Our GDPR Statement of Compliance
At John Hill Associates, we understand the importance of you having confidence in us, to do the right thing. Giving you peace of mind that we do everything with the utmost professionalism, discretion and integrity is part of our values.
HOW WE OBTAIN YOUR PERSONAL DATA
Information provided by you
You provide us with personal data via online queries through our website, over the telephone, face to face, by email or by paper documents that you complete. This includes, but isn’t limited to, name, address, date of birth, email address, personal telephone numbers, bank details etc. We use this information to provide Architectural Services and manage construction projects on your behalf. Our legal basis for collecting and processing this data is therefore for the performance of a contract.
We may also keep information in any correspondence you may have with us by post or via email.
We may obtain sensitive data directly from you in order to undertake our contractual obligations. The provision of this information is subject to you giving us express consent.
Information we obtain from other sources
We will not obtain information about you from other sources.
HOW WE USE YOUR PERSONAL DATA
We use your personal data to manage Building Contracts and provide Architectural services on your behalf. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage. For further information of the organisational and system measures taken to safeguard your data, please refer to our Information Security Policy.
Do we use your personal data for marketing purposes?
We will not use your personal data for marketing purposes.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will keep information about you confidential. We will only disclose the basic information such as Name, Address email and telephone numbers from time to time as may become necessary to administer contracts on your behalf.
All our employees have received training on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection. A summary of our rules and procedures in respect of IT use and the protection of personal data are contained in our Acceptable Use Policy which is available on our website.
Transfer of your personal data outside of the European Economic Area
We do not transfer your personal data outside of the EEA
How long do we keep this information about you?
Our data retention periods are in line with the amount of time we need to keep your personal information in order to manage and administer your projects. We will also retain your personal data to comply with any legal, statutory and regulatory obligations. More information about this can be found in our Data Retention Policy, a copy of this can be provided on request. In all cases, our need to keep your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of permanently and confidentially.
Where your data is kept
Your personal data is kept on our Company IT systems, the security of which is governed by our Information Security Policy. A copy of this can be provided on request.
DATA SUBJECT RIGHTS
Subject access requests
You have the right to access personal data that we hold about you. This is referred to as a subject access request. In order to make a subject access request please write to the Data Protection Lead at John Hill Associates Ltd, 6 Shaw Wood Way, Doncaster or contact us by email at email@example.com.
Our response to a formal request shall include details of the personal data we hold about you, including the following:
- Sources from which we acquired the information
- The purposes for processing the information
- Persons or entities with whom we are sharing the information
Right to rectification
You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory and regulatory obligations.
Right to the restriction of processing
Subject to exemptions, you have the right to restrict the processing of your personal data when:
- You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
- The processing is unlawful and you oppose the erasure of the personal data but instead request the restriction in its use
- We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
- You object to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections
We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format, and have the right to transmit this data to another controller without hindrance from us.
Right to object
You have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, or in the establishment, exercise and defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us please write to the Data Protection Lead at John Hill Associates Ltd contact us by email at firstname.lastname@example.org.
Accuracy of information
In order to provide the highest level of customer service we need to keep accurate personal data about you. We take reasonable steps to ensure accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.
John Hill Associates Ltd will review this policy regularly to make sure we meet the highest standards and to protect your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.
If you have a complaint please write to the Data Protection Lead at John Hill Associates Ltd or contact us by email at email@example.com.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.