1. Introduction
1.1 Costain Group PLC and its subsidiary companies (the “Company”) are committed to respecting your privacy.
1.2 This privacy policy (the “Policy”) explains how we will collect, store, use and otherwise process any personal data you provide via our website (www.costain.com), via any of our software applications however these are accessed including from an app store ("Apps"), via email or when you otherwise communicate with us (including in the course of the services we provide or the running of our business).
1.3 This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.
1.4 The data controller is the Company.
1.5 In this Policy, Data Protection Law means the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”), which has now been incorporated into UK and is known as UK GDPR, and any equivalent legislation amending, supplementing or replacing the GDPR.

2. Scope
2.1 This Policy applies to any persons that provide personal data through the methods described in paragraph 1.2. This may include our current and prospective clients’ personnel; our joint venture partners’ personnel; third parties with whom we have contact by virtue of providing our services (e.g. third party payers of invoices); contractors/ suppliers and their personnel; those with whom we work in the context of our corporate responsibility initiatives; those who submit correspondence to us or whose details are otherwise entered into our systems and portals; and any visitor to our offices and projects.
2.2 Where you provide personal data about you, your personnel or other third parties (e.g. if you are a recruitment agent), you warrant that you have the consent of the individual to do this and that the information is accurate and up-to-date. You will inform us if the wishes of the individual or any information changes.
2.3 Pages of the Company website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the Company does not accept any responsibility or liability for these policies or use of the website. Please check these policies before you submit any personal data to these websites.

3. Collection and use of personal data
3.1 Your personal data will only be processed for the purposes set out below and in accordance with Data Protection Law. The Company will not process your personal data in any manner incompatible with these purposes unless we are required to do so by law.
3.2 The Company may hold and process your personal data for the following purposes:

  • record and respond to any communication you have made with us including by way of telephone, through the website, email address of the Company, any other electronic form of communication and post;
  • provide you with information that you have requested or to send you subscriptions that you have requested (such as the Costain news alerts);
  • manage our relationship with you or third parties (such as your personnel) including for administration, accounting and relationship management purposes;
  • process any application you (or your representative) has submitted for an employment or other opportunity (such as agency or volunteering work) with the Company;
  • equal opportunities monitoring information (including information about your gender, race, ethnicity, sexual orientation and disabilities);
  • on-boarding with the Company and pre-employment screening such as reference checks, right to work checks and criminal conviction checks;
  • for administration purposes and access to our systems and portals;
  • help us develop the website to be more useful to you, to keep it safe and secure;
    to respond to any problems you report with our website or Apps;
  • to administer our website or Apps and for internal operations, including troubleshooting, data analysis, testing, research, statistical purposes;
  • to allow you to participate in interactive features on our website or Apps when you choose to do so;
  • for the security of our business including photographic images, video recording, and administration of any attendance to our offices and projects;
  • to comply with any legal obligations which apply to us or policies that we have in place; and
  • as necessary to prevent illegal activity or to protect our interests or the interests of a third party such as our clients.

3.3 Special categories of personal data (such as information about your health) will be processed where the Company needs to carry out its legal obligations; to run the business; where the processing is necessary for the assessment of your working capacity, occupational health or obtaining a medical diagnosis; or where it is needed in the public interest (such as equal opportunities monitoring). In exceptional circumstances, we may process this data with your explicit consent.
3.4 We rely on one or more of the following legal basis for processing your personal data:

  • for the performance of, or entry into, a contract with you or a third party (such as your personnel);
  • to comply with our legal and regulatory obligations;
  • we have a legitimate interest in doing so and where our legitimate interests are not overridden by your (or the relevant individual’s) interest. These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and projects and ascertaining compliance with our policies and procedures;
  • where processing of special category data is necessary in the context of the establishment, exercise or defence of legal claims or in the substantial public interest or for the assessment of the working capacity of the employee;
  • and where we have obtained your express consent to do so. We will explain at the time we collect your consent that you may withdraw your consent at any time in accordance with the information we provide to you at that time.

4. Sharing your data and security
4.1 For the purposes set out above, the Company may transfer personal data to third parties. These include our clients, joint venture partners, sub-contractors or suppliers including our website operator, professional advisors, insurers and regulatory bodies. This will be for one of the following reasons: you specifically request that we do this; it is necessary to provide information or services to you; for our legitimate interests (including the sale of the business or assets) or the legitimate interests of a third party (such as our client); in the public interest; or to carry out our legal or regulatory obligations.
4.2 Personal data may be shared between the parties listed in paragraph 4.1 above and/or the relevant entities within the Company's group. Where personal data is shared with other parties and/or outside the UK and European Economic Area, the Company will ensure continued compliance with Data Protection Law.
4.3 We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.
4.4 The Company has put in place measures to ensure the security of the information collected and its correct use. These are appropriate to the nature of the information and to prevent unauthorised access. All incoming emails are scanned using virus-checking software. The software will also block unsolicited marketing email (spam) and emails which have potentially inappropriate attachments. All personal data you register on our website will be located behind a firewall. Once we have received your information, we follow strict security procedures as to how your personal data is stored and who sees it, to help stop any unauthorised person getting hold of it. Access to your personal data will only be given to those who strictly need such access.

5. Retention
5.1 We will keep your personal data stored on our systems for only as long as is necessary to achieve the objectives at paragraph 3 of this Policy, albeit we may keep your data for longer than this if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for statistical purposes.
5.2 The third parties we engage to provide services on our behalf will keep your personal data stored on their systems for as long as is necessary to provide the services to you or for such purposes that the personal data was disclosed for.

6. Withdrawing consent
6.1 Where you have provided consent for us to process your personal data, you may withdraw your consent to this processing at any time by contacting us at [email protected].
6.2 If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.

7. Data portability
7.1 Where you have provided personal data to the Company, which is processed on the basis of consent and by automated means, you can ask to receive that personal data in a structured, commonly used and machine-readable format.

8. Access your personal data
8.1 You can request confirmation of whether we hold personal data about you, the details of the personal data and access to that personal data. Your request will be processed and the information to which you are entitled will be provided to you no later than one month (except in extenuating circumstances) from when we receive your request, subject to the requirements and exemptions of Data Protection Law. If such extenuating circumstances mean we are unable to comply with your request within one month, we will tell you as soon as possible about this delay.

8.2 Examples of exceptions, where the Company (by law) does not provide access to personal data include:

  • references written by the Company;
  • any data from which a third party can be identified;
  • any data held for the purposes of management forecasting or planning;
  • any data prejudicing ongoing negotiations with the employee; and/or
  • any data protected by legal privilege.

9. Request your data is rectified
9.1 Where your personal data is inaccurate or where you would like us to complete any incomplete information, you can provide us with a statement that sets out the details of your request for rectification.

10. Request your data is deleted
10.1 You can request that the Company deletes your personal data where it does not have grounds to continue processing your personal data. The Company will be unable to comply with your request in certain circumstances including, for example, if the Company has a legal obligation to continue processing the data.

11. Object to processing
11.1 You can object to the Company processing your personal data where (i) the Company is processing your personal data on the basis of its legitimate interests or (ii) you have grounds to believe that the Company no longer needs the personal data for the purposes or (iii) the processing is unlawful or (iv) you have contested the accuracy of the personal data.

11.2 To exercise any of the above rights, you should make your request via post to Costain Group PLC, Costain House, Vanwall Business Park, Maidenhead, Berkshire, SL6 4UB. Please mark the letter for the attention of the Legal Department.

12. Social plug-ins
Social plug-ins from Facebook
12.1 We use social plug-ins from facebook.com, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. You can recognise these plug-ins by their Facebook logo.
12.2 Here is an example of how these plug-ins work: If you click on the Facebook "Share" button, the relevant information is transmitted directly from your browser to Facebook and stored there. Facebook will make the shared content public on your Facebook profile. If you are logged in on Facebook, the plug-in can assign the visit of our website directly to your Facebook profile. Facebook may collect information about your website behaviour and that you have accessed our website. We have no influence on the data gathered by the plug-in. Even if you are not logged in or registered on Facebook, there is a possibility that the plug-ins forward your IP-address which is then stored by Facebook. For details about collecting and handling your personal data by Facebook and your related rights, please refer to the Facebook data privacy policy which can be found on www.facebook.com. If you do not want Facebook to link data about you via our website to your Facebook profile, you have to log out of your Facebook profile before you visit our website and change the retargeting settings within your Facebook profile.

Social plug-ins from Twitter
12.3 With Twitter and its Retweet functions, we use social plug-ins from Twitter.com, operated by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107. If you retweet one of our contents, your visit on our website will be announced to third parties and assigned to your Twitter account. Details about collecting and handling your personal data by Twitter as well as your rights and setting options for protecting your personal information can be found in the Twitter privacy policy which can be found at www.twitter.com.

Social plug-ins from LinkedIn
12.4 We use plug-ins which are provided by LinkedIn Corporation (LinkedIn), 2029 Stierlin Court, Mountain View, CA 94043, USA. These plug-ins can be identified by the LinkedIn logo and the LinkedIn “Share” button. If you access our website using this plug-in, your browser sets up a direct connection to the LinkedIn servers. LinkedIn receives information that you (your IP-address) has accessed our website. If you click on the LinkedIn “Share” button while you are logged in on your LinkedIn account, you can link certain content on your LinkedIn-Profile which enables LinkedIn to allocate the visit to our website to your LinkedIn account. We do not know the content of the data transferred to LinkedIn or how LinkedIn uses such data.

LinkedIn Insights
12.5 This enables in-depth campaign reporting and unlocks valuable insight about website visitors. The LinkedIn Insight Tag tracks conversions (sign ups), allows for retargeting of ads to website visitors, and unlocks additional insights about members interacting with LinkedIn ads. Details about collecting and handling your personal data by LinkedIn as well as your rights and setting options for protecting your personal information can be found in the LinkedIn privacy policy which can be found at www.linkedin.com. If you do not want to track your behaviour as a LinkedIn member on third-party websites, you can opt out in your LinkedIn settings.

13. Concerns
13.1 If you have concerns around the use of your personal data in the context of this policy, please address your concerns to the Costain Legal Department at Costain Group PLC, Costain House, Vanwall Business Park, Maidenhead, Berkshire, SL6 4UB.

13.2 If you remain dissatisfied following the response of the Costain Legal Department, you can address your concerns to the Information Commissioner’s Office.

Cookies Policy
1. What are cookies?
There is a technology called "cookies" which can be used to provide you with tailored information when visiting the Company website. A cookie is an element of data the website will send to your browser, which will then be stored on your computer. This element of data is a piece of text, not a program. The website can only access the information from a cookie sent by website and it cannot access other cookies sent by other web sites or the information contained there. Additionally, we cannot learn your email address or any other information about you through the use of a cookie.

2. Why does the website use cookies?
The Company uses cookies to track usage of the website and to customise your experience when you are visiting the website. By tracking usage, we can best determine what features of the website best serve you.

3. What benefits do I receive from cookies?
Overall, the use of cookies helps to give you a customised experience when visiting the website. Through the use of cookies, we will know what's working and what's not. That information is then used to keep our website fresh and relevant to you. Cookies also allow for the personalisation of any online services we may provide to you.

4. May I decline to accept a cookie?
You may decline to accept cookies sent by the website by changing the settings of your browser to reject cookies or you can also use the cookie panel to make your choice.

5. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.


Last updated on: 31 March 2021