For the purposes of the General Data Protection Regulations we confirm that the proprietor and operator of the website at www.oliverandrobb.co.uk| (the ‘Website’) is Oliver + Robb Architects, Pitreavie drive, Dunfermline, KY11 8UH (‘we’, ‘us’, ‘our’ or ‘ORA’). ORA can be contacted via the contact section on the Website.
This policy is effective from 25 May 2018
Data Protection Policy
This Data Protection Policy explains how we, at ORA, deal with personal data under the General Data Protection Regulations, whether we are in the process of dealing with an enquiry, working together on a project, continuing our ongoing customer relationship, receiving a service, requesting feedback, or dealing with visitors to our website.
It describes how we collect, use and process personal data, and how, in doing so, we comply with our legal obligations. Privacy is important to us, and we are committed to protecting and safeguarding people’s data privacy rights.
This Policy applies to the personal data of our Clients, Employees, Potential Clients, Consultants, Contractors, Suppliers and any Potential Employee.
What kind of personal data do we collect?
- Client Data
To provide the high-quality services we aspire to we require to process certain information. ORA will only ask for details that will assist us in the delivery of our service, such as name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and a work address details. If a private client, then we may also ask for a home address.
- Consultant/Contractors/Supplier Data
We collect a minimum amount of data from our consultants/contractor/suppliers to ensure that we can easily communicate and process transactions. We will collect contact details for the main contact and any associate contacts within the business that we feel will assist us in processing transactions and delivering projects. Other information such as bank details so that we can pay for the services provide (if this is part of the contractual arrangements between us) will also be obtained.
- Employee Data
We collect a minimum amount of data from our employees and Partners to ensure that we can easily communicate and process transactions. We require information such as your name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and your work address details. Other information such as your NI number and bank details so that we can pay you and reimburse you for expenses.
How do we collect personal data?
- Client Data
We collect client data directly from our clients.
- Consultant/Contractor/Supplier Data
We collect consultant/contractor/supplier data directly from our consultants and suppliers.
- Employee Data
We collect client data directly from our employees.
How will we use your personal data?
- Client Data
The main reasons for retaining our clients’ personal details are to keep them informed of their project, keep them advised on any potential projects and to keep them informed about our business through marketing and media updates.
- Consultant/Contractor/Supplier Data
The main reasons for retaining consultant/contractor/supplier personal data is to ensure that we can fulfil any contractual arrangements between parties, keep them advised on any potential projects and to keep them informed about our business through marketing and media updates.
- Website Users
If a potential employee sends us an application form, a CV or contacts us with personal information for employment purposes, we may store that information for 6 months. We do not share that information with any third parties and would only contact the potential employee within that 6 month period should a suitable post arise. Thereafter the information be removed from the system.
- Employee Data
The main reasons for retaining your personal details are to pay you and keep you informed about the business.
How do we safeguard personal data?
Protecting personal information is important to us which is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, personal data. These processes include but are not limited to; encrypted server access, Laptop and Tablet devices are encrypted, all antivirus and gateway security settings are up to date and monitored.
How long do we keep personal data for?
Data stored and processed in our Electronic Document Management system. If we have not had meaningful contact with the individual for a period of six years, we will remove their personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
How can the individual access, amend or remove the personal data that has been given to us?
The individual has the right to access, amend or have their personal removed by writing to the Data Protection Officer, Oliver and Robb Architects, Pitreavie Drive, Dunfermline, KY11 8UH or emailing us at firstname.lastname@example.org. We will process the changes/removal of the personal information within 10 days. The individual’s rights also include:
- Right to Object
- Right to Erase
- Right to Restrict Processing
- Right to be Informed
- Right to Data Probability
- Right not to be subject to Automated Decision Making
Our legal basis for processing your data
- Legitimate interests
Article 6(1)(f) of the GDPR states that we can process personal data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
- Client data
We think it reasonable that if the individual has communicated with us in the past or we have had meaningful contact with the individual within the past 5 years that there is legitimate interest that the individual will continue to benefit from our continued communication. We want to provide potential clients with the opportunity to hear about our services and to have the ability to request additional information from ourselves.
- Contractor/Contractor/Supplier data
We store and process the personal information of individuals within interested organisations to facilitate the receipt of services from them as one of our consultants/contractors/suppliers. We may also hold financial details, so that we can pay for services provided. We deem all such activities to be necessary within legitimate interests.
Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
In this context, a contract does not have to be a formal signed document, or even written down, if there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
- Customer data
Where we have entered into a contractual agreement to deliver products and services with an individual we will process the appropriate and required information to do so. i.e. address details of the business.
Security of Personal Data
Transmission of data and information via the Website or by email is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website or otherwise arranged between us. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people.
We set security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.
Third Party Websites
Parts of our Website contain links to third party websites not owned by ORA (‘Third Party Websites’) for your convenience and information. If you use these links, you will leave the Website. When you access a Third Party Website, please understand that we do not control the content of that Third Party Website and are not responsible for the privacy practices of that Third Party Website.
All networks connected to the Internet communicate in ‘IP’ (Internet Protocol), which is a technical standard that allows data to be transmitted between two devices. ‘TCP/IP’ (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood. An IP address is a string of code which identifies your personal computer and tells the Internet that you are connected.
The Website does not automatically store or capture personal data except for logging your IP address. This information is not retained after you have logged off. We do not link information automatically logged in this way by any means with personal data about specific individuals.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
What we collect.
- We may collect the following information.
- Name and job title
- Contact information including email address
- Company Name
What we do with the information
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our website.
- We may periodically send emails about new projects and our practice news or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
ORA are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.