With effect from 25 May 2018 the Data Protection Act of 1998 will be superseded by the new General Data Protection Regulation (GDPR).
In accordance with the GDPR, S3DA Design is responsible to ensure that all documentation held is relevant, accurate and where necessary, kept up to date. Any data held shall be processed fairly and lawfully, and in accordance with the rights of data subjects under the GDPR.
The right to be informed is an integral element of transparency under the GDPR. S3DA Design will be clear and open with individuals about how we collect and use their personal data.
For the purpose of the GDPR, S3DA Design is a data controller, we are an Architectural, Structural and MEP Design\Engineering consultancy company registered as a company in the U.S at registered office address; 8880 Rio San Diego Drive 8th Floor, San Diego, San Diego, CA 92108
S3DA Design provides services to both private clients and businesses. In order to provide certain services, we will need to collect data from our clients for contractual and invoicing purposes. In addition to this, we work with multiple suppliers and will collect personal information from them for administrative and accountancy reasons. When working with us in any capacity, we might collect the following personal information:
- Client/Supplier Name
- Company Name
- Postal Address
- Contact Information
- Client Representative Information
- Warranty Information
- Site Information
- Bank details
When potentially working with S3DA Design, you will be asked for some or all of this information. Data is retained for the duration of your business relationship or needs with S3DA Design. We reserve the right to check the legitimacy of any company details before any contract to work is undertaken.
We do not ask that you provide any sensitive personal data (as defined by the GDPR), if for any reason you do provide it, this will be an indication that you explicitly consent to us processing this information.
We will only collect personal data from you that is necessary to carry out our business operations.
Why We Collect Data
We collect, store and process data about our clients, suppliers, partners and other third parties for the purposes of business operations. This could include:
- General (non-marketing) commercial communications or enquiries;
- Administration, accounting & auditing;
- Marketing newsletters;
- Social events & competitions;
- Sending you email notifications which you have specifically requested;
What We Do With Your Data
Your data, including your contact details and any other information provided by you may be stored in our client and contacts database(s) and may be viewed by any of our employees in any place in which we conduct our business, except financial data which can only be accessed by senior staff.
All financial data is kept by us for 6 years pursuant to HMRC law. After 7 years this paperwork is securely destroyed though digital data may be stored longer. Project information could be kept up to 12 years, in line with the below.
Our policy procedure includes the following
- Data will only be used for the purpose for which it was provided.
- Business data provided will be shared with employees’ stakeholders, and consultants within the organization.
- Digital data will be stored on personal work computers, with up to date software and password protected by the operative.
- Personal work computers that are removed from the office will be under the charge of a set employee with instructions to safeguard the computer.
- Any other device used to access the data will be password protected.
- All digital data that is stored on cloud facilities will be held in accordance with the terms and conditions of the cloud facility providers.
- Employees will be discouraged from transferring or sharing data outside of the cloud system.
- Data will only be used for the purpose for which it was provided.
- We will not collect data for anyone under the age of 18.
- Hard-copy personal data will be kept within locked facilities at the company office.
We ask for positive consent for permission to hold data in line with this policy and we do not share any information with third parties for marketing purposes.
Your collated data is stored within a secure electronic document system and backed up by cloud all within the US and the UK. Any hard-copy data is stored securely on site.
Who We Share Your Data With
We may disclose your personal information to any member of our company as mentioned above. In addition, we may disclose your personal information to third parties under these circumstances:
- For the purpose of data processing and storage of project & accounting information in conjunction with our GDPR compliant third-party data processors.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or substantially all our assets are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
Third Party Data Processors
A complete list of our third-party data processors is available upon request.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, any personal information is kept securely within our offices using suitable physical, electronic and managerial procedures to safeguard and secure this information.
S3DA Design will notify the ICO if a breach of personal data happens that would result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Where a breach is likely to result in a high risk to the rights and freedoms of individuals these individuals will be notified directly.
All individuals who are the subject of personal data held by S3DA Design are entitled to:
- Right of access to personal data
- Right to rectification of personal data
- Right to erasure of personal data
- Right to object
- Restriction of personal data
- Right to data portability
- Right to withdraw consent at any time
- Right to lodge a complaint to the supervisory authority, ICO.
S3DA Design will respond within 28 days of receiving any of the above requests or within 56 days if the request is more complicated in nature. If your request is refused, you will have a response in writing and the ability to complain to the ICO.
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances S3DA Design will disclose requested data. However, the Data Protection Officer will ensure the request is legitimate, seeking assistance from the Directors and from the company’s legal advisers where necessary.
Where personal data is used, you will have the right, upon written request, to be told what personal/company data about you is held. If at any time you believe that any information, we are holding on you is incorrect or incomplete, please contact us as possible and we will promptly correct our records. In addition, if at any time you wish your information to be erased, so long as we no longer legitimately need that information to fulfil any contractual obligations, please contact us.
If you would like additional information regarding our use of your data, or to make any requests for data, please email: firstname.lastname@example.org to the attention of the Data Protection Officer for the company.
This website may contain links to other sites of interest. Please note that we are not responsible for the privacy practices of other sites. We recommend you read the privacy statements on entering other sites. This privacy statement applies only to information collected by this website.