- STATEMENT OF PRIVACY POLICY
Our Commitment to Your Privacy:
Protecting our clients’ privacy is of paramount importance to ASK Building Control. It is ASK Building Control’s policy that no private client information obtained by us is sold or made available to third parties except that:
- Third parties may be used by ASK Building Control to assist in the completion of all Building Regulations and activities that may be required as part of the Building Control Service such as Local Authority, Fire Service, Water Authority, Agents i.e. Architect/Builder, Enid Taylor and Worldpay.
- Client information may be released to legal and other third-party representatives at the Client’s direction.
- Client information may be released in accordance with applicable laws and regulations.
We will not share non-public personal information about our clients with non-affiliated third parties without prior client consent, except for specific purposes described below. This notice explains our collection, use and safeguarding of client information.
How ASK Building Control Gathers, uses and Shares Information:
In connection with providing clients with a Building Control Service we may obtain information about them from the following sources:
- Client agreements and other information that clients provide to us, whether in writing, in person, by telephone, electronically or by any other means. This information may include a client’s name, address, phone number, and email address.
- Transactions on a client’s behalf.
- Consumer reporting agencies. This information may include account information and credit history; and
- Public sources.
The sources as detailed above are necessary to provide services to clients and to conduct ASK Building Controls business operations. The processing of data is to allow ASK Building Control to provide and conduct client and business operations such as:
- personalisation of content, business information or user experience
- account set up and administration
- delivering marketing and events communication
- carrying out polls and surveys
- internal research and development purposes
- providing goods and services
- legal obligations
- meeting internal audit requirements
Please note these lists are not exhaustive. However, all necessary steps and actions have been taken to ensure stringent safeguards are in place to protect all data held by ASK Building Control.
Where do we store and process personal data?
Data that is held, processed and stored will be done so in accordance with our privacy policy and the applicable law of the country where data is located.
No information will be accessible to anyone other than an authorised person within ASK Building Control, and controls including a secure entrance to the building are in place to ensure a high level of protection.
Please note that currently no information is shared outside of the European Economic Area, however from time to time to ensure and provide services we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications and/or marketing (both electronic and print). However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shieldprogramme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).
How do we secure personal data?
Measures have been taken through our IT systems and electronic/print systems to ensure that ASK Building Control protects data against:
- accidental loss
- the prevention of unauthorised access, use, destruction or disclosure
ASK Building Control has further committed to ensure:
- business continuity and disaster recovery
- the restriction of access to personal information is only for those required to access it during the course of processing and providing necessary business
- all staff and contractors are trained on data security
- that there is management of third-party risks, through use of contracts and security reviews
Please note this list is not exhaustive, however ASK Building Control works within the strict guidelines of Construction Industry Council, Local Authority, Fire Service, Water Authority etc.
How long do we keep your personal data for?
The GDPR requires the ASK Building Control retains data for no longer than reasonably necessary. Information will be retained for a period of 15 years. This will be in conjunction with current laws and contractual obligations in line with our governing body, Construction Industry Council (CIC).
Our Privacy Policy continues to apply to all former clients, and data will be confidentially shredded by a certified company after a period of 15 years in line with the CIC standards.
Your rights in relation to personal data:
Under the GDPR, ASK Building Control respects the right of data subjects (clients and others whom we hold data on) to access and control their personal data, including (but not limited too):
- access to your own personal information
- correction and deletion
- withdrawal of consent (if processing data on condition of consent)
- data portability
- restriction of processing and objection
- lodging a complaint with the Information Commissioner’s Office
Should you wish to make a request in relation to your own personal data please do so in writing to our Data Officer (Marie Willmore) where a response will be given within one month.
Please be aware that in certain circumstances data subject rights may be limited:
- if fulfilling the data subject request may expose personal data about another person,
- or you request data to be deleted which we are required to keep by law,
- it is not possible to identify the subject (client, persons or information required)
What legal basis do we have for processing your personal data?
The “General Data Protection Regulation” (GDPR) is the primary piece of legislation defining your rights over our processing of your personal information. The GDPR requires us to declare which of six “lawful reasons” we are relying on when we are processing your personal data:
- consent
when responding and dealing with queries and work which allows ASK Building Control to complete actions for the purpose of business operations and services, and any other emails, newsletters and electronic or written material which may be of information to you and relates directly to ASK Building Control or changes in current statutory legislation.
- legitimate interests
for the completion of Building Control Services matters which amount to our need for the purpose of business operations and services.
- vital interests, public task, legal obligation
to comply with current law including (but not limited to) anti money laundering and to ensure ASK Building Control remains compliant at all times with the Construction Industry Council.
Sharing Information with Non-affiliated Third Parties:
We only disclose non-public client information to non-affiliated third parties when we believe it necessary for our provision of services to you or as required or permitted by legislation, such as:
- If you request or authorise the disclosure of the information;
- To provide client services;
- To respond to a subpoena or court order, judicial process, law enforcement or regulatory authorities;
- To perform services for the business or on its behalf to develop or maintain proprietary trading or other software;
- In connection with a proposed or actual sale, merger, or transfer of all or a portion of our business or an operating unit;
- To help us prevent fraud;
- With rating agencies, persons assessing compliance with industry standards, or to the lawyers, accountants and auditors of the business;
- To comply with legislation, statutes, rules and other applicable legal requirements.
We do not make any disclosure of client non-public personal information to other companies who may want to sell their products or services to you. For example, we do not sell client lists and we will not sell client names to catalogue companies.
Opt Out Provision:
If, at any time in the future, it is necessary to disclose any client personal information in a way that is inconsistent with this policy, we will give our clients advance notice of the proposed disclosure so that they will have the opportunity to opt out of such disclosure. We believe that sharing client private information under the circumstances noted above is either mandated by law or necessary for us to conduct our business and to best service client accounts. Clients desiring to opt out of the above disclosures should contact us immediately and we will terminate our agreement with you and arrange for you transfer your account. If, at any time in the future, it is necessary to disclose any of client personal information in a way that is inconsistent with this policy, we will give our clients advance notice of the proposed disclosure so that they will have the opportunity to opt out of such disclosure.
How to contact us?
We take steps to safeguard client information. We restrict access to the personal and account information of our clients to our employees and agents for business purposes only. We maintain physical, electronic and procedural safeguards to guard your personal information. Additionally, we have internal controls to keep client information as accurate and complete as we can. If you believe that any information about you is not accurate, or you wish to discuss this policy, and how it is applied further, please contact our Data Officer (Marie Willmore) either via the ASK Building Control ‘Contact us’ page online, by email or postal mail.
To Whom This Policy Applies:
This Privacy Policy applies to individuals who obtain or have obtained services from ASK Building Control.
Use of cookies and other technologies Inc. Linking to other websites / third party content:
We may use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) – Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. This also applies to our use of Microsoft. Their Privacy policies are available on their own company websites.
Other Information:
We reserve the right to change this Statement of Privacy Policy. The examples contained within this Privacy Policy are illustrations and they are not intended to be exclusive.
If you require further information about the use of your data or would like to exercise any of the above rights, please contact:
Ask Building Control Ltd
Evans Business Centre
Hartwith Way
Harrogate
HG3 2XA
E: info@askbuildingcontrol.co.uk
T: 01423 813585