This Policy may be revised from time to time to suit changes in the way we deal with data and to reflect any legal developments.
Please inform us should your personal data change during the time we work with you as it is important your data is accurate and up to date.
Our contact details are:
Company: Andrew Dobson Architects Limited
Address: Unit 8, Elysium Gate, 126 New Kings Road, London, SW6 4LZ
Phone: 020 7736 4390
Data Privacy Manager: Andrew Dobson
If you have any cause for complaint regarding your dataplease do contact the Data Privacy Manager. You do also have the right to make a complaint to the Information Commissioner’s Office (ICO) who are the United Kingdom supervisory authority for data protection issues. We would always appreciate the opportunity to deal with any queries or concerns in the first instance.
Under the GDPR, you have the following rights, which we will always work to uphold:
(i) The right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know but you can always contact us to find out more or to ask any questions.
(ii) The right to access the personal data we hold about you.
(iii) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
(iv) The right to be forgotten, the right to ask us to delete or otherwise dispose of any of your personal data that we have, subject to our legal obligations.
(v) The right to restrict the processing of your personal data.
(vi) The right to object to us using your personal data for a particular purpose or purposes.
(vii) The right have a copy of your personal data held by us to re-use with another service or business in many cases.
For more information about our use of your personal data or exercising your rights as outlined above please contact us.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
Personal data is, in simple terms, any information about you that enables you to be identified. Personal data not only covers obvious information such as your name and contact details, but also less obvious information such as identification numbers, electronic location data and other online identifiers.
Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. It does not include data where the identity has been removed.
ADA may collect, use, store and transfer data about current, former and potential clients plus business contacts as follows:
(i) Identity: names, marital status, gender and date of birth plus any information about you and your family that allows us to assist with your project.
(ii) Contact: personal address, business address, email and phone numbers.Financial: bank account details for processing funds held in our client account including transaction information carried out on your behalf.
(iii) Technical: IP address and browser type on devices you have used to access our website.
(iv) Communication: preferences for receiving marketing emails and other such correspondence from us.
In many instances we will need to collect your personal data under the appointment legal agreement with you. If we are unable to collect this data we may not be able to carry out the architectural services you request of us. If you are unable or unwilling to provide the required data we may need to terminate the appointment legal agreement with you.
Your data may be collected as follows:
(i) Direct Interactions: current, former and potential clients and business contacts may give us their Identity, Contact and Financial data in person by corresponding directly with us by post, email or phone.
(ii) Third Parties: information received about clients and business contacts from third parties.
(iii) Technologies: information received by your interaction with our website.
We will process your personal data to:
(i) Comply with any legal or regulatory obligation.
(ii) Perform or carry out the appointment with you.
(iii) Supply architectural services to you and tailoring our services to you.
(iv) Communicating with you including responding to your emails, calls or correspondence.
(v) Providing contractors and other professionals with your details where relevant to enable your project to proceed.
To arrange client appointment
Identity, Contact & Financial
Legal and regulatory obligations
To carry out our appointed tasks
Identity, Contact & Financial
Legal and regulatory obligations
To manage relationship with clients and others
Identity, Contact, Financial & Communication
Legal and regulatory obligations plus perform our contract & for our legitimate interest
To develop our business and website
Identity, Contact, Technical & Communication
To use data analytics
Technical & Communication
To provide marketing communications
Identity, Contact, Technical & Communication
Your personal data will only be used for the purpose for which it is collected, unless we need to use it for another reason that is compatible with the original purpose.
If it is necessary to use your personal data for an unrelated purpose we will notify you to explain the legal basis allowing us to do so.
For our legitimate interests, with your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message or post with information about our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We will retain your personal data for a period of time so we can demonstrate that we have not discriminated on prohibited grounds and that the recruitment process was fair. Generally this period of time will be twelve months following our last communication with you. After this period we will securely destroy your personal data.
If we wish to retain your personal data beyond twelve months we will write to you to seek your explicit consent.
We collect and maintain personal and sensitive information about employees, other workers we employ and former employees. This information may includes name, contact details, gender, proof of identity, proof of qualifications, bank details, nationality, criminal records check, references, health questionnaire and next of kin.
As an employer we use your personal data to fulfil our statutory obligations including paying salaries, tax, national insurance, health & safety in the workplace. We may also involve sharing information with third parties such as but not limited to insurers, professional advisors, recruitment agencies, HMRC, DWP, pension and life assurance companies and other relevant parties.
Information provided to us during the job application process will be retained by us as part of your employee file for the duration of your employment plus seven years following the end of your employment. This includes your criminal records declaration, fitness to work, accidents at work, records of any security checks, references and eligibility to work in the UK.
We request that all third parties, with whom way may need to share your personal data, treat it in accordance with the law. We request that all third parties only use your personal data for the specified purposes in accordance with our instructions.
Some of our external third parties (e.g. Outlook 365 who provide our email and cloud storage services) may be based outside the European Economic Area (EEA) so the processing of your personal data may involve a transfer of data outside the EEA.
Our website may include links to websites beyond the control of ADA. By clicking on these links or connections may allow third-parties to collect data about you. We do not control third-party websites and are not responsible for their privacy policies or data handling. We would encourage you to read the privacy policies of these websites.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way.
Our organisational security measures include physical security measures for our premises. We aim to limit access to your personal data to only those employees, agents, contractors and other third parties who have a business need to know.
Our technical security measures include password protecting our IT systems and documents.
We have developed procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.
We will not keep your personal data for any longer than is necessary in light of the reasons for which it was first collected.
We will consider the amount and nature of the personal data, alongside the potential risk of harm resulting from an unauthorised disclosure plus the purpose for which the personal data was collected, when establishing the appropriate retention period.
We are legally required to keep information about our clients and projects for a least seven years after the project is completed. This will be a minimum of thirteen years in the case of a deed.
Please contact the Data Privacy Manager for further information regarding how long we will keep personal data.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it. This is a ‘Subject Access Request.’
All Subject Access Request should be made in writing and sent to our email or postal address.
There is not normally a charge for a Subject Access Request unless it is ‘manifestly unfounded or excessive.’ For example if you make repetitive requests a fee may be charged to cover our administrative costs in responding.
We will respond to your Subject Access Request within twenty-one days and not more than one month of receiving it. Normally we aim to provide a complete response within that time. In some cases, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
You will be kept fully informed of our progress.
We may need to request information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.