Privacy Policy

This Privacy Policy only applies to you if you are located in the UK or are engaging TUSP from the UK.
In this Privacy Policy, TUSP, BMD, us, we or our means The Ultimate Solution Partnership Limited (UK company number 4224527) as a member of the BMD Group of companies.

Part 1 – Policy information

This Privacy Policy sets out how, when and why we collect, store, use, disclose and otherwise process personal information in connection with our businesses and the services we provide, and your rights in relation to your personal information.

You means any of the following, depending on the context:

Job applicant of BMD;
Employee of BMD;
Customer Representative (e.g. employee) of a customer that uses our service or of a potential customer who seeks to use our services and makes enquiries with us;
Website visitors, but excluding customers or potential customers;
Supplier Representative (e.g. employee) of a supplier who provides or wishes to provide services to BMD.

Please read this Privacy Policy carefully – it is important that you understand how we collect, control and process your personal information.

BMD Group – who are we?

The BMD Group is a privately owned Australian company providing civil engineering construction, civil and structural engineering design and investment services for property development and major infrastructure projects throughout Australia. We provide our services through a particular BMD Group company and/or through a division of one of those companies. For further information on the corporate structure of the BMD Group, please visit https://www.bmd.com.au/our-companies/.

TUSP is an international consultancy advising transport, energy, defence and infrastructure industry clients, spanning three continents to provide solutions using proven expertise in consulting and project delivery.

What privacy laws do we comply with?

The BMD Group is bound by the privacy and data protection laws of the countries in which we operate, being Australia, the United Kingdom and the Philippines. These laws may provide exemptions for the collection and use of some personal information, including personal information about employees in employee records. We may also be bound by workplace surveillance legislation in some countries (and states and territories) that regulate our camera, computer and tracking surveillance of employees.

In the United Kingdom, BMD is subject to the UK Data Protection Act 2018 and the UK General Data Protection Regulation and is the data controller of your personal information. If you have accessed our website from or are otherwise engaging us in Australia, you can view our Australian Privacy Policy here: http://www.bmd.com.au/privacy/.

What kinds of personal information do we collect and for what purpose?
Information we collect directly from you
BMD collects personal information from Customer Representatives when they enquire about or make arrangements on behalf of their company (i.e. the customer) to use our services. This includes the Customer Representative’s information such as:

your name, mailing or street address, email address, and telephone number;
credit card information and account details, banking or payment information;
transaction history and services preferences; and
information through customer surveys, promotions and any enquiries.

If you are a Job Applicant or a current Employee, we may collect information such as:

your name, residential address, postal address, telephone number and email address;
credit card information and account details, banking or payment information;
your gender and date of birth;
identity information such as driver’s licence or passport;
details about your qualifications, skills, employment history and salary;
links to your professional profile (e.g. corporate website or LinkedIn);
previous employment details (e.g. company name, length of employment, role title);
your nationality, citizenship status and/or right to work;
background and criminal history information through background checks;
whether you have a disability, illness or other health issue we need to accommodate in your role;
your emergency contact details, next of kin, dependents and beneficiaries; and
your employment with BMD such as leave records, salary and payments, health information and medical records, performance information (including any information regarding performance reviews or disciplinary matters).

If you are a Supplier Representative acting on behalf of a supplier who wishes to provide services to BMD, we may collect information from the Supplier Representative such as:

your name, work email address and telephone number;
identity information such as driver’s licence or passport;
your company name, company registration number and applicable tax information; and
background and solvency information of the supplier through background checks.

We collect personal information in a number of ways. How we collect personal information from you will depend on how you engage with us and use our services.

For example, we may collect personal information about you when you deal with us over the telephone, enter into an agreement with us or send us correspondence (whether by hard copy or e-mail), visit our premises and complete a visitor or sign-in log, through CCTV cameras we operate at our premises (if you are reasonably identifiable from the images captured by those cameras), or have contact with us in person or through any other mode of communication.

Information we collect automatically
We collect certain data from you automatically when you use our services and/or when you visit our websites. When you visit our websites as a Website Visitor this includes:

the date and time of the visit;
the pages viewed;
how you navigate through the site and interact with pages (including fields completed in forms, applications completed, search items entered);
information about the device used to visit our website;
internet provider details;
referring URL (universal locators); and
IP address and location information based on your address.

We may also collect any additional information relating to you that you provide to us directly through your use of our services, or indirectly through your use of our services or online presence or through other websites or accounts from which you permit us to collect information (if any).

Information we collect from other sources
We may collect personal information about you from third parties in certain circumstances, such as:

from recruitment agencies and your references in connection with a job application or from publicly available sources e.g. your LinkedIn profile or other social media;
from government and regulator databases e.g. Companies House in the UK; and
when you attend a conference which we hold, sponsor or at which we are a partner.

If you have referred us to third parties to obtain personal and other information about you we will assume, and you must ensure, that the third party is aware that you have referred us to them and of the purposes involved in the collection and processing of your personal information.

If you supply us with information about another person, you should ensure you are authorised to do so. You must inform that person who we are, that we will use and disclose their personal information as outlined in this Privacy Policy from time to time and that they have certain rights to access the personal information that we hold about them.

How do we use your personal information and how long do we store it for?
We collect and use your personal information to enable us to operate our business, administer your job application or employment with us and fulfil our responsibilities as a provider of civil and structural engineering construction and consulting services, commercial landscaping and building, urban property development, marketing and sale of residential lots, consulting services, travel and hospitality services and motor vehicle sales, and to tailor our services to best meet the needs of our customers. This includes employee recruitment and management, contractor and supplier due diligence, engagement and management, and customer engagement and management.

This section provides more detail about the purposes for which we collect, use and disclose your personal information, and also outlines the legal bases we rely on to process your personal information.

We do not keep your data for longer than is necessary to fulfil the relevant purposes described in this Privacy Policy unless we are required or permitted to do so under applicable law. For more information on how long we retain your data for, please refer to the time periods below:

Cookies Technology
When you use our website, we may use ‘cookies’ which are software code files placed on your web browser to recognise and identify your computer or device, and help us to monitor your use of our website and remember your preferences so that we may improve our services and provide you with a more user friendly experience when you visit our website.

We may also use cookies to enable us to collect data that may include personal information (e.g. where a cookie is linked to your online account, it will be considered personal information under applicable privacy laws). We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

For more information about the functional, marketing, advertising and performance cookies we use, please review our Cookie Policy here: https://bmdinfrastructureservices.co.uk/cookies/.

Most web browsers are set to accept cookies. If you prefer not to receive cookies, you can configure your Internet browser to reject them or to notify you if they are being used. Deleting or refusing to accept cookies may limit the functionality of our website and effect your overall experience in using our website.

How do we hold and disclose your personal information?
Our disclosures of personal information
We may disclose your personal information where necessary for our business functions and activities and as follows:

Related entities within the corporate group: we may share your information with our employees and the BMD Group entities;
Service providers: we share your information with our third party service providers who assist us in providing our services and in our business operations, including payment processing providers, professional advisors, website services and analytics providers;
Our partners: we may share your information with our sponsors or promoters, including in connection with any promotion or competition we run;
Sale or transfer of business: we may share your information with any party to whom our assets or business (or any part of them) are transferred or are to be transferred;
Recruitment and other third party agencies: we may share your information with recruiters who provide your information to us, to third party referees whose details you’ve provided us, and to enable us to undertake verification and background checks for job applicants and service providers;
Legal and regulatory matters: we may share your information with government agencies, regulatory bodies and law enforcement agencies, as required, authorised or permitted by law; and
With your consent: we may share your information with other third parties who are authorised by you to receive information held by us.

While we take reasonable steps to ensure that third party recipients of your personal information comply with privacy laws that are similar to those in your jurisdiction, we cannot always control the actions of third party recipients and so cannot guarantee to you that they will comply with those privacy laws.

Overseas disclosures of personal information
BMD may store and disclose personal information in and to locations outside the United Kingdom for the purposes described in this Privacy Policy. In respect of personal data transfers subject to the UK GDPR, we rely on the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner for transferring personal data to third countries.

Your personal information may be disclosed outside of the UK to countries that do not have laws equivalent to UK data protection laws, including to Australia We may also engage service providers outside the UK, and Australia. When we disclose or transfer your personal information to a recipient outside the country you are located in, we take steps to ensure that your information is secure.

Our servers and those of our third party service providers are located in the following jurisdictions:

Australia;
Europe: United Kingdom;
Asia: The Philippines.

Steps we take to secure personal information
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. We do this by taking a range of physical, electronic and other security measures such as:

storing electronic documents containing personal information in secure hardware and software systems, and hard copy documents containing personal information in locked cabinets and storage places;
maintaining physical and software protection over paper and electronic data stores and premises, by way of locks and encryption security systems; and
maintaining computer and network security via the use of firewalls, email and internet monitoring systems, as well as the use of security features that involve user identification and passwords that control access.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of the information transmitted to our services or via our website. We therefore do not assume any responsibility for any transmission of your information, which you do at your own risk.

Links
Our website may contain links to websites that are operated by third parties. Those links are provided for your convenience only, and may not always be current or maintained. We are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in relation to those linked websites. The privacy policies that apply to those third party websites may differ substantially from our Privacy Policy, so we encourage you to read the privacy policies of those third parties before using those websites.

Your rights in relation to your personal information
Please contact us using the contact details specified below if you would like to exercise your rights.

Access and correction rights
You may request access to the personal information we hold about you and you may ask for corrections be made to that information so that it is accurate, complete and up-to-date.

We will generally provide you with access to the personal information we hold about you, however in limited circumstances, we may refuse access if we are required or permitted to do so by law. If we do not provide you with access, we will explain the reasons for our refusal in writing.

We will not charge you for making an application to access your personal information but may charge a reasonable fee to cover the cost of providing access, such as data retrieval or photocopying costs. We will advise you if such a charge applies before your request is dealt with.

Right of erasure

You have the right to ask us to delete the personal information we hold about you. This right will only apply where (for example):

we no longer need to use the personal information to achieve the purpose we collected it for;
where you withdraw your consent if we are using your personal information based on your consent; or
where you object to the way we process your personal information (in line with Restriction of processing below).

Where there are valid grounds under data protection laws, we may need to retain your personal information (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Restriction of processing
You have a right in certain circumstances to restrict our processing of the personal information we hold about you. This right will only apply where (for example):

you dispute the accuracy of the personal information held by us;
where you would have the right to ask us to delete the personal information but would prefer that our processing is restricted instead; or
where we no longer need to use the personal information to achieve the purpose we collected it for, but you need the personal information for the purposes of establishing, exercising or defending legal claims.

Objection to processing
You have a right in certain circumstances to object to our processing of the personal information we hold about you, where our lawful basis is for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the personal information which override your rights or which are for the establishment, exercise or defence of legal claims. To the extent provided by applicable laws, you may also withdraw any consent to processing you previously provided to us.

Portability
You have a right in certain circumstances to receive the personal information you have given us in a structured, commonly used and machine readable format, and to require us to transfer your personal information to another organisation, at your request and where this is technically feasible.

We are not responsible for the security of the personal information or its processing once it is received by the third party.

Consent withdrawal
To the extent provided by applicable laws and the legal basis for processing your personal information is consent, you have the right to withdraw the consent you previously provided to us for certain processing activities by contacting us. Where consent is required to process your personal information, we may not be able to deliver the expected service if you do not consent to the processing or if you withdraw your consent.

Marketing
You may choose to stop receiving marketing promotions or information from us when using our services by clicking on the unsubscribe link at the bottom of the communication or by contacting us (contact details below).

Engaging with us anonymously
Where practicable, we will give you the option of not identifying yourself or using a pseudonym when you engage with us. However, if you don’t identify yourself and provide us personal information, we may be unable to engage with you further, provide you with the services or information you are seeking or respond effectively to your query.

Contacting us and complaints
We welcome questions, comments and requests regarding this Privacy Policy.

If you wish to make a complaint about how we have handled or process your personal information, please contact us using the details provided below. This does not affect the rights you may have to submit a complaint or claim with the privacy regulator or data protection authority in the country you are located in, where you consider we have not complied with the applicable privacy or data protection laws.

We will investigate and respond to your question, comment or request as soon as practicable and otherwise in accordance with the timeframes that apply under the applicable privacy or data protection laws. When contacting us, please provide as much detail as possible in relation to your question, comment or request.

Contact details
Please contact the BMD Infrastructure Services Data Protection Officer at:

Email: privacy@bmd.com.au or privacy@bmdis.co.uk
Phone: +44 777 844 0368 or +61 3893 7000
Postal Address: 3-7 Temple Avenue, London, EC4Y OHP, United Kingdom.

Changes to this Policy

BMD may review and update this Privacy Policy from time to time, including if the way we handle and process personal information changes or as required by law. We will post the updated Privacy Policy on our website at https://www.tusp.co.uk/privacy-policy.