GDPR policy

Introduction – JHAI Limited needs to gather and use information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has or may need to contact. This policy describes how this potential data must be collected, handled, stored and disposed of to meet The GDPR 2018 requirements, to comply with the Law.
JHAI Limited is licensed to carry out its function in accordance with The Building (Approved Inspector etc.) Regulations 2010. This license requires JHAI to abide by the CIC Code of Conduct and the Building Control Performance Standards. These require that all file history must be retained for 15 years.

Purpose This GDPR policy ensures JHAI limited:

  • complies with the regulations and follows good practice;
  • protects the rights of staff, clients and partners;
  • is transparent about how it collects, stores and processes individual’s data; and,
  • protects itself from the risks of data breach Data Protection Law, the Data Protection Act 1998 is being replaced by the General Data Protection

Regulations in May 2018 (following an EU directive). The regulations describe how a company must collect, handle, store and dispose of personal information.

The Regulations apply whether the data is stored electronically or as hard copy. Data kept will be: –

  1. Collected fairly and legally
  2. Individual will be made aware and must actively give permission
  3. Data must be relevant
  4. Data will be accurate and current
  5. Not be held for longer than necessary
  6. Be protected appropriately
  7. Destroyed on request – right to be forgotten
  8. Be supplied on request to the relevant individuals
  9. Not shared with any other party without permission


This policy applies to: –

  • All JHAI Limited offices
  • All staff
  • All Clients
  • All contractor’s, supplier’s associates and others working on behalf of the company It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside GDPR 2018. This data will include:
  • Names of individuals
  • National Insurance Number
  • Company name
  • Postal addresses
  • E-mail addresses
  • Telephone numbers – landline and mobile
  • Any other information relating to individuals risks

This policy helps to protect jhai Limited from security risks including:

  • Breaches of confidentiality e.g. divulging information by mistake
  • Failing to offer choice e.g. preventing the individual giving permission on holding data what is held and how it is stored
  • Reputational damage e.g. company servers being hacked, and sensitive data being stolen.