GDPR: Data Privacy for Clients, Consultants and Suppliers
JMAD Architecture is committed to protecting and respecting your privacy.
The aim of this Policy (along with our standard terms and conditions and any other documents referred to) is to set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. The rules on processing personal data are set out in The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
What constitutes personal data?
The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
Data Controller – A controller determines the purpose and means of processing personal data
Data Processor – A processor is responsible for processing personal data on behalf of a controller
Data Subject – A natural person
Categories of Personal Data: Personal data and special categories of personal data
Personal data – meaning information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (see Article 6 of the GDPR). For example, name, passport number, home address, private email address. Online identifiers include IP Addresses and Cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (See Article 9 of the GDPR) or criminal conviction and offences data. These types of personal data are considered to be more sensitive and you may only process them in more limited circumstances.
We use your personal data for the following purposes:
- To maintain contact and communicate with you during the course of a potential or new project
- To maintain our own records and accounts
- To inform you of news, events or activities
- To purchase goods, materials and services from you
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
- Contact data such as name, address, email and phone number
- Financial data such as VAT Registration Number and bank details
Legal basis for processing your personal data
Article 6 of GDPR - Our lawful basis for processing your personal data:
- Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract. For legitimate purposes of running the business.
- Processing necessary for the purposes of the legitimate interests of the data controller or a 3rd party, except where such interests are overridden by the interests of fundamental rights or freedoms of the data subject. Contact details of clients used by design team and for marketing purposes. Data used for the purposes of purchasing supplies, materials and services for the legitimate running of the business.
Sharing your personal data
Your personal data will be shared with Directors, Administrators and Finance where necessary. Your contact details are shared with the design team, including external consultants. Your details are shared with local authorities when we make applications.
Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.
How long do we keep your personal data?
We keep your personal data for no longer than is reasonably necessary, but maybe for a period of up to 7-12 years beyond the end of our contract with you. This is in case of any legal claims/complaints and accounting purposes.
Providing us with your personal data
You are under no statutory or contractual obligation to provide us with your personal data, but failure to do so will reduce or prevent communication during your contract or delay or prevent payment for goods and services.
Your rights to your personal data
- The right to request a copy of the personal data we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to withdraw your consent to the processing at any time, WHERE CONSENT WAS YOUR LAWFUL BASIS FOR PROCESSING THE DATA;
- The right to request we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability), (where applicable, i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact the management team on 01205 875885 or email email@example.com Or contact the
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.