Privacy and Data Policy
Dualchas Architects Ltd is committed to protecting the personal information of its clients, staff, suppliers, partners and contractors.
Dualchas Architects is a data controller which is registered with the Information Commissioners Office No. ZA485913 and we are subject to the General Data Protection Regulations which came into force in May 2018.
When you send us a website enquiry we will collect you name, address, contact phone numbers and email address/es. When you send us details of your product or service we may collect your name, position, company name, address, email address and contact phone numbers. When you send us your CV and/or portfolio, we may collect your name, address, email address and phone contact numbers.
You may also provide us with information by corresponding with us by phone and email. We may take your name, address, contact phone numbers and email address.
While we collect most of the information we hold directly from you, we will sometimes obtain information from third parties, such as references (with your consent). For example, HebHomes, our sister company may refer current clients, or redirect initial enquiries to Dualchas for more appropriate architectural services.
The personal information we may hold may include; your name, job title, company name, address, email address, phone contact numbers. We may also hold limited financial information such as bank account details and VAT registration numbers for the processing of invoices.
When we collect personal information from clients, potential clients and others, it will be used for the following purposes
- To maintain responsible commercial and contractual relations with you
- To understand your service and project needs
- To manage and develop our business and operations
- To meet legal and regulatory requirements
- To notify you of changes to our services
- To process a job application
- To recommend your product or service to relevant contacts.
When you voluntarily give us your personal information we will only use it for the above purposes. If we intend to use your personal information for a purpose other than those above, we will seek your express consent.
We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as necessary for the relevant activity. For further details please see our Document Retention Schedule
Under the GDPR we only use this data where the law allows us to. Most commonly, we will use this data in the following circumstance:
- For the performance of our contract with you or, at your request, carry out instructions in the lead up to entering into a contract.
- Where necessary for compliance with a legal or regulatory obligation we are subject to; and
- For our legitimate interests (as described within this policy) and your interests and fundamental rights do not override these interests.
Legitimate interest is when we, or a third party have a business or commercial reason to use your information, as long as it does not override your own fundamental rights and freedoms.
We have a legitimate interest in processing your personal information for marketing and promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We may use your personal information to send you updates (by email, text message, telephone or post) about our services and products.
You have the right to opt out of receiving promotional communications at any time by contacting the Office Administrator firstname.lastname@example.org
We do not share or sell personal data to third parties for promotional or marketing purposes.
We will treat your personal information as confidential and only share in the following circumstances. We may share personal information with:
- Third parties we use to help us deliver our services to your, e.g. consultants, contractors, suppliers, delivery companies, local authorities;
- Other third parties we use to help us run our business, e.g. our sister company HebHomes,
- Third parties, approved by you, e.g. third-party payment providers,
- Our insurers and brokers
- Our banks
We may also share personal information with external auditors, e.g. auditors of our accounts or in relation to ISO accreditation.
We will keep personal information while we are providing you with services, have an account or contract with you, or in our employment. Thereafter we will keep personal information for as long as necessary to:
- Be able to respond to complaints or claims made by you on your behalf
- Show that we treated you fairly
- Keep records required by law or governing body (RIAS ARB)
When personal information is no longer retained we will delete it and/or dispose of it securely.
You have the following rights which you can exercise free of charge
- Access: the right to be provided with a copy of your personal information
- Rectification: The right to require us to correct any mistake in your personal information
- Not to be subject to automated individual decision making:
And in certain circumstances
- To be forgotten: The right to require us to delete your personal information
- Restriction of processing: the right to require us to restrict processing of your personal information
- Data portability: The right to receive the personal information you gave to us in a structured, commonly used and machine-readable format and or transmit that data to a third party.
- To object: at any time to your personal information being processed for direct marketing,
You also have the right to see and correct data that we hold about you. If your details change or any other information we hold is inaccurate or out of date, please let our Office administrator know email@example.com
We use a number of cloud-based applications in the pursuit of our business, such as Dropbox and OneDrive. As such, some personal information may be stored in servers outside the EEA. We only use applications and platforms that demonstrate an approved certification mechanism under the GDPR regulations. Where on occasion, it may be necessary, for example to place an order with a supplier outside the EEA, or the project is based outside the EEA, we will seek your express consent.
Personal information is stored on a secure, onsite service and cloud based applications (One drive, Drop box) and access is only permitted to staff members with login accounts to access the information. All relevant security measures have been implemented to ensure that this information stays secure and all staff have been trained in the principles of data protection.
We provide free access to Wi-Fi in our Studios or our visitors. It is securely configured to separate our corporate data for internet browsing. As a guest you will be asked to logon to a secure portal that will grant you access to browse the internet only. We do not store any information about your connection or the sites you visit.
Generally, we do not collect any personal information from children and young people under 16. On the rare occasion where we may it will be with the prior verifiable consent from their parent or legal guardian.
We do not use automated decision-making and profiling.
If it become apparent that a potential data breach has occurred, we will endeavour to report this to the ICO within 72 hours of the becoming aware of the breach. This will be the case if the data breach is likely to result in damage to a person’s reputation, financial loss, loss of confidentiality, or major financial or social disadvantage. If the breach is likely to result in the risk to your rights and freedoms of the we will also contact, you without due delay.
Data breaches will be reported to the ICO on the breach helpline 0303 123 1113
The GDPR give you the right to complain with the Information Commissioner, www.ico.org.uk/concerns or phone 0303 123 1113.
This Policy was published in January 2019
We may change this policy from time to time. When we do will inform you via our website or other means of communication, e.g. email.
Dualchas Architects Ltd
Sabhal Mòr Ostaig
Isle of Skye
01471 833 300