- What We Do
This policy relates to the privacy and the data protection practices which apply to Barker Associates and our website www.barker-associates.co.uk
Our aim is to protect our clients, employees and website users’ privacy whilst providing a personalised and valuable service. Collecting personal information is necessary if we are to satisfy the expectations and requirements of our users, i.e. to communicate and to enable an interactive service. In this policy we explain what information we collect, what we do with it and what controls you have.
All information provided to us will be managed sensitively and distributed in accordance with agreed protocols. Any personal information provided to us is treated in accordance with the Data Protection Act, registration number ZA517283, General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations (PECR) and our in-house Privacy GDPR Compliance Policy.
Any personal information such as name, postal address, telephone number and email address given to us will only be used to provide a requested service in line with our contractual agreement and/or to respond to an enquiry. This will not be disclosed to any other third party without your prior permission; unless we are required to do so by law.
We are committed to protecting our employees, clients and users’ privacy. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration or destruction of personal data we store.
All client and project data is stored on a secure CMS system and CRM system -Zoho.
All computers are protected against virus attacks and malware by ‘Sophos’ and ‘Mimecast’ security software which provides advanced email security, antivirus, antispam protection, TLS encryption, Data Leak Prevention, Documents Services and Attachment Management security software. We have a secure hardware firewall between our internal systems and the outside world. All devices and connections are password protected.
We have implemented an Ultimate Disaster Recovery Solution which is supported by our IT provider “Epic IT Ltd’’. Our Disaster Recovery Policy explains in more detail the safeguarding we have in place, a copy of which is available upon request.
Our website is SSL (Secure Sockets Layer) certified which keeps data secure between servers. Any enquiry/information entered through our website is encrypted.
Project files are kept in accordance with the RICS and RIBA recommendations for a maximum period of 15 years. Archive files are stored off-site in a secure fireproof warehouse with an outsourced company ‘Oasis Information Secured’.
We have continuous Cyber & Data Liability cover with Hiscox Insurance Company Ltd.
We maintain a Personnel Data Register of our staff and job applicants. Information provided to us will be held for the period of their employment with us and 7 years thereafter for legal/reference purposes.
Information provided to us for Job Vacancies either directly, via our website or an agency will be retained for a period of two years should suitable opportunities become available during this period.
Other data protection practices we maintain are document shredding, secure locked personnel files with authorised key access only.
Certain projects may require us to share personal information data with third parties such as contractors, sub-contractors, insurers, photographers, recruitment agencies. This information will be shared as per the project requirements or individual basis and in prior agreement with you. Should you not wish for us to share this information please inform your Project Manager or Practice Manager in case of employees.
At times we may use third party service providers such as Mail Chimp, Zoho and Rocketseed to help us operate our business and the site or administer activities on our behalf, such as sending out surveys and marketing emails. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
We also use social media – Facebook, Twitter and LinkedIn to share our practice news, industry updates, project updates, testimonials and case studies. Every effort will be taken to anonymise our social media updates, on the occasion that a reference has to be made this will be done with prior permission.
We may contact individuals who have expressed an interest in our services at an event to respond to their enquiry. Opportunity to unsubscribe/opt-out of such communication will be provided with every email.
We may use a project as a case study, including client feedback/testimonials, photographs and video where available for marketing purposes via brochures, postcards, website and social media where prior permission has been granted.
At times we may invite you to networking events. You will be provided with an opportunity to opt-out/ unsubscribe from further correspondence should you not wish to receive these invitations.
Our marketing activities comply with the General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulations (PECR).
Barker Associates will review this Policy annually and as required.