Pozzoni Architecture Limited (Pozzoni, we, us, our) is committed to protecting the privacy and security of personal data.
Whether you are a client, prospective client, contact, supplier or prospective supplier of ours, we treat all your personal data in the same manner and we are committed to protecting the privacy and security of personal data.
This Privacy Statement describes how we collect, use and look after your personal data, the lawful basis for processing it and your rights.
Personal information we collect about you
Depending on the nature of our relationship or potential relationship with you, we may collect, store and use the following types of information:
- Company contact details such as name, title, email address, company address and telephone numbers;
- Records of your attendance at any events hosted by us and your marketing preferences so that we know whether and how we should contact you.
How we collect your personal data
We collect personal data in a variety of ways including the following:
- Directly from you as a client or prospective client when you call or attend our office, make an enquiry with us, or otherwise correspond with us;
- Directly from you as a client when corresponding with you regarding a project commission;
- Directly from you as a supplier or prospective supplier when you call or attend our office, make an enquiry with us, or otherwise correspond with us.
How we use your personal data
We will only use your personal data when the law allows us to and we have set out below how we use your personal data, what personal data we use and the lawful basis for doing so.
Purpose / Activity
Type of data
Lawful basis for processing
|To respond to your enquiry||Your contact details and the information you provided when making the initial enquiry / contact.||
|To set you or the third party you represent up as our client or supplier||Contact details and identification data||
|To provide architectural services to you or the third party you represent and manage our relationship with you||Your contact details, client / supplier records, financial and transactional data and any marketing preferences||
|To manage payments, fees and debt recovery||Your contact details and financial records||
|To provide you with information about our services, mailshots and to invite you to our client events||Identity and contact details||
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your information.
We will only send marketing communications (whether by post or email) to you where you have either instructed us to provide architectural services and you have not opted out of receiving such communications or given your consent otherwise. We may also send you invitations to our events. Please let us know if you do not wish to be included in our mailing lists. You can withdraw your consent at any time by contacting us to confirm this or, where included, clicking the unsubscribe button on an email.
We will not share your personal data with any third parties for their marketing purposes.
Change of purpose
We will only use your personal data for the purpose that we originally collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to use your personal data in this manner.
We may process your personal data (without your knowledge or consent) where this is required or permitted by law.
Sharing your personal data
We may need to share your personal data with third parties in order to provide our services to you, to receive goods or services from you or as necessary for our legitimate interests. Such third parties include:
- Any Consultants or other suppliers who may need to be involved with any projects we are commissioned to you on;
- Our service providers acting as processors, including IT (hardware and software) and
- Telecommunication, support service providers in order to operate and maintain our IT and Telecommunications systems and software.
Where we engage third parties to process data on our behalf, we will ensure wherever possible by entering into appropriate agreements with such third parties, that they take such measures to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.
Should any of our external third-party providers be based outside the European Economic Area (EEA), we would only transfer your data where we have your explicit consent.
If it were necessary for us to transfer your personal data out of the EEA, we would ensure a similar degree of protection is afforded to it by ensuring they are of reputable standing and committed to protecting your privacy. We would require at least one of the following safeguards to be implemented:
- The country has been deemed to provide an adequate level of protection for personal data by the European Commission;
- Specific contracts approved by the European Commission are in place with the service provider which give personal data the same protection it has in Europe; or
- The transfer is to a US based service provider under the Privacy Shield.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. However, we may be legally required to keep certain information (including contact, identity, financial and transaction data) for up to six or twelve years depending on the type of contract we have engaged with you on.
Your legal rights
Under data protection law, you have certain legal rights in certain circumstances. If you wish to exercise any of your rights, please contact us.
We may request specific information from you to help us confirm your identity when you contact us. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request if particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the following legal rights in relation to your personal data:
- Access your data: You can ask for access to and a copy of your personal data for you by contacting us at email@example.com
- Correction: You can ask us to correct any incomplete or inaccurate personal data we hold about you by contacting us at firstname.lastname@example.org
Erasure: You can ask us to delete or remove your personal data by contacting us at email@example.com where:
(a) There is no good reason for us continuing to process it;
(b) You have successfully exercised your right to object (see below);
(c) We may have processed your information unlawfully;
(d) We are required to erase your personal data to comply with local law.
We may not always be able to comply with your request for specific legal reasons, which will be notified to you at the time of your request.
- Object: You can object to the processing of your personal data where:
(a) Where we are relying on our legitimate interest (or those of a third party) as the basis for processing your personal data, if you feel it impacts on your fundamental rights and freedoms;
(b) Where we are processing your personal data for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms and, in such circumstances, we can continue to process your personal data for such purposes.
Restrict processing: You can ask us to suspend or restrict the processing of your personal data, if:
(a) You want us to establish the accuracy of your personal data;
(b) Our use of your personal data is unlawful, but you do not want us to erase it;
(c) You need us to hold your personal data (where we no longer require it) as you need it to establish, exercise or defend legal claims;
(d) You have objected to our use of your personal data, but we need to verify whether we have overriding legitimate grounds to use it.
- Request a transfer: You can request a transfer of your personal data which is held in an automated manner and which you provided your consent for us to process such personal data or which we need to process to perform our contact with you, to you or a third party. We will provide your personal data in a structured, commonly used, machine-readable format.
- Withdraw your consent: You can withdraw your consent at any time (where we are relying on consent to process your personal data). This does not affect the lawfulness of any processing carried out before you withdraw your consent.
Lawful basis for processing and processing activities
The lawful basis upon which we may rely to process your personal data are:
- Consent: You have given your express consent for us to process your personal data for a specific purpose.
- Contract: The processing is necessary for us to perform our contractual obligations with you under our contract, or because you have asked us to take specific steps before entering into a contract with you.
- Legal Obligation: The processing is necessary for us to comply with legal or regulatory obligation.
- Legitimate interests: The processing is necessary for our or a third party’s legitimate interest, eg in order for us to provide the best service to you. Before we process your personal data on this basis, we make sure we consider and balance any potential impact on you and we will not use your personal data on this basis where such impact outweighs our interest.
Aggregated data: Information such as statistical or demographic data which may be derived from personal data, but which cannot by itself identify a data subject.
Controller: A body that determines the purpose and means of processing personal data.
Data subject: An individual living person identified by personal data (which will generally be you).
Personal data: Information identifying a data subject from that data along or with other data we may hold, but it does not include anonymised or aggregated data.
Processor: A body that is responsible for processing personal data on behalf of a controller.
Special categories of personal data: Information about race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, health, genetic, biometric date, sex life, sexual orientation.
lCO: Information Commissioner’s Office, the UK’s supervisory authority for data protection issues.