This Privacy Policy highlights how Imtiaz Consultancy uses and safeguards the personal data of our clients, in accordance with the General Data Protection Regulation (GDPR) which we are obliged to store and process in order to operate our business effectively for clients and contractors.
GDPR Definitions
The GDPR applies to ‘controllers’ and ‘processors’. A controller determines the purposes and means of processing personal data.
- Personal Data – any information relating to an identified or identifiable natural person (‘data subject’) who can be directly or indirectly identified by reference to an identifier. Imtiaz Consultancy process data including names, email and postal addresses, business contact details, telephone / mobile numbers and (where applicable) financial data for payments such as VAT registration and bank details.
- Sensitive Personal Data & Special Categories of Personal Data – including information relating to an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, or sexual orientation. Imtiaz Consultancy does not hold this information of staff, clients and contractors.
- Processing – any operation or set of operations which is performed on personal data whether or not by automated means, including: collecting, recording, storing, organising, disclosing, erasing and destroying.
- Data Controller – determines the purposes and means of processing personal data. Imtiaz Consultancy is a data controller. We control how personal data is processed and for what purpose.
- Data Processor – is responsible for processing personal data on behalf of a controller (excluding the data controller’s own employees). This includes contact details of clients, consultants and suppliers for projects and marketing purposes, and; Data used for the purposes of purchasing goods and services for the legitimate running of the business
- Sharing of personal data – Personal data will be treated as strictly confidential and will be shared only with our staff and project consultants as required to perform our project duties and for the legitimate running of the business. We will not share personal information with third parties unless we have the data subject’s permission to do so. The Group does not generally transfer personal data outside the European Economic Area. Where a specific project may require us to do this, prior consent will be sought from the data subject and provision of adequate safeguards will need to be verified by the receiving organisation.
- Data Storage & Retention – Imtiaz Consultancy stores both paper and electronic data, and has procedures in place to ensure it is maintained in a safe and secure manner. Sensitive electronic data is password protected and backedup by our IT server every day. Additionally, the company’s IT system is firewall and password protected. Staff only have access to the folders they require for each project. Personal data relating to a project will be retained for as long as necessary.
- Data Subject Rights
Unless subject to an exemption under the GDPR,
individuals have :
1. The right to be informed about the personal data being held about them.
2. The right of access
3. The right to rectification – If any personal data is found to be inaccurate, we request that you contact us at info@imtiazconsultancy.co.uk immediately so we can update your personal data.
4. The right to erasure – if personal data is no longer required.
5. The right to restrict processing and withdraw consent at any time (where consent was required)
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
9. If you have any queries or questions relating to the above, please contact us at info@imtiazconsultancy.co.uk - Why we process personal data – In order for us to carry out our quantity surveying, project management and principal designer duties effectively and to the advantage of our clients, we are required to maintain records of client personal data and processing activities.
- We hold personal data in order to –
1. Maintain contact and communication with our clients and consultants during the course of a project
2. Maintain our own records and accounts
3. Notify you of applicable news and events related to our business
4. Purchase goods, materials and services from our suppliers for projects.
In some instances and only if required (e.g. if required for a planning application), we may request and process sensitive personal data. In this case, we are required to obtain the data subject’s written consent, and describe the reasons why we need this sensitive personal data and how we will use the data. - Lawful basis for processing personal data –
Our lawful basis for processing your personal data is where:- Processing is required to carry out a contract where the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
This includes where we have a contract with the individual / client and we need to process their personal data to comply with our obligations under the contract, and; - Where we haven’t yet got a contract with the individual, but they have asked us to do something prior to that (e.g. provide a quote) and we need to process their personal data to fulfil that request. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
- Processing is required to carry out a contract where the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.