Issue 01 24/5/18
Whitespace Design Consultancy Ltd Data Privacy Notice.
This privacy notice sets out how Whitespace Design Consultancy Ltd uses and protects any information that you provide and complies with the new General Data Protection Regulations (GDPR) which come into effect on 25 May 2018. Whitespace Design Consultancy Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
Whitespace Design Consultancy Ltd may change this policy from time to time by updating this policy. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.
Your personal data is defined as “data which by itself or with other data available to us that can identify you.”
You can contact our GDPR representative at Whitespace Design Consultancy Ltd at the address found at the bottom of the page.
2. The types of personal data we collect and use
Whether or not you become a client we may use personal data for the purposes listed below. Most of the data we will collect directly from you, however data collected indirectly is also mentioned in this privacy notice.
The personal data we may use about you may include:
• Full name and personal details including contact information (i.e. business/home address and address history, email address, Home/Business/ Mobile telephone numbers)
• Date of birth/age
• Financial details (e.g. Bank details)
• Insurance information (if relevant)
• Photographic if relevant for example –-I.D Cards.
• Educational/employment details
• Personal data from other persons necessary to fulfil your engagement terms. You must have authority to provide their personal data to us and share this data privacy statement with them beforehand together with what you have agreed to on their behalf.
3. Providing your personal data
We will tell you if providing personal data is optional, including if we ask for your consent to process it. You must provide your personal data so we can fulfil your engagement terms, unless you are already a client and we hold your details.
4. How we keep your data safe
We protect your information with security measures under the laws that apply and keep our IT systems, files and buildings in a safe and secure manner.
5. How long do we keep your data?
We hold your data while you are a client and, for a period of time after any disengagement, in accordance with our legal and regulatory obligations. We do not hold it for longer than necessary.
6. Meeting our legal and regulatory obligations
To use your data lawfully we rely on one or more of the following Legal bases:
• Fulfil our engagement terms
• Legal obligation
• Protecting the vital interests of you and others
• Public interest
• Our legitimate interests
• Your consent
To meet our regulatory and legal obligations we collect some of your personal data, verify it keep it up to date through regular checks and delete it once we no longer require it. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the data we need or help us keep it up to date, we may not be able to provide you with our full service.
Sometimes we need your consent to use your personal data for proactive requests for example with funding institutions, feedback requests etc. We may do this by phone, post, email or through digital media. You can decide if you do not wish to receive these proactive requests and you have the right to opt out. You can remove your consent at any time by contacting us.
8. How we use your information
We use your information to:
• Fulfil our engagement terms
• Identify ways we can improve our services
• Protect both our interests
• Meet our legal and regulatory obligations
We do not use your data for marketing analysis and/or analysis of behavioural trends . We do not use technology to make decisions automatically about your personal profile.
9. Your data and Third Parties
Sometimes we share your data with third parties for example:
• Sub-contractors and other parties who help service your contract with us
• Other parties connected to your contract.
• Companies and persons providing a service for us (i.e. our IT supplier)
• Legal and professional advisors
• Fraud prevention agencies
• Government bodies in the UK (i.e. HMRC)
• Payment systems (i.e. Visa or Mastercard)
• Anyone else where we have your consent or as required by law.
10. International Transfers
We do not normally transfer your personal data outside the European Economic Area (EEA) to help us provide services. In the event that we do, we expect the same standard of data protection to be applied outside the EEA to these transfers and the use of your data to ensure your rights are protected.
11. Your Personal Rights
Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from 25 May 2018)
• the right to be informed about our processing of your personal data
• the right of access your personal data and see how we process it
• the right to rectification of your data if it is incorrect or inaccurate
• the right to erasure of your data (Known “as the right to be forgotten”)
• the right to restrict processing of your personal data
• the right to data portability i.e. to move, copy or transfer your personal data
• the right to object to the processing of your personal data
• the right not to be subject to automated decision-making including profiling
You have the right to complain to the information commissioner’s office. It has the enforcement powers and can investigate compliance with the Data Protection Law.