Keeping your information safe
1. Our commitment to you:
ECD Architects Ltd understands that everyone’s privacy is important and we care about how personal data is used. We respect and value the privacy of everyone we interact with and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
2. ‘We’ ‘our’ or ‘us’
‘We’ ‘our’ or ‘us’ in the context of this statement is ECD Architects Ltd, a private limited company trading as Architects and Built Environment consultants. Our Company Registered Number is 03028104 and our registered office is Studio 3, Blue Lion Place. 237 Long lane. London SE1 4PU. ECD Architects Ltd is registered as a Data Controller with the Information Commissioner’s Office (ICO), Registration Number: Z1701357.
3. Aim of this notice
Your information is protected by law. Data Protection law allows us to collect and use your personal information if we have a lawful reason to do so. This privacy notice is to let you know how we handle your personal data under the Data Protection Act, General Data Protection Regulation (GDPR) and any acts or legislation that supersede them. This Privacy notice explains how we collect, hold securely and use any personal data gathered in the course of our business. It also explains your rights under the law relating to your personal data.
4. What is personal data?
Personal data is any information about you that enables you to be identified and covers information such as your name and contact details.
5. What Are Your Rights?
Under the GDPR, you have the following rights in relation to your personal information, which we will always work to uphold.
1. the right to be informed about how your personal information is being used
2. the right to access the personal information we hold about you
3. the right to request the correction of inaccurate personal information we hold about you
4. the right to request the erasure of your personal information in certain limited circumstances
5. the right to restrict processing of your personal information where certain requirements are met
6. the right to object to the processing of your personal information
7. the right to request that we transfer elements of your data either to you or another service provider
8. the right to object to certain automated decision making processes using your personal information
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
If you have any cause for complaint about our use of your personal data, and we do not resolve it to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office.
6. What Personal Data Do We Collect and Why Do We Need It?
We may collect some or all of the following personal data which will vary according to your relationship with us:
2. Address (Company or personal)
3. Email address (Company or personal)
4. Telephone number (Company or personal)
5. Job title
6. Payment information
7. Specific personal information required for job applications
8. Specific personal information required for fulfilment of a contract for our services
We need this information to fulfill our obligations under service contracts or because you have consented to providing this information or because we have assessed that we have a legitimate interest in holding this data for the purpose that we need to use it. Your personal data may have been provided to us as processors of information under GDPR in which case, we will act in accordance with GDPR regulations and by direction of the third party organisations instructing us.
7. How Do We Use your Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This will be:
• because the data is necessary for us to perform works or services under a contract with you or a third party organisation
• because it is in our legitimate business interests to use it
• because you have consented to our use of your personal data
With your permission and/or where we wish enhance our professional services to you, we may also use your personal data to contact you, by email and/or telephone and/or post, with information or news about our work or to invite you to events we are involved in. You will not be sent any unlawful marketing or spam and you will always have the opportunity to opt-out of receiving further such communications from us.
8. Who do we share your personal information with?
We may share personal information with the following parties:
• Companies in the same group of companies as us: in relation to joint events or in order to carry out our services or manage our business affairs
• Other service providers and advisors to us: such as companies that support our IT, help us analyse the data we hold, process payments, send communications to our clients, provide us with legal, property or financial advice and generally help us deliver services to you or the organisation that you represent or for us to purchase them from you or the organisation you represent;
• Information providers: which may include credit reference agencies, Companies House, HMRC,
• The Government, local authorities, planning authorities or relevant regulators: where we are required to do so by law or to assist with their investigations, for example the Information Commissioner's Office; and
• Police, law enforcement agencies and security services: to assist with the investigation and prevention of crime and the protection of national security.
Where we have these arrangements, there is always an agreement in place to make sure that the organisation complies with data protection law. We do not disclose personal information to anyone else except as set out above unless we have your consent or we are legally obliged to do so. We do not sell your data.
9. How do we protect your personal information?
We have a legal duty to make sure we hold your personal information (on paper and electronically) in a secure way, and to only make it available to those who have a right to see them. We implement security processes and technical security solutions to protect the personal information we hold from:
• Unauthorised access
• Improper use or disclosure
• Unauthorised modification
• Unlawful destruction or accidental loss
Examples of our security include:
• Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password)
• Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
• Training for our staff allows us to make them aware of how to handle personal information, and how and when to report when something goes wrong
• Regular testing of our technology and ways of working, including keeping up to date on the latest security updates
10. How Long Will We Keep Your Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
11. Information outside of the European Union
The personal information we collect about you is not transferred to or stored in countries outside of the UK or European Union except as set out in this section.
Our directors and other individuals working for us may in limited circumstances access personal information outside of the UK and European Union if they are on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
12. Visiting our website.
When you visit our website, we collect standard internet log information for statistical purposes.
• We do not make any attempt to identify visitors to our website. We do not associate information gathered from our site with personally identifying information from any source.
• When we collect personal information, for example via an online form, we will explain what we intend to do with it on the form
Our website contains links to various third party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our site.
13. Changes to this notice.
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. Where required by law we will seek your consent to changes in the way we use your personal information.
14. Contacting us
In the event of any query or complaint in connection with the information we hold about you, please email firstname.lastname@example.org or telephone us on 0207 939 7500
15. Further advice?
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.