Data Protection Policy
Updated October 2022
Chapman Architects Limited comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which became enforceable on 25th May 2018. The nature of our work is construction and we use personal information to enable us to maintain our accounts and records and to support and manage our staff.
We process information relevant for the nature of our work. This may include:
- Personal details
- Financial details
- Employment and education details
- Goods or services provided
- We also process sensitive classes of information that may include:
- Physical or mental health details
- Trade union membership
Who the information is processed about:
- Customers and clients
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Complainants and enquirers.
We do not use any information for automated decision making or profiling.
We sometimes need to share the personal information we process with individuals themselves and also with other organisations.
Where this is necessary we are required to comply with all aspects of the GDPR.
Where necessary we share information with the following types of organisations or individuals:
- Family, associates and representatives of the person whose personal data we are processing
- Employment and recruitment agencies
- Current, past and prospective employers
- Educators and examining bodies
- Central Government
- Credit reference agencies
- Suppliers and service providers
- Debt collection and tracing agencies
- Financial organisations
How we keep information secure:
We take appropriate steps to make sure that the personal information we hold (on paper and electronically) is kept secure and only used by people who have a right to see it by using system access controls.
Where another company processes personal information on our behalf, they will only process personal information in line with our instructions.
Data Retention Period:
We may retain data for differing periods of time for different purposes as required by law or best practice. We incorporate these retention times into our processes.
Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data. We may store some data such as photographs, achievements, past project details indefinitely in our archive.
Cookies are text-only pieces of information that a website transfers to an individual’s hard drive or other website browsing equipment for record-keeping purposes.
Cookies allow the website to remember important information that will make your use of the site more convenient.
A cookie will typically contain the name of the domain from which the website has come, the lifetime of the cookie, and a randomly generated unique number or other value.
experience of the website
example, we may store the recent searches you have performed in a cookie so that we can allow
you to easily repeat those searches when you return to our website. When you visit our website,
there’s certain information that’s recorded which is generally anonymous information and does
not reveal your identity.We’re talking about the following kinds of details:a. your IP address or proxy server IP address;
b. the domain name you requested;
c. the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
d. the date and time of your visit to the website;
e. the length of your session;
f. the pages which you have accessed;
g. the number of times you access our site within any month;
h. the file URL you look at and information relating to it;
i. the website which referred you to our Site;
j. the operating system which your computer uses
Individuals have the following rights:
- The right of access to personal data
- The right to rectification of personal data held where it is incorrect or incomplete
- The right of erasure of personal data (“right to be forgotten”) if certain grounds are met
- The right to restrict / suspend processing of personal data
- The right to complain to a supervisory authority
- Additional rights that may apply in certain instances:
- Right of data portability (if processing is based on consent and automated means)
- Right to withdraw consent at any time (if processing is based on consent)
- Right to object to processing (if processing is based on legitimate interests)
- Right to object to processing of personal data for direct marketing purposes
The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Review of Data Protection Policy
This policy is subject to regular review and will be updated as necessary to reflect any changes in our operational activities, best practice in data management, security and control and to ensure compliance with any changes or amendments made to applicable law.
In the event that an individual is not satisfied with the way in which we are processing their personal data, they have the right to make a complaint with the Information Commissioner’s Office.
This policy was updated in October 2022 and has been delivered on behalf of Chapman Architects by: