PRIVACY NOTICE FOR ENGINEERS

Why should you read this document?

During the course of your engagement with BOXT Limited for the provision of services as an independent contractor, you may provide us with your personal information and we may collect, use, and share personal information about you.

This Privacy Notice explains how BOXT collects, uses and shares personal data about engineers we engage for the provision of services, including any engineer that you appoint as your substitute.

If you appoint a substitute, you must ensure that they have read this Privacy Notice.

BOXT Limited is a company registered in England and Wales (registered company number 08086606). Our registered office is at 3320 Century Way Thorpe Park, Leeds, West Yorkshire, England, LS15 8ZB.

We are the data controller of your personal data and we are subject to the Data Protection Act 2018 (the "DPA") and the UK General Data Protection Regulation (the "UK GDPR").

We may update this Privacy Notice from time to time. When we do so, we'll publish the revised version on our App and our website. This privacy notice was last updated in February 2023.

How do we collect your personal data?

We may collect your personal data in a number of ways, for example:

  • from the information you provide to us when you make an application to be engaged by us as an independent contractor, including information provided verbally and in writing (by email, text and via our App);
  • from third parties, for example from the Disclosure and Barring Service, the Driver and Vehicle Licensing Agency, the Gas Safe Register and other regulatory and licensing bodies;
  • during your engagement as an independent contractor, for example when you provide or update your contact details, when someone provides feedback about you (including our customers), and in the course of providing your services more generally;
  • in various other ways as you interact with us during the time you are engaged by us as an independent contractor, and afterwards, where relevant, for the purposes set out below.

What types of data do we collect?

We may collect the following types of personal data about you, where relevant:

biographical data, including:

  • your title, full name, date of birth, gender and nationality;
  • your image and likeness, including as captured in photographs taken for business purposes;

contact and communications data, including:

  • your contact details, postal addresses, email addresses and any other documents that are necessary to verify your identity;
  • records of communications and interactions we have had with you;

data related to your provision of services to BOXT, including:

  • details of your right to work in the UK (including your passport and biometric visa details), work history, experience, and qualifications;
  • your Gas Safe Registration number, vehicle registration and driving licence details;
  • your agreement with BOXT for the provision of services and your rate information;
  • registration details for any regulatory, licencing or certification body, including but not limited to the Gas Safe Register, NICEIC, and REFCOM;
  • insurance documentation and any other documentation requested pursuant to your agreement with BOXT for the provision of services;
  • records of feedback given about you (including by our customers);
  • information about your substitute (where applicable);
  • information and details about your company (where applicable), including information about its employees and contractors;

financial data, including:

  • your bank account details (for payment purposes);
  • your tax status (including residence status), where applicable;
  • your invoices and the history of our payments to you;

other data, including:

  • information about how you use and interact with our App, including your login name and password;
  • on an anonymised basis: the dates and times you use our App, App features or webpages; information about App crashes and other system activity; information about the device you use to access our App and platform, including the hardware model, device IP address and other unique device identifiers, operating systems and versions, software, and mobile network data; and
  • any other information which we reasonably need or collect as part of your engagement as an independent contractor.

Please note that if you fail to provide information when requested, or if such information is unsatisfactory to us, or if that information is not correct, complete and up-to-date, we may not be able to process your application to be engaged by us or continue to engage you (as applicable) as an independent contractor.

We may also collect sensitive personal data about you, where this is necessary for your application or engagement – including information about certain criminal convictions (for example, where this is necessary for due diligence purposes, or compliance with our regulatory obligations).

How do we use your personal data?

The purposes for which we may use the personal data (including sensitive personal data, where applicable) that we collect in connection with your engagement with us as an independent contractor include:

  • verifying your identity and carrying out due diligence checks (including criminal background checks) on you and/or your company during the application process;
  • performing our obligations under the agreement for the provision of services between you and us;
  • communicating with you, for example to send you information in connection with the work offered by us to you and any services provided by you;
  • monitoring your progress and delivery of your obligations under the agreement for the provision of services between you and us, including by tracking your travel to customers' homes and the quality of the services you provide;
  • rating your performance for internal purposes only;
  • managing and operating the BOXT business, including by performing our obligations under the contract between us and our customers;
  • paying you in connection with your engagement with us;
  • dealing with tax matters (where applicable), including, where required, transferring your data to Companies House and HM Revenue and Customs to ensure that you have paid appropriate amounts of tax;
  • monitoring customer feedback about you;
  • investigating complaints by customers about you, where required;
  • marketing and promoting our business, including by publishing your image and likeness in connection with your engagement with us as an independent contractor;
  • responding to queries raised by you about matters relating to your engagement with us;
  • dealing with legal claims and requests, including those made under data protection law, or requests for disclosure by competent authorities;
  • updating you about changes to the terms and conditions of your engagement by us as an independent contractor;
  • administering and maintaining records of independent contractors engaged by us and such other records as may be required by UK regulations and legislation from time to time;
  • dealing with internal and external audits;
  • responding to requests from insurance providers and our Compliance Service Provider;
  • dealing with administrative matters, including by managing our internal record-keeping;
  • management planning and forecasting, including research and statistical analysis.

Given the volume of customers we deal with, we use automated systems to:

  • display on our website your availability to visit our customers, as part of the customer booking process;
  • match you to customers requesting services as part of our process of offering jobs to engineers (who are under no obligation to accept them). Engineers and customers can be matched based on availability, proximity and other factors including customer feedback; and
  • communicate with you via our chat service; and
  • generate invoices for your work.

You have the right to express your point of view (including providing any additional information that you want us to consider) and to contest these automated decisions by contacting us using the details set out in this Privacy Notice. A member of our team will then consider the matter.

On occasion, we may use your personal data to carry out our obligations to our regulators or certification bodies, eg the Financial Conduct Authority, Gas Safe Register, NICEIC and REFCOM, or for wider compliance with any legal or regulatory obligation to which we might be subject.

On what basis do we process your personal data?

We may process your personal data for the above purposes because:

  • it is necessary to enable us to decide whether to enter into or perform our contract with you as an independent contractor;
  • it is necessary for the performance of a contract with you, or in order to take steps at your request prior to entering into such a contract as an independent contractor;
  • it is necessary for our or a third party's legitimate interests. Our "legitimate interests" include operating BOXT in a professional, sustainable manner, in accordance with all relevant business needs and legal requirements;
  • it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property);
  • we have your specific or, where necessary, explicit consent to do so.

We may also process your personal data for our compliance with our legal obligations and for other reasons which are in the public interest. In this respect, we may use your personal data to exercise or perform any right or obligation imposed by law in connection with your engagement by us, for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.

Who do we share your personal data with?

We may share your personal data with certain third parties, including:

  • our employees, agents and independent contractors where there is a legitimate reason for their receiving the data, including third parties where we have engaged them to process data on our behalf. These third parties will include but may not be limited to, our compliance advisers;
  • our customers, for example to give them your details (for example your first name and a photo of you, if a photo is available) as the engineer who will be performing the services, subject to your right to send a substitute pursuant to the terms of your agreement with us;
  • the Disclosure and Barring Service;
  • regulatory, licensing or certification bodies, including but not limited to the Gas Safe Register, NICEIC, and REFCOM;
  • internal and external auditors and legal advisers and other third-party advisers and professionals;
  • where you are a Service and Repair Engineer, with PTS who will create an account for you to order parts. You can find more information about how PTS use your personal data in their privacy policy, which is available on their website: https://www.cityplumbing.co.uk/privacypolicy
  • a court, government body, law enforcement agency or other authority of competent jurisdiction, for example by HM Revenue and Customs).
  • providers of outsourced services to us (for example any third party we engage to administer our website and App on our behalf, and the providers of 'back office' functions and tools);
  • Intercom, Inc, to track website usage statistics, to support conversations via our chat service and to store contract information in order to deliver customer services;
  • Segment.io, to document your interactions with our website and App to capture marketing and product-related customer information in order to offer the best digital experience to our users

Your personal data may be shared within the European Economic Area (EEA), to the extent required for business management purposes. As a matter of course, we do not transfer your personal data outside the EEA. We may, however, transfer your personal data around the world on an ad hoc basis. In such circumstances, we will consider whether any additional measures are required in order to give adequate protection for the information when it is transferred outside of the EEA and further, specific information will be provided to affected individuals as needed.

How do we keep your personal data safe?

Your privacy is important to us and we will keep your personal data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your personal data against it being accessed unlawfully or maliciously by a third party.

We also expect you to take reasonable steps to safeguard your own privacy when transferring data to us, for example by not sending confidential data over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.

How long do we keep your personal data?

We typically retain your personal data for a minimum of ten years after your agreement with BOXT for the provision of services has expired or has been terminated. However, some data may be retained for longer than this, for example in order to defend legal claims.

Your rights

You have the following rights:

  • to obtain access to, and copies of, the personal data that we hold about you;
  • to require us to correct the personal data we hold about you if it is incorrect;
  • to require us (in certain circumstances) to erase your personal data;
  • to request that we restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
  • to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Please note that the above rights are not absolute, and we may be entitled or required to refuse requests where exceptions apply.

Contact and complaints

If you have any questions or comments about this Privacy Notice, or how we process your personal data, or if you wish to exercise any of your rights under applicable law please contact [email protected]

You should make contact with us as soon as possible if you become aware of any unauthorised disclosure of your personal data, so that we may investigate and fulfil our own regulatory obligations.

If you have any concerns or complaints about how we have handled your personal data you may lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (the "ICO"), who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The ICO does recommend that you seek to resolve any issues with the data controller, ie us, prior to any referral.

This notice

We will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.

Date last updated: February 2023