Everyone has rights with regard to how their personal information is handled. During the course of the Partnership’s activities it will collect, store and process personal information about its staff, clients, supply chain members, third parties and stakeholders and the Partnership recognises the need to treat this in an appropriate and lawful manner.
The types of information that the Partnership may be required to handle include details of current, past and prospective employees, suppliers, customers and others with whom the Partnership communicates. The information, which may be held on paper, on a computer or other media, is subject to certain legal safeguards specified in the General Data Protection Regulations (GDPR). The GDPR impose restrictions on how the Partnership may use that information.
We may collect your private personal information in the following circumstances:
- When you enter into a contract for professional construction related consultancy services with us;
- When you enter into a professional services agreement with us as part of our supply chain;
- When you enter into an employment contract with us;
- When you apply for a position of employment within the Practice;
- When you expressly consent to be contacted for marketing purposes;
- When we legitimately require collection of private personal information for processing for a lawful purpose.
We can advise upon request, exactly which circumstance above applies to the collection and/or processing of your private personal information.
All data collected is kept securely on our companies’ server or on a secure external database, using encryption and password protection to gain access.
We may need to use your private personal information for one of a number of lawful processes to do with why we have collected this initially. The information we collect may be required to undertake services under contract, manage these services, and where expressly consented to, to email about other professional construction related consultancy services, events or Partnership updates.
The data is kept only for specific and legitimate purposes. The length of time this data is kept varies depending on the purpose it is used for and this information along with the purposes are set out in our Controller/Processor Lawful Purposes spreadsheets, which can be viewed upon request.
The data we hold will only be shared as part of specific and legitimate purposes for processing, such as Contract Processing. To see our full list of data categories held and the lawful basis for processing these can be seen in our Controller/Processor Lawful Purposes spreadsheets, which can be viewed upon request.
We share your personal data with third parties that process data on our behalf. We ensure such processing is done in line with the requirements of the General Data Protection Regulation (GDPR). The following third-party service providers or categories of third party service providers process personal data about you:
- Payroll providers
- Pension providers
- Official government bodies such as HMRC
- HR service providers
- IT service providers
Subject Access Requests and the Right to Rectification
The data held on a Data Subject can be viewed following a Subject Access Request (SAR). See Sections 1.15 and 1.16 of our GDPR Policy – which is available upon request.
You have the right to request a copy of the information that we hold about you. This may incur a reasonable charge for these copies, especially where hardcopies are requested or where no email address for service is provided.
Where express consent has been given we would like to send you information about our professional construction related services, events or Partnership updates, which may be of interest to you.
If you have consented to receive marketing information, you may opt out at any time.
We ensure that an express consent email for marketing is issued yearly so that you have a clear inalienable right to opt out of marketing and have your private personal information destroyed.
If you no longer wish to be contacted for marketing purposes please inform our Business Development Manager – call 020 8300 6811.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.
Dealing with Personal Data Breaches
When there is a Personal Data Breach, this will be recorded and the DPO will be informed. The DPO will then decide the best course of action.
When the Data Protection Officer believes the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Protection Officer shall communicate the Personal Data Breach to the ICO and to the Data Subject without undue delay.
Where notification to the ICO is not feasible immediately then this communication must occur no later than 72 hours after having become aware of it.
Our full GDPR Policy can be viewed upon request from our Data Protection Officer – call 020 8300 6811.