This policy explains the types of personal information about you which we hold and how we use it. If you have any questions or concerns about our personal data policies and procedures, please contact us by writing to OSP Architecture, Broadmede House, Farnham Business Park, Weydon Lane, Farnham, Surrey GU9 8QT or by sending an email to firstname.lastname@example.org
If you are not happy with any aspect of how we collect and use your data, please contact us so that we can try and resolve your concern.
2. What information do we collect about you?
Personal data means any information capable of identifying an individual; however, it does not include anonymised data.
Typically, the business to business personal data we collect about you is limited to the types of information found on a business card.
We may process certain types of personal data about you as follows:
a) Identity Data may include your first name, last name, title and date of birth.
b) Contact Data may include your work place address, email address and telephone numbers.
c) Financial Data may include your business bank account
d) Transaction Data may include details about payments between us and other details of purchases made by you.
e) Identity and Contact Data from publicly available sources such as Companies House, the Electoral Register and Land Registry.
3. How we use the information about you
We use the information which you provide in order to manage your account with us to provide relevant information about your requirements to third parties with whom we deal with such as Local Authorities, insurance companies and where we need to comply with a legal or regulatory obligation.
The Legal basis on which we will normally use the information is as follows:
a) Where we need to perform our contract with you for the provision of the services that you have requested; or
b) Where we need to comply with a legal obligation; or
c) Where it is necessary for our legitimate interests (or those of a third party), provided that your interests and rights do not override our interests.
We do not and will not sell or share your information for marketing purposes with any other company or third party, we also do not use your details for any of our own marketing purposes.
4. Purposes for processing your personal data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data:
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a similar purpose.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
5. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table above:
• Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activated in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes in accordance with our instructions.
6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are bound by a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Access to your information and correction
You have the right to request a copy of the information we hold about you. Under certain circumstances, you have rights under data protection laws in relation to your personal data.
These include the right to:
• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data
• Object to processing of your personal data
• Request restriction of processing your personal data
• Request transfer of your personal data
• Right to withdraw consent
You have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, please visit www.ico.org.uk.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information, or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any other third-party.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any information which you think is inaccurate.
Please email us or write to us using the email or postal address specified at the beginning of this document.
8. For how long is personal information retained?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. About this Website
This website is designed to comply with the EU General Data Protection Regulation 2018 (GDPR).
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. Cookies are either:
a) Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page, but they do not collect any personal data from your computer; or
b) Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
We do not use session or persistent cookies on our website and we do not use any visitor tracking software.