We are Naismiths limited, a company registered in England and Wales with company no. 07109104 and registered address at Lancaster House, 67 Newhall Street, Birmingham, B3 1NQ (“Naismiths”, “we”, “our”, “us”). For the purposes of data protection law, we will be a controller of the personal information we hold about you. This means we make decisions about how and why your information is used, and have a legal duty to make sure that your rights are protected when we do so. This policy explains what personal information we collect when you visit http://www.naismiths.com/ (our “Website”), or when you enter into a contract with us on behalf of your business.
2.THE INFORMATION WE COLLECT
We collect personal information about you in several ways, as discussed below:
Information You Give Us
If you contact us about a potential building project you would like our help with, to apply for a vacancy we have advertised, or for any other reason, we will keep a record of that correspondence. We will also retain your e-mail address where you have subscribed to our newsletter. If you have sent us photographs of a building, property or other asset, we will also retain these – they may include identifying details e.g. images of bystanders.
If we enter into an agreement with you (or your employer), we may need to collect and retain certain personal information in order to carry out the work we have agreed to do. This may include:
- your name and business contact details;
- the location(s) of the properties we are assisting with; and
- details of project managers, builders, suppliers and other professional advisors connected with a project.
We collect personal data about job applicants or potential candidates in a number of ways.
- Direct contact: when you apply for a vacancy at Naismiths yourself;
- Referral: when a recruiter passes your personal information to us in connection with a vacancy we have advertised; or
- Passively via LinkedIn: we use LinkedIn to locate, and conduct due diligence on, potential job candidates.
Special Category i.e. Sensitive Personal Information
We will not typically collect information that is particularly sensitive – that is, information relating to your race or ethnic origin, political opinion, religious or other similar beliefs, trade union membership, physical or mental health, sexual orientation or criminal records.
When you visit our Website, we may collect technical data about the device you are using, including where available your IP address, operating system and browser type. This is used for system administration and to improve the look and feel of our website. See section 3 for more about the technical data we collect through cookies.
Cookies are small pieces of information that are stored on your browser on the hard-drive of your device.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Website.
- Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around our Website. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We use Google Analytics to provide this information. You can find out more below.
Our Website uses Google Analytics for internal analysis of visitor behaviour and trends, to evaluate traffic flow (e.g. busiest times of day/week) and to assess the relative popularity of different parts of our Website. We use the information we collect to monitor the number of visitors to the different sections of our Website, and to help us make it more useful to visitors.
We do not share individual data or track user behaviour after you have left our Website.
If you do not wish to participate, you can:
5.HOW WE USE YOUR PERSONAL INFORMATION
We will only use your personal information when the law allows us to. Most commonly, the following legal bases will apply:
- where we need to perform a contract with you (or your employer);
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (see the “Legitimate Interests” section below); or
- where we need to comply with a legal or regulatory obligation.
We do not sell, rent or trade your personal information to any third party for marketing purposes.
We may use personal information held about you in the following ways:
- to deal with your enquiries, comments or requests;
- to carry out work we have agreed to undertake;
- where you have applied/have been put forward for a vacancy at Naismiths, to progress your application; or
- where we have found your personal information via LinkedIn, for the purposes connected with recruitment.
If we send you a message on LinkedIn and you are not interested in hearing from us any further, you can opt-out by replying to the message directly, asking us to remove your details.
You can also prevent us from contacting you using LinkedIn’s own settings.
We may rely on legitimate interests to process your personal information, provided that your interests do not override our own.
Where we rely on legitimate interests, these interests are:
- to keep our records updated and to study how our Website and other services are used;
- to administer and protect our business and web presence (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting);
- to inform our marketing strategies; and
- to find quality candidates for job vacancies at our company.
7.KEEPING YOUR PERSONAL INFORMATION SAFE
We employ a variety of physical and technical measures to keep your personal information safe and to prevent unauthorised access to, use or disclosure of it. We control who has access to your data (using both physical and electronic means). Our staff receive data protection training and are competent to handle personal information.
8.STORAGE AND RETENTION
We typically store your personal information on servers located within the European Economic Area (“EEA”). However, if we need to transfer it outside of the EEA, we will take all steps reasonably necessary to ensure that any personal data transferred is treated securely and in accordance with applicable data protection laws.
We do transfer your personal information to our IT cloud provider. However, we will always make sure that the provider we choose is contractually required to have a minimum standard of security and privacy in place when they process it.
How long we keep it
We collect and store personal information for purposes connected with our business. As such, we will only retain your personal information for as long as necessary for those purposes. We will retain personal information about the services we provide for a period of 7 years, in order to fulfil our legal and regulatory obligations, and guard against future legal claims.
If we process your personal information for recruitment purposes and you are unsuccessful, we will retain it for a period of 1 year from the date on which we inform you that your application has been unsuccessful. Alternatively, if we have obtained your personal information from LinkedIn but you have opted not to apply to one of our vacancies, we will only retain it for a period of 3 months from the date on which we first contacted you, unless you ask us not to get in touch with you any further, in which case, we will keep a record of this on our candidate suppression list.
Disclosing Your Personal Information
Except for as described in section 9 below, we will not disclose your personal information to a third party without your consent. Where we are permitted to do so by law, we will first contact you and let you know about the disclosure of your personal information and give you a chance to object.
9.DISCLOSURES REQUIRES BY LAW
We are subject to the law like everyone else. We may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
We also may need to retain and disclose certain personal information about you to regulatory authorities and to appropriate agencies to conduct anti-money laundering and trade sanction checks, or to assist with fraud prevention. We will disclose this information as is required by law.
10.ACCESS TO YOUR PERSONAL INFORMATION
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- where your personal information is processed on the basis of consent, the right to withdraw that consent;
- the right to confirmation as to whether or not we are holding any of your personal information and, if we are, to obtain a copy of it;
- the right to have certain data provided to you in a portable electronic format (where technically feasible);
- the right to have inaccurate personal information rectified;
- the right to object to your personal information being used for marketing or profiling, or on the basis of our or a third party’s legitimate interest;
- the right to restrict how your personal information is used; and
- the right to be forgotten, which allows you to have your personal information erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using it for a lawful reason).
If you would like further information about any of your rights or wish to exercise them, please contact us using the details given in section 1.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
11.UPDATING THIS POLICY
We may update this Policy at any time. When we do, we will post a notification on the main page of our Website and we will also revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This policy was last updated on 2nd July 2018.