GDPR and Your Privacy

EHS Architectural GDPR PRIVACY NOTICE

EHS Architectural Ltd ("EHS Architectural", "we", "us" or "our") takes the privacy of individuals whose personal data it processes ("you" or "your") seriously and is committed to being transparent about how it collects and uses that personal data, and to meeting its data protection obligations including under the General Data Protection Regulation (Regulation 2016/679)(the "GDPR").

This policy sets out how EHS Architectural will process personal data.

1. What are EHS Architectural's obligations around processing customer data under GDPR?

Any personal information that you disclose to us or which is provided to EHS Architectural will be treated in accordance with the requirements of the GDPR.
We will only retain data for as long as deemed necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Further details about data retention are set out at Section 4 of this policy.
Clients will be permitted access to any data we hold on them at any time in accordance with the subject access rights set out at Section 9 of this policy.
Any data breach which is reportable under GDPR will be notified to the ICO and/or the client, as applicable.
To report a potential breach please contact us on:
- Email: theteam@ehsarc.com
- Post: FAO Compliance, EHS Architectural Ltd
49 Lanark Road, Edinburgh, EH14 1TL
- Phone: 0131 444 1149

2. What information does EHS Architectural collect and when do they collect it?

To become a client of EHS Architectural, we shall collect, as a minimum, the following personal data from you: your name, address and contact details (including title, telephone number and email address). This personal data may be obtained through application forms, our website, telephone calls and/or corresponding with us.

3. How long does EHS Architectural retain my information?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available on request.

4. How is the data destroyed after the retention period has passed?

All paper waste is disposed of in secure paper waste bins. This is then collected and disposed of by an external paper shredding service who comply with BSEN 15713: 2009 standards to ensure compliance with data protection legislation.

Electronic records are disposed of after the minimum data retention period has passed. This typically involves deleting any personal data held in our client record keeping systems, however, where this is not possible we will use other methods such as data masking and/or access restrictions to ensure the personal data cannot be retrieved

5. Where is my information stored, and how secure is it?

EHS Architectural has put in place measures to ensure the security of the personal data that it collects and stores about you. Your personal data will be stored on our client record keeping systems which are password protected and access controlled.

EHS Architectural will use its reasonable endeavours to protect your personal data from unauthorised disclosure and/or access, including through the use of network and database security measures, but it cannot guarantee the security of any data it collects and stores.

6. Is personal data shared with third parties?

Personal data may be shared internally in order to facilitate provision of services. Personal data may also be shared with suppliers to facilitate direct deliveries upon client request.

7. Is data transferred outside of the UK and/or EU?

No

8. What are my rights with regard to my personal data under GDPR?

In certain circumstances, you have the following rights:

The right to erasure - you have the right to ask us to delete or remove all of your personal data where there is no good reasons for us to continue to process it.
The right to be informed - you have the right to be informed about the collection and use of your personal data.
The right of access - you have the right to know what personal data has been collected about you and how it is stored, processed and protected.
The right to rectification - you have the right to request the correction of inaccurate personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
The right to restrict processing - you have the right to request the restriction of the processing of your personal data limiting the way your personal data can be used.
The right to data portability - you have the right to request the transfer of your personal data to other suppliers in a common machine-readable format.
The right to object - you have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Withdraw your consent - If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at theteam@ehsarc.com or follow the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of the rights set out above, please contact theteam@ehsarc.com or alternatively in writing to us at:

EHS Architectural Limited
49 Lanark Road
Edinburgh
EH14 1TL

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we ask that you considering contacting us to raise a complaint in the first instance.

In order to exercise your rights or if you require any other information around GDPR legislation please contact us on theteam@ehsarc.com.