTION

This Privacy Notice explains how Landmarc Support Services Limited (“Landmarc”, “we”, “us”, or “our”) collects, uses, stores, shares and protects personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”), the Privacy and Electronic Communications Regulations (“PECR”), and other applicable UK data protection legislation.

This notice applies to:

  • Website visitors
  • Employees and workers
  • Contractors and consultants
  • Customers and clients
  • Service users
  • Suppliers and business contacts
  • Individuals whose information we process in connection with our operational activities


This notice explains:

  • What personal data we process
  • Why we process it
  • Our lawful basis for processing
  • Who we share information with
  • International transfers
  • Retention periods
  • Your legal rights
  • How to contact us and the Information Commissioner’s Office (“ICO”)

DATA CONTROLLER INFORMATION

Landmarc Support Services Limited acts as either:

  • A Data Controller
  • A Joint Controller
  • A Data Processor


Depending upon the nature and purpose of the processing activity being undertaken.

Where processing is carried out on behalf of Defence Infrastructure Organisation (“DIO”) or other customers, Landmarc acts in accordance with contractual obligations and Article 28 UK GDPR requirements.

CATEGORIES OF PERSONAL DATA

We may process the following categories of personal data where necessary and proportionate:

  • Identification data
  • Contact information
  • Employment information
  • Recruitment information
  • Payroll and financial information
  • Technical and device information
  • Vehicle tracking and telematics information
  • CCTV and Body Worn Video recordings*
  • Occupational health information
  • Security and access control records
  • Training and compliance records
  • Communication records
  • Website usage and analytics data

Where special category data is processed, this will only occur where there is a lawful condition under Article 9 UK GDPR and Schedule 1 DPA 2018.

LAWFUL BASIS FOR PROCESSING

We process personal data under one or more of the following lawful bases:

  • Article 6(1)(a) – Consent
  • Article 6(1)(b) – Contract
  • Article 6(1)(c) – Legal obligation
  • Article 6(1)(e) – Public task (where applicable)
  • Article 6(1)(f) – Legitimate interests


Where special category data is processed, we may rely upon:

  • Article 9(2)(b) – Employment obligations
  • Article 9(2)(h) – Occupational health
  • Article 9(2)(f) – Legal claims
  • Article 9(2)(g) – Substantial public interest

Relevant Schedule 1 DPA 2018 conditions will apply where required.

HOW WE USE PERSONAL DATA

We may process personal data for the following purposes:

  • Recruitment and employment management
  • Payroll and pension administration
  • Occupational health and wellbeing
  • Security, monitoring and access control
  • Vehicle management and tracking
  • Compliance with legal and regulatory obligations
  • Health and safety obligations
  • Service delivery and operational management
  • Business continuity and security
  • Website administration and cybersecurity
  • Fraud prevention and investigation
  • Training and compliance monitoring
  • Responding to enquiries and requests

PERSONAL EMAIL ADDRESS

Where individuals provide a personal email address during the application, recruitment or onboarding process, Landmarc may use this contact information for legitimate business purposes connected to recruitment, onboarding, employment engagement and organisational improvement activities. This may include issuing recruitment feedback requests, onboarding experience surveys, employee engagement surveys and similar communications intended to improve services and organisational processes.

The lawful basis for this processing is Article 6(1)(f) UK GDPR – Legitimate Interests, where Landmarc has a legitimate interest in improving recruitment processes, onboarding experiences, employee engagement and the effectiveness of its services, provided that such interests are not overridden by the rights and freedoms of individuals. Individuals have the right to object to processing carried out under legitimate interests in accordance with Article 21 UK GDPR.

If you wish to object to this please email [email protected]

PRE-EMPLOYMENT SCREENING AND VETTING

As part of our recruitment, onboarding, security and contractual obligations, individuals applying for employment, engagement or contractor positions will be required to undergo pre-employment screening and personnel security checks.

Where applicable, new employees, agency staff and contractors may be required to complete pre-employment checks in accordance with the Government Baseline Personnel Security Standard (BPSS).

The onboarding and screening process will be managed and captured through the Landmarc onboarding platform available through Careers Hub. Individuals may be required to provide personal information and supporting documentation through this onboarding system to facilitate recruitment, identity verification, BPSS screening and related pre-employment activities. Details regarding BPSS and the personal data captured is detailed below.

The onboarding platform and recruitment workflow are processed by Tribepad, acting as a Data Processor on behalf of Landmarc under contractual arrangements and in accordance with Article 28 UK GDPR requirements. Tribepad processes personal information only on documented instructions from Landmarc and is required to implement appropriate technical and organisational measures to protect personal data.

To facilitate personnel screening checks, Landmarc also shares relevant personal information with Verifile Limited, acting as a Data Processor on behalf of Landmarc under contractual arrangements and in accordance with Article 28 UK GDPR requirements.

Personal information shared for these purposes may include name and previous names, date of birth, contact details, address history, identity documentation, Right to Work documentation, employment information and information required for identity and criminal record screening where applicable.

The lawful basis relied upon may include Article 6(1)(b) Contract, Article 6(1)(c) Legal obligation and Article 6(1)(f) Legitimate Interests. Where criminal offence information is processed, processing will be undertaken in accordance with Article 10 UK GDPR and applicable provisions of Schedule 1 Data Protection Act 2018.

BPSS – ADDITIONAL DETAILS

Where applicable, new employees, agency staff and contractors will be required to complete pre-employment checks in accordance with the Government Baseline Personnel Security Standard (BPSS). BPSS is the recognised UK Government standard for pre-employment screening of individuals with access to government assets and supports national security vetting requirements.

The BPSS process may include verification of the following elements:

  • Identity verification
  • Right to Work verification and nationality/immigration status checks
  • Employment history verification
  • Basic criminal record checks relating to unspent convictions


Additional supporting document verification may also be undertaken where necessary.

These checks are undertaken to:

  • Verify an individual’s identity
  • Confirm eligibility to work in the United Kingdom
  • Meet legal and contractual obligations
  • Support security requirements and personnel assurance measures
  • Prevent fraud, deception and unauthorised access

 

To facilitate these checks, Landmarc Support Services shares relevant personal information with Verifile Limited, acting as a Data Processor on behalf of Landmarc under contractual arrangements and in accordance with Article 28 UK GDPR requirements. Verifile processes personal information only on documented instructions from Landmarc and is required to implement appropriate technical and organisational measures to protect personal data.

Personal information shared for screening purposes may include:

  • Name and previous names
  • Date of birth
  • Contact details
  • Address history
  • Identity documentation
  • Right to Work documentation
  • Employment information and employment history
  • Information necessary to conduct identity and criminal record screening where applicable

 

The lawful basis relied upon may include Article 6(1)(b) Contract, Article 6(1)(c) Legal obligation and Article 6(1)(f) Legitimate Interests. Where criminal offence information is processed, such processing will be undertaken in accordance with Article 10 UK GDPR and applicable provisions of Schedule 1 Data Protection Act 2018.

Personal information will only be retained for as long as necessary in accordance with our retention schedule, legal obligations and contractual requirements.

OCCUPATIONAL HEALTH

Landmarc Support Services are required to ensure our staff work safely. One of the ways we meet this legal obligation is through Occupational Health Screening, and to facilitate this, Landmarc will share specific personal information with our Occupational Health provider – LATUS group. For details regarding Latus Group use of personal information please see: Privacy Policy – LATUS Group

For more information regarding GDPR and Occupational Health please see “Latus Group Consent form” located within the HR business area on Landscape.

BENEFITS

As an employer, Landmarc aims to offer competitive terms and conditions of employment and the satisfaction of working in a challenging and exciting environment.  We do our best to make the most of your talents and reward you accordingly.

​All of our benefits are listed on Landmarc Connect, our employee communication platform. 

Details of how to access Landmarc Connect can be found within Landscape. For assistance please speak to your line manager or HR.

Landmarc may share personal information with these third parties. Employees are required to opt in for these benefits using consent. Please note that an alternative legal basis, such as legal requirements, may be used where more appropriate.

BODY WORN CAMERAS – REVEAL

Reveal Media have designed and built a body worn video system. When using Reveal Media’s body worn video system, Reveal Media are the processors on behalf of Landmarc, acting as the controller of this information. Reveal Media takes the responsibility of GDPR very strongly, for more information on how your personal data is handled visit www.revealmedia.co.uk

RETENTION

Personal data is retained in accordance with our Records Retention Schedule and applicable legal and contractual obligations.

Retention periods are determined by:

  • Legal and regulatory requirements
  • Operational necessity
  • Contractual obligations
  • Limitation periods
  • Information security requirements


Data is securely deleted or anonymised once no longer required.

INTERNATIONAL TRANSFERS

Where personal data is transferred outside the United Kingdom, we will ensure appropriate safeguards are implemented in accordance with Chapter V UK GDPR.

Safeguards may include:

  • UK adequacy regulations
  • International Data Transfer Agreements (“IDTA”)
  • UK Addendum to Standard Contractual Clauses
  • Other lawful transfer mechanisms

SECURITY MEASURES

We implement appropriate technical and organisational measures to protect personal data including:

  • Access controls
  • Encryption
  • Authentication controls
  • Network security monitoring
  • Role-based access
  • Logging and auditing
  • Data minimisation
  • Staff training and awareness
  • Secure destruction procedures
  • Incident and breach management procedures


We maintain information security controls aligned to recognised standards including ISO 27001 principles.

INFORMATION SECURITY

We maintain information security controls aligned to recognised standards including ISO 27001 principles. Landmarc is certified in the following:

  • ISO 9001 – Quality Management System
  • ISO 14001 – Environmental Management System
  • ISO 50001 – Energy Management System
  • ISO 45001 – Occupational Health & Safety Management System
  • ISO 44001 – Collaborative Business Relationship Management System
  • ISO 27001 – Information Security Management System

 

Employees: For more Information regarding information security, system monitoring, policies and processes alongside our Information Security Management System please see: “Information Security” section within the business area of Landscape.

INDIVIDUAL RIGHTS

Under UK GDPR, individuals have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights relating to automated decision-making and profiling


Requests may be submitted to: [email protected]

We will respond in accordance with statutory timescales.

COOKIES AND WEBSITE MONITORING

Our website may use cookies, analytics technologies and security monitoring tools to improve website performance, security and user experience.

Where required by PECR and UK GDPR, consent mechanisms will be implemented for non-essential cookies. Please refer to our Cookie Statement for more information.

DATA SHARING

We may share personal data with:

  • Customers and clients
  • Occupational health providers
  • IT and system providers
  • Professional advisers
  • Regulatory bodies
  • Law enforcement agencies
  • Government departments
  • Auditors and insurers


Personal data will only be shared where lawful, necessary and proportionate.

WHERE WE STORE YOUR PERSONAL DATA

Your personal data will be held securely in accordance with our internal security policy, contractual obligations and the law. If we intend to transfer your data outside the European Economic Area (EEA), we will always obtain your consent first.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.

For personal information held by our Data Controller, please email  [email protected].

DATA PROTECTION OFFICER

Landmarc Support Services is not required to have a Data Protection Officer (DPO). However, we place considerable importance on data security and privacy and have, therefore, ensured we have a Security Team and a Security and Data Protection Manager. 

We are registered with the ICO under the Data Protection Register; our registration number is Z7580556. 

COMPLAINTS

Under UK data protection legislation, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”), and applicable provisions introduced under the Data (Use and Access) Act 2025 (“DUAA”), you have the right to raise concerns about how your personal information is collected, used or handled.

We encourage individuals to contact us in the first instance so that we can investigate and seek to resolve any concerns promptly and fairly. This will not affect your right to lodge a complaint with the Information Commissioner’s Office if you believe your personal information has been processed in a manner that does not comply with applicable data protection law.

If you are dissatisfied with how your information has been handled, you may contact us by emailing: [email protected]

For further information regarding complaints, individuals may contact the Information Commissioner’s Office (ICO) or telephone 0303 123 1113.

You also have the right to complain to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk
Telephone: 0303 123 1113

CONTACT

Questions, comments and requests regarding this should be addressed to Landmarc Support Services Ltd. Building 150, Westdown Camp, Tilshead, Salisbury, Wiltshire, SP3 4RS or by emailing [email protected].

ICO Registration Number: Z7580556

WHISTLE-BLOWING POLICY

Landmarc Support Services is committed to a free and open culture when dealings with its employees, customers, suppliers, and all those with whom the Company engages in business relations. 

For more information, please email:

External Customers: [email protected]

For Internal Customers: [email protected]

UPDATES TO THIS NOTICE

We may update this Privacy Notice periodically to reflect legal, operational or regulatory changes.

The latest version will always be made available through our website or internal communication channels where appropriate.