This policy explains how Mitchell Evans LLP uses the personal information collected from you for the operation of daily business processes. It also describes how long that information is kept for and the limited circumstances in which we might disclose it to third parties.
Personal details we hold
Mitchell Evans LLP typically hold two types of personal information which allow us to carry out our regular business processes:
- Customer provided information – Customers’ contact details, i.e. addressees’ names, telephone numbers, postal, and email addresses.
- Customer contact records – Records of calls, incoming letters, emails and personal information provided via the form on our website are maintained for auditing, training and service improvement purposes.
Length of time information will be held
In order to comply with the General Data Protection Regulation (“GDPR”), your details will be kept for an appropriate period, which will vary according to the type of data being held and the purpose for which it is held. Details of the appropriate retention periods are set out in Addendum A to this Policy Statement.
How to access your personal data
If you wish to see full details of the information which Mitchell Evans LLP hold in connection with you, you will need to make a subject access request under the GDPR. To initiate a subject access request, email: GDPR@mitchellevans.co.uk or call us on 01483453453.
Keeping your details secure
We store all of your information in servers at our offices, with back-up copies of the information kept in highly secure UK data centres managed by our IT consultants, where data is protected by the latest encryption and firewall technology. Your data will not be sent overseas as part of the normal day-to-day business activities of Mitchell Evans LLP.
Legal basis for processing personal data
We will only use your personal information when the law allows us to and for the purposes for which it was collected. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We take the view that we have a legitimate interest in retaining personal data provided to us by prospective customers for 12 months because experience shows that there is commonly an interval of up to 12 months between the time when we are first approached and the date when a contract for a project is concluded.
Sharing personal information
Personal data may be shared with third-party organisations only in limited circumstances. This is most likely to occur where a customer requests us to provide project-related information to a third party, a planning consultant or structural engineer, for example. On rare occasions it may be necessary for us to disclose personal data to a third party in order to comply with a legal requirement or to pursue or defend claims or where we have a legitimate interest in sharing information in order to protect our interests..
Mitchell Evans LLP Privacy Notice
Mitchell Evans LLP have fully committed to comply with the GDPR following its implementation on the 25 May 2018. In relation to our collection and processing of personal data, please see the information below:
Section 1 – Collection of Data
Mitchell Evans LLP will be the data controller, and the contact details for the company are:
Data Protection Officer: Ian Bocutt
Collected data will be stored on Mitchell Evans internal file servers, with back-up copies stored by our IT consultants as described above. Mitchell Evans LLP will store any correspondence from you in electronic format in a correspondence recording system which is appropriately protected by passwords.
Section 2 – Processing of Data
Personal data will be stored for a period which is appropriate according to the type of data which is held and the purpose for which it is kept, including payments, account management and enquiries. Our retention timescales are quoted in Addendum A.
Under the GDPR you have the following rights to request information from the company:
- Right of access to the data (Subject Access Request)
- Right for the rectification of errors
- Right to erasure of personal data
- Right to restrict of processing or to object to processing
- The right to portability
Please note that some of these rights are dependent on conditions set out in the GDPR.
You have the right to lodge a complaint with a supervisory authority (in the UK this is the Information Commissioners Office).
We will not process the personal data we hold for a purpose other than that for which it was originally collected.
ADDENDUM A – TIMESCALES
|Type of information||Length of time record will be held|
Information collected from prospective clients when we are first approached, either by email, post or telephone.
Client information, including all drawings, emails, account information and correspondence.
7 years following completion of project.
Supplier information, including all order and account information.
7 years following the last transaction.