Privacy Notice

 

ArchitectureLIVE is committed to protecting and respecting your privacy.

This policy (together with standard terms and conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

1. Definitions

For key definitions, please go to  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/

 

2. Who are we?

Architecture Live Ltd is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: ArchitectureLIVE, Tall Trees, The Cylinders, Fernhurst, Haslemere, GU27 3EL. Tel: +44 1428 652018. Email: info(at)architecturelive.co.uk.

For all data matters and for the purposes of this document the data processor is the Office Manager.

 

3. Purpose of processing your personal data

We use your personal data for the following purposes:

  • To maintain contact and communication with you during the course of a potential or live project
  • To maintain our own records and accounts
  • To occasionally inform you of news, events or activities
  • To purchase goods, materials and services from you or in connection with a mutual contact

 

4. Categories of personal data concerned

We process the following categories of your data referred to in the categories of personal data described in the definitions section:

  • Personal data may include your name, address, email address, phone number, financial data for payments such as VAT registration and bank details.

We have obtained your personal data from you, your employees or publicly available data from websites.

 

5. Our lawful basis for processing your personal data

(a) Our lawful basis for processing your general personal data is: 

(i) Contract - the processing of personal data is necessary to:

  • provide a quote for our services; and/or
  • fulfil our contractual obligations with you including taking steps to enter into a contract

 (ii) Legitimate Interest

  • Processing is necessary for the purpose of the legitimate interest of the data controller or that of a third party, except where such interests are overridden by your interests or fundamental rights or freedoms. 
  • Contact details of clients and design team members for projects, including marketing purposes.
  • Data used for the purposes of purchasing supplies, materials and services for the legitimate running of the business.

 (b) Our lawful basis for processing your special categories of data:

(i) Processing necessary for the establishment, exercise or defence legal claims or where courts are acting in their judicial capacity.

  • Required should a claim be brought against AL by the client or in relation to the work done for the client. 

 

6. Sharing your personal data

Your personal data will be treated as strictly confidential and will be shared only with directors, HR administrative and finance staff where necessary, and contact details with members of the design team for project contacts.

 

7. How long do we keep your personal data?

We keep your personal data for as long as is reasonably necessary, which may typically be for a period of 12 years beyond the end of the contract with you. Relevant circumstances include in case of any legal claims/complaints. For accounting purposes we must keep records for 6 years from the end of the last company financial year they relate to.  For contracts under dead, details must be kept for a minimum of 12 years.

 

8. Providing us with your personal data

You are under no statutory or contractual obligation to provide us with your personal data, but failure to do so may have the following consequences: reduce or prevent communication with you during the contract; delay or prevent payment for goods and services.

 

9. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold
  • The right to request that the correction of any personal data if found to be inaccurate or out of date
  • The right to request your personal data is erased when it is no longer necessary to retain such data
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability), (where applicable, i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means)
  • The right to request a restriction is placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

 

10. Transfer of Data Abroad

We do not sell or trade any personally identifiable information to outside parties. This does not include trusted third parties, who may be domiciled outside of the EEA, who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or other's rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:

a) The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;

b) The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the Regulation); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;

d) The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);

f) The transfer is necessary for the conduct of legal claims;

We may transfer personal data outside the EEA, as encrypted cloud backups, as part of a cloud based collaboration system, or on a project by project basis where the client or main supplier is a company based outside the EEA, in which case project team contact details may be shared with them for communication purposes only.

Third parties that processes your personal data on our behalf are Google, Apple, Xero and Mailchimp. We may occasionally use We Transfer and Dropbox.  All these organisations comply with the EU General Data Protection Regulation 2018 (GDPR). They are based in the USA and are EU-U.S Privacy Shield compliant, with the exemption of Xero which is based in New Zealand.

 

11. Automated Decision Making

We do not use automated decision making in our business.

 

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice, explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

 

13. Changes to our privacy policy

This privacy policy will be regularly reviewed and any changes we may make will be posted on this page and, where appropriate, notified to you by email. 

 

14. How to make a complaint

To exercise all relevant rights, queries or complaints in the first instance, please contact the data processor who is the Office Manager.

 

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner's Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Thank you for taking the time to read this information.