Assael Architecture Ltd (referred to as “we”, “us” or “our” in this Privacy Policy) is the data controller of any personal data we collect about you when you interact with us, for example, when you use this website (“our website”) or apply for a job with us.
This Privacy Policy tells you about how and why we collect and use the personal data which you provide to us or which we collect about you. We are committed to protecting your personal information and respecting your privacy in accordance with applicable laws.
We want you to be fully informed about how we use your data, how we keep it secure and your rights.
We trust this Privacy Policy will answer any questions you have, but if not, please get in touch with us using the contact details provided at the end of this Privacy Policy.
We may need to update this Privacy Policy from time to time by updating this page. We will notify you of any significant changes, but would encourage you to come back and review it from time to time.
Ensuring the lawful use of your data
We will only use your personal data where we have a lawful basis to use it. We will usually only use your data where it is necessary for us to perform our contract with you (for example, to provide you with services you have requested), or in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might use your personal data to allow us to improve our website, products and services or, where you have applied for a job with us, to process your application. Please contact us using the details below if you would like further information about this.
We may sometimes need to use data to comply with our legal obligations (for example, to pass on details of people who are involved in fraud).
In some cases we will ask for your consent to use your data, for example, where you agree to receive marketing from us by signing up to our newsletter.
Further details of how we will use your personal information are provided below.
Website cookies
For details about use of cookies on our website, please see our Cookies Policy here.
What information we collect from you and how we use it
The information we collect about you and how we will use it, depends on how you interact with us. The table below provides some examples of the information we collect about you and how we will use it.
The personal data we collect from you |
How we use it |
Lawful Basis |
We will collect the personal data needed to identify you such as your name and company name. We will also collect your contact details, such as your email address, telephone number, job title and mailing address/place of work. |
Where you are our customer, to enter into a business relationship with you to provide services and to contact you about them where necessary. |
To enter into and fulfil our contract with you/legitimate business purposes. |
Where you are our supplier, to communicate and conduct business with you. |
To enter into and fulfil our contract with you/legitimate business purposes. |
|
Where you are a customer or supplier, to provide you with reports/invoices on request. |
To fulfil our contract with you/legitimate business purposes. |
|
To send you marketing communications and to keep you up-to-date about our services which we think will interest you.
|
Where you consent/legitimate business purposes. |
|
If you raise an enquiry or complaint with us. |
For legitimate business purposes. |
|
Fraud prevention and detection. |
Legal obligation/legitimate business purposes. |
|
Payment details and details of your transactions. |
Fraud prevention and detection. |
Legal obligation/legitimate business purposes. |
To assist you with any queries you have about current and previous payments. |
To fulfil our contract with you/legitimate business purposes. |
|
Information you provide to us when you contact us by telephone, email, post or social media. |
Provide you with the information, support and/or customer service you have requested. |
For legitimate business purposes. |
Technical information regarding your use of our website. This includes your computer’s Internet Protocol (IP) address and the date and time of your visit.
We also use “cookies” and similar applications for the purposes of enabling us to evaluate the use of our website and improve the experience of visitors to it. For information on the way in which we use cookies to monitor and manage our website performance, please see our Cookie Policy. |
To administer and to improve our website, to ensure it is presented in the most effective manner for you and to give you the best website experience and to allow you to participate in interactive features of our website if you choose to do so.
|
For legitimate business purposes. |
For data analysis, testing, research and statistical statistics to help us to improve our website and services.
|
For legitimate business purposes. |
|
To keep our website safe and secure. |
For legitimate business purposes. |
|
When you apply for a job with us, the personal data contained within your CV and application (such as your contact details, qualifications, employment history, nationality and immigration status). |
To assess your suitability for the role and, if you are successful, administer your employment. |
To comply with our legal obligations as a potential employer (such as to ensure you have the right to work); with your consent; and/or for our legitimate business purposes (such as to assess your suitability for the role).
If your application is successful, to enter into and/or to perform the employment contract. |
You do not have to give us any of the personal data set out above but, if you do not provide us with certain information, we may not be able to provide you with the services you have requested from us, deal with your query or process your job application.
Automated decision making
We do not currently carry out automated decision-making using information we hold about you.
Sharing your data
We share your personal data with trusted third parties to allow us to achieve the purposes set out above. When we do share your data with these third parties we have written contracts in place with them which require them to only use your data for the purpose we specify to them and that your privacy is secure and respected.
These trusted third parties include the following:
- Service providers for communications, including email, telephone, messaging, conferencing and file sharing systems, such as Cubic Interactive Limited and Mailchimp;
- Google Analytics, our web analytics provider;
- Where you apply for a job with us, third parties we work with during the application process such as external recruitment agencies and psychometric/skill based testers;
- Debt collection agencies for the purpose of tracing debtors and collecting debt; and
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
We may also share your personal data:
- in connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions.
- Where we have a duty or a legal obligation to do so, such as with the police, administrative authorities, other enforcement, regulatory or Government bodies, or in order to enforce or apply any agreements which we enter into with you.
Information we receive from third parties
We may receive information about you from third parties, such as credit reference agencies, debt collection agencies or from other organisations we work with.
We may combine the information you have given us, with information obtained from other sources, but we will only do this when we have a lawful basis to do so.
How long will we keep your personal data?
We will only keep your personal data for as long as we need to for the reason we collected it, as set out in this Privacy Policy.
We may also keep hold of some of your personal data if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse.
Personal data relating to suppliers, consultants and clients will be retained for 15 years from completion of the services provided to or by you.
Personal data relating to unsuccessful job applicants will be deleted at the latest 12 months following completion of our recruitment process. If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment in accordance with our Employee Privacy Policy.
International transfers
Your personal data may be transferred to or accessed from outside the EU/EEA in a jurisdiction that is not governed by EU data protection laws. For example, we may share your personal data with our group company Assael Architecture International Limited which is based in Bahrain and a number of our service providers are located (or will access your personal data from) outside the EU/EEA. However, safeguards are in place to protect personal data, as set out below.
In all such cases, at least one of the following measures will be in place to safeguard the data:
- Standard Contractual Clauses. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en [1];
- EU/US Privacy Shield Certification. See privacyshield.gov [2]; or
- The recipient country has been deemed to provide adequate protection by the European Commission. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.[3]
Please access the above links for further information or contact us using the details provided at the end of this Privacy Policy.
Security
We are committed to ensuring that your personal data is secure and we have put in place suitable administrative, technical, physical, contractual and managerial measures, including encryption and firewalls, to protect your personal data from loss, theft, unauthorised use, disclosure or modification. In addition, we have appropriate measures in place to make sure that the personal data it retains is accurate and up-to-date.
Third party links
Our website may contain links to other websites of interest. However, we do not have any control over third party websites and they will be governed by their own privacy policies, not this Privacy Policy.
How can I unsubscribe from marketing communications?
You can unsubscribe from our marketing communications by contacting us at any time using the details provided at the end of this Privacy Policy or in the unsubscribe instructions which are clearly displayed in each communication.
Your rights
You have the following rights in relation to the personal information we hold about you, to request:
- access to the personal data we hold about you (commonly known as a “data subject access request”) including a copy of it;
- the correction of the personal information that we hold about you if it is incomplete or inaccurate;
- the deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below);
- for our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it;
- to obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice; and
- to withdraw any consent you have provided to our use of your personal data. Where you withdraw consent we will stop using your data for the specific purpose, unless we have an alternative legal basis to use it.
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.
Right to Object
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data or we need to process it for the establishment, exercise or defence of legal claims.
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator and we will work with them to resolve it. In the UK, this is the Information Commissioner’s Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or, (if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance.
Contacting us
If you have any queries, comments or requests regarding this Privacy Policy, you have a complaint or you would like to exercise any of your rights set out above, you can contact us in the following ways:
- by email at dataprivacy@assael.co.uk; or
- by post at Data Privacy, Assael Architecture Ltd, 123 Upper Richmond Road, London SW15 2TL.
This Privacy Policy was last updated on 8 October 2018.
[1] In accordance with Article 46 of the GDPR.
[2] In accordance with Article 46 of the GDPR.
[3] In accordance with Article 45 of the GDPR.