BBM Sustainable Design Ltd are committed to protecting and respecting your privacy. This notice/policy outlines how we intend to use your data and the method in which your personal information will be processed securely.
For the purpose of The General Data Protection Regulation GDPR (EU 2016/679) which has replaced The Data Protection Act 1998, the data controller is BBM Sustainable Design Limited a company registered in England. Our company registration number is 4597504 and our registered office is at Cooksbridge Station House, Cooksbridge, East Sussex, BN8 4SW. Our registered VAT number is 803406466.
The handling, processes and storing of data is dealt with responsibly and in accordance with ICO requirements to ensure date is:
– Personal data shall be processed fairly and lawfully
– Obtained only for the purposes of supporting the core activity of BBM’s architectural service delivery for clients, employees, consultants and suppliers
– Adequate, relevant and not excessive in relation to purpose
– Accurate and kept up to date where possible
– Not kept for longer than is necessary
– Processed in line with your rights
– Kept securely with technical and organisational measures
– Not transferred to countries outside the EU without adequate protection
If you decide to work with us we will hold your personal data confidentially on our secure server located at our business premises at Cooksbridge Station House, Cooksbridge, East Sussex, BN8 4SW. The server is remotely monitored by our IT support provider. The server is backed up to cloud based storage and has RAID internal hard drives for added redundancy protection. Furthermore two identical copies of the server data is stored on individual external hard drives which are separately encrypted for security and kept off site. Additional individual work stations may also hold emails, these too are password secured with back-ups to cloud based storage.
We will typically collect personal information from the following types of organisations/individuals:
Project specific neighbours and stakeholders
Information we may collect:
Names of individuals/organisations
Data that relates to an individual person
Project specific existing dimensional survey, land registry and title deed property information
Project description, briefing information, site images, budgets and project costs
Bank account information
Our website is hosted by our IT support provider. It is backed up on a regular basis and can be restored at any moment. All administrator access to the site and web hosting is monitored and recorded. Please be aware users of the site are not logged; however the geo-location of the IP address is recorded for SEO purposes. The site is also protected by an Secure Sockets Layer (SSL) certificate which ensures all traffic is encrypted.
How long is data stored for
Data will be stored one of two ways dependent on the way in which our contract was signed with you. If the contract was signed under hand your data will typically be stored for a period of six years from completion of the project. If the contract was signed under seal your data will typically be stored for a twelve year period from completion of the project. Following this your data will be destroyed in a satisfactory manner. Personal data is reviewed on a regular basis and will be stored only for as long as we have a clear business need for it. Information which is no longer required will be disposed of in a secure fashion.
Access to information
We will adhere to each of the following GDPR rights for individuals.
1. The right of access
2. The right to erasure
3. The right to data portability
4. The right to be informed
5. The right to rectification
6. The right to object
7. The rights in relation to automated decision making and profiling
1. The right of access
Commonly referred to as subject access you have the right to access your personal data. Individuals can make this this free of charge request verbally or in writing. The request should be fulfilled within a month.
2. The right of erasure
Also known as the right to be forgotten you have a right to have personal data erased. Individuals can make this free of charge request verbally or in writing. The request should be fulfilled within a month. The right is not definite and only applies in certain circumstances.
3. The right of data portability
You have the right to receive your personal information as previously provided, and to transfer this information to another party. The right only applies to information an individual has provided to a controller.
Your personal information will be used to carry out our professional and contractual obligations as agreed in our signed form of appointment with you. We will process your data in the following ways when working on your project:
– In emails and hard copy correspondence
– In the project brief and brief development work
– On drawings, schedules, specifications and project preliminaries
– Project specific reports and data sheets
– In models (Physical, pdf and other digital media)
– In models on common data environments and clouds
– In visualisations
We may use the project profile on the website and in other printed material to promote the work of the company. This would include website news items and generated tweets.
Your personal information will not be shared with anyone else other than involved parties which may include suppliers, consultants and local authorities.
Transference of data
Personal information will not be passed to a third party unless stated otherwise. Information may be requested to be removed from our lists at any time. To do this please email firstname.lastname@example.org or the projects job runner. Alternatively you can write to our office address.
Changes to this policy