> Website – TERMS OF USE

> Privacy   – USE OF PRIVATE INFORMATION POLICY

> GDPR      – WHAT IS THE GDPR?

 

Website – TERMS OF USE

Smalley Marsey Rispin Architects Ltd has taken all reasonable steps to ensure that the information contained within the pages of this site is accurate and current. However, no warranty is given and no representation is made regarding the accuracy of or completeness of the content of this site.

Smalley Marsey Rispin accepts no responsibility for any losses or damages arising out of errors or omissions contained in the site or arising from reliance on information contained in the site. Any links to other web sites does not imply that we approve or endorse the content of those sites and Smalley Marsey Rispin accepts no responsibility for the information made available via such sites.

Copyright in the pages of this site, in the screen displaying the pages and in the information, texts, graphics, images and material contained therein is owned by Smalley Marsey Rispin or Smith Smalley, unless otherwise stated. All trademarks, service marks, company names or logos are the property of their respective holders and no permission is given by Smalley Marsey Rispin in respect of their use and such use may constitute an infringement of the holders’ rights.

By accessing these pages you agree to be bound by these terms of use which shall be governed by and interpreted in accordance with the laws of England and Wales.

Please send corrections and error reports to admin@smrarchitects.co.uk

 

Privacy – USE OF PRIVATE INFORMATION POLICY

Last updated: 18th May 2018

SUMMARY:

We respect the EU’s General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us. There is no complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.

WHY WE VALUE YOUR PRIVACY

We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We’re uncomfortable with the information companies, governments, and other organisations keep on file, so we ask for only the bare minimum from our customers, suppliers and peers. We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by law.

HOW WE COLLECT INFORMATION

We ask for contact information including your name, email address, postal address and telephone number when you make an enquiry to work with us or supply us. We ask for your financial, billing and contact information when you purchase a service from us.

WHAT INFORMATION WE HOLD

When you contact us by email, telephone or giving us your business, we collect your name, title, email address, phone number and the company you work for, if you’ve given us that.

When you buy a service from us, we collect your name, email address, phone number, and any other personal data you provide us in order to action the work.

If you do business with us, we also collect your business name and bank details and keep records of the invoices we send you and the payments you make.

If you work for us, we collect the relevant personal information to fulfil our HR and payroll requirements.

WHERE WE STORE YOUR INFORMATION

When you contact us by telephone or email we store your information in our contact database, as well as the mailboxes used to deliver the email. When you buy a service from us, your information will also be stored in our Accounting software – these services help us manage our client’s contact data, user account information and accounting information. Our chosen systems are chosen partly for their commitment to security.

WHAT WE USE YOUR INFORMATION FOR

We might email or phone you about our products and services, but if you tell us not to, we won’t get in touch again. If you do any business with us, we will use your information to contact you regarding ongoing work, we may also use your information to achieve the work agreed. We will use your information to send you invoices, statements, or reminders. We might also use your contact information to invite you to take part in events with us.

WHO IS RESPONSIBLE FOR YOUR INFORMATION AT OUR COMPANY

Amanda Marsey, our Managing Director, is responsible for the security of your information. You can contact her by email at amanda.marsey@smrarchitects.co.uk if you have any concerns about the information we store.

WHO HAS ACCESS TO INFORMATION ABOUT YOU

When we store information in our own systems, only the people who need it have access. Our management team have access to everything you’ve provided, but individual employees have access to only what they need to do their job.

THE STEPS WE TAKE TO KEEP YOUR INFORMATION PRIVATE

When we store your information in third-party services, we restrict access only to people who need it. We store passwords using a secure service of our choice, which is locked down to appropriate staff members and protected by authentication.

The servers we use are all firewall protected and PC assess is protected by strong, unique passwords. These computers ask for authentication whenever they’re started.

HOW TO COMPLAIN

We take complaints very seriously. If you’ve any reason to complain about the ways we handle your privacy, please contact Amanda Marsey by email at amanda.marsey@smrarchitects.co.uk. If you prefer postal communication:

SMR Architects
The Exchange
Station Parade
Harrogate
HG1 1TS

LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

CHANGES TO THIS POLICY

If we change the contents of this policy, those changes will become effective the moment we publish them on our website.

GDPR – WHAT IS THE GDPR?

The General Data Protection Regulation (GDPR) imposes strict controls on how all organisations collect and process personal data within the EU and/or the personal data of EU citizens.

The enforcement of the GDPR is overseen by the UK’s supervisory authority, the Information Commissioner’s Office (ICO). It ensures that everyone is playing by the rules and that the rights of data subjects – the people whose data is being processed – are correctly protected.

Those individuals or businesses which determine the purposes and means of processing personal data are referred to as data controllers under the GDPR, whereas a data processor is responsible for processing data on behalf of the data controller.

The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:

  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary for processing
  • accurate and kept up to date
  • retained only for as long as necessary
  • processed in an appropriate manner to maintain security

We’ll continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes.

WHAT IS SMR’s ROLE UNDER GDPR?
We act as a data controller under the GDPR. As a data controller: We act as a data controller for the EU customer information we collect to provide our services and to provide customer support. This customer information includes things such as customer name and contact information.

AWARENESS & ACCOUNTABILITY
We have a company-wide commitment to compliance with the GDPR. Everyone working at SMR understands what their own responsibilities and those of the company are.

AUDIT
We have undertaken an audit to clearly document what data we hold, where we hold it, where that data comes from and where it goes. This enables us to keep track of all data and helps us to make the right decisions when it comes to making sure that your data is always protected.

POLICIES
We have updated our privacy policy so that you can see exactly how, why and where we may be processing your data, and how long we hold it for.

DATA PROCESSING ADDENDUM (DPA)
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services.

BASIS AND CONSENT
In order to use our Services, you need to accept our DPA and by agreeing to our Services Contract, you are automatically accepting our DPA and do not need to sign a separate document. In other words, by using our Services, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements.

However, in order to keep you up to date with other matters such as news updates and other general correspondence we will need your explicit consent. We make sure it’s obvious where and how you can agree to this and you can unsubscribe from these updates at any time.

YOUR RIGHTS
Under the GDPR you have the right to see a full copy of any data we hold about you and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).

This is also true for the data you hold about your customers within our Services – you need to be able to adhere to GDPR requirements too and it is our job to help you do that.

KEEPING DATA SECURE
We are constantly improving our security measures to keep the information we hold within our Services safe and whenever we work with third parties (sub-processors) to help us provide our service, we ensure that their security processes are as robust as our own.

DELETING A CLIENT’S DATA
Customers have the ability to remove or delete information they have uploaded to our Services. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted.