Privacy Policy

DATA PROTECTION POLICY

Date: 25 May 2018

This Data Protection Policy, our Internal Data Protection Policy, and any other documents referred to in these documents set out the basis on which any personal data will be collected, processed and destroyed. This Policy also explains the procedures that we have in place to safeguard your privacy and explains and who is responsible for managing data within our company and how you can instruct us to limit the use your data.

The General Data Protection Regulation (GDPR) strengthens the principles of the Data Protection Act 1998. It describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information is collected and used fairly, stored safely and not disclosed unlawfully. For the purpose of the Data Protection Act (“the Act”) and the General Data Protection Regulations (“GDPR”), that take place it from 25th May 2018, the data controller is Consarc Architects.

Contents

1. ABOUT CONSARC 3
2. DATA PROTECTION LAW 3
3. HOW DO WE MANAGE DATA WE MIGHT COLLECT FROM YOU 3
3.1. PERSONAL DATA FROM CLIENTS, CONTRACTORS AND OTHER CONSULTANTS 3
3.1.1 What do we store, how and why: 3
3.1.2 When and how do we dispose of it?: 4
3.2. PERSONAL DATA FROM SUPPLIERS 4
3.2.1. What do we store, how and why? 4
3.2.2. When and how do we dispose of it?: 5
3.3 DATA YOU SUPPLY WHEN YOU CONTACT US VIA THE LINK IN OUR WEBSITE WITH A RECRUITMENT ENQUIRY 5
4.00 PRIVACY STATEMENT: RECRUITMENT 5
5. PRIVACY STATEMENT: CLIENTS 6
5.1 How do we collect information from you? 6
5.2 What type of information is collected from you? 6
5.3 How is your information used? 6
5.4 Who has access to your information? 6
6:00 WHAT RIGHTS YOU HAVE OVER YOUR DATA 6
7:00 HOW DO WE SHARE YOUR DATA 7
8:00 SECURITY PRECAUTIONS 7
9:00 OUR WEBSITE: USE OF COOKIES AND SPAM DETECTION 7
9.01 Use of cookies 7
9.02 Automated spam 7
9.03 Information we collect from you 7

________________________________________

1. ABOUT CONSARC

Consarc Architects is a niche architecture and client advisory practice. We design award winning buildings, act as client advisors on landmark projects and deliver exceptional places to work. We are based in a collaborative studio in Central London at 1 Canalside Studios, 8-14 St Pancras Way, London, NW1 0QG. Our website is www.consarc.co.uk.

The Managing Director and employees are committed to ensuring that the principles of GDPR are adhered to; that the rights of individuals under GDPR are appropriately protected; and that privacy by default and design is at the heart of our approach to data protection.

2. DATA PROTECTION LAW

Consarc Architects collect, handle and store personal information in line with the requirements in the General Data Protection Regulation (GDPR). These rules apply regardless of whether data is stored electronically, on paper or on other materials. We comply with the law, personal information is collected and used fairly, stored safely and not disclosed unlawfully.

We understand that the Data Protection Act is underpinned by eight important principles. Personal data must:
• be processed fairly and lawfully
• be obtained only for specific, lawful purposes
• be adequate, relevant and not excessive
• be accurate and kept up to date
• not be held for any longer than necessary
• processed in accordance with the rights of data subjects
• be protected in appropriate ways
• not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

3. HOW DO WE MANAGE DATA WE MIGHT COLLECT FROM YOU
3.1. PERSONAL DATA FROM CLIENTS, CONTRACTORS AND OTHER CONSULTANTS

(This applies to data that has been given by individuals and is not readily available to be downloaded from the internet)

3.1.1 What do we store, how and why:

3.1.1.1 Contact details during the project: Project contact sheets are normally collected by the client or agent to be issued to the team and we keep them in the project folders.

Contact details during the project are necessary on a regular basis to communicate with other members of the team and ensure the smooth running of the project.

3.1.1.2 Contact details after completion of a project: We keep a contact database in-house with contact details of people we have worked with.

The database is a great marketing tool to keep in touch with companies we have worked with in the past. It is also used to find suitable contractors and suppliers for future projects based on previous experience.

The database is regularly updated with data readily available online.

3.1.1.3 Financial data from clients, contractors and other consultants: in the form of bank account details and payment instructions detailed in their invoices. We only keep invoices for 6 years.

We only store financial information that we need in order to make payments.

3.1.2 When and how do we dispose of it?:

3.1.2.1 Contact details during the project: We delete contact details from the project contact sheet from a supplier, consultant, contractor or client when they leave the company they work for.

At that point, if we think they might be suitable for a future project, we ask them if we can keep their details in our internal Database and explain that their details would be updated and deleted as we feel appropriate.

If a company stops working on a particular project, we still keep their contact details as part of the project data for 12 years after the project has been completed.

3.1.2.2 Contact details after completion of a project: On completion of a project, we request permission from all the contacts we wish to keep on the database to keep their contact details subject to updates and deletion when we feel appropriate. Should they not wish their contact details to be kept, they would be deleted from our database immediately.

Our internal database is regularly updated and contacts deleted.

3.1.2.3 Financial data:

We keep hard copies of the invoices in the office for the current year. After that, they are kept in secure storage for 6 years in they are administration related and 12 years if they are project related.

3.2. PERSONAL DATA FROM SUPPLIERS

3.2.1. What do we store, how and why?

3.2.1.1 Contact details from suppliers: We keep contact details on our database. Contact details can also be found in their correspondence and invoices in the marketing and financial folders.

3.2.1.2 Financial details from suppliers

We keep invoices and request bank details if necessary.

We only store financial information that we need in order to make payments.

3.2.2. When and how do we dispose of it?:

3.2.2.1 We keep all our financial and admin information in archive for 5 years. Supplier information is treated the same way.

If we think they might be useful in the future, we ask them if we can keep their details in our internal Database and explain that their details would be updated and deleted as we feel appropriate. If they disagree, their contact data would go to the archive for 5 years.

3.2.2.2 We keep hard copies of the invoices in the office for the current year. After that, they are kept in secure storage for 6 years in they are administration related and 12 years if they are project related.

We only store financial information that we need in order to make payments.
3.3 DATA YOU SUPPLY WHEN YOU CONTACT US VIA THE LINK IN OUR WEBSITE WITH A RECRUITMENT ENQUIRY
Please refer to point 4. Recruitment

4.00 PRIVACY STATEMENT: RECRUITMENT

At Consarc, we are committed to protecting and respecting your privacy. Your CV and any other personal data or information you provide to us during the recruitment process will be held and processed by us under the Data Protection Act. We will keep and use it to enable us to manage our relationship with you effectively, lawfully and appropriately during this process.

All applications received including CVs and covering letters with contact details will be kept in electronic format until they have been reviewed internally (normally up to two weeks from when they are received). After an application is considered:

1- Unsuitable applications are deleted straight away.
2- Suitable applications are kept in file electronically during the recruitment process and deleted on completion.

We will only disclose information about you to third parties if we are legally obliged to do so. In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.

If you disagree with the above, you must specify in your covering letter or let the data controller know as soon as possible. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. You also have the right to withdraw consent for us to process your data at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or the DPA with regard to your personal data.

5. PRIVACY STATEMENT: CLIENTS

At Consarc, we are committed to protecting and respecting your privacy. This statement explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
5.1 How do we collect information from you?
We obtain information about you when you contact us by email or telephone about our services.

5.2 What type of information is collected from you?
The personal information we collect might include your name, address, email address and any other personal data you provide us.

5.3 How is your information used?
We may keep your data on file while we deal with your enquiry. On completion, and should your enquire not be part of a project, your data may be deleted, unless we have requested permission to keep it. We may keep contract details if they are readily available on line.

5.4 Who has access to your information?
Other than as mentioned below, we will only disclose information about you to third parties if we have a legal duty to do so; or where we need to comply with our contractual duties to you.

If in the future, we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information. In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.

6:00 WHAT RIGHTS YOU HAVE OVER YOUR DATA

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. You also have the right to withdraw consent for us to process your data at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

The accuracy of your information is important to us. You may request details of the personal information we hold about you under the Data Protection Act. If you would like a copy of the information held about you, please write to us:
Consarc Architects, 1 Canalside Studios, 8-14 St Pancras Way, London, NW1 0QG.

If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: mail@consarc.co.uk or write to us:
Consarc Architects, 1 Canalside Studios, 8-14 St Pancras Way, London, NW1 0QG.

You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Identity and contact details of data controller
Consarc Architects is the controller and processor of data for the purposes of the Data Protection Act.
If you have any concerns as to how your data is processed you can contact:
Maria Echeverria, Practice Manager
mail@consarc.co.uk
Consarc Architects, 1 Canalside Studios, 8-14 St Pancras Way, London, NW1 0QG.

You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or the DPA with regards to your personal data.

7:00 HOW DO WE SHARE YOUR DATA
Consarc Architects will not share any of your personal data with third parties unless we are legally requested to or have specific permission from you.

8:00 SECURITY PRECAUTIONS
When you give us personal information, we treat it securely and have several methods in place to protect us from viruses, spams and malicious acts. Non-sensitive details, like contact details, are transmitted over the Internet, and this can never be guaranteed to be 100% secure, therefore we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

9:00 OUR WEBSITE: USE OF COOKIES AND SPAM DETECTION
9.01 Use of cookies
Our website address is: http://consarc.co.uk. This website uses the standard Google Analytics cookies, like many other websites. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service. It is possible to switch off cookies by setting your browser preferences.
9.02 Automated spam
Visitor details may be checked through an automated spam detection service.
9.03 Information we collect from you
We may collect electronic data such as your IP address (your computer’s internet identity) and other details of visits to symondsandsampson.co.uk. This data is not used by us, or any third party, to identify an individual.