Privacy Policy

Client, Consultant and Supplier Privacy Notice (GDPR compliant)

Matthew Allchurch Architects Limited is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of data that we hold on you. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

This notice applies to you, our clients, consultants and suppliers.

 

Data Controller Details

Matthew Allchurch Architects Limited is a Data Controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows: 

Matthew Allchurch Architects Limited, The Boathouse Design Studio, 27 Ferry Road, Teddington, TW11 9NN. Tel: 020 8973 0050

 

 Data Protection Principles

In relation to your personal data, we will:

• process it fairly, lawfully and in a clear, transparent way

• collect your data only to maintain contact and communication with you during

the course of a potential or new project

• collect your data to purchase goods, materials and services from you

• only use it in the way that we have told you about

• ensure it is correct and up to date

• keep your data for only as long as we need it

• process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed 

 

Types Of Data We Process

We hold limited data about you, including;

• your personal details including your name, business address, business email

address and contact phone numbers

• financial data for payments such as VAT registration and bank details

 

How We Collect Your Data

We collect data about you usually when we enter into contract negotiations where we will collect the data from you directly. 

Personal data is kept securely within the Company’s Email and IT systems.

 

 The Legal Basis For Processing Your Data

The law on data protection allows us to process your data in order to perform the

contract that we are party.

We need to collect your personal data in order to:

• Carry out the service that we have entered into with you

• Communicate with you with regard the performance of that contract

• Keep you informed of events for marketing purposes

 

Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract.

Legitimate Purposes of running the Business. 

Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject

Contact details of clients and design team members for project contacts for legitimate running of the business.

Data used for purchasing services for the legitimate running of the business.

 

 Special Categories of Data 

We may need to process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when you have given explicit consent to the processing, or we must process the data in order to carry out our legal obligations. 

 

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law.

However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

 

Sharing Your Data

Your data will be shared with colleagues within Matthew Allchurch Architects Limited where it is necessary for them to undertake their duties. This includes; 

• Account Management to handle your reporting requirements and general contract queries 

• Technical staff to communicate with you with regards technical aspects of the contract

• Finance staff to handle invoicing and payment queries

• Management to handle client reviews

In some cases we share your contact information with third parties, notably other members of the design team, in order to fulfil the contract obligations. We limit to only where it is essential. 

We do not share your data with bodies outside of the European Economic Area.

 

Protecting Your Data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. 

Matthew Allchurch Architects Limited will -

• Prevent unauthorised access to its processing systems

• Ensure its employees only have access to personal data specific to their job role

• Ensure personal data cannot be copied, modified or removed without authorisation during processing or transmission

• Ensure that the security measures implemented protect personal data against Accidental or unauthorised destruction or loss, alteration, disclosure or access

• Notify the client, consultant or supplier of any notifiable breach without undue delay and at the latest within 72 hours of it becoming aware of the breach. 

Personal data is kept within our Email and IT systems, with limited information in hardcopy format. All soft copy personal data is held in systems that are access controlled. 

Servers have the following security features;

• Firewall protection

• All drives containing confidential information can be accessed by management only

• 3rd party access is controlled by Active Directory profiles

Email system has the following security features;

• Webroot email spam filter is used to block viruses

Where we share your contact data with third parties, contracts ensure that the data is processed managed and stored as specified in this document and in our Contract with the Customer. Sub processors will be required to implement appropriate technical and organisational measures to ensure the security of personal data and meet GDPR. 

 

How Long We Keep Your Data For

We keep your personal data for no longer than reasonably necessary, but may be for a period of 12 or 7 years beyond the contract with you. Examples include: in case of any legal claims/complaints, accounting etc., for example for accounting purposes we must keep records for 6 years from the end of the last company financial year they relate to. For contracts under seal details need to be kept for 12 years for legal purposes.

 

Your Rights In Relation To Your Data

The law on data protection gives you certain rights in relation to the data we hold on you. These are:

• the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice

• the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. 

• the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it 

• the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it

• the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct 

• the right to portability. You may transfer the data that we hold on you for your own purposes

• the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests

• the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights. 

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

You are under no statutory or contractual requirement or obligation to provide us with your personal data, but failure to do so will have the following consequences: Reduce or prevent communication with you during the contract; delay or prevent payment for goods and services.

If you wish to exercise any of the rights explained above, please contact:

Matthew Allchurch Architects Limited, The Boathouse Design Studio, 27 Ferry Road, Teddington, TW11 9NN. Tel: 020 8973 0050

Making A Complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.