▣
Process
Process personal data lawfully, fairly and transparently
GDPR Data Protection Policy
Keeping information relevant, controlled, secure and used only for a proper business or legal reason.
Overview
What this policy covers.
A data protection policy for lawful, transparent, limited and secure handling of client, supplier, subcontractor, employee and project information.
This page is a plain-language presentation summary for website visitors, clients and procurement reviewers. The downloadable signed PDF remains the controlled policy document.
At a glance
Data Protection
- Process personal data lawfully, fairly and transparently
- Collect only necessary information for defined purposes
- Protect paper, email, device and cloud records with proportionate safeguards
- Handle rights requests, data sharing and breach concerns responsibly
Key commitments
How the policy translates into behaviour.
▣
Collect
Collect only necessary information for defined purposes
▣
Protect
Protect paper, email, device and cloud records with proportionate safeguards
▣
Handle
Handle rights requests, data sharing and breach concerns responsibly
In practice
What this means on real projects.
Project photographs, emails, supplier records, site notes and commercial information are treated as controlled business records and shared only where there is a proper reason.
The approach is deliberately practical and proportionate for a growing contractor. It supports client assurance and tender readiness without overstating certifications, scale or roles.
Document details
Controlled information.
Document titleGDPR Data Protection Policy
CompanyVeraxus Ltd
StatusApproved / signed
Approval date08 May 2026
Review dateAnnual / earlier after significant change
OwnerDirector
Responsible delivery note
Care, control and communication.
GDPR Data Protection Policy forms part of the Veraxus governance framework. The aim is to show how responsibility is managed in a clear, honest and usable way for clients, partners, subcontractors and stakeholders.