Last updated: December 2025

Thermacell Limited (“we”, “us”, “our”) is committed to protecting the privacy and security of personal information. This Privacy Notice explains how we collect, use, store and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. Who We Are

Thermacell Limited
6D Newyearfield Business Units,
Hawk Brae,
Livingston, EH54 6TW
Email: service@thermacelluk.co.uk
Phone: 01506 414333

We are the Data Controller for the personal data we process.

  1. What Personal Data We Collect

We may collect and process the following types of information:

Clients & Suppliers

  • Names and contact details
  • Job titles and employer information
  • Email addresses and phone numbers
  • Site access information
  • Contract and invoice records
  • CCTV or security-pass information where required by airports or secure facilities

Employees & Subcontractors

  • Contact and emergency details
  • Qualifications, training records and right-to-work documents
  • Payroll, monitoring and HR information
  • Airport pass / security clearance information where applicable
  1. How We Use Personal Data

We process personal data for the following purposes:

  • Delivering our services and fulfilling contracts
  • Managing PPM, reactive works and project communication
  • Issuing invoices, quotes and service reports
  • Maintaining safety, compliance and insurance records
  • Managing staff, subcontractors, training and accreditations
  • Meeting legal, regulatory or airport security obligations
  • Improving our services and maintaining audit trails
  1. Legal Basis for Processing

We rely on one or more of the following lawful bases:

  • Contract – to deliver services or manage supplier relationships
  • Legal obligation – compliance with laws, H&S regulations, airport rules
  • Legitimate interests – running and protecting our business
  • Consent – where required for optional communications
  1. Sharing of Personal Data

We may share information with:

  • Engineers, subcontractors and operational staff involved in delivering works
  • Our accountants, insurers and compliance partners (e.g., Constructionline, SafeContractor & REFCOM)
  • Airport operators and security vetting teams
  • IT service providers and cloud-based platforms
  • Regulatory authorities where legally required

We do not sell personal data to third parties.

  1. Data Security

We use appropriate technical and organisational measures to safeguard data, including:

  • Encrypted systems and secure cloud storage
  • Access controls and password protection
  • Cyber security monitoring
  • Staff training in confidentiality and data handling
  1. Data Retention

We retain personal data only for as long as necessary, including:

  • Contract and service records: up to 7 years
  • HR and training records: as required by law
  • Airport pass/security vetting data: per airport regulations
  1. Your Rights

Individuals have rights under UK GDPR, including:

  • Access
  • Rectification
  • Erasure (where applicable)
  • Restriction
  • Objection
  • Data portability

Requests can be made via service@thermacelluk.co.uk.

  1. Complaints

If you have concerns about how we use your data, you can contact us directly or raise a complaint with:

Information Commissioner’s Office (ICO)
www.ico.org.uk

  1. Updates

We may update this Privacy Notice periodically. Any changes will be published or communicated appropriately.

  1. Airport Security Vetting & Airside Access Information

As part of our work in UK airports, we are required to process personal data to obtain and maintain airport security passes and airside access.

Data Collected

  • Personal identification details
  • Passport or driving licence information
  • Proof of address
  • Employment history and vetting references
  • Criminal record declaration (where legally permitted)
  • GSAT / airside training records
  • ID photographs and airport pass documentation

Purpose

Data is processed solely to:

  • Apply for and maintain airport security passes
  • Comply with aviation security legislation (DfT AVSEC requirements)
  • Enable lawful access to restricted/airside areas
  • Meet client and airport operator security standards

Legal Basis

  • Legal obligation – compliance with aviation security laws
  • Contract – where secure area access is required for service delivery
  • Legitimate interests – ensuring only vetted personnel attend secure sites

Sharing

Data may be shared with:

  • Airport operators/security authorities
  • Approved vetting bodies
  • Training providers
  • Principal contractors who sponsor passes

No other third-party sharing takes place.

Retention

Airport-related vetting records are retained only for the period required by airport security rules and then securely deleted.