Privacy Policy
Andrew Black Design Ltd (“we”, “us”, “our”) understands that everyone’s privacy is important and we care about how personal data is used. Personal data is defined as data from which a living person can be identified. We will only collect and use personal data in ways described here, and in a manner consistent with our obligations and your rights under data protection legislation, including but not limited to the Data Protection Act 2018 and the UK General Data Protection Regulation and any acts or legislation that supersede them.
We are the controller of your personal information under applicable data protection legislation, unless otherwise stated in this Privacy Notice.
Aim of this notice
This Privacy Notice explains how we collect, store, use and share any personal data gathered in the course of our business. It also explains your rights under the law relating to your personal data.
What personal data do we collect?
We may collect some or all of the following personal data from you, which will vary according to your relationship with us:
- Name
- Address (company or personal)
- Email address (company or personal)
- Telephone number (company or personal)
- Job title
- Accessibility requirements if relevant to project.
Storing Personal Data
Personal data will be stored in a range of different places, including on our records for your project, on documents such as drawings, project reports, building control applications, planning applications and on other IT systems and platforms, which we use to operate our business. These include Microsoft Outlook, CRM database, Project Management System, File Sharing Platforms, Accounts Management Platforms and Website Hosting Services.
Your personal data will generally be held in the UK. Exceptions to this rule are in respect of two of our suppliers, which may hold personal data in New Zealand, Australia, EU, Japan and the US. The EU, Japan and New Zealand have been deemed by the UK to have adequate laws in place to keep your personal data as safe as in the UK. When our suppliers hold your personal data in the US or Australia they will ensure they use an appropriate transfer mechanism called the Standard Contractual Clauses to protect your personal data.
Visiting our website
We use cookies to operate some functionality on our website and collect anonymised information which inform us about the use of our website. Please see our Cookie Policy for more information.
Our website contains links to various third-party websites. We are not responsible for the content or privacy practices of any external websites that are linked from our site. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Our legal basis for using your personal information
We only use your personal information where that is permitted by the applicable data protection legislation. We only use personal information where:
- the data is necessary for us to perform works or services under a contract with you or a third-party organisation;
- it is needed for compliance with a legal obligation;
- it is necessary for the purposes of our legitimate business interests to run a successful architecture studio, and your interests and fundamental rights do not override those interests; and
- you have consented to our use of your personal data (if consent is needed).
How do we use your personal data?
We will use your personal information to respond to enquiries or complaints or manage and deliver the contracted services, to allow us to respond and communicate with you regarding your project, and to issue invoices, statements or reminders or pursue you for non-payment (where necessary).
We may occasionally use your contact information to send you details of our products and services or to invite you to events we are involved in. When we do, you have the option to opt-out of receiving further such communications from us. If you are not, and have not been, a client of ours, we will obtain your consent prior to sending you marketing information, except where we are emailing you as a representative of your employer that is a corporate entity in which case we rely on legitimate interest.
Who do we share your personal information with?
Except for our suppliers that support the operation of our business (see above), we will not share your personal data with third parties, unless your project works necessitate this. We will then share your personal data with, for example, suppliers, contractors, consultants, council planning offices etc. in order to obtain necessary designs, surveys, consents etc. for the progression of your project. We may also share your personal data if required to comply with law or regulatory obligation, in the event of a restructure or sale of our business or if necessary to enforce the terms of the contract we have entered into with you.
We do not disclose personal information to anyone else except as set out above unless we have your consent or we are legally obliged to do so. We do not sell your data.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How do we protect your personal information?
We take the security of your personal data seriously and have appropriate security measures, including internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed, except by our employees in the proper performance of their duties.
How long will we keep your personal data?
We will not keep your personal data for any longer than is reasonably necessary in light of the reason(s) for which it was first collected or for as long as we are required to keep it by law or regulatory requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What are your rights?
Under data protection law, you have the following information rights:
- Your right to be informed about how your personal information is being used.
- Your right to access the personal information we hold about you.
- Your right to rectification of inaccurate personal information we hold about you.
- Your right to request the erasure of your personal information in certain limited circumstances.
- Your right to restrict processing of your personal information where certain requirements are met.
- Your right to object to the processing of your personal information.
- Your right to data portability – You have the right to ask that we transfer elements of your data either to you or another service provider, in certain circumstances.
You can exercise your rights by contacting us at mail@andrewblackdesign.com or by post to Andrew Black Design, The Mews, 27 Tay Street Lane, Dundee, DD1 4EF.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any cause for complaint about our use of your personal data, and we do not resolve it to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk