Privacy Policy

A room

McLaren Construction Ltd is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. In this policy, we explain how we handle and treat your personal data, and how you can exercise your rights regarding your data.

This policy sets out the following

  • Legal Basis for collecting Information
  • Information We Collect About You
  • Information We Collect from You or Third Parties
  • Cookies and Similar Technologies
  • Our Promotional Updates and Communications
  • Who We Disclose Your Information To
  • Where is your information stored
  • How long your data is kept for
  • How Your Information is Protected
  • How to exercise your rights
  • Changes to this policy
  • How to contact us

Last Updated: July 2025.

Legal Bases for Collecting and Processing Personal Information

Under the General Data Protection Regulation (GDPR), we are required to have a valid legal basis for collecting and processing your personal information. The legal bases we rely on include:

a. Consent: We may process your personal data if you have given us clear and explicit consent to do so. This means you have agreed to the processing of your data for specific purposes. You have the right to withdraw your consent at any time, and we will cease processing your data from that point forward.

b, Contractual Necessity: We may process your personal data if it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. For example, we may need to process your data to provide you with products or services you have requested.

c. Legal Obligation: We may process your personal data if it is necessary for compliance with a legal obligation to which we are subject. This includes obligations under applicable laws, regulations, and legal processes.

d. Legitimate Interests: We may process your personal data if it is necessary for the purposes of our legitimate interests, provided that these interests are not overridden by your rights and interests. Legitimate interests may include improving our services, ensuring the security of our systems, and conducting business operations.

e. Vital Interests: We may process your personal data if it is necessary to protect your vital interests or the vital interests of another person. This typically applies in emergency situations where the processing of data is required to protect someone's life or health.

f. Public Task: We may process your personal data if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. This basis is more commonly used by public authorities and organisations performing public functions.

Each of these legal bases ensures that we handle your personal data in a lawful, fair, and transparent manner. If you have any questions or need further information about the legal bases for processing your data, please contact our Data Protection Officer, Simon Livingstone.  dpo@mclarengroup.com

Information We Collect About You

We may process your personal data if:

  • You or your company are our customer or supplier.
  • You or your company use our products or services.
  • You work for a customer, supplier, or user of our products or services.
  • You or your employer are potential recipients of our advertising or marketing.

Information We Collect from You or Third Parties

We may process your personal data obtained directly from you or from other sources, such as your employer or when you use our websites.

We may process personal data including your name, employer, job role, contact details (work or personal), information from communications (phone, email, website, social media, in-person), transaction details, and other necessary information for contracts. We also collect data about event participation and relevant preferences, as well as information from office/site visits, such as sign-ins, CCTV recordings, and vehicle registrations.

We may collect the following information when you use our website

  • Technical details such as your IP address, login, browser and plug-in types, time zone, operating system, and platform.
  • Information about your visit, including URLs, clickstream data, date and time, pages viewed or searched, response times, errors, visit duration, page interactions, exit methods, and contact details used to reach customer service.

Cookies and Similar Technologies

We use cookies and similar technologies, like web beacons, to collect and store certain information on your computer or mobile device. For more details please see our Cookie Policy on our website.

Our Promotional Updates and Communications

Where permitted by our legitimate interests or with our prior consent, as required by law, we may use your personal information for marketing analysis and to send you promotional updates via email regarding our products and services.

You may opt out of receiving further marketing communications at any time by clicking the “unsubscribe” link included in all our marketing and promotional emails, or by contacting us at mclaren.news@mclarengroup.com.

Additionally, you may request that marketing materials be sent to a non-personal email address rather than one that identifies you individually.

Who We Disclose Your Information To

Any member of our corporate group, including subsidiaries and our ultimate holding company along with its subsidiaries, who assist in processing personal data in accordance with this policy. Should any of these entities use your information for direct marketing, we will only transfer such information to them for that purpose with your prior consent.

Relevant third parties, which may include:

  • Our business partners, customers, suppliers, and sub-contractors, exclusively for the fulfilment of contractual obligations or other standard business dealings with you or your employer,
  • Our auditors, legal counsel, and other professional advisors or service providers; and
  • Credit reference agencies, where necessary to assess your creditworthiness in connection with entering into a contract with you or your employer.

With respect to data collected through our website:

We may share information with analytics and search engine service providers to help us enhance and optimise our site, as described further in the cookie section of this policy.

Other Disclosures We May Make

We may disclose your personal information to third parties under the following circumstances:

  • In the event of a business or asset sale or purchase, we may share your personal data with the prospective buyer or seller, subject to the terms outlined in this privacy policy.
  • Should McLaren Construction Ltd, or substantially all its assets, be acquired by a third party, personal data held about our customers will be considered a transferred asset.
  • Where required by law, or for the enforcement of our supply terms and other agreements with you or your employer, we may disclose your personal information. Additionally, such disclosure may occur to protect the rights, property, or safety of McLaren Construction Ltd our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention, credit risk reduction, and cybercrime deterrence.

Where is your information stored?

Personal data may be transferred to and stored in locations outside the European Economic Area (“EEA”) where local data protection laws may differ. Processing may also occur by staff based outside the EEA who are employed by us or our suppliers.

Personal information may be transferred outside the EEA for various purposes, including:

  • Storage requirements.
  • Enabling us to provide goods or services and fulfil contractual obligations, such as order completion, payment processing, and support services.
  • Compliance with legal obligations.
  • Supporting operations within our group of businesses where justified interests apply and do not conflict with individual rights.

When data is transferred outside the EEA, steps will be taken to ensure adequate safeguards are in place—such as recognised legal adequacy mechanisms, which may include contracts or frameworks like the EU-U.S. Privacy Shield—and that the data is managed securely in line with this privacy policy.

How Long Your Data is Kept For

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. The retention period for your data is determined based on the following criteria:

  1. Purpose of Collection: We keep your data for the duration needed to achieve the purposes outlined in our privacy policy. 
  2. Legal and Regulatory Requirements: We may be required to retain certain data for a specified period to comply with legal obligations, such as tax, accounting, or other regulatory requirements. In such cases, we will retain your data for the duration mandated by the relevant laws and regulations.
  3. Consent-Based Processing: If the processing of your data is based on your consent, we will retain your data until you withdraw your consent, or the data is no longer needed for the purposes for which it was collected. You have the right to withdraw your consent at any time, and we will cease processing your data from that point forward.
  4. Legitimate Interests: We may retain your data for a longer period if it is necessary for our legitimate interests, such as maintaining business records, improving our services, or defending against legal claims. In such cases, we will ensure that your rights and interests are not overridden by our legitimate interests.
  5. Data Minimisation and Deletion: We regularly review the personal data we hold and delete or anonymise data that is no longer needed. We implement data minimisation practices to ensure that we only collect and retain the minimum amount of data necessary for the purposes outlined in our privacy policy.

How Your Information is Protected

We take the security of your personal data very seriously and implement a variety of measures to protect it from unauthorised access, loss, or destruction.

McLaren has a breach response plan and will inform you and the relevant authorities of any data breach affecting your personal data, as required by law.

McLaren is ISO27001:2022 and Cyber Essentials Plus accredited and is fully committed to maintaining this level of security competence.

Our data protection practices are designed to comply with the General Data Protection Regulation (GDPR) and include the following:

Technical Measures: We use advanced security technologies to safeguard your data. This includes encryption, firewalls, secure servers, and regular security assessments to identify and mitigate potential vulnerabilities.

Organisational Measures: We have established strict internal policies and procedures to ensure that your data is handled securely. Access to personal data is restricted to authorised personnel only, and we provide regular training to our employees on data protection best practices.

Data Minimisation: We only collect and process the minimum amount of personal data necessary for the purposes outlined in our privacy policy. This helps to reduce the risk of data breaches and ensures that your data is not used for any unintended purposes.

Data Retention: We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the data is no longer needed, we securely delete or anonymise it.

  1. Third-Party Processors: When we engage third-party service providers to process personal data on our behalf, we ensure that they comply with GDPR requirements and implement appropriate security measures. We conduct regular audits and assessments of our third-party processors to ensure ongoing compliance.
  2. Incident Response: In the event of a data breach, we have established procedures to respond promptly and effectively. We will notify you and the relevant supervisory authority of any data breaches that pose a risk to your rights and freedoms, in accordance with GDPR requirements.
  3. Regular Reviews: We regularly review and update our data protection practices to ensure they remain effective and compliant with GDPR. This includes conducting periodic security assessments and audits to identify and address any potential risks.

Your rights

You have the right under certain circumstances:

  • To be provided with a copy of your personal data held by us.
  • To request the rectification or erasure of your personal data held by us.
  • To request that we restrict the processing of your personal data while we verify or investigate your concerns with this information.
  • To object to the further processing of your personal data, including the right to object to marketing.
  • To request that your provided personal data be moved to a third party.

How to exercise your rights

If we process your personal information based on consent, you can withdraw it at any time without penalty by contacting us

You may exercise these rights by contacting us via: dpo@mclarengroup.com

If we do not resolve your request or concern, you may contact your local data protection authority. In the UK, the Information Commissioner oversees data protection rights and can assist with complaints about our data processing.

Changes to this policy

Any changes we make to our privacy policy in future will be posted on our website.