GDPR: Data Privacy for Clients, Consultants and Suppliers
JMAD Architecture is committed to protecting and respecting your privacy.
The aim of this Policy (along with our standard terms and conditions and any other documents referred to) is to set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. The rules on processing personal data are set out in The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
What constitutes personal data?
The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
Data Controller – A controller determines the purpose and means of processing personal data
Data Processor – A processor is responsible for processing personal data on behalf of a controller
Data Subject – A natural person
Categories of Personal Data: Personal data and special categories of personal data
Personal data – meaning information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (see Article 6 of the GDPR). For example, name, passport number, home address, private email address. Online identifiers include IP Addresses and Cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (See Article 9 of the GDPR) or criminal conviction and offences data. These types of personal data are considered to be more sensitive and you may only process them in more limited circumstances.
We use your personal data for the following purposes:
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
Legal basis for processing your personal data
Article 6 of GDPR - Our lawful basis for processing your personal data:
Sharing your personal data
Your personal data will be shared with Directors, Administrators and Finance where necessary. Your contact details are shared with the design team, including external consultants. Your details are shared with local authorities when we make applications.
Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.
How long do we keep your personal data?
We keep your personal data for no longer than is reasonably necessary, but maybe for a period of up to 7-12 years beyond the end of our contract with you. This is in case of any legal claims/complaints and accounting purposes.
Providing us with your personal data
You are under no statutory or contractual obligation to provide us with your personal data, but failure to do so will reduce or prevent communication during your contract or delay or prevent payment for goods and services.
Your rights to your personal data
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact the management team on 01205 875885 or email firstname.lastname@example.org Or contact the
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.