STANTON WILLIAMS PRIVACY NOTICE FOR THIRD PARTIES

This Privacy Notice sets out details about the personal data that we, Stanton Williams Ltd, may collect and process about you.

It covers:

— Job Applicants
— Website users
— Clients/Potential Clients
— Professionals we engage on projects such as contractors, designers and consultants
— Marketing recipients
— Third parties we contact (or who contact us)

This Privacy Notice is non-contractual, regularly reviewed and may be amended by us from time to time.


THE TYPE OF DATA WE HOLD, PURPOSE OF PROCESSING, LEGAL
BASIS, DATA SHARING AND RETENTION PERIODS
We have provided this information in a layered format below to ensure it remains clear and concise. Please click on the sub-heading below that best describes you and this information will be displayed.

JOB APPLICANTS

WEBSITE USER

CLIENTS/POTENTIAL CLIENTS

PROFESSIONALS WE ENGAGE

MARKETING RECIPIENTS

THIRD PARTIES WE CONTACT (OR WHO CONTACT US)

Please note that if we intend to further process your personal data for a purpose other than that for which it was collected, we shall provide you with information on this other purpose and all other information as set out in this notice.

Save for professionals we engage (see below) we will not transfer your personal data to any country outside the European Economic Area without your consent. Information about the transfer and any relevant safeguards will be provided to you in advance of you giving consent.

We will not keep your data for longer than is necessary. When deciding how long to hold your data we have regard to legal requirements (including any contractually agreed periods) and statutory limitation periods (under which it is prudent for us to retain records for longer periods).


CONSENT
Where we rely on consent to process your personal data, you have a right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw your consent to our processing at any time by contacting the Practice Manager. Please specify the type of processing that you are withdrawing your consent to in your email.


YOUR RIGHTS
You have a number of rights in relation to the personal information that we process about you. You:
— Have the right to be informed about your data (as set out in this Privacy Notice);
— Can request access to your personal data;
— Can request that your personal data be rectified if it is inaccurate or incomplete;
— Can request that the processing of your personal data be restricted or erased in certain circumstances, for example, where the data is no longer necessary to meet its purpose;
— Can object to processing in certain circumstances, for example where this is based on legitimate interests or involves direct marketing;
— Can request to receive personal data that you have provided in a structured, commonly used and machine-readable format and to have this transmitted without hindrance where the data is processed on the basis of consent or performance of a contract;
— Can lodge a complaint with the Information Commissioner’s Officer.


AUTOMATED DECISION MAKING (“ADM”)
ADM occurs when decisions are made about you by a computer or some other information analysing machine. Examples of this include the machine scanning of CVs, computer processed aptitude or personality tests and website profiling. We do not use ADM.


CONTACT DETAILS FOR DATA CONTROLLER AND ENQUIRIES

Stanton Williams Ltd (registered in England and Wales with company no. 04024351) can be contacted at Crystal Wharf, 36 Graham St, London N1 8GJ; Tel: 020 7880 6400; Email: info@stantonwilliams.com

If you have any enquiries regarding data protection or wish to exercise any of your rights please contact our Practice Manager at the address listed above.


JOB APPLICANTS

Types of Data We May Process

Recruitment Stage
We may process the following information at the recruitment stage:
— Personal contact details including name, address and email;
— Information collected during the recruitment process such as your CV/application (including details of previous work experience, education and references) and answers to any interview/recruitment questions relevant to the role you applied for;
— Equal opportunities information. This is not mandatory and is not made available to anyone outside of the recruitment team (including hiring managers and HR) save in an anonymised format so as not to identify you;
— Information that you may supply to use about a disability in order that we can comply with our legal obligation to make reasonable adjustments.
— Recruitment Agencies – we may collect your personal details, details of your application and details of your experience and qualifications from the recruitment agency via which you applied.

With the exception of the equal opportunities information, you are obliged to provide this personal data to us as it is necessary for us to explore potentially entering into a contract with you. If you fail to provide it we may be unable to process your application and, if appropriate, offer you employment. The equal opportunities form is not mandatory and there are no consequences if you fail to provide it.

Conditional Offer/Shortlisted
We may process the following information after you have been shortlisted and/or as part of a conditional job offer:
— Proof of your identity (such as passport or driving licence) and any relevant right to work checks;
— Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies;
— Information about your health, in order to assess your working capacity on health grounds, or to comply with our legal obligations to make reasonable adjustments if you have a disability; and
— We will contact your referees (with express consent), using the details you provide in your application, directly to obtain references.

The above is usually part of a conditional offer of employment and therefore you are obliged to provide this as it is necessary to enable us to enter into a contract with you. Right to work checks are a statutory requirement which you are obliged to provide. A failure to provide this may result in us being unable to offer you employment.

The Purposes of Processing
— For recruitment purposes i.e. to ensure you are suitable for the role being advertised and so we can contact you about this role;
— To comply with legal obligations including right to work checks;
— To seek professional advice advice/defend claims arising from the recruitment process;
— In relation to the equal opportunities form, to monitor equality in recruitment practices.

Legal Basis for Processing
We process your personal data on the basis of consent and/or because it is necessary for our legitimate interests, namely to ensure that you are qualified and suitable for the role you are applying for and to ensure we have a record of the recruitment process for the defence of legal claims.

We process details of your right to work checks in line with our legal requirements to do so.

Sharing Your Data
Your data will be shared internally with the recruitment team which consists of HR, the interviewing staff and managers at Stanton Williams, as relevant and their support staff and subordinates where appropriate.

On occasions we may share your data with third parties outside of Stanton Williams, such as our external HR advisers. We have written contracts with third parties to ensure that your data is held securely and in line with GDPR requirements. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

How Long We Keep Your Data For
In line with data protection principles, we only keep your data for as long as we need it for and this will depend on whether or not you are successful in obtaining employment with us.

If you are successful in obtaining employment, your data will not be used for any reason other than in relation to the specific application you have made. We will retain your data for up to six months, in
order to follow up any questions you have or to deal with any legal claims.

We may seek your consent to retain your data for up to 12 months in case other suitable job vacancies arise in the organisation for which we think you may wish to apply. You are free to withhold your consent to this and you will not be treated less favourably for having withheld your consent.

If your application is successful, your data will be kept and transferred on to the systems we administer for employees. We typically retain such data up to seven years after you leave our employment.


WEBSITE USERS

Types of Data We Hold
When you access our website, we may collect the following personal data:
— Data you input into online forms. For example, if you are signing up to our marketing updates, you will be asked for your name, employer details and email address.

We also collect technical data via Google analytics, however, these reports do not contain any personal data.

For information you are asked to provide (as part of signing up to a service), you are obliged to provide this to enable us to perform the contract with you and to ensure our IT systems remain secure and effective. A failure to provide this may mean we are unable to provide you with the services you require.

When you access our website, cookies will be created.

Cookies are pieces of data created when you visit a site, and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session. Cookies do not contain any personal information about you and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to the majority of facilities available on our websites.

Although your browser may be set up to allow the creation of cookies, you can specify that you be prompted before a site puts a cookie on your hard disk, so that you can decide whether to allow or disallow the cookie. Alternatively, you can set your computer not to accept any cookie.

Log files are also created when persons visit a Stanton Williams website. They allow us to record visitors’ use of the websites and include your IP address. We may put together log file information from all our visitors, which we use to make improvements to the content and layout of the websites and to the information in it, based on the way that visitors move around it. Your IP address is recorded automatically when you access our website to assist us in monitoring and improving content and for security reasons. You are, therefore, obligated to provide this when accessing the website.

The Purposes of Processing
— To make initial contact with you to provide you with our newsletter or for you to send queries to us;
— To be able to contact you in relation to the service and effectively manage our relationship with you;
— To enable us to ensure efficiency and security of our systems (e.g. prevention of unauthorised access) and make improvements where necessary, including for user experience of the website;
— To make business decisions about the provision of services and our website.

Where you have signed up to events or updates, your data is also processed for marketing purposes (please see marketing below).

Legal Basis for Processing
We process this data as it is necessary for our legitimate interests, namely to keep records of user experiences, provide the information you have requested, improve our services, ensure our services remain accurate and up to date, study how our website is used and popular content, for marketing strategies/communications and to maintain and grow our business.

We also process data as required by law, including, to comply with legal obligations such as security obligations in data protection legislation (such as prevention of unauthorised access).

We do not rely solely on consent to process your data, however, where you have signed up for services we may also process your data on the basis of your consent.

Sharing Your Data
Your data will be shared internally with our IT and Marketing departments and in some instances with Senior Management or Directors. It may also be provided to managers at the Stanton Williams (and their support staff and subordinates where appropriate) to the extent necessary for their role and to make decisions about the business, however, this will usually be in an anonymised format (e.g. statistics).

Our website contains links to third-party websites. Clicking on those links may allow third parties to collect your personal data. We do not have control over such websites and would encourage you to read the privacy notices for websites you visit.


CLIENTS/POTENTIAL CLIENTS

Types of Data We Hold
— Contact details of those instructing us (such as name, job title, address and email address) or potential clients;
— Information about the matter you are instructing us on;
— We may also need to process personal data from third parties which are necessary for the performance of the contract with you.

You are obliged to provide this information to enable us to perform our contract or to take steps to enter into a contract with you and to enable us to comply with statutory obligations, such as verifying identity and source of funds for anti-money laundering purposes. If you do not provide this information we may not be able to provide any services to you.

The Purpose of Processing
To enable us to:
— Perform our contractual obligations (e.g. to contact you, assist you with any matter or project) or take steps to enter into a contract (e.g. provide a cost estimate);
— Take preparatory steps to deal with your enquiry to potentially engage you as a client;
— Retain a record for the defence of legal claims or insurance purposes;
— Market services to you (such as updates and event invitations) which we consider would be of interest to you;
— Retain a record for the purpose of regulatory audits or audit requests from clients and for external audits/quality checks.

Legal Basis for Processing
— To perform the contract that we have entered into with you or take steps to enter into a contract (e.g. provide a costs estimate);
— It is also necessary for our legitimate interests (to provide the service efficiently, to maintain accurate records for the defence of legal claims, to retain accreditations and to grow our business);
— To comply with our legal and regulatory requirements including regulatory audits;
— In relation to legal directory submissions, we will only process such data with your explicit consent.

Sharing Your Data
Your data will be shared internally to the extent necessary to carry out our obligations under our contract with you and/or in line with the purposes set out above. This is likely to include the employee responsible for the project or matter, their supervisor and subordinates, IT and Finance. Your data may also be shared with our bank as necessary where you are making payments to us.

Your contact details may also be shared with our Marketing team to ensure you are invited to events and provided with updates that we believe may be of interest to you. Please note, you have a right to opt out of any marketing communications (see below section on ‘Marketing’).

We may need to share your data with professional advisers we contract with in relation to the matter you have instructed us on.

We will also share your personal information with third parties where required by law and where it is necessary to administer the working relationship with you (as stated above). We may also need to share personal data with third parties such as potential buyers of the business where applicable (the recipient of this information will be bound by confidentiality restrictions if the data cannot be anonymised).

Once we have completed our obligations under our contract with you, your personal data will be archived. Hard copy files are sent to a data processor to store. We have imposed contractual obligations on those processing data on our behalf to protect the security of your data and ensure compliance with data protection legislation.


PROFESSIONALS WE ENGAGE

Types of Data We Hold
This may include contractors, designers and consultants or other experts.

We will hold your contact details (such as name, email and phone number) and your data for the relevant matter, which may include personal data.

You are obliged to provide this information to enable us to perform the contract entered into with you or to make enquiries to potentially engage your services in conjunction with the matter or project. A failure to provide this information may mean we are unable to enter into a contract with you.

The Purpose of Processing
To ensure we can contact you and you can provide the service contracted or make enquiries to obtain said service. We also retain this data to ensure we have a record of services to establish/exercise/defend legal claims and to assess the provision of future services to you.

Legal Basis for Processing
This is processed to enable us to perform the contract we have entered into but is also necessary for our legitimate interests (being able to comply with our obligations to our client under our contract with them, to assess suitability for instructions and to establish/exercise/defend legal claims) and the legitimate interests of our client (obtaining advice or assistance as appropriate with their matter or project). We also process on the basis of consent where you have agreed to provide your services.

Sharing Your Data
Your data will be shared internally to the extent necessary to carry out our functions under our contract with you and our client. This is likely to include sharing data with our client (on whose matter you are instructed), the employee responsible for the work, their supervisor and subordinates, together with our IT and Finance teams, and prospective clients on whom we are bidding and/or wish to instruct us to whom we may share your details (such as your CV and qualifications) if we wish to engage you on a joint basis (for which we would notify you in advance), where appropriate.

Your contact details may also be shared with other employees at Stanton Williams for the purposes of considering future instructions to you.

For data transfers outside the EEA, we may transfer the personal information we collect about you (including your qualifications) to Australia and/or the United States of America (“USA”), in order to perform our contract with you and target new business jointly with you from clients (actual and prospective).

There is an adequacy decision by the European Commission in respect of the USA (limited to the safeguards set out in the Privacy Shield) and there is not currently an adequacy decision for Australia. This means that the USA is deemed to provide an adequate of protection for your personal information, but Australia has not received such a decision.

Any transfers to the USA will be subject to the safeguards set out in the Privacy Shield. For data transferred to the USA or Australia, to ensure that your personal information receives an adequate level of protection we have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection:
— We will seek consent from you before transferring data to these countries;
— We will only transfer such personal data as we believe isnecessary for the purposes of bidding for the new work;
— We will instruct any receiving party to keep any personal data they receive secure, use such data for a limited purpose and ensure they have appropriate technical and organisational measures to safeguard the data.


MARKETING RECIPIENTS

Types of Data We Hold
We may process your personal data including your name, employer, job title and email address for marketing purposes.

In most cases we will have received this data from you directly when you have signed up for services or events, however, we may also obtain data from publicly available sources (such as your employer’s website).

You are not obliged to provide this information, however, if you do not do so we may not be able to provide the services requested (for example, to receive updates, we would need a valid email address).

You may opt out of marketing communications by emailing marketing@stantonwilliams.com. Alternatively, each of our marketing communications contain an ‘unsubscribe’ hyperlink so that you can opt out easily at any time.

Purposes for Processing
We may process this personal data to send you marketing updates by email (and in some cases by post) such as architect news, new services and event invitations that we believe may be of interest to you or that you have expressly requested.

If you have opted out of marketing updates, we may retain your personal data as a record of those who have opted out to ensure that we do not contact you further for these purposes.

Legal Basis for Processing
We process this data on the basis of consent and legitimate interests, namely to maintain and grow our business.

Sharing of Data
We will always treat your personal data securely and with respect and do not share this with other organisations save where you have expressly asked us to do so.

Your personal data is shared internally with our architects, and our Marketing and IT teams. We may use external marketing companies for marketing purposes, however, we do not envisage needing to share your personal data with them and will only do so if it is necessary for particular tasks assigned to them pursuant to their role. Where fees are charged for a service, our Finance team will also have access to your personal data to the extent necessary to recover payments from you and record your payment record and financial details.


THIRD PARTIES WE CONTACT (OR WHO CONTACT US)

Type of Data We Hold
We may process your personal data including your name and contact details where you have contacted us (e.g. for information) or where we have obtained your information from a public source or third party and wish to request information. If we receive any communication from you then we will also process any data contained within your request.

An example may be where you are a prospective employer and contact us for a reference or, similarly, where we seek a reference for someone we intend to employ. Another example may be where we contact you to see if you would be interested in hosting a joint event or where we seek to use your business service, vice versa, or where you market to us.

This covers a variety of requests and, in most cases, we do not envisage you being obliged to provide your personal data. If you are requesting information from us, not providing this data may mean we are unable to respond.

Purposes for Processing
The purpose of us processing your personal data is to allow us to respond to your request or to seek information.

Legal Basis for Processing
We process this data on the basis of our legitimate interests. These are likely to include assessing job applicants’ suitability for roles and growing our business and network.

Sharing of Data
Your data will be shared internally with those parties relevant to the information request. If your request requires this, it may be shared with other external parties.