Data Privacy Statement

Sohnius & Perry Limited

Introduction

In the course of normal business activities, Sohnius & Perry Limited (“S&P”) collect, store and process some personal information. We recognise our responsibilities to protect these data and to handle them responsibly.

This document is intended to inform you what information we collect, why we collect it and what we do with it. It also explains important rights that you have to access and control personal data, held in our systems, that relate to you as an individual.

What do we not do with your data?

In the following, we outline which personal data we hold, how we keep them safe, and what we do (and do not do) with them.

A. What data do we hold?

Personal data held by S&P fall into the following categories:

1. Data about business suppliers. These are personal data of individuals within other businesses who offer goods or services, and with whom we may or may not have done business. Most of these data were copied from publicly available sources, such as web pages, or given to us at trade shows in the form of leaflets or business cards, or given to us verbally by a representative of the business in question. These may include:

1a. Personal data (such as name, telephone numbers, email and home addresses) of individuals associated with our suppliers, most obviously in the case of sole traders and craftsmen. In some cases this may also include contact information that was given to us about family members, such as partners' or children's names. This data is held because S&P have a legitimate interest in holding them.

1b. Financial details (bank accounts) if we have made payments to a business or an individual supplier. These data will have been provided by the supplier in question and are therefore held with their consent. We hold no credit or debit card information.

2. Data about clients. As is inevitable in the case of a business specialising in domestic architecture, we have abundant information about our clients and, in cases where a project progressed past the initial stages, also about their homes. Holding these data is part of our contract, which may range from a verbal contract, if all we provided is some advice, to a multi-page, detailed, written contract in cases where we did extensive work. The data may include:

2a. Personal data. We hold information about names, telephone numbers, email addresses, home and alternate addresses and often also work place addresses and work telephone numbers for all our current or former clients, possibly also their spouses (who are usually joint clients anyway). Sometimes we also hold some information about other members of their household, including children. The latter is usually provided by the clients at our request because domestic architecture should in our opinion address the needs of everyone in the household and their views need to be sought and taken into account.

2b. Financial data. We usually have a rough idea about the financial position of our clients, as is needed for budgeting a potential project. We rarely have more information than that, in particular we usually have no records of clients' bank accounts.

2c. Data about private dwellings. In cases where a project had gone past the initial consultation stage, we may have very detailed drawings of our clients' houses, both before and after alterations are made.

2d. Data about computer networks. Sohnius & Perry Ltd also provides consultancy in the field of computer networking. Arising from that activity, which is not advertised in these web pages, we hold data about the architecture and configuration of our customers' data and voice networks and of the hardware on which they are implemented. As our consultancy clients are major corporations, there are stringent non-disclosure agreements in place covering these data, which do not usually include any personal data. They would have been collected under contract.

3. Data about current and former employees. By law, we are obliged to keep certain data about employees. We keep these (PAYE details, bank accounts, copies of passports, employment contracts, etc.) and no more.

B. Where do we hold these data and how are we keeping them safe?

All data are kept in house, on our own computers. We do not use service providers or cloud storage. The web site, which is hosted externally, does not include any personal data about others and we take care to make sure that pictures of buildings cannot easily be associated with addresses.

Our computers are properly password protected and, where they are connected to the Internet, are secured by proper professional-grade firewalls. Data backups are kept under lock and key. Other than telephone numbers of current clients and suppliers, no personal data about others are kept on hand-held devices. Laptop computers, if they are taken physically out-of-house, will only contain data immediately relevant to the job at hand and to the purpose for which they are taken out-of-house in the first place.

C. Data retention

We retain personal data only for as long as is necessary in order to:

In come cases, such records are currently kept indefinitely, particularly records about work to buildings which is expected in some cases to last for generations. As our liabilities can extend far into the future, we need to keep plans, designs, specifications, correspondence and other business records for extended periods, possibly decades. We also need to be able to contact former clients far beyond the duration of the actual projects.

D. How do we use personal data?

We will contact individuals only to:

1. Discuss ongoing projects with current clients,

2. Inform former clients about developments that may impact a completed project,

3. Ask suppliers and craftsmen for specific advice, ask them to quote for a job or generally inquire about the products and services they offer.

E. Your rights to your data

If you wish to know what personal data we hold on you, you should contact us at the telephone number or email addresses given elsewhere on this web site. All personal data requests will normally be answered within 28 days. It may be necessary for us to verify your identity before we can release this information to you.

Personal Data Deletion Requests. We respect your “right to be forgotten” and will respond appropriately and promptly to all data deletion requests.

In the event that it is necessary for us to continue to hold your data to meet statutory compliance requirements we will explain the basis of this clearly to you and work with you to achieve a satisfactory outcome (say through archiving, minimising or anonymising your live data where possible).