As an interior design practice and as an employer we process the data of individuals. In this policy/notice we aim to explain when and why we collect personal information about you. We also aim to explain how we use your personal information/data, the conditions under which we may disclose it to others if this is appropriate, and how we keep your personal information/data secure.
This policy/notice does not apply to any websites that may have a link to ours. If you are dealing with other organisations in relation to the same matter with which you are dealing with us, you should contact them directly if you wish information in relation to how they deal with your personal information/data.
We take your privacy very seriously. When we use your personal information/data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information/data for the purposes of the GDPR. Our use of your personal information/data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
Who we are:
Data is collected, processed and stored by Interior Solutions. We are the ‘data controller’ of the personal information you provide to us.
Interior Solutions trading address is 26 Bridge Road, Edinburgh, EH13 0LQ.
Our Data Protection Officer (“DPO”) is Nicola Allan who can be contacted by email at email@example.com
What Information/Data we may use:
The exact information we will request from you or use in relation to you will depend on what your relationship with us is (for example whether you are an employee, a client, a third party service provider or supplier, or another third party), in the case of clients what you have asked us to do, and in the case of third party service providers and suppliers what we are dealing with you on.
There are two types of personal information/data that we may ask you to provide:
Personal data: this is general information that you supply about yourself – such as your contact details, full name, address, previous addresses, date of birth, employment details, national insurance number, previous employment details, insurance details, financial information.
Sensitive personal data: this is more sensitive information and may include information relating to: your health; your sexual orientation; your political or philosophical views or opinions; your racial or ethnic origin; your religion and religious views; any trade union membership; biometric and genetic data.
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks, process employment matters and progress transactions for clients.
Where we will obtain Information/Data from:
We may obtain information about you from a number of sources, including:
You may provide us with information in response to questions from us
You may volunteer the information about yourself
You may provide information relating to someone else – if you have the authority to do so
We may obtain information from public sources such as Companies House, the Land Register, or Tribunal and Court records
Information may be passed to us by third parties
Why we need your Information/Data:
Again this will depend on what your relationship with us is (for example whether you are an employee, a client, or a third party service provider or supplier, or another third party), in the case of clients what you have asked us to do, and in the case of third party service providers and suppliers what we are dealing with you on.
For employees, the main reason to ask you to provide us with personal information/data is to allow us to employ you, to allow us to process your employment salary and any other benefits, to allow us to continue to monitor your work and performance and employment needs, to allow us to arrange any insurance that is to be in place and to carry out any reference or other employment checks that are appropriate. We may also require to retain some your personal information/data for a period after your employment ends for the purposes of our accounts and in order that we can deal with any post-employment issues that may arise.
For third party service providers and suppliers, the main reason to ask you to provide us with personal information/data is to allow us to verify your identity, to have details of who we are contracting with, and to allow us to progress our contractual relationship with you. Again we may also require to retain some your personal information/data for a period after our relationship with you ends for the purposes of our accounts and in order that we can deal with any post-relationship issues that may arise.
For clients and potential clients, the main reason for asking you to provide us with your personal information/data is to allow us to carry out the work required of us, to have details of who we are contracting with, to enable us to communicate with you, and to allow us to progress our contractual relationship with you. Again we may also require to retain some your personal information/data for a period after our relationship with you ends for the purposes of our accounts and in order that we can deal with any post-relationship issues that may arise.
Who has access to your Information/Data:
We have a data protection regime in place in order to achieve the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
How we protect your Information/Data:
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We adopt a high threshold when it comes to confidentiality obligations and we seek to ensure that both internal and external parties have agreed and do protect confidentiality of all information.
We use computer safeguards such as firewalls, passwords, virus protection software and malware software; and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
How long we will keep your Information/Data for:
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected.
What your rights are:
Under GDPR, you are entitled to access your personal information/data. This is also known as a right to access. If you wish to make a request, please do so in writing to our DPO; or contact the person who has been dealing with you.
A request for access to your personal information/data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.
Under certain circumstances you also have the following rights:
The right to rectification: you are entitled to have personal information/data rectified if it is inaccurate or incomplete
The ‘right to be forgotten’: you have the right to request the deletion or removal of your personal information/data where there is no compelling reason for its continued processing. This right can apply in the following specific circumstances:
- Where the personal information/data is no longer necessary in regards to the purpose for which it was originally collected
- Where consent is relied upon as the lawful basis for holding your information/data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal information/data was unlawfully processed
- Where you object to the processing for direct marketing purposes
The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right can apply in the following circumstances:
- An objection to stop processing personal information/data for direct marketing purposes is absolute – we must stop processing where you object to this or withdraw your consent to this
- Where you have an objection on grounds relating to your particular situation
In these circumstances we must stop processing your personal information/data unless:
ï We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
ï The right to restrict processing: you have the right to request the restriction or suppression of your information/data. When processing is restricted, we can store the information/data but not use it. This right may apply in the following circumstances:
- Where you contest the accuracy of the personal information/data – we should restrict the processing until we have verified the accuracy of the information/data in question
- Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our legitimate grounds override your right
- Where processing is unlawful and you request restriction
How to complain about the use of personal information/data, or object to the use or processing of personal information/data:
If you are not satisfied with our response or believe we are not processing your personal information/data legally, you can complain to the Information Commissioner’s Office (ICO).
How we collect personal data for Marketing purposes:
The following are examples, although not exhaustive, of how we collect your personal information:
You providing your personal information to us through an enquiry, instructing us to do work on your behalf, or otherwise
You signing-up to receive one of our e-newsletters
You submitting an online enquiry
You following/liking/subscribing to our social media channels
The use of ‘cookies’ on our website – see below:
What are Cookies
Types of cookies we use:
Like many websites, we make use of session cookies and persistent cookies, neither of which collect any personally identifiable information.
We use session cookies, which only last for the duration of your visit, to enable us to identify that the same person is moving from page to page. Session cookies are deleted the moment you close your browser. An example of how we use session cookies is when we maintain your shopping basket when you move from page to page on our site.
Some cookies we use are persistent, in that they remain on your computer even after you leave our site. These remain on your computer after you have visited our site, meaning the site can remember your settings for when you return. Another reason we use persistent cookies is to help us record visitor trends over time which helps us monitor traffic and what parts of the website are more popular than others.
3rd Party Cookies
From time to time we will embed 3rd party content onto our site which may also use various cookies. These include sites such as Facebook and Twitter, whose cookie usage policy you can view on their own websites.
Below is a list of the main cookies we use, and what we use them for.
This cookie allows our web servers to respond to your actions on the website such as "Add to basket" or browsing the website. The website wouldn't work for you without it.
This cookie allows our web servers to store information about your login details so that you do not need to login each time you visit the site.
Google Analytics allows us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. Google Analytics requires us to pass to Google your IP address (but no other information) – We understand that Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. However as a firm we will not use your IP address for direct marketing.
The cookie contains no personally identifiable information, but it does use your IP address to determine where in the world you are accessing the site from, and to track page visits within the site.
Managing your cookies
You have a number of options when it comes to receiving cookies. You can set your browser either to reject all cookies, to allow only ‘trusted’ sites to send them, or to accept only those cookies from websites you are currently using.
We recommend that you don’t block all cookies because parts of our website rely on them to work properly.
If we collect your personal information/data and may wish to use it for marketing purposes, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We do hope you will ‘opt in’ as we hope that you will find our communications limited, informative, and of benefit to you going forwards, but this is entirely your choice.
If you do choose to ‘opt in’ to receiving marketing communications, you do of course then have the option of ‘opting out’ at any time, and we will ensure that there is an ‘opt out’ facility available for you to access easily from any marketing communication sent to you.
How we protect your personal information in the context of Marketing:
We will only ever use non sensitive basic personal contact information to contact individuals with marketing materials; such as name, address, email. Sensitive information or specific details will never be used to target marketing communications.
If you would like this policy in another format (for example, large print) please contact our DPO by email at firstname.lastname@example.org, or contact our office.