How we collect your personal data
We will only ever start to collect, store and use personal information about you if you have consented to it. In most cases this will form an enquiry from you into a potential project and we will collect details directly from you, with your consent. However we may add to that information over time, from publicly available sources such as your website or your social media profile, or from our subsequent communications with you, or others involved in a proposed or actual development, such as contractors, or other consultants.
Why we store and use your personal data
We collect, store and use personal data about you in order to:
- Perform the architectural services in connection with your project.
- Contact you in relation to your project.
- Maintain records of your project (drawings and specifications) for potential future use.
What Information we Hold
coombes everitt architects is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
We may collect, store and use the following kinds of personal information:
- personal contact details such as name, title, postal addresses, telephone numbers, and personal/business email addresses, social media profile addresses.
- Details of existing properties, sites and land, generally in drawn form.
- relevant employer or business name.
- relevant personal and business interests.
- the history of our communications with you.
- Any other information that you choose to send to us.
coombes everitt architects will not provide your personal information to any third party for the purpose of direct marketing. We will never sell, rent or give your personal information to any third party without your consent. We may occasionally contact you with updates about our works, industry developments or items we believe may be of interest to you. Your data will be stored on paper in our files and archives and on encrypted and secure servers in the UK or within the European Economic Area. We do not allow any third-party service providers to use your personal data for their own purposes. We would only permit them to process your personal data for specified purposes and in accordance with our instructions.
Personal Information Security
We will take reasonable technical and organisational precautions to prevent a loss, misuse or alteration of your personal information. We will store all the personal information you provide on our secure password and firewall protected servers and all computer back-ups are fully encrypted. All remote access to our servers is fully encrypted. However, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
How long will we keep your personal data
We will keep your personal data for the above purposes as required by our legal obligations in our contract agreement with you and/or relevant others relevant to your project. For example, we need to maintain tax records for 6 years. Following expiration of these legal requirements, we will retain your personal data until either (i) we become aware it is no longer valid, or (ii) you ask us to delete it.
Changes to your information
Please let us know if the personal information which we hold about you needs to be amended throughout the period of our working relationship with you.
You may instruct us to supply you with any personal information we hold about you free of charge, subject to reasonable conditions. Under certain circumstances, by law you have the right to request:
- Access to your personal information (commonly known as a “data subject access request”). This means that you will receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Correction of the personal information that we hold about you. This means that you can have any incomplete or inaccurate information that we hold about you corrected.
- Erasing of your personal information. This means that you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. In addition, you have the right to ask us to stop processing personal information where we are relying on a legitimate interest but there is something about your particular situation that means that you object to us processing the information.
- Restricting the processing of your personal information. This means that you to ask us to suspend the processing of your personal information, for example if you want us to establish its accuracy or the reason for us processing it.
- Transfer of your personal information to another party.
Should you wish to review, verify, correct or request erasure of your personal information, or, object to the processing of your personal data, or, request that we transfer a copy of your personal information to another party, please contact us.
You will not have to pay a fee to access your personal information or in respect of your other rights under the GDPR Regulations. To protect you from unauthorised access to our data, we will ask you to supply evidence of your identity to ensure that personal information is not disclosed to any person who does not have the right to receive it. Where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you can withdraw your consent for that specific processing at any time. Following receipt of your withdrawal of your consent, we will no longer process your information, unless we have another legitimate basis for doing so in law.
The firm’s directors have responsibility for overseeing compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact one of the directors of the practice.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.