Gaunt Francis Architects is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Gaunt Francis Architects may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from May 22nd 2018.
- We are committed to safeguarding the privacy of our employees, clients and website visitors and will only use your personal information to provide services as requested from us, in accordance with contractual or legal obligations, or where legitimate interests apply.
- In this policy, “we”, “us” and “our” refers to Gaunt Francis Architects.
- This policy applies where we are acting as a data controller and where staff duties constitute that of a data processor.
- In accordance with Article 4 of the General Data Protection Regulation (GDPR) the following definitions are applicable:
- – ‘personal data’ means any information relating to an identified or identifiable person who can be identified through this information;
- – ‘special category data’ means any information considered more sensitive than general personal data and is subject to an additional condition for lawful processing;
- – ‘processing’ means any action or set of actions which is performed on personal data, including, but not limited to, collection, recording, organising, structuring and storing of data;
- – ‘data controller’ refers to the person or persons who, alone or jointly, determines the means and purposes of the processing of personal data;
- – ‘data processor’ refers to the person or persons who process personal data on behalf of the controller.
- Information we collect is provided voluntarily when an employee, client or organisation enters a relationship with us. The information we collect may include, but not be limited to, name, address, contact details (e.g. phone number and/or email address), bank account details, passport and driving licence.
- Information may be collected from sources other than the individual directly, such as in the case of CVs or other data required for recruitment as provided by recruitment agencies. In these instances, the source and categories of data remain traceable and identifiable.
- Some data is collected automatically during the execution of ICT services (website; office network) such as IP address, cookies, device ID and activities within these systems. Internal use of this data by us is restricted by strict adherence to our ICT Policy and Procedures, however this data may be stored in databases owned and maintained by service providers. The services providers may use such information to track, for example, the total number of visitors to our website or the number of connections to our server.
If we send any marketing communications, each marketing communication will contain an easy “unsubscribe” option to opt-out of receiving future marketing communications. Additionally, if at any time you wish not to receive any future marketing communications or wish to be deleted from our mailing lists, please contact us as detailed below.
Information you provide may be passed on to third party affiliates where there is a legitimate or legal reason for doing so; such as pension or death in service providers or optional services we provide where an employee opts in (e.g. Child Care Vouchers; BUPA).
In accordance with Article 6 of the GDPR, we have audited our data and ensured each category of data complies with a lawful reason for processing. Our legal grounds are as follows:
- Contractual Requirements: Much of our processing of personal data is to meet our contractual obligation to employees or clients, or in anticipation of entering into a contract with them. Two such examples are in the instance of collecting CV information of potential future employees, or collecting data of clients during business to business negotiations where are services have been requested.
- Legitimate Interests: Under several circumstances we process personal data on the condition that is furthers our legitimate interests, or those of the individual or client in question, so long as they do not override the fundamental rights and freedoms of the affected individual. These include:
- Providing a safe working environment;
- Providing employees with resources to aid execution of their responsibilities; such as arranging a hire car;
- Offering our clients the opportunity to participate in corporate or hospitality events;
- Providing optional services to an employee (e.g. Child Care Vouchers; BUPA);
- Marketing communications (on the condition that there is always a clear “unsubscribe” option within each communiqué);
- Analysing and improving our business practices;
- Processing job applications;
- Managing legal issues.
- – Legal Obligation: We are required to collect, process and disclose personal data in certain ways to meet our legal obligations (e.g. pensions, planning applications).
- – Protection of Vital Interests: We may collect or share personal data where it may be required to save someone’s life, such as in the case of a medical emergency.
- – Consent: When required by law, and where no other legal basis applies, we will handle personal data only by consent of the individual.
- – We will only collect and process special category data if an additional condition for processing is valid as per Article 9 of the GDPR. For more information on these conditions see Article 9(2) of the GDPR.
As a United Kingdom based company we have ensured that our data storage, including the location of Cloud Storage Servers, is located within the United Kingdom or the European Union, or, where the service is provided by a third party (such as File Server or website host), that they are or will be compliant with GDPR on or before 25th May 2018.
As detailed in Article 32 of the GDPR, we have taken appropriate and reasonable technical and organisational measures to ensure a level of security appropriate to the risk of personal data. These measures are outlined in detail in the company ICT Policy and Procedures documentation, but include such measures as:
- Secure and GDPR compliant offsite managed server;
- Restricted building and office access;
- Restricted access to ICT systems including limited access folder structure, appropriate HR management software, limited (and separate) administrator accounts for ICT responsible staff;
- Access to personal data is restricted to certain employees by organisational structure (e.g. Finance, HR, ICT);
Users who may be required to act as a data processor for confidential information (such as the IT Manager) are required to adhere to a Confidentiality Agreement.
The period of data retention is dictated by a combination of legal obligations and company policy depending on the purpose of the data being held. We follow a rigorous process for data disposal to reduce risks of data breaches.
Chapter 3 of the GDPR provides the following rights for individuals:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
Please be aware that depending on the legal basis for the processing of the personal data, not all rights will apply. For example, if the legal basis is a legal obligation an individual will not have the right to erasure, the right to portability, nor the right to object.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.