MW Design & Consulting Limited respects your privacy and does not sell or redistribute your personally identifiable information to third parties. The company values the trust our customers and partners place in us when we are given access to their personal data.
The majority of data stored is ‘non-personal’, but where personal data is received from our customers we want to ensure we work to maintain trust and protect any information we receive, in line with GDPR and the interests of our customers.
What is personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
MW Design & Consulting Limited Website
You do not provide us with any personal information when you browse this site.
Our website does not contain links to other websites.
If you decided to contact us, we expect that you are contacting us regarding our services for advice or to receive a service proposal. We will only use that data to pursue the enquiry and offer additional professional services at a later date. Our legal basis for using your data in this context is ‘consent’.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more effectively, as well as to provide information to the owners of the website. We do not collect cookie data.
With your consent, we will normally collect the following data from you to enable us to provide the service requested and allow us to provide our invoices:
• Name, email address, job title, telephone no. and physical address;
• Service preferences, project locations, company info;
• Invoicing info, project contracts, quote letters;
• Geo location information including drawn and photographic details of your property;
• Any documents related to services requirements, i.e. planning documents, site plans.
This data is retained by us to respond to your enquiry or to manage your subsequent project. By contacting us or commissioning us for work, you are consenting to our contact on current and upcoming projects. Our retention policy applies.
In order to execute your project, you will need to consent to us sharing this data with other consultants, Local Authorities, suppliers and contractors servicing your project. We may also need to share your project data with our insurers or for compliance with a legal obligation. We will not use your personal data for marketing purposes without your explicit consent.
Retention of Data
We keep information in line with our retention policy. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your project (including future projects) and handle any insurance claims or request for assistance made by our Professional Indemnity insurers. They may also take into account our need to meet any legal, statutory and regulatory obligations. In all cases, our need to use your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of.
Current and previous customers – Where data is held for work purposes, we hold this data for at least 6 years or as necessary to meet legal requirements, from completion of our work.
Potential customers – if we speak about potential requirements of our services, but nothing amounts from it, we will only keep your info up to 2 years of inactivity.
Security of Data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have in place physical, electronic and managerial procedures to safeguard and secure the information we hold.
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
All employees and subcontractors associated with the company have a responsibility for ensuring any data collected is stored and handled appropriately.
The only people that can access the data require it for us to carry out their work. This data will not be shared informally. Employees will receive ongoing training to help them understand the importance of GDPR and handling data.
All data stored in secure servers follows strict guidelines, including:
Strong passwords that are not to be shared
No personal data will be disclosed to unauthorised people, internally or externally to the company
Data will be regularly reviewed and updated. If it is found to be out of date or no longer required, it should be deleted and disposed of securely
Where data is stored on paper, it should be kept in a secure location where unauthorised people cannot access it
When no longer required, data printed out should be shredded and disposed of securely
Most data is stored electronically, therefore must be protected from unauthorised persons, accidental deletion and also malicious hacking attempts.
When Data is stored it should be password protected with a strong password, and not shared amongst employees
Any stored data on removable devices, when not used, should be stored away securely in a locked location
Data should be back up securely and regularly
Servers and computers should be protected by security software and a firewall
Our data is mainly gained via enquiries made for our services and by working on joint projects with other consultants, such as Architects.
Data Access requests
In compliance with GDPR, individuals who are the subject of personal data being help by the company are entitled to:
• Request what information is being stored about them and why
• Be informed how to keep it up to date
• Be informed how the company is meeting GDPR obligations
Data Security Breaches procedure - ICO
Serious breaches or losses of personal data should be reported to the ICO (information Commissioner’s Office) using the DPA security breach helpline on 0303 123 1113 (Open Monday to Friday, 9am to 5pm). Selecting option 3 will allow you to speak to staff, who will record the breach and offer advice on what to do next.
Please refer to The Information Commissioner’s Office for information on individual rights: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
You can contact us by post, telephone or email to discuss our retention and use of your personal data or to withdraw consent.
MW Design & Consulting Limited,
143 High Street,
Chalfont St Peter,
Tel 01753 888587