(General Data Protection Regulation)


Sterling Thermal Ltd provides services commercially and specialise in the design & installation of all forms of thermal insulation, trace heating, pre-insulated air movement, sheet metal cladding, acoustic insulation and passive fire protection.  This privacy policy explains in a clear and succinct way, how we use any personal information we collect about you, either through using our website, or in any other way, verbally or in writing.


  • Data controller

  • Basis for collecting your data (Lawful processing)

  • Legitimate Interests

  • Sensitive Information

  • Categories of Personal Data

  • Cookies

  • Recipients of data

  • Data transfers

  • Retention policy

  • Your Rights as a data subject

  • Automated decision making



Sterling Thermal as an organisation is a data controller and specifically, Mark Nicholson a company director, is Sterling Thermal Ltd.’s current nominated Data Controller.

Mark Nicholson can be contacted by email or telephone


We collect information about you our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email you about other products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Personal information is transferred within the EU as part of hosted cloud services (Microsoft Azure, Office 365, SharePoint and Sage Cloud payroll and accounting). In addition, personal data may be transferred internationally outside of the EU by social media platforms. This particular processing is conducted within binding corporate rules approved by the EU. The lawful basis on which we process your data is in the legitimate interests of Sterling Thermal Ltd.

Personally Identifiable Information (PII) is also collected and processed in order to undertake the employment of staff. The lawful basis for this processing is also in the legitimate interest of Sterling Thermal.

In identifying this ‘Legitimate Interest’ as the lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of Sterling Thermal Ltd do not override your own legitimate rights and freedoms.

Additionally, we collect PII for the purpose of engaging contractors and administering our contracts. In these processes, the lawful basis for processing has been established as the pursuance of a contract or to enter into a contract.

Each category of data subject is identified in our data inventory and the PII collected specified in detail along with the legal basis for processing and the retention period.




Sterling Thermal undertakes the processing of PII in relation to employees to ensure suitability for employment and to discharge any statutory responsibilities in relation to right to work, residency and HMRC requirements.

Both Sterling Thermal and the employee benefit from this processing activity as it provides safeguards for Sterling Thermal and facilitates employment for the Data Subject.  If processing this data were not permitted, then the company could not operate and provide goods and services as well as not being able to offer employment opportunities.



The processing of client data is undertaken in order to engage commercially and offer the most appropriate data privacy and compliance related service and products. In addition, we maintain an oversight of our clients to continue our support. Sterling Thermal and the client benefit from this processing activity as it provides opportunities to establish and sustain commercial relationships and to provide the most focused advice for the benefit of the client. If processing this data were not permitted, then the company could not operate and provide services.

The data collected will not be used for any unlawful or unethical purpose.


Sterling Thermal Ltd does not process sensitive data.


Sterling Thermal processes non-sensitive data. For our staff we process:

Name | Address | Phone No. | Date of Birth | Gender | Signature |Driving Licence | Annual Leave | Disciplinary | NI No. | Tax | Bank Account | Pension Details | Utility Bill | Accreditations | CSCS Card | Photograph | CSCS Reg No. | DBS Check | Name (Emergency Contact) | Phone No. (Emergency contact) | Relationship (Emergency Contact)

We process the following data of our clients:

Name | Address (business) | Phone number | Email address(s) | Signature


We process the following data of our contractor staff:


Name | Address | Date of Birth | Phone No. | NI No. | UTR | Bank Account |Signature | Email Address



Our website does not use 1st party or 3rd party cookies, we do not collect data from you during your interaction with our website.


Any personal data we collect, hold and process is retained within our own company servers based in the UK and on our accounting platform, Sage One accounts and Payroll. Sage reside their data in the UK and EU. We use Microsoft 365, Azure and SharePoint services based in a cloud environment. Microsoft reside the data in UK data centre’s. We share data with Hudson Contract Services, a UK based intermediatory which provides contractor staff. Hudson are data controllers in their own right and their privacy policy can be viewed on their web site. We also use the services of accountants ‘Vista Partners’ based in the UK. Vista Partners reside the data they process in the UK. Personally identifiable data may be used in the preparation of statutory accounts.  Sterling Thermal also use Facebook for Business in order to share relevant and time critical information between members of staff and contractors ‘on site’. Facebook locate data both within and outside of the EU and as such operate within approved binding corporate rules. We also occasionally provide names and contact numbers of our staff to suppliers to deliver to our contract sites.

Access to personal data is restricted to those who have a legitimate reason to retrieve it, e.g. company directors, managers and nominated individuals.


Personal Data is transferred to the EU by some of our data processors through their cloud service provision. This complies with the GDPR international transfers requirements. Facebook reside data worldwide and operate within agreed binding corporate rules approved by the EU.


The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted at 7 years in order to comply with legal and financial requirements. If you consent for us to process your data for the purpose of marketing, we will retain your contact details for as long as the consent lasts.


The regulations provide a number of rights to you as the Data Subject. Sterling Thermal Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below.

In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office  A full and detailed explanation of all rights can be found at

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information

  • Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.

  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.

  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:

    • Where personal data is no longer necessary regarding the purpose for which it was originally collected

    • When you withdraw consent

    • When you oppose the processing and there is no superseding legitimate interest for continuing the processing

    • If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)

    • If the personal data must be removed in order to comply with a legal obligation

    • If the personal data is processed in relation to the offer of information/ society services to a child.


  • Right to Restrict Processing -  If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.

  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office


Sterling Thermal Ltd does not conduct any profiling or automated decision making.


Our website contains links to other websites. This privacy policy only applies to Sterling Thermal Ltd, so if you follow a link to another website, you should read that organisations own privacy policy.


We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in April 2018


You can write to us at this address:

Sterling Thermal Ltd

Eden House Business Centre, Suite F11, Enterprise Way

Edenbridge, Kent, TN8 6HF


You can telephone us on this number: +44(0)208 7635678

You can email us by using this address:

Statement prepared by Derek Mann RISC, MSyl(Dip), CMgr FCMI
Compliance and Privacy Solutions Ltd

v 1.00 12-04-2018
Registered Office 2 Ferndown, Horley, Surrey
Commercial in Confidence