PRP

PRP Architects LLP - Privacy Notice

1. IMPORTANT NOTICE

This is the Privacy Notice of PRP Architects LLP (partnership number OC361169) whose registered office is at Ferry Works, Summer Road, Thames Ditton, Surrey, KT7 0QJ (“PRP”, “we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.

This Privacy Notice relates to personal data (information) that identifies “you” meaning: any of our customers (or potential customers), our suppliers or other individuals who browse our website or individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.

We refer to this information throughout this Privacy Notice as “personal data” and paragraph 3 sets out further detail of what this includes.

Please read this Privacy Notice to understand how we may use your personal data.

This Privacy Notice may vary from time to time so please check it regularly. This version of our Privacy Notice was published in May 2018 and is the most recent version.

This Privacy Notice is not intended for children however we occasionally collect personal data of work experience students.

Additionally, this Privacy Notice is not intended to apply to personal data collection during the recruitment of employees or contractors, for which there is a separate privacy notice.

2. DATA CONTROLLER AND HOW TO CONTACT US

For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.

If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences please contact marketing@prp-co.uk.

If you need to contact us in connection with our processing or use of your personal data, or to gain access to it, then our contact details are h.drummond@prp-co.uk, 0208 339 3047, or Ferry Works, Summer Road, Thames Ditton Surrey, KT7 0QJ

3. CATEGORIES OF PERSONAL DATA WE COLLECT

The categories of personal data about you that we may collect, use, store, share and transfer are:

  • Advertising and Marketing Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences;
  • Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
  • Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, marital status, title, date of birth and gender and your contact details such as your work and home address, email address and telephone numbers;
  • Account and Profile Data. This includes personal data which relates to your account with us or your profile, such as any purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Financial Data. This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
  • Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of services you have purchased from us;
  • Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems at our locations in the form of images, video footage and sound recordings;
  • Market Research Data. This includes personal data which is gathered for the purposes of market research;
  • Health Data. This includes personal data which is gathered for health and safety purposes including any accident report or claim log at one of our locations or any information you provide about allergies or other medical conditions when booking a place to attend any of our seminars or events.

We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Operation Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

In addition, we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We do not collect any information about criminal convictions and offences.

4. THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA

a) We obtain your personal data from the following sources:

  • Directly from you, either in person (at our locations or otherwise), via our website or by telephone. This could include personal data which you provide when you:
    (a) request our services;
    (b) subscribe to our publications;
    (c) request marketing to be sent to you;
    (d) enter into a competition or promotion; and
    (e) complete a survey from us.
  • Automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies.
  • Third parties, such as:
    (a) Analytics providers (such as Google analytics);
    (b) providers of social media platforms (such as FaceBook, Twitter and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter.
  • Publically available sources, such as:
    (a) Companies House; and
    (b) HM Land Registry.

5. HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT

a) Where we are relying on a basis other than consent

We rely on one or more of the following legal bases when processing your personal data and have set out below the purposes for which we may process your personal data:

Purposes for which we process your personal data

Categories of personal data we use

The bases on which we can do this (this is what the law allows)

To register you as a new customer and process your order.

  • Individual Data;
  • Financial Data;
  • Account and Profile Data.

The processing is necessary

  • To Perform a contract with you; and
  • Our legitimate interest in the provision of services to our customers.

In order to perform our contractual obligations to you. This would include:

  • processing and performing any orders for our services placed by you;
  • orders placed by us where you are a supplier;
  • making or receiving payments, fees and charges; and
  • collecting and recovering money owed.
  • Individual Data;
  • Financial Data; and
  • Sales Data.

The processing is necessary.

  • To perform any contract entered into with you; and
  • Our legitimate interest in recovering debts owed to us.

In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the police).

  • Individual Data;
  • Audio and Visual Data; and
  • Health Data.

The processing is necessary for us to comply with the law.

In order to use your personal data in life or death situations where there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel).

  • Individual Data; and
  • Health Data.

The processing is necessary in order to protect the vital interests of an individual.

In order to manage our relationship with you including:

  • sending you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
  • to provide you with important real-time information about services we are providing for you (e.g. a change due to unforeseen circumstances);
  • to send you information you have requested;
  • to deal with your enquiries; and
  • to ask you to leave a review or feedback on us.
  • Individual Data;
  • Account and Profile Data;
  • Sales Data; and
  • Advertising and Marketing Data.

The processing is necessary:

  • to perform any contract entered into with you;
  • to comply with the law; and
  • for our legitimate interests in the management and operation of our business, to keep our records updated and to study how customers use our services.

In order to administer and protect our business, deal with any misuse of our website and to comply with our security policies at our offices.

  • Individual Data;
  • Account and Profile Data;
  • Audio and Visual Data; and
  • Information Technology Data.

The processing is necessary:

  • for our legitimate interest in provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and
  • necessary to comply with the law.

In order to make suggestions and recommendations to you about services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising.

  • Individual Data;
  • Sales Data;
  • Information Technology Data; and
  • Advertising and Marketing Data.

The processing is necessary for our legitimate interests (to study how customers use our services, to develop our services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy.

For internal purposes to; identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, services, marketing, customer relationships and experiences.

  • Information Technology Data;
  • Advertising and Marketing Data; and
  • Market Research Data.

The processing is necessary for our legitimate interest in defining types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;

  • Individual Data;
  • Account and Profile Data;
  • Sales Data;
  • Information Technology Data; and
  • Advertising and Marketing Data

The processing is necessary:

  • For performance of a contract with you; and
  • Necessary for our legitimate interests to promote our business.

To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.

  • Individual Data;
  • Account and Profile Data;
  • Sales Data;
  • Information Technology Data; and
  • Advertising and Marketing Data;

The processing is necessary for our legitimate interests in the sale or disposal of our business or assets.

In order to enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties.

  • Individual Data;
  • Account and Profile Data;
  • Sales Data; and
  • Financial Data.

The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.

In addition, we may lawfully process your Health Data (which falls within the Special Categories of Data (explained above)) in the following ways and on the following legal bases:

Purposes for which we process your personal data

Categories of personal data we use

The bases on which we can do this (this is what the law allows)

  • In order to use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency; and
  • In order to use information about your health in providing our services to you, where you have published in a public forum that you are suffering from a particular health condition (e.g. a dietary condition when booking to attend a seminar or event with us).

Health Data.

The processing is necessary to comply with social protection law in the case of a health and safety incident recorded at any of our locations or in order to protect the vital interests of you or another individual where you or the individual is physically or legally incapable of giving consent.

b) Where we may rely on consent

We would like to use your personal data for a variety of different purposes. For certain of these purposes it is appropriate for us to obtain your prior consent. These include where we or our carefully selected third parties have new products and services which we think you will be interested in.

The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

You may at any time withdraw the specific consent you give to our processing your personal data by following the opt-out links on any marketing message sent to you or by contacting us at any time using the contact details in paragraph 2 above. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.

6. WHO RECEIVES YOUR PERSONAL DATA

a) We may disclose your personal data to:

  • our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
  • HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
  • our PR agency (the Holistic Group) who process data on our behalf to assist with events and other marketing activities for us;
  • our external project delivery partners who we work with as part of a Cornwall development project if you are one of the participants in that project;
  • external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
  • law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
  • third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
  • third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation);
  • third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website or other social media platforms which you choose to interact with.

7. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US

If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.

You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.

8. ACCURACY OF YOUR PERSONAL DATA

It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

9. INTERNATIONAL TRANSFERS OF PERSONAL DATA

It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area including the USA.
In connection with such transfers the relevant safeguard in place is either:

  • standard data protection contractual clauses between us and the recipient (where this is the case, a copy can be obtained by contacting us using the contact details set out in paragraph 2); or
  • we are relying on the basis of an adequacy decision namely the Privacy Shield for transfers to the US, or where the European Commission has decided that the relevant non-EU country ensures an adequate level of protection.

10. HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR

We will store your personal data for the time period which is appropriate in accordance with our data retention policy. We will, in particular, retain your personal data where required for us to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled which can be up to 15 years. We keep the length of time that we hold your personal data for under review. These reviews take place annually.

11. CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA

In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract; or necessary to enter into a contract.

It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. However if you do not provide your personal data then the consequences of failing to do so may mean we are unable to perform to the level you expect under our contract with you or may not be able to perform the contract.. An example of this would be where we are unable to provide you with certain services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.

12. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 5b)), you may have a number of rights in connection with the processing of your personal data, including:

  • the right to request access to your personal data that we process or control;
  • the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
  • the right to request, on legitimate grounds as specified in law:
    (a) erasure of your personal data that we process or control; or
    (b) restriction of processing of your personal data that we process or control;
  • the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
  • the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
  • the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.

If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2.

13. LINKS TO OTHER WEBSITES

This policy only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third party websites.