Data Protection Controller: Martyn Pattie
Address: M P Architects LLP Great Bansons, Bansons Lane, Ongar, Essex CM5 9AR
Telephone: 01277 364979 Email:firstname.lastname@example.org
Data protection Officer: Claudia Gregory
Address: M P Architects LLP Great Bansons, Bansons Lane, Ongar, Essex CM5 9AR
Telephone: 01277 364979 Email:email@example.com
Information Commissioners Office (ICO): The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Contact ICO on 0303 123 1113 or at www.ico.org.uk
Data protection principles
Under the GDPR, there are six data protection principles with which M P Architects LLP must comply. These provide that the personal information held about clients must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
M P Architects LLP is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
What types of personal information does M P Architects LLP collect about clients?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It does not include anonymised data, i.e. where all identifying particulars have been removed.
M P Architects LLP collects, uses and processes a range of personal information. This may include (as applicable):
- clients contact details, including your name, address, telephone number and personal e-mail address
- the terms and conditions of your business need and information regarding the steps needed to carry out work for you
- photographs of property
Why and how does M P Architects LLP collect and use clients’ personal information?
M P Architects LLP may collect personal information about clients in a variety of ways. When you submit an enquiry via our website, by email or over the telephone we ask you for your name, telephone number, address and email address. You may also give additional information such as a brief description of your enquiry.
We use this information to respond to your enquiry and hopefully to provide you with the information you need, including providing you with any requested information about our products and services. We may also contact you several times after your enquiry to follow up on your interest and ensure that we have responded to your satisfaction. We do this to take steps at your request prior to entering into a contract. We will do this based on our legitimate interest in providing accurate information prior to your business need and taking steps at your request to carry out work for you.
Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, you may be asked to provide some of it to us on a voluntary basis. We will inform you whether you are required to provide certain personal information to us or if you have a choice in this.
Clients’ personal information may be stored in different places, including in your property file, in M P Architects LLP’s management system and in other IT systems, such as the e-mail system.
M P Architects LLP will only use clients’ personal information when the law allows them to. These are known as the legal bases for processing. M P Architects LLP will use your personal information in one or more of the following circumstances:
- where M P Architects LLP needs to request payments, approve building works or works to a property, dealing with covenants or legal issues, issue planning or building consent, advise on meetings or other issues relating to your business need
- where M P Architects LLP needs to comply with a legal obligation
- where it is necessary for M P Architects LLP’s legitimate interests (or those of a third party), and the client’s interests or your fundamental rights and freedoms do not override M P Architects LLP interests
M P Architects LLP may also occasionally use clients’ personal information where the practice needs to protect your vital interests (or someone else’s vital interests).
M P Architects LLP needs clients’ personal information primarily to enable us to perform our service taking steps at your request to carry out work for you and to enable us to comply with legal obligations. In some cases, M P Architects LLP may also use clients’ personal information where it is necessary to pursue legitimate interests (or those of a third party), provided that the clients’ interests or clients’ fundamental rights and freedoms do not override M P Architects LLP interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the practice and the client’s; pursuing our business need to manage the project; performing effective internal administration and ensuring the smooth running of the project; ensuring the security and effective operation of our systems and network; protecting confidential information; and conducting any necessary due diligence. M P Architects LLP believe our clients have a reasonable expectation that the practice will process clients’ personal information.
The purposes for which M P Architects LLP are processing, or will process, client’s personal information are to:
- enable us to maintain accurate and up-to-date records and contact details
- comply with statutory and/or regulatory requirements and obligations
- maintain an accurate record of your property and any specific engagement terms
- ensure compliance with your statutory and contractual rights
- ensure payments are paid correctly
- prevent fraud
- monitor use of our IT systems to ensure compliance with our IT-related policies
- ensure network and information security and prevent unauthorised access and modifications to systems
- ensure effective HR, personnel management and business administration, including accounting and auditing
- ensure adherence to company rules, policies and procedures
- enable us to establish, exercise or defend possible legal claims
Please note that we may process clients’ personal information without consent, in compliance with these rules, where this is required or permitted by law.
What if clients fail to provide personal information?
If clients fail to provide certain personal information when requested or required, we may not be able to perform the service we have entered into, or we may be prevented from complying with our legal obligations. Clients may also be unable to exercise their statutory or contractual rights.
Change of purpose
Who has access to clients’ personal information?
Clients’ personal information may be shared internally within the practice (M P Architects LLP), including the Partner, architectural staff, members of the administration department, and IT staff if access to clients’ personal information is necessary for the performance of their roles.
M P Architects LLP may also share clients’ personal information with third-party service providers (and their designated agents), including:
- marketing consultant
- HR and employment law providers
- M P Architects LLP accountants
- M P Architects LLP insurers
- external IT services
- external auditors
- professional advisers, such as lawyers
M P Architects LLP may also share clients’ personal information with other third parties in the context of a potential sale or restructuring of some or all, of the practice. In those circumstances, clients’ personal information will be subject to confidentiality undertakings.
M P Architects LLP may also need to share clients’ personal information with a regulator or to otherwise comply with the law.
M P Architects LLP may share clients’ personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How does M P Architects LLP protect clients’ personal information?
M P Architects LLP has put in place measures to protect the security of clients’ personal information. The practice has internal policies, procedures and controls in place to prevent clients’ personal information from being accidentally lost or destroyed, altered, disclosed, accessed or misappropriated in any unauthorised way. In addition, M P Architects LLP limits access to clients’ personal information to those employees and other third parties who have a legitimate business ‘need to know’ in order to perform their duties and responsibilities. You can obtain further information about these measures from the Data Controller.
Where clients’ personal information is shared with third-party service providers, M P Architects LLP requires all third parties to take appropriate technical and organisational security measures to protect clients’ personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. M P Architects LLP only allows to process clients’ personal information for specified purposes and in accordance with our written instructions and we do not allow anyone to use clients’ personal information for their own purposes.
M P Architects LLP also has in place procedures to deal with a suspected data security breach and the practice will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and the client of a suspected breach where the Company are legally required to do so.
For how long does M P Architects LLP keep clients’ personal information?
M P Architects LLP will only retain client’s personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
We take appropriate technical and organisational security measures to protect your personal information. It is not sent outside of the European Economic Area (EEA).
M P Architects LLP will generally hold your personal information for the duration of our business need to carry out work for you. We usually keep your details, both paper and electronic for 6 years after the last contact with you and a further 6 years after completing your project, after which they are archived before being deleted, unless there has been a legitimate reason to retain the information for a longer period.
M P Architects LLP will generally hold a client’s personal information for the time period above, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be believed relevant to a possible legal claim in a tribunal, County Court or High Court. This means that, generally, M P Architects LLP will “thin” the file of personal information held on a client’s file after the work has been carried out for the client based on the time period above, so that M P Architects LLP only continues to retain data that is considered strictly necessary for a longer period.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from the IT systems and paper records. Third parties will also be required to destroy or erase such personal information where applicable.
In some circumstances, M P Architects LLP may anonymise client’s personal information so that it no longer permits client’s identification. In this case, M P Architects LLP may retain such information for a longer period.
Your rights in connection with your personal information
It is important that the personal information we hold about clients is accurate and up to date. Please keep M P Architects LLP informed if your personal information changes so that records can be updated, e.g. you change your contact telephone number during the period we are carrying work out for you. M P Architects LLP cannot be held responsible for any errors in client’s personal information in this regard unless relevant notifications of the change has been made.
As a data subject, clients have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information - this enables you to ask M P Architects LLP to suspend the processing of your personal information, e.g. if you contest its accuracy and want us to verify its accuracy
- object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact the Data Controller who will ask you to complete a form requesting to exercise this right. We may need to request specific information from you to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact the Data Controller. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that M P Architects LLP has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
Automated decision making
Automated decision making occurs when an electronic system uses clients’ personal information to make a decision without human intervention.
M P Architects LLP does not use automated decision making, including profiling. However, we will notify you in writing if this position changes.
Changes to this privacy notice
Last updated: July 2018
WEBSITE PRIVACY AND COOKIES POLICY
Who are we?
We are M P Architects LLP. Our address is Great Bansons, Bansons Lane, Ongar Essex CM5 9AR. You can contact us by post at the above address, by email at firstname.lastname@example.org or by telephone on 01277 364979.
The contact details of our Data Protection Officer is Claudia Gregory at the above address.
Our privacy promise
We take your privacy very seriously and we respect your privacy and data protection rights. This privacy notice aims to give you information on how we collect and process your personal data through your use of our website and our services, including any data you may provide through our websites.
How we use your information
When you use our website
When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better.
What personal data do we collect when you submit an enquiry via our website
When you submit an enquiry via our website, we ask you for your name and email address. You may also give additional information such as your telephone number and your address along with a brief description of your enquiry.
We use this information to respond to your enquiry, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to your business need and taking steps at your request to carry out work for you.
Why do we collect this information?
We will use your information to respond to your enquiry and hopefully to provide you with the information you need. We do this in order to take steps at your request prior to entering into a contract.
What do we do with your information?
Your enquiry is stored and processed on a project folder both in a paper file and electronically. This information can be accessed within our office (address above) by our architectural and admin staff.
Last updated July 2018