Privacy Policy
As TONE Group Ltd. (including TONE Scaffolding Services Limited, Media Structures Limited and any other associated or subsidiary companies) processes personal information regarding individuals (data subjects), we are obligated under the Data Protection Act 2018 to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the Data Protection Act 2018 and its principles.
Information protected under the Data Protection Act 2018 is known as “personal data” and is defined as: –
“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
TONE Group Ltd. ensures that even greater care and attention is given to personal data falling within the Data Protection Regulation Act 2018’s sensitive personal data, due to the assumption that this type of information could be used in a negative or discriminatory way and is of a sensitive, personal nature to the persons it relates to.
In relation to the sensitive personal data, under the Data Protection Act 2018 can be defined as: –
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
The Data Protection Act 2018 regulates the processing of personal data, which includes organisation, altering, adapting, retrieving, consulting on, storing, using, disclosing, transmitting, disseminating or destroying any such data. As Tone Group Ltd. uses personal data in one or more of the above capacities, we have put into place robust measures, policies, procedures and controls concerning all aspects of personal data handling.
Information protected under the Data Protection Act 2018 is known as “personal data” and is defined as: –
“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
TONE Group Ltd. ensures that even greater care and attention is given to personal data falling within the Data Protection Regulation Act 2018’s sensitive personal data, due to the assumption that this type of information could be used in a negative or discriminatory way and is of a sensitive, personal nature to the persons it relates to.
In relation to the sensitive personal data, under the Data Protection Act 2018 can be defined as: –
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
The Data Protection Act 2018 regulates the processing of personal data, which includes organisation, altering, adapting, retrieving, consulting on, storing, using, disclosing, transmitting, disseminating or destroying any such data. As Tone Group Ltd. uses personal data in one or more of the above capacities, we have put into place robust measures, policies, procedures and controls concerning all aspects of personal data handling.
The Data Protection Act 2018’s 7 principles are:
a) Processed lawfully, fairly and in a transparent manner in relation to individuals.
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The controller shall be responsible for, and be able to demonstrate, compliance with the above principles.
The controller shall be responsible for, and be able to demonstrate, compliance with the above principles.
The Information Commissioners Office (ICO)
- The Information Commissioners Office (ICO) is an independent regulatory office who report directly to Parliament and whose role it is to uphold information rights in the public interest.
- The ICO is responsible for oversight, enforcement and responding to complaints with regards to the Data Protection Act 2018.
- TONE Group Ltd (TONE Scaffolding Services Ltd., Media Structures Ltd.) are registered with ICO and appear on the Data Protection Register as a controller and processer of personal information.
- The ICO Reference numbers are TONE Scaffolding Services Ltd. – 2A398561, Media Structures Ltd. – 2A398633, Austen Lewis Ltd – 24398974.
Objectives
We are committed to ensuring that all personal data obtained and processed by TONE Group Ltd. is done so in accordance with the Data Protection Act 2018 and its principles, along with any associated regulations and/or codes of conduct laid out by the Supervisory Authority and local law. We are dedicated to ensuring the safe, secure, ethical and transparent use of all personal data and to uphold the highest standards of data processing.
TONE Group Ltd. uses the below objectives to meet the regulatory requirements of the Data Protection Act 2018 and to develop measures, procedures and controls for maintaining and ensuring compliance.
We are committed to ensuring that all personal data obtained and processed by TONE Group Ltd. is done so in accordance with the Data Protection Act 2018 and its principles, along with any associated regulations and/or codes of conduct laid out by the Supervisory Authority and local law. We are dedicated to ensuring the safe, secure, ethical and transparent use of all personal data and to uphold the highest standards of data processing.
TONE Group Ltd. uses the below objectives to meet the regulatory requirements of the Data Protection Act 2018 and to develop measures, procedures and controls for maintaining and ensuring compliance.
TONE Group Ltd. ensures that: –
- We protect the rights of individuals with regards to the personal information known and held about them by Tone Group Ltd. the course of our business.
- Every business practice, task and process carried out by TONE Group Ltd., is monitored for compliance with the Data Protection Act 2018 and its principles.
- Consent is recorded at the time it is obtained.
- All employees (including new starters) are aware of Data Protection Act 2018 obligations and how they apply to our business and services.
- Customers feel secure when providing us with personal information and know that it will be handled in accordance with their rights under the Data Protection Act 2018.
- We maintain a continuous program of monitoring, review and improvement with regards to compliance with the Data Protection Act 2018 and to identify gaps and non-compliance before they become a risk.
- We monitor Data Protection Act 2018 news to stay abreast of updates, notifications and additional requirements.
- We provide clear lines of reporting and supervision with regards to data protection compliance.
- We store and destroy all personal information, in accordance with the Data Protection Act 2018 timeframes and requirements.
Any information provided to an individual in relation to personal data held or used about them, will be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
Accountability and Compliance
TONE Group Ltd. can demonstrate that all processing activities are performed in accordance with the Data Protection Act 2018 and that we have in place policies, procedures, measures and controls for the protection of data. We work diligently to guarantee and promote a comprehensive and proportionate governance program.
We operate a top-down approach to data protection and ensure that every employee within the company is knowledgeable about Data Protection Act 2018, its principles, related codes of conduct and our internal policies, measures and training documents.
The technical and organisational measures that TONE Group Ltd. has in place ensure and demonstrate compliance with the data protection laws, regulations and codes of conduct and are detailed in this document.
TONE Group Ltd. can demonstrate that all processing activities are performed in accordance with the Data Protection Act 2018 and that we have in place policies, procedures, measures and controls for the protection of data. We work diligently to guarantee and promote a comprehensive and proportionate governance program.
We operate a top-down approach to data protection and ensure that every employee within the company is knowledgeable about Data Protection Act 2018, its principles, related codes of conduct and our internal policies, measures and training documents.
The technical and organisational measures that TONE Group Ltd. has in place ensure and demonstrate compliance with the data protection laws, regulations and codes of conduct and are detailed in this document.
These measures include: –
- Data Protection Policy
- Training Procedure
- Internal Audits & Monitoring Policy & Procedures
- Clear Desk Policy
- Remote Access Policy
- Control of Documents & Record Procedure
- Personal Data Register
- Business Continuity Plan
Data Minimisation
Under Data Protection Act 2018, principle (c) advises that data should be ‘limited to what is necessary’, which forms the basis of our minimal approach. We only ever obtain, retain, process and share the data that is essential to carry out our services and legal obligations and we only keep if for as long as is necessary.
Data minimisation enables us to reduce data protection risks and breaches and supports our compliance with the Data Protection Act 2018.
Under Data Protection Act 2018, principle (c) advises that data should be ‘limited to what is necessary’, which forms the basis of our minimal approach. We only ever obtain, retain, process and share the data that is essential to carry out our services and legal obligations and we only keep if for as long as is necessary.
Data minimisation enables us to reduce data protection risks and breaches and supports our compliance with the Data Protection Act 2018.
Measures to ensure that only the necessary data is collected includes: –
- Electronic collection (i.e. forms, website, surveys etc.) only have the fields that are relevant to the purpose of collection and subsequent processing. We do not include ‘optional’ fields, as optional denotes that it is not necessary to obtain
- Physical collection (i.e. face-to-face, telephone etc.) is supported using scripts and internal forms where the required data collection is ascertained using predefined fields. Again, only that which is relevant and necessary is collected
- We have a documented “Control of Documents & Records” procedures in place where a data subject or third-party provides us with personal information that is surplus to requirement.
Restriction
Restricting access is built into the foundation of TONE Group’s processes, systems and structure and ensures that only those with authorisation and/or a relevant purpose, have access to personal information. Special category data is restricted at all levels and can only be accessed by senior management and HR.
Restricting access is built into the foundation of TONE Group’s processes, systems and structure and ensures that only those with authorisation and/or a relevant purpose, have access to personal information. Special category data is restricted at all levels and can only be accessed by senior management and HR.
Hard Copy Data
Any hard copy data is stored on a restricted access basis with secure controlled access. Only staff authorised to access data or secure areas are able to do so. All personal and confidential information in hard copy is stored safely and securely.
Any hard copy data is stored on a restricted access basis with secure controlled access. Only staff authorised to access data or secure areas are able to do so. All personal and confidential information in hard copy is stored safely and securely.
Clear Desk Policy
Tone Group Ltd. operates a Clear Desk Policy and does not permit personal data to be left unattended on desks or in meeting rooms, or in visible formats, such as unlocked computer screens, printers etc. Access to areas where personal information is stored (both electronic and physical) are on a restricted access basis with secure controlled access. Only staff authorised to access data or secure areas are able to do so unless accompanied with an authorized staff member. All personal and confidential information in hard copy is stored safely and securely.
Codes of Conduct & Certification Mechanisms
At the core of all personal information processing activities undertaken by TONE Group, is the assurance and verification that we are complying with the Data Protection Act 2018 and our lawfulness of processing obligations. Prior to carrying out any processing activity on personal information, we always identify and establish the legal basis for doing so and verify these with the regulations.
Data is only obtained, processed or stored when we have met the lawfulness of processing requirements, where: –
- The data subject has given consent to the processing of their personal data for one or more specific purposes
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which we are subject.
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in TONE Group Ltd.
As an organisation with less than 250 employees, TONE Group Ltd. maintains records of all processing activities where: –
- Processing personal data could result in a risk to the rights and freedoms of individual.
- The processing is not occasional.
- We process special categories of data or criminal convictions and offences
- Such records are maintained in writing, are provided in a clear and easy to read format and are readily available to the Supervisory Authority upon request.
Laptops
Laptops offer greater flexibility and allow work to be undertaken away from the office and can substitute a standalone terminal. However, this flexibility can encourage the onset of health problems e.g. principle upper limb disorders if the user adopts an unsatisfactory working posture.
Laptops used for an excessive period must be connected to a conventional keyboard and a conventional mouse. The screen must be raised to the appropriate height by using a screen raiser.
Laptops offer greater flexibility and allow work to be undertaken away from the office and can substitute a standalone terminal. However, this flexibility can encourage the onset of health problems e.g. principle upper limb disorders if the user adopts an unsatisfactory working posture.
Laptops used for an excessive period must be connected to a conventional keyboard and a conventional mouse. The screen must be raised to the appropriate height by using a screen raiser.
Peter McShane
Managing Director
July 2025
Managing Director
July 2025