01
Lawful & transparent
Information is handled only where Veraxus Ltd has a proper business, contractual or legal reason and can explain that purpose clearly.
Data Protection & GDPR
Responsible information handling, built into project delivery.
Veraxus Ltd treats personal data, project records and business communications as controlled information. The approach is practical, proportionate and focused on lawful use, secure handling and client confidence.
Good data protection supports trust on live projects: the right records, held for the right reason, shared with the right people, and protected with sensible controls.
Project-awareBuilt around enquiries, tenders, site records and handover evidence.
ControlledInformation is used and shared only where there is a proper reason.
AccountableRights requests, concerns and incidents are taken seriously.
Policy at a glance
Clear commitments for information, records and trust.
The official policy sets out how Veraxus Ltd collects, uses, stores, shares, retains and disposes of personal data in a controlled and proportionate way.
02
Limited & relevant
Data collection is kept to what is needed for the relevant project, contract, employment, supplier or operational activity.
03
Secure handling
Records, emails, site information and project evidence are protected through proportionate safeguards and controlled sharing.
04
Accountable governance
Directors, managers and personnel are expected to handle information responsibly and raise concerns promptly.
What this means in practice
Built around real project administration.
For Veraxus Ltd, data protection is not treated as a separate corporate formality. It connects to how enquiries, quotations, tenders, access arrangements, subcontractor details, site photographs, emails and handover records are managed.
Client and tender communication
Contact details, correspondence and tender information are treated as controlled business material.
Site records and evidence
Photographs, snagging notes and handover evidence should show the work or issue, not unnecessary personal details.
Supplier and subcontractor information
Insurance, competency, contact and commercial records are shared only where there is a proper operational reason.
Employment and workforce records
Right-to-work, training, induction, accident or health-related records are handled with additional care where needed.
Information journey
A more visual way to show the control process.
The page now includes a designed governance journey so visitors can understand the policy without reading a full document.
Collect only what is neededUse for the right purposeProtect recordsShare carefullyRetain or disposeReview and improve
Key commitments
Responsible data handling, proportionate to the business.
These commitments summarise the practical standard set by the official Veraxus Ltd Data Protection Policy.
Collect personal data only where it supports a genuine business, legal, contractual or operational purpose.
Share information with clients, advisers, suppliers, subcontractors or authorities only where necessary and appropriate.
Use sensible access controls, account controls, document care, paper storage and secure disposal practices.
Treat photos, messages, emails and project records as controlled business evidence, not informal public material.
Handle access, correction, deletion, restriction, objection and consent-related requests in line with applicable legal requirements.
Assess incidents, contain issues, record decisions, consider reporting duties and apply corrective actions where required.
Individual rights
Requests are handled carefully.
Individuals have rights in relation to their personal data, subject to legal conditions, exemptions and the circumstances of the request.
- Access and correction: relevant records can be requested and inaccurate information can be corrected where applicable.
- Deletion, restriction and objection: requests are reviewed against legal, contractual and operational duties.
- Consent-based use: where processing relies on consent, withdrawal is handled where applicable.
Data breach response
Suspected incidents are assessed, contained and recorded.
- Assess: identify what happened, what data may be involved and who may be affected.
- Contain and investigate: limit further exposure, secure affected systems and review root cause.
- Record and improve: keep a proportionate log, consider reporting duties and strengthen controls where needed.
Responsible delivery note
Care, control and communication.
Veraxus Ltd’s approach to data protection supports the wider way the company aims to work: careful records, clear responsibilities, respectful communication, quality evidence, accountable governance and continual improvement as the business grows.
CareControlRespectAccountability
Website and tender use
This page is a plain-language presentation. Where a client, adviser, lender, contractor or tender portal requires formal evidence, the signed PDF should be used as the authoritative Veraxus Ltd policy document.
Document details
Controlled policy information.
The website page explains the policy in practical terms. The signed PDF remains the controlled document for formal client, tender, adviser and governance use.
Document titleData Protection Policy
CompanyVeraxus Ltd
StatusApproved / signed electronically
Approval date08 May 2026
Next review08 May 2027, or earlier if required
Document ownerDirector
Download statusAvailable
Website rolePlain-language policy summary
Formal roleControlled PDF for assurance
Official policy download
Download the official Data Protection Policy PDF.
For formal client assurance, tender submissions, internal governance or professional stakeholder review, download the signed Veraxus Ltd policy document.
Reference / guidance alignment: This policy summary is aligned with relevant UK data protection duties, ICO guidance and recognised good practice for proportionate information governance. It is a website summary only and does not replace the signed policy PDF. Useful public guidance includes ICO data protection principles, ICO data security, and NCSC / ICO GDPR security outcomes.