Privacy Policy
1. Who we are
This privacy policy sets out the privacy practices for rg+p, a limited company, registered in England and Wales, Registration Number 3837194 and its Registered Office is at Waterloo House, 71 Princess Road West, Leicester, LE1 6TR.
The expression “we”, “us” and “our”, where used in this Policy, means rg+p Ltd.
2. About this privacy policy
In order to provide our services to you and to promote our business, we will need to collect and process certain personal information about you. We are committed to respecting the privacy and security of clients’ and other individuals’ personal information with whom it communicates in accordance with the applicable data protection laws, including the General Data Protection Regulation.
This privacy policy describes how we collect and use personal information about you during and after our relationship with you as defined below. Please read this privacy policy carefully to understand our policy and practices regarding personal data and how we shall treat it.
It is important that you read this privacy policy together with any other privacy notice that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data.
If we change our privacy policy we will post the changes on our website, so that you may be aware of the information we collect and how we use it at all times.
For the purposes of the applicable Data Protection Laws, rg+p Limited is the Data Controller of your personal data collected in connection with our relationship with you.
If you have any questions at all about this policy, or about how we use and process your personal information, or if you wish to send us a request to exercise any of your legal rights (which are described elsewhere in this privacy policy) please do not hesitate to contact us by e-mail at practice.management@rg-p.co.uk or alternatively in writing to rg+p Limited at Waterloo House, 71 Princess Road West, Leicester, LE1 6TR.
3. Purposes for which we collect information
We shall only use an individual’s personal data to the extent that the law allows us to do so. Most commonly, we will use personal data so that we can:
provide multi-disciplinary architectural services to you or to the organisation by which you are employed or engaged;
identify you and manage your business needs;
perform our contractual obligations with you;
improve our services and performance;
where we need do so in order to comply with a legal or regulatory obligation;
manage our business, including for accounting and auditing purposes;
keep you informed and updated of industry news, views and opinions;
competitively tender for business opportunities;
promote our business and market our services (where individual names are made public, for example on our website, in PR or social media, it is not without the individual’s prior written consent);
extend invitations to networking events we host or that you may be interested in throughout the year;
or where it is necessary to do so for our legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. ‘Legitimate Interest’ means our interest in conducting and managing our business to enable us to give the individual or the individual’s organisation the best service or product and a secure experience, and the interest of our business generally. We ensure that we consider and balance any potential impact on the individual and his or her rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on the individual (unless we have the individual’s consent or are otherwise required or permitted to do so by law).
4. Types of personal data we collect
‘Personal data’ means any information which identifies (or from which we can identify) a natural person, as opposed to a company or other organisation. We may collect, use, store and transfer the following different kinds of personal data about individuals:
‘Identity Data’, which comprises an individual’s first name, last name and title;
‘Contact Data’, which comprises an individual’s address, email address and telephone number(s);
‘Financial Data’, which comprises primarily of company bank account details, but may be an individual’s bank account and information regarding the company’s creditworthiness;
‘Transaction Data’, which comprises details about payments made by an individual to us or by us to an individual (if the individual is a sole trader) or the organisation by which the individual is employed or engaged, and details of services that the individual or organisation has purchased from us;
‘Technical Data’, which comprises an individual’s IP address, browser type and version, time zone setting, and location, operating system and platform used to access our website;
‘Usage Data’, which comprises information about how an individual uses our website;
‘Marketing and Communications Data’, which comprises an individual’s preferences in receiving marketing from us or third parties on our behalf.
Aggregated Data
We may also collect ‘Aggregated Data’, such as statistical or demographic data. Aggregated Data may be derived from an individual’s personal data but does not constitute “personal data” in law as it does not directly or indirectly reveal an individual’s identity. For example, we may aggregate Usage Data to calculate the percentage of users accessing a specific area of our website.
Special Categories of Personal Data
We may also collect ‘Special Categories of Personal Data’. Data concerning an individual’s health to enable us to take these considerations into account when designing adaptations to a living space specifically to meet the needs of the individual. Data concerning religious or philosophical beliefs to enable us to design a space to specifically to meet the individual’s needs. We shall only collect and use Special Categories of personal data where such circumstances apply.
Minimum Required Information
Where we need to collect personal data by law or in order to provide multi-disciplinary architectural services to an individual or company and the individual or company fails to provide the minimum required data when requested, we may not be able to provide the services and may as a consequence have to cancel our agreement to provide the services in question. In that event we shall notify the individual or the organisation accordingly.
5. How and when do we collect information?
We may collect personal data on an individual in the following ways:
when the individual voluntarily provides it to us;
when the individual instructs us to perform our services,
when the individual agrees to receive communications from us;
when the individual sends us an email;
when the individual requests a fee proposal or other information about us or the services that we provide;
when the individual completes one of our client feedback questionnaires;
when the individual provides us with information about themselves when attending a marketing event;
or when the individual communicates with us in any way.
We also collect information given to us in the following circumstances:
when we contact an individual for the purpose of providing our services, providing a fee proposal or other information or managing our professional relationship with the individual or the individual’s organisation; or
when we make contact with an individual or organisation (or vice versa) for the purposes of sourcing, and arranging and entering into agreements for the supply to us of, goods or services and of managing our business relationship with individuals or organisations concerning the supply of those goods or services;
during telephone conversations, note that telephone conversations are not recorded but our IT system does log telephone numbers and dates of calls that have been made and received.
Information collected in any of the above ways may include an individual’s Identity Data, Contact Data, Financial Data, Transaction Data and Marketing and Communications Data.
When we collect information automatically:
when individuals browses our website, we may collect information about your visit and the individual’s browsing activities. That information may include the individual’s Technical Data and Usage Data;
when individuals visit our office, (via CCTV, see separate CCTV policy).
When we collect information from other sources:
From time to time we may obtain information about an individual from third party sources in connection with the services we provide. We take steps to ensure that such third parties are legally permitted or required to disclose such information to us.
6. How we use personal data
We have set out below all the ways in which we intend to use any personal data, and the legal bases on which we intend to rely on in order to do so. We have also identified what our Legitimate Interests are where appropriate. We may use and disclose personal data for the following purposes:
Delivery of services and client management
To establish an individual or organisation as a client and provide multi-disciplinary architectural services, to perform our contractual obligations towards you and/or your employer, to account to you and/or your employer for the services provided and collect payment of fees, disbursements and other monies we may use an individual’s Identity Data, Contact Data, Financial Data, Transaction Data and Marketing and Communications Data.
Client relationship management
We may send updates about the services that we offer and details of new services and updates on
developments in our industry. We may ask for feedback about the quality of the services provided and the client’s overall experience of dealing with us. We may also collect and review historical information about services, fee proposals or enquiries that we have previously provided to or received from an individual or organisation. This is necessary in order to keep clients updated about any services that we provide, to develop and enhance the range and quality of the services that we provide and generally to grow our business.
Marketing and advertising
If it is in our ‘Legitimate Interests’ to do so or we currently provide an individual or organisation with services and the individual or organisation has not previously asked us not to do so, we may send, to an individual other forms of marketing materials, for example regarding other services that we provide. We will seek consent and ensure that the individual or organisation has the option to opt out of receiving any such material.
We may use the information that we collect from you to deliver relevant website content and advertisements to individuals or organisations in the most effective manner for you and to grow our business, improve our services and inform our marketing strategy.
Administer and protect our business and website
We will only use your personal information when the law allows us to, for the purposes for which we collected it, to comply with our legal and regulatory obligations and to pursue our legitimate interests, unless we reasonably consider that we need to use it for another lawful reason and that reason is compatible with the original purpose.
We may also use data analytics to improve our business and website, to help us monitor and improve our services, marketing and client relationships. This includes troubleshooting, statistical and data analysis, testing, system maintenance, support, reporting and hosting of data. This is necessary for the running of our business, the provision of administration and IT services and network security; and in order for us to be able to ensure the quality of the services that we provide to our clients.
We will rely on your consent to send you electronic communications such as our newsletters and emails with information about our products and/or services, but we will always provide you with an option to opt out from future communications of this kind. See the ‘Direct mailings’ section below for more details.
Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
If an individual requires an explanation of why we are using personal data or the legal basis on which we are using it, a request may be made by contacting us by email at practice.management@rg-p.co.uk or by telephoning 0116 204 5800. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7. Disclosures of your information
We may allow our staff, consultants and external service providers acting on our behalf, to access and use your personal data for the activities we have described above. We only permit them to use it to deliver the relevant services, and if they apply an appropriate level of security protection.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. All our third-party service providers are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may partner with another party to provide specific services. When you sign up for these services, we will share names or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use any personally identifiable information except for the purpose of providing these services.
We also reserve the right to disclose the information collected about you to our professional advisors and/or if we, in good faith, believe it necessary to protect the personal safety of users or the public.
We may share your personal information with the following third parties:
other companies within our group;
our service providers; for example, our project and resource management software provider, our IT support and security management providers for the purpose of system administration, data security, data storage, back up, disaster recovery and IT support, professional advisers;
your employer;
our regulators, including the Financial Conduct Authority, HM Revenue & Customs, other regulators and other authorities acting as processors based in the United Kingdom, who require reporting of processing activities in certain circumstances;
our professional advisers including bankers, auditors, accountants and insurers who provide legal, financial and banking, audit, insurance, accounting and consultancy services;
law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
in the context of the possible sale, merger, consolidation, liquidation, reorganisation or acquisition of our business.
8. Direct mailings
We may occasionally send out newsletters, information about our services which we think may be of interest to you, industry guidance, invitations to events and surveys to our clients and business contacts.
Where required by the Data Protection Laws you can opt-out from receiving such communications at any time – please see ‘Your rights section below. Participation in these surveys is completely voluntary and you, therefore, have a choice whether or not to disclose this information. Information requested may include your contact information. Survey information will be used for purposes of monitoring and improving the services we provide.
9. Transfers of your information out of the EEA
We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
10. Keeping your data secure
All personal data collected by us is stored either on our secure servers or on our behalf by an outsourced service provider. We use our best endeavours to ensure that personal data is treated securely and in accordance with this Privacy Policy and complies with the relevant data protection legislation within the United Kingdom. This includes examining the security procedures of our service providers.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify all
individuals affected and any applicable regulator of a suspected breach where we are legally required to do so.
Please note that the electronic transmission of information to us is not completely secure. Although we shall do our best to preserve the security of personal data, we cannot guarantee the security of data transmitted to us; any transmission is at the individual’s own risk. Once we have received an individual’s personal data, we shall use effective safeguarding procedures and security features to try to prevent any unauthorised access to it.
11. How long will we retain personal data?
We shall only securely retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process or may foreseeably need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Project information is retained in accordance with industry guidance. At the end of the retention period set we will securely destroy your personal information in accordance with applicable laws and regulations.
In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Where an individual has given consent to be contacted for marketing purposes, we shall contact the individual every five years from the date on which the consent was originally given in order to ensure that the individual still wishes to be contacted in this way.
If you require further information, please feel free to contact us for a copy of our retention policy by emailing us at practice.management@rg-p.co.uk or telephoning 0116 204 5800.
12. Subject rights
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current, please let us know if your personal information changes during your relationship with us.
Under certain circumstances, by law, an individual has the following rights:
Access Request – Request access to your personal information. This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
Right to Rectification – Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right to be Forgotten – Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Right to Object – Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
Restriction of Processing – Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
Data Portability – Request the transfer of your personal information to another party in a structured, commonly used and machine-readable form.
Right to Withdraw Consent – Where an individual has previously given consent to the processing by us of any personal data, they have the right to withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before consent is withdrawn.
If you would like to exercise any of the above rights, please:
email practice.management@rg-p.co.uk, telephone 0116 204 5800, or write to us at Waterloo House, 71 Princess Road West, Leicester, LE1 6TR;
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our multi-disciplinary architectural services to you or to the organisation by which you are employed or engaged.
You also have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by contacting us at: practice.management@rg-p.co.uk, telephoning 0116 204 5800 or by following the unsubscribe link in our email communication.
We shall comply with any request made under this section as soon as possible, and normally within one month from the date on which the request is received. However, if necessary, for example if the request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify the individuals who have made the request if we need to do this.
13. Contact us or the ICO
If you have any concerns or complaints about our privacy activities, you have the right to lodge a complaint with our data controller who can be contacted at practice.management@rg-p.co.uk. You can also contact the Information Commissioner’s Office on 0303 123 1113.
If you are unhappy in any way with how we have treated your personal information we would, however, appreciate the opportunity to deal with an individual’s concerns before a complaint is made to the Information Commissioner’s Office, and would therefore ask individuals please to contact us in the first instance on 0116 204 5800.
For more details about your rights under the Act, the rules we have to adhere to in collecting and storing your information, and how you can check your data records, please visit https://www.gov.uk/dataprotection/the-data-protection-act.