Architectural design specialists - Home extension plans

PRIVACY POLICY

1. Who are we?

SKETCH3D Design and Drafting & SKETCH3D Residential Design are privately owned building design and drafting businesses serving small builders and home owners.

Our geographical range is Australia and the UK.

This privacy notice is to let you know how SKETCH3D promises to look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.

2. Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated in April 2018.

3. How the law protects you

We are only allowed to use your personal data if we have a one or more of the following reasons to do so:

- To fulfil a contract we have with you, or

- When it is our legal duty, or

- When it is in our legitimate interest (which means we have a business or commercial reason to use your information. We still have to assess whether your rights when relying on this reason), or

- When you give us consent to

Here is a list of all the ways that we may use your personal information and the reason from the list above which we are relying on. If we are relying on a legitimate interest this is also detailed below:

- To manage our relationship with you or your business.

- To assist you with obtaining the services you require in relation to your building design or construction enquiry.

- To further develop our services

- The manage how we work with other companies that are required to fulfil your requirements.

- To manage customer payments including debt recovery.

- To run our business in an efficient and proper way.

- To exercise our rights set out in agreements or contracts.

- To maintain statutory records.

Our reasons:

- Your consent

- Fulfilling contracts

- Our legitimate interests

- Our legal duties.

Our legitimate interests:

- Keeping our records up to date and determining what services you require from us or other required design and construction consultants.

- Developing products and services and what we charge for these.

- Defining types of customers for new products and services.

- Seeking consent when we need it to contact you.

- Being efficient about how we fulfil our legal and contractual duties.

- Complying with regulations that apply to us.

 

4. Types of personal information (We may use different kinds of personal information)

Contact – Where you live and how to contact you.

Transactional – Details about payments including to and from your accounts with us.

Contractual – Details about the services we provide to you.

Communications – What we learn about how you use our services.

Consents – Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you.

 

5. Where we collect personal information from

We may collect personal information about you (or your business) from third party consultants or companies out side of our control.

Data you give to us

- When you talk to us on the phone

- When you use our web site forms or mobile device apps.

- In emails and letters

Data we collect

We also collect data when you use our services. The can include the profile you create to indentify yourself when you connect to our internet or mobile services.

Data from third parties. We assume that you have given consent to the third party to provide information to us to assist you with procuring the services you require.

 

6. Who do we share your personal information with

- Regulators and other authorities including the police, and only when required to do so.

- Credit reference agencies.

- Debt collection agencies.

- Fraud prevention agencies.

- Any party linked with your business’s, product or service.

- Companies required to fulfil the services you require. This includes private and government services.

- Other companies or people who you consent to share data with.

- We may chose to sell our business, this includes the details of projects we have undertaken.

 

Credit reference agencies - Name, address and date of birth.

We may use this data to

- assess whether you or your business is able to afford to make payments.

- Make sure what you’ve told us is true and correct.

- Manage accounts with use.

- Trace and recover debts.

 

Sending data outside the EEA

SKETCH3D Design and Drafting is no longer based in the UK. All data is transmitted electronically to SKETCH3D Residential Design in Australia.

Services provided are transmitted electronically back to the UK.

Email and Data is backed up onto cloud services. Although we believe these to be secure we have no direct control of the storage systems or where they are located and therefore cannot be responsible for these systems being compromised.

7. Marketing

- We do not sell your data.

- We may send you occasional informational marketing relevant to building design and construction services.

- We may follow up after provision of services to determine how your requirements were filled to improve our services and generally to determine if your satisfied with what we have provided to you.

- You can ask us at anytime to stop sending marketing material by email nomarketing@sketch3d.co.uk or following the unsubscribe options on any bulk emailing system used.

 

8. How long do we keep your personal data.

- We will keep your personal data for the duration of the project and at least 6 years beyond. At the end of the six years your electronic project file is electronically archived but no longer accessed unless required for future works at which point we will ask for your consent to use this data.

 

9. What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is a no need for us to keep it. This is known as the right to object and right to erasure, or the right to be forgotton.

 

There may be other legal or official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.

 

You can ask us to restrict the use of your personal information if.

- It is not accurate

- It has been used unlawfully but you don’t want us to delete it.

- It’s not relevant and more, but you want us to keep it for the use in legal claims.

- You have already asked us to stop using your data.

 

10. Access to your information and correction.

You have the right to request a copy of the information that we hold about you. This is kept on a client data sheet which can be emailed.

 

11. Cookies.

We do not use cookies on our websites.

 

12. Other websites

Our websites contain links to other websites. This privacy policy only applies to websites created by and in the control of ourselves. You will need to read and agree to the privacy policies of third party websites.

 

13. How to complain

Please let us know if you are unhappy with how we have used your personal information. you can contact us at privacyandpersonaldata@sketch3d.co.uk

 

14. How to contact us.

If you wish to contact us regarding the data we hold about you please email privacyandpersonaldata@sketch3d.co.uk

 

Subject Access Request Procedure

15. Introduction

The Company needs to collect personal information to effectively and compliantly carry out our everyday business functions and services and in some circumstances, to comply with the requirements of the law and/or regulations.

As the Company processes personal information regarding individuals (data subjects), we are obligated under the General Data Protection Regulation (GDPR) and Data Protection Bill to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.

 

16. The General Data Protection Regulation

The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data.

 

17. What is Personal Information?

Information protected under the GDPR is known as “personal data” and is defined as: - “Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Information Commissioners Office (ICO).

 

18. The Right of Access

Under GDPR, an individual has the right to obtain from the controller, confirmation as to whether personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information: -

- the purposes of the processing

- the categories of personal data concerned

- the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed

- If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used)

- the envisaged period for which the personal data will be stored (or the criteria used to determine that period)

- where the personal data was not collected directly from the individual, any available information as to its source

 

19. How To Make a Subject Access Request (SAR)?

A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR.

You can make this request in writing using the form at appendix one, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in electronic form (unless otherwise request by you).

 

20. What We Do When We Receive An Access Request

Identity Verification

Subject Access Requests (SAR) are passed to the Data Protection Officer as soon as received and a record of the request is made, who will use reasonable measures to verify the identity of the individual making the access request, especially where the request is made electronically.

Where we are unable to verify your details, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.

If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.

Information Gathering

If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.

Information Provision

Once we have collated all the personal information held about you, we will send this to you in writing (or in a electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.

 

21. Fees and Timeframes

Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs.

The business always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

 

22. Your other rights

Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reason(s).

We will rectify any errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.

If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Information Commissioner and to seek a judicial remedy.

In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the form at appendix one make such requests.

 

23. Exemptions and Refusals

The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within 30 days of receipt of the request.

Where possible, we will provide you with the reasons for not acting.

 

24. Submission & Lodging a Complaint

To submit your SAR, you can contact us privacyandpersonaldata@sketch3d.co.uk

 

25. Supervisory Authority

If you remain dissatisfied with our actions, you have the right to lodge a complaint with The Information Commissioner’s Office (ICO) who can be contacted at: -

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Fax: 01625 524 510
Web: https://ico.org.uk/make-a-complaint/

 

Subject Access Request data required to indentify and locate your data within our filing system.

Data Subjects Name:

Home telephone number:

Email:

Data Subjects Address:

Project reference if relevant:

 

Specific details of the request:

 

We may require a signed and scanned request and or further information should we not be satisfied of who is requesting the data.