Timothy Hatton Architects (“THA”) is committed to protecting the privacy and security of any personal data that it handles. We are required under General Data Protection Regulation (“GDPR”) and the data protection legislation, to notify you how we collect and use any personal data.
This privacy notice sets out the basis on which THA will use personal data, and applies to you if you are:
(a) a client or potential client
(b) a service provider, third-party consultant or an individual or employee of one of our service providers
(C) a prospective employee
Please read the following information carefully in order to understand the handling of your personal data.
The Privacy Principles
THA adheres to the following principles in relation to personal data for which we are a data controller (this means that we are responsible for deciding how we hold and use personal data):
To comply with GDPR, the data we hold must be:
• Held in a lawfully, fair and transparent way
• Collected only for valid purposes. For example, when it is necessary to provide a service, to keep you informed, or to comply with any legal/ regulatory obligations or for you or an employer to provide a service to us
• Relevant and limited to what is necessary for the purposes we have told you about
• Accurate and kept up to date
• Held and processed in a manner that ensures the appropriate security
How we collect your personal data
The type of personal data we hold at THA will depend on our relationship.
For example, we may need personal data in connection with our provision of services to you, to verify your identity in order to maintain our relationship with you, and to satisfy any legal or regulatory obligations.
Personal data refers to any information about a person that allows them to be identified. For example we may collect, use, store and transfer different personal data that includes – your name and address, contact details, and in the case of staff, date of birth, gender, professional data from a CV relating to qualifications, role, salary also there may be other limited circumstances nationality, signature, national insurance number and copies of identity documents such as your passport and driving licence).
We can process your personal data for the following reasons:
(a) clients/prospective clients – in order for us to perform a contract to which you (or carry out steps beforehand at your request), to comply with relevant legal or regulatory obligations to which we are subject and/or to pursue our legitimate business interests;
(b) relevant service providers or employees of service providers or prospective employees– in order for us to pursue our legitimate business interests. We will tell you beforehand if we intend to process data for any purpose other than that for which we have obtained the personal data (as explained in this privacy notice).
Where your personal data is held
We have procedures in place to ensure your personal data is kept safe and secure. These include:
• Intrusion detection
• Physical protection of the facilities where your data is stored
• Security procedures across all service operations e.g. password protection
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
How long does THA retain your personal data
We are required to maintain our records for as long as is required to fulfil our accounting, reporting or legal requirements.
As such, personal data that falls in scope of either of these requirements is retained in line with the mandated timeframe. Personal data may be held for longer than the above requirements if this is otherwise deemed necessary, relevant and/or useful. Such personal data will be destroyed if these circumstances change or if you specifically request us to do so (subject to any obligation that prevents us from destroying your personal data).
What are my rights in connection with my personal data
You have certain rights over any personal data that you provide to us, which will depend upon your relationship with us, the information you have provided and our legal and regulatory obligations:
• You have the right to request a copy of the personal data that we hold about you
• You have the right to request that the personal data that we hold about you is erased under certain circumstances (in particular this may apply if we have no legal and/or regulatory requirement to continue to retain it)
• You have the right to ensure that your personal data is accurate and up-to-date, or that it be rectified if necessary. Where your personal data is incorrect or inaccurate and should therefore be updated, please contact Elaine Dennison, email@example.com
• You have the right to restrict the processing of your personal data, for example limiting the material that you receive or where your personal data may be transferred to
• You have the right to object to any decisions based on the automated processing of your personal data, including profiling • You have the right to request the transfer of your personal data to another party
• You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel that we have not processed your data in accordance with GDPR, any contractual agreements, or this privacy notice
Notification of changes to this Policy
We may, from time to time, review and update this policy. We will maintain the latest version of this policy on our website (https://tha.co.uk) and where changes are deemed material, we will make you are aware of these.
If you have any questions, concerns or complaints about the practices contained within this document or how we have handled your data, please email: firstname.lastname@example.org
Alternatively, you may write to:
Timothy Hatton Architects
1 Adelaide Grove