1. 4D Design is committed to protecting your privacy. This policy has been written in order to comply with the UK’s current Data Protection legislation. It is intended to meet the provisions in articles 12-23 of the General Data Protection Regulations 2018 (GDPR) with regards to the right to be informed.
2. If you have any queries or concerns about how we manage your personal data or you wish to exercise any rights under the Act please contact:
Suzanne Malhotra at firstname.lastname@example.org Telephone number: 01494 680088 Town Hall, Penn Road, Beaconsfield, HP9 2PP
3. If you are not satisfied with the response you receive from Suzanne Malhotra you may contact the UK regulator on Data Protection. This is The Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. 0303 1231113 www.ico.org.uk
4. 4D Design, is registered as a data controller with the ICO under Registration number Z9103380.
5. A “data controller” is the person who determines how your personal data is processed and for what purposes.
6. A “data processor” is a person or a body/organisation that processes personal data on behalf of a data controller.
7. “Personal data” is information about a natural person (Data Subject), which is capable of identifying that person. Identification may be by the information alone or in conjunction with any other information in the Data Controller’s possession or likely to come into such possession.
8. “Special category personal data” includes data as to sexual orientation and sex life; race or ethnicity; religion or philosophical beliefs; political opinions; trade union membership; biometrics; health. It does not include data as to age or finances.
9. “Processing” is any operation or group of operations performed on personal data (automated or not) including for example; collection; recording; storage; using; disclosure; destruction.
4D Design version May 2018
10. “Data breach” is any event that could lead to unauthorised disclosure; changing or disclosure of personal data. I.e. hacking; loss of files; misdirected post or emails.
How do we collect your data?
11. When you interact with us. We collect personal data when you submit a contact form on our website; make an initial enquiry by email or telephone; or contact us by post or when we meet you at a trade show.
12. When you contact a third party. We could also receive personal data about you from third parties such as;
i. Exhibition show organisers ii. Referrals
Please note that we do not purchase contact lists or personal data nor do we sell lists or personal data.
What data do we collect from you?
13. This data may include: i. your name, job title, company address, company phone numbers, mobile number and email address; ii. personal mobile number
How do we use your data?
14. We will use your personal data (in no particular order of importance save for (i)) i. primarily to inform you or provide you or the organisation you represent in general, with the design and project management services/advice you have requested or enquired about; ii. to carry out negotiations on behalf of the organisation that you represent; iii. to provide third party suppliers your contact details as required on a project by project basis; iv. to keep records of any financial transactions we may make on your organisation’s behalf; v. to maintain our own financial accounts and records; vi. to operate the firm’s website vii. to send you invoices for work done or to chase payment of such invoices viii. for administrative purposes e.g. to enable us to communicate with you effectively. ix. to inform individuals of news, updates in the industry and events being run by 4D Design (whether alone or in conjunction with any third party) (i.e. marketing)
4D Design version May 2018
x. to contact individuals via surveys to conduct research about their opinions of the service provided by 4D Design xi. to respond to any complaint or allegation of negligence against us
15. We will only use your personal data for the purposes listed above. Should we find it necessary to use your data for other purposes, we will contact you, prior to commencing the processing, with a new Privacy Notice explaining this new use, and setting out the relevant purposes and processing conditions.
16. We will not share or pass on your personal data to a third party unless we:
i. need to do so to complete your work/carry out our contractual duties towards you/the organisation you represent; ii. are required to do so by law; iii. need to comply with any regulatory requirements or protect our legitimate interests.
17. We may therefore share your data, for example, with
i. third party suppliers ii. our accountants or other financial advisers iii. a prospective purchaser (or their advisers) of this business under a binding non-disclosure agreement iv. solicitors representing our interests in the event of a claim against us
18. We will only use your personal data for direct marketing purposes if we have your consent (for electronic communications, postal or telephone communications).
19. You may decide at any time that you no longer wish to hear from us and in that case you should contact Suzanne Malhotra as above but please see paragraphs 35 and 36 below.
20. We do not expect to be sending any of your personal data outside the UK or the EU. One exception to this may be where we are using suppliers/subcontractors, in say, the Far East or US, who are clearly not subject to the GDPR and our domestic legislation. On these occasions we may need to share your name and contact details and would firstly seek your agreement to this and then use our best endeavours to ensure those we share those details with, comply with the GDPR principles with regards to sharing, security.
4D Design version May 2018
21. One further exception to this is that the cloud used by our IT provider is currently based in the USA. However, we have received assurances that this provision is compliant with GDPR and we will keep this under reviews annually or more frequently if that becomes necessary.
How do we protect your data?
22. 4D Design uses secure servers when you visit our website. We use our best endeavours to put in place necessary and appropriate measures to ensure your data is kept secure, accurate and up to date. However you will appreciate that the transmission of data via the internet can never be guaranteed to be completely secure.
23. Information may be held on computers and/or in manual files.
24. Personal data is only kept for as long as necessary and it is destroyed securely. We only retain the data
i. to carry out your work; ii. to comply with any legal requirement to retain it; iii. the period that you or the organisation you represent could make a claim against us has elapsed, which is usually six years after a matter has concluded. iv. to comply with any client instructions to extend the retention period in relation to their documents
25. 4D Design relies on the services of a data processor (IT provider) for secure cloud storage for emails word files etc. That provider’s compliance with GDPR has been checked and will be reviewed annually or more frequently if deemed necessary.
26. We do not collect or retain excessive amounts of data and we make every effort to protect your data from loss, misuse, unauthorised access and disclosures. We ensure as far as possible that appropriate technical and managerial measures are in place to protect your personal data.
27. Please note that our website may from time to time contain links to other third party websites. We do not control those third party websites and you are encouraged to view those third parry websites’ own Privacy Policies etc. 4D Design cannot be responsible for third party websites’ policies or practices.
28. Despite all this, should a data breach occur we will ensure that our obligations under the current laws are complied with.
4D Design version May 2018
What is the legal basis for processing your personal data?
29. On the whole, processing is necessary for the performance of a contract with your/the organisation you represent or to take steps to enter into a contract with you/the organisation you represent, to provide design and management services and advice.
30. Processing is necessary in relation to the legitimate interests of 4D Design, with regards to defending any claims against us and also to our insurers for the same reason.
31. Processing with consent, in terms of marketing, where appropriate.
Consent and withdrawing consent for marketing purposes and for special category data
32. The GDPR provide you with three rights, the right to object to specific types of processing; the right to be forgotten and the right to restrict processing.
33. You may change or withdraw your consent for us to hold your data for marketing purposes at any time by contacting Suzanne Malhotra as above.
34. We will make every effort to make the changes you request as soon possible and in any event within three working days.
35. Please note that withdrawal of consent in either case may not necessarily stop us from communicating with you to fulfil any contractual obligation we have towards you. E.g. to deliver advice, documents or products to you and also for example to deliver our invoice to you and to seek payment of the same.
36. Depending on the nature of your request we will comply with it to the fullest extent possible but in some circumstances this could mean that we are no longer able to continue to work on your matter. In this case work would stop at the earliest opportunity but you would remain liable for the fees and disbursements incurred to date.
37. A request to restrict processing of your data has the effect of freezing data, so we would continue to store your personal data but could not do anything with it. This might be relevant to you if you had any query or concerns over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirements of the GDPR.
4D Design version May 2018
Your right of access etc.
38. Unless subject to an exception you have the right to; i. ask for a copy of the personal data we hold about you; ii. request that we correct any personal data, if it is found to be inaccurate or out of date; iii. request that your personal data to be removed from our records where it is no longer necessary for us to retain such data; iv. ask us to stop using your data for a specific purpose (withdraw your consent); v. request a restriction be placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data vi. take your data elsewhere vii. lodge a complaint with the ICO
39. We will always aim to respond to any such request as quickly as possible and in any event within three days. We will aim to have any inaccuracies etc. resolved within one month of the date of your request. You may exercise these rights by contacting Suzanne Malhotra as above.
Automated Decision making
40. 4D Design does not use any automated decision making or profiling processes.
If your personal details change
41. Please contact Suzanne Malhotra above
Changes to this policy
42. 4D Design may change this policy when appropriate to do so. You will be advised as soon as possible of any changes if we still hold information about you at the time of the changes.
43. This policy will be reviewed annually in any event and perhaps sooner within the first year.
We may from time to time wish to send you information, which we think might be of interest to you. This might be information about developments to the industry that might be important to you and/or information about our practice. In order for us to do so we need your consent, which may be withdrawn at any time by notifying Suzanne Malhotra. Any consent given to use your personal data for marketing purposes will need to be renewed every six months.