Acres Building Consultants Limited
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 2018 (the DPA 2018) and the General Data Protection Regulation (the GDPR).
2. Who are we?
Acres Building Consultants Limited is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
Acres Building Consultants complies with its obligations under the DPA 2018 and GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: -
- Where we engage with clients for professional services, we may collect and process personal data in order to satisfy a contractual obligation. We request that clients only provide the personal data that is required for us to fulfil our contractual obligation.
- Personal data from our contacts, which covers both potential and prior clients, held in our customer relationship management tool (CRM tool). This information is entered into the system after contact is made between a staff member of Acres Building Consultants Limited and a business contact individual.
- We collect personal data for our people as part of the administration, management and promotion of our business activities. Our staff handbook explains further how personal data is held for our staff and partners.
- Where an individual is applying to work for Acres Building Consultants Limited, personal data is collected through the application process. Data collected for this purpose will be used for employment and to make informed management decisions and for administration purposes.
- We collect and process personal data about our suppliers, subcontractors, and individuals associated with them. The data is held to manage our relationship, to contract and receive services from them, and in some cases to provide professional services to our clients.
- We have a contact form on our website where we may collect your name, email address and telephone number. We may also collect your opt-in consent to keep you up to date with our news and services.
4. What is the legal basis for processing your personal data?
Under the DPA 2018 and GDPR, the main grounds that we rely upon in order to process your Information are the following:
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
- Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your Information for the purposes of our legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected.
- Consent – we may ask for your consent to process your Information in a particular way.
- Vital interests – we may process personal data on the basis on vital interests if processing is necessary to protect someone’s life.
- Necessary for contract – we may process your personal data to fulfil our contractual obligations to you, or because you have asked us to do something before entering into a contract (for example, providing a quote).
- Public Task – We may rely on this legal basis to process data to perform a specific task in the public interest that is set out in law.
5. Sharing your personal data
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
- Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
- Third party organisations that otherwise assist us in providing goods, services or information
- Auditors and other professional advisers
- Law enforcement or regulatory agencies or those required by law or regulations
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
6. How long do we keep your personal data?
We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years). We may keep data for longer in order to establish, exercise, or defend our legal rights and the legal rights of our clients.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
7. Your rights and your personal data
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by us as a data controller.
- Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
- Individuals may request that we erase their personal data
- Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact PERSON.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.