Vivus Solutions Ltd seeks to use data on all relevant individuals and groups in strict confidence, as set out in the Data Protection Act and the General Data Protection Regulations (“GDPR”). The term ‘The Company’ refers to Vivus Solutions Ltd, registered address 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
- The Company collects and processes personal information, or personal data, relating to its clients in order to administer and manage projects effectively. This personal information may be held by the Company on paper or in electronic format. The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your association with Vivus Solutions Ltd, We are required under the GDPR to notify you of the information contained in this privacy notice.
- This privacy notice applies generally to all clients who have an association with Vivus Solutions Ltd, in all relevant capacities.
- The Company has appointed a data compliance manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or about how we handle your personal information, please contact Lucy Oliphant, Director at email@example.com
- Data protection principles
- Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be: • Processed lawfully, fairly and in a transparent manner. • Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes. • Adequate, relevant and limited to what is necessary in relation to those purposes. • Accurate and, where necessary, kept up to date. • Kept in a form which permits your identification for no longer than is necessary for those purposes. • Processed in a way that ensures appropriate security of the data.
- The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
- What types of personal information do we collect about you?
- Personal information is any information about an individual or organisation from which that person or organisation can be directly or indirectly identified. It does not include anonymised data, i.e. where all identifying particulars have been removed.
- The Company collects, uses and processes a range of personal information about you / your organisation. This includes (as applicable): • contact details, including names, addresses, telephone numbers and e-mail addresses • bank account details if applicable for payment. • photographs of buildings / sites concerned with our engagement with you
- How do we collect your personal information?
- The Company may collect personal information about it’s clients in a variety of ways. It is collected upon initial contact, in developing terms and conditions and in the general process of the project / contract we are engaged to administer / manage or in the supply of materials and via our website. We may collect information to enable us to apply to fund raising bodies, and provide you with periodic marketing material and information about our materials. We collect information to develop statutory applications for the following (the list is not exhaustive): • Planning Applications • Listed Building Applications • Building Regulations Applications • Applications through Ecclesiastical Exemption
- Your personal information may be stored in different places as per below: • Hard copy in a paper file held in the office either on site/current project or our main working office. • Digitally on the internal server within and on individual workstations as required. • Within a database of client details • On iPads / telephones / laptops where remote access is required • Within email system • Within our accounting system where relevant
- Why and how do we use your personal information?
- We will only use personal information when the law allows us to. These are known as the legal bases for processing. We will use personal information only in relation to the professional service we offer you in whatever capacity agreed in terms and conditions of engagement.
- The purposes for which we are processing, or will process, your personal information are to: • enable us to maintain accurate and up-to-date client records and contact details (including details of whom to contact in the event of an emergency) • administer the contract we have entered into with you • operate and maintain a record of complaint and grievance issues / procedures and action taken • enable us to establish, exercise or defend possible legal claims Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
- We will also use your personal information in order to contact you via telephone, email and post as necessary to perform the functions of our engagement with you.
- We will also use your contact details to provide you with newsletters or general updates from time to time. If you wish for this not to happen please contact us to let us know.
- What if you fail to provide personal information?
- If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.
- Change of purpose
- We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
- Who has access to your personal information?
- Your personal information may be shared internally within the Company in order to satisfactorily undertake the contract we have entered into with you and as instructed by you.
- The Company may also share your personal information with other consultants that form part of the project team where required, subject to your agreement. These often include the following: • tendering contractors • Planning Department • Building Control department • Governing body / decision making body for ecclesiastical exemption • External consultants that form part of the project team • funding bodies and organisations • legal advisers if required • delivery and logistic companies
- How does the Company protect your personal information?
- The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to employees, agents, contractors, consultants and other third parties who have a business need to know in order to perform their job duties and responsibilities in line with your instructions. You can obtain further information about these measures from Lucy Oliphant – firstname.lastname@example.org
- The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
- For how long does the Company keep your personal information?
- The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed.
- The Company will generally hold your personal information for the duration of your project and for as long as communication is maintained. We hold personal information for audit, insurance and regulatory purposes for 15 years following completion of our work for you at which point we are obligated to destroy / remove your data.
- Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems.
- Your rights in connection with your personal information
- It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address or other contact information. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
- As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to: • request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it • request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected • request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected • restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy • object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground • data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
- If you wish to exercise any of these rights, please contact our data compliance director. Subject access requests from individuals should be made by email, addressed to the data controller/ directors at email@example.com. The data director can supply a standard request form, although individuals do not have to use this. Individuals will be charged up to £10 per subject access request. The data controller/director will aim to provide the relevant data within 14 days. The data controller/director will always verify the identity of anyone making a subject access request before handing over any information.
- If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
- Transferring personal information outside the European Economic Area
- [The Company will not transfer your personal information to countries outside the European Economic Area.
- Changes to this privacy notice
- The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you have any questions about this privacy notice or how we handle your personal information, please contact our data compliance director as follows: Lucy Oliphant firstname.lastname@example.org
Please can you confirm acceptance or otherwise of the above information by email and providing a quick acknowledgment response. If this document was posted to you can you please send a letter confirming receipt and acceptance in the stamped, addressed envelope included.
- Privacy Notice: