Privacy Policy

This privacy notice demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the UK General Data Protection Regulation (UK UKGDPR) and all other data protection legislation currently in force. 

 

In accordance with that legislation, when processing data we will;

  • process it fairly, lawfully and in a clear, transparent way
  • collect it only for reasons that we find proper, in ways that have been clearly explained to you
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep it for only as long as we need it
  • process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)
 

Conran and Partners Ltd is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.

This Privacy Notice relates to third parties. Past and present employees, workers and contractors should refer to our Privacy Notice for Employees and our Data Protection policies and procedures, as issued with your contract of employment and/or available on our internal systems.

 

DETAILS OF INFORMATION WE WILL HOLD ABOUT YOU

 

“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.

The list below identifies the kind of data that we may hold about you:

  • Identity Data – including name, title, country of residence, company, and job title
  • Contact Data – personal contact details such as addresses, telephone numbers, and email addresses
  • Professional Data – e.g. information on your business card or CV including company, job title, qualifications, educational history, work experience, job description, salary, professional memberships, right to work in the UK and any other information you may include when applying to us for employment
  • Usage Data – including information about how you use our website
  • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Data including CCTV footage and other information obtained through electronic means such as building entry records
 

In limited circumstances, we may also collect, store and use documents to prove your identification such as a copy of your passport or address, and/or the following “special categories” of more sensitive Personal Data:

  • information relating to your race or ethnicity, religious beliefs, sexual orientation, sex life and political opinions
  • information about your health, including any medical conditions and disabilities
  • information about criminal convictions and offences
 

The Personal Data we may collect varies depending upon how it is collected and for what purpose.

 

METHOD OF COLLECTION OF PERSONAL INFORMATION

 

Your personal information is obtained in a variety of ways including through:

  • information collected by cookies when you use our website. When you visit our website we may send a ‘cookie’ to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. See ‘Cookies’ below.
  • information automatically recorded when you use our IT systems, so that the systems can run effectively, and we can ensure they are not being misused.
  • direct interactions – where you provide information through correspondence which may be via post, phone, email or otherwise. This may include personal data you provide when you make business enquiries, complete an online form to subscribe to our newsletter, apply for employment and/or enter into a working relationship with us.
  • Third parties or publicly available sources – examples of which include submissions from recruitment agencies, background checks, financial checks, professional data sent via your employer as part of a professional collaboration or to enable us to assess suitability for a project
 
 

PROCESSING INFORMATION ABOUT YOU

 

We will only process personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:

  • consent: You have given clear consent for us to process your personal data for a specific purpose.
  • contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
  • legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
  • vital interests: the processing is necessary to protect someone’s life.
  • public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
 

LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

 

We carefully consider that the legal bases for which we will process the data contained in the list above (see “details of information we will hold about you” section above). Occasionally, we may process personal information about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and that your fundamental rights do not override those interests.

 

Ways we may use your personal data include:

 

  • To contact you in response to an enquiry.
  • To administer our working relationship with you and your employer (as applicable), such as providing and administering architectural and engineering services to you, and/or collaborating with you to bid for a design project or to provide design services. We may process identity, contact and professional data as is necessary for our performance of a contract with you and/or for our legitimate interests (for winning and providing design and architectural services, administering projects and otherwise running our business)
  • To send you communications about new projects, events we’re holding, or other information which we think might be relevant to you, using the email address you have provided.
  • For marketing campaigns and to win new business. This may include taking photographs or filming of our day-to-day design activities, projects events, and interviews.
  • To improve your experience of using our website.
  • To administer and protect this website
  • Internal record keeping to ensure any data we hold on you is accurate, up to date and secure.
 

There may be more than one reason to validate the reason for processing your personal information.

 

Where we rely on consent to process your personal data, you have a right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

 

LAWFUL BASIS FOR PROCESSING “SPECIAL CATEGORIES” OF SENSITIVE DATA

 

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.

 

We may process special categories of personal information in the following circumstances:

  • consent: You have given clear consent for us to process your personal data for a specific purpose.
  • contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
  • legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
  • vital interests: the processing is necessary to protect someone’s life.
  • public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law and meets the obligations under our data protection policy.
  • legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests
 

Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.

 

Examples of the circumstances in which we will process special categories of your particularly sensitive personal information may include: 

  • to determine if reasonable adjustments are needed or are in place
  • In order to fulfill equal opportunity monitoring or reporting obligations
 

Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavor to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.

 

SHARING DATA

 

Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties.

 

We may share your personal data with a third-party or third-party service provider (including, but not limited to, contractors, agents or other associated/group companies) within, or outside of, the UK. Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.  

 

Such third party providers may include professional advisors such as lawyers and accountants; processors such as providers of cloud hosting solutions or translation companies; and auditors, regulators or to otherwise comply with the law.

 

We may share personal data such as CVs of collaborating consultants to clients, potential clients or collaborating designers, where this was the purpose of collection.

All third-party providers are only permitted to process your personal data for specified purposes and in accordance with our instructions. Before we transfer any data we require the recipients to take appropriate security measure to protect your personal date in line with our policies and the law. If we transfer your data internationally, we ensure that those transfers take place in accordance with the Data Protection Laws, including by entering into data transfer agreements with recipients or obtaining your explicit consent.

 

DATA SECURITY

 

We take all reasonable steps to ensure that your data is safe and protected from misuse, loss or unauthorised access. We ensure this by implementing a range of technical safeguards and operational processes. We also have processes to deal with any suspected data breach.

 

If you suspect that your data has been misused or has been compromised please contact dpo@conranandpartners.com immediately.

 

Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality.

 

All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.

 

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data in these circumstances; any transmission is at your own risk.

 

Similarly, if you use any links on our website to leave our site, you should note that we do not have any control over that other website or their cookies. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

 

DATA RETENTION

 

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it or for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

At the end of the retention period, or until we are no longer legally required to retain it, your personal date will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised and you cannot be identified as being associated with that data.

 

YOUR RIGHTS IN RELATION TO YOUR DATA

 

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

 

In some situations, you may have the:

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request to our Data Protection Manager. If your request is manifestly unfounded or excessive we may make a small charge, or retain the right to refuse your request.
  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.
  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
  • Right to portability. You may transfer the data that we hold on you for your own purposes.
  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.
 

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so. If this is the case, we will inform you at the time that withdraw your consent.

 

If you wish to exercise any of the rights explained above, please contact dpo@conranandpartners.com.

 

Change of purpose for processing data

 

We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.

 

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules (see “lawful basis for processing your personal information” section above).

 

OUR NEWSLETTER

 

When subscribing to our newsletter you are required to give your clear and specific consent for your personal data to be collected, processed and transferred in accordance with our data protection procedures and this privacy notice. You have the right to withdraw your consent for this specific processing at any time. To withdraw your consent, please contact dpo@conranandpartners.com or use any unsubscribe link in any email newsletter that you receive. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

COOKIES

 

Cookies are small files created by most websites to help improve your web experience. They are either stored in the memory (session cookies) or on the hard drive (persistent cookies) of your computer or other device.

 

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

 

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. They do not store directly personal information but are based on uniquely identifying your browser and internet device. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. If you do not allow these cookies, you will experience less targeted advertising.
 

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

 

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

 

We may use a number of social media tools and external services to enhance visitor interaction on our site. If you already use these platforms their cookies may be set through our website. Data may then be collected by these companies that enables them to serve up adverts on other sites that they think are relevant to your interests.

 

QUESTIONS OR COMPLAINTS

 

Should you have any questions regarding this statement, please contact dpo@conranandpartners.com or +44 (0)20 7403 8899.

 

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

 

CHANGES TO THIS PRIVACY NOTICE

 

We reserve the right to update this Privacy Notice at any time and we will provide you with a new Privacy Notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.