Sleater & Watson LLP Privacy Policy for Professional Services (Updated May 2018)
1. General
1.1 This Privacy Policy (the Policy) contains information about what data we collect, process and store and the reasons for do so. The Policy also sets out who we share information with, the steps we take to ensure information is kept secure, the rights of data subjects in respect of personal data and how to contact us in the event of a complaint.
2. About us
2.1 We, Sleater & Watson LLP, registered at Chandler House, 7 Ferry Road Office Park, Riversway, Preston PR2 2YH and operating from 26 West Cliff, Preston, PR1 8HU, provides Professional Services in accordance with instructions received from the Client. These Professional Services primarily relate to Civil and Structural Engineering consultancy services.
2.2 Sleater & Watson LLP and its employees act as data processors and data controllers for the purpose of the General Data Protection Regulation (GPDR) in respect of personal data supplied to us in order to provide the Professional Services.
2.3 If you have any questions about this Privacy Policy or about your personal data you can contact our GPDR Compliance Officer, Gavin Wilkinson via email at admin@sleaterwatson.co.uk or write to us at:
Sleater & Watson LLP
26 West Cliff
Preston
PR1 8HU
3. What personal data do we collect?
3.1 In order for us to provide Professional Services we may collect any of the following personal data from you that relates to the project that we are instructed on and you will usually be the source of what we collect, process and store;
• Name of the Client.
• Client’s organisation or business name.
• Contact information for the Client including postal address, email address and telephone number.
• Identification documents, where appropriate.
• Project details which may include, by way of example, personal data relating to third parties involved in the project.
• Fee and billing details.
4. How do we use the personal data
4.1 All personal data that we collect and process in relation to the provision of Professional Services will be securely stored and protected by us in accordance with applicable data protection legislation and this Privacy Policy.
4.2 The legal basis that we rely upon are that;
• The processing of data is necessary for the performance of the contract to provide the Professional Services to the Client.
• The processing of data is necessary for the purposes of legitimate interests pursued by us, such as, for the purpose of conflict checking, for the use in defence of potential complaints, legal proceedings or fee disputes or fee recovery, or for otherwise complying with our professional obligations as set out within the IStructE Code of Conduct.
• The processing of data is necessary in order to comply with legal obligation to which we are subject, such as, complying with investigations by the Institution of Structural Engineers (IStructE) or any other statutory regulator.
5. Data collected from other sources
5.1 In the provision of Professional Services it is likely that data will be provided solely by the Client, however, from time to time and depending upon the nature of the instruction, data may be collected via another party. Such data will only be collected, processed and stored based upon the legal basis outlined within clause 4.2 above.
6. The recipients or categories of recipients of the personal data
6.1 We will not use personal data for purposes that are not clear at the time when they were provided and personal data will not be disclosed outside of Sleater & Watson LLP, except where necessary for the provision of Professional Services and in accordance with our professional obligations.
6.2 Personal data may be shared with the following, in accordance with our instructions;
• The Client and their named representatives.
• Third party consultants, for example, Architect, Quantity Surveyor, Project Managers and Mechanical & Electrical Engineers.
• Building Contractors and their Sub-Contractors.
• Representative of other parties.· Regulatory Authorities.
• Courts, Arbitration, Independent Expert, Mediation and other tribunals that we are instructed to represent the Client before or to whom documents are presented.
6.3 We may share some personal data with third parties in limited circumstances and only in accordance with our professional obligations as set out in the IStructE Code of Conduct. These may include;
• If we are under a legal or regulatory duty to do so.
• If it is necessary to do so to enforce our contractual rights.
• To lawfully assist the police or security services with the prevention and detection of crime or terrorist activity.
• Where such disclosure is necessary to protect the safety or security of any persons.
• As otherwise as permitted under applicable law.
7. Transfer of data outside the European Economic Area (EEA)
7.1 In general we do not transfer data outside of the EEA. There may, however, be a requirement from time to time to transfer some of your personal data outside of the EEA if so required in order to provide the Professional Services. Where this happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is afforded the same or similar safeguards and processes that we undertake within the EEA.
8. Marketing
8.1 We carry out marketing activities which include communications via email, letter correspondence and any use of social media and other digital platforms. In the provision of marketing activities we may collect your name, address, email address, name of your organisation (if applicable), telephone number and details of your enquiry. Any personal data that you provide to use will only be used to provide information on services you have requested or have expressed an interest in to tailor marketing communications from us. We will not use your data for marketing purposes unless you have specifically given us your consent and we will not disclose it for marketing purposes outside of Sleater & Watson LLP.
9. Data retention
9.1 Our standard data retention period for personal data provided to us for the purposes of providing the Professional Services is a minimum period of 12 years from the date last worked on the project and these will be stored with us. Unless you instruct us to securely delete or destroy your personal information, or for reasons incompatible with relevant data protection legislation, including the General Data Protection Regulation and the requirement of other regulatory bodies such as the IStructE, we will continue to retain your personal information with us, beyond the 12 year period for an indefinite period.
9.2 If you do instruct us to securely delete or destroy your personal data, we will continue to only retain details of your name and contact information for future conflict checking.
10. Data security
10.1 We take the security of personal data seriously and we have appropriate measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed by those individuals authorised to do so and where there is legitimate need to access the data. Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by us, either through accidental disclosure or deliberate act, or in line with our obligations under applicable data protection legislation, including General Data Protection Regulation.
11. Rights
11.1 Under the General Data Protection Regulation, data subjects have a number of important rights regarding their personal information. In summary these rights are as follows and include the right to;
• Request access to personal data.
• Request that inaccurate data is corrected.
• Request that processing of personal data is restricted.
• Request that personal data that we hold is erased in certain circumstances.
• Request a copy of the personal data that has been provided to us.
• Object to the processing of personal data or the continued processing of personal data.
• Request not to be subject to automated decision making which produces legal effects that concern or affect data subjects in a significantly similar way.
11.2 Further information regarding the rights under the General Data Protection Regulation can be found by visiting www.ico.org.uk. These rights are subject to the conditions and restrictions set out in the General Data Protection Regulation and the Data Protection Act 2018.
12. Exercising your rights
12.1 Should you wish to make a request to exercise any of the above rights you should contact our GPDR Compliance Officer at the above contact details.
12.2 When contacting us, please ensure that you provide relevant information to allow us to identify you which can include confirmation of your project reference number, name, address, telephone number and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identify.
12.3 We will respond to you within one month from when we receive a valid request.
13. Changes to this Privacy Policy
13.1 Our policies and procedure are subject to regular review. From time to time we may change this Policy and we will inform you, usually by publishing updated content to our website, as appropriate.