Home About us GDPR - Data Retention and Protection Policy

GDPR - Data Retention and Protection Policy

Aim

Keith Douglas Partnership (KDP) needs to collect certain information about its clients and other business professionals including contractors to manage its affairs. This policy statement sets out the processes and procedures adopted by KDP as to how data is to be collected, handled, stored and ultimately destroyed in compliance with the Data Protection Act and the General Data Protection Regulations. KDP will review this policy annually.

The Data Protection Officer (“DPO”) is Keith Douglas FRICS MCIArb

In this policy statement the term “Data” is used to mean the personal information held by KDP in respect of each client etc of KDP

Data Protection Officer’s responsibilities

  • The DPO is responsible for:
  • Keeping up to date on data protection responsibilities, risks and issues
  • Reviewing all data protection procedures and policies
  • Handling data protection queries from clients etc
  • Dealing with requests from clients etc to see the data that KDP holds on them

Collection of Data

The Data required by KDP is not sensitive. Data is collected at the time of initial contact. It is updated if details change.

It comprises basic contact details: name, email, mailing address and telephone number.

Use of Data

Data is to be used solely for KDP purposes to communicate with clients and other building professionals and to process work in relation to the business.

Consent to hold Data

The Data compiled to date has not had explicit consent granted by the client etc for its retention or use. However, the Legitimate Interest exemption applies, and it is not the intention of KDP that consent will be sought retrospectively.

Retention and Disposal of Data and Compliance with conditions

Access to the Database is password protected and only principals and employees are permitted to have access to the Database.

Security of Data

Files containing paper copies of the Data Form are held under lock and key The Database, which is held electronically, is (i) password protected (ii) restricted to the principals and employees of KDP and (iii) held on computers which are in physically secure locations. 

General Guidelines

  • If on paper, the data should be kept in a locked drawer or cabinet
  • Paper data no longer required should be destroyed
  • Electronic data should be protected by a strong password
  • Personal data should not be disclosed to anyone not authorised to see it
  • Removable data (CD DVD etc) should be locked away when not in use
  • Data should be backed up frequently
  • Servers and computers should be protected by approved software
  • Data should not be saved directly onto laptops or other mobile devices

Use of Data

Data is used in the following ways:

  • To contact clients etc via mail, email to progress business

KDP regards these uses as non-intrusive and covered by the Legitimate Interest exemption set out in the GDPR.

Subject Access Requests

KDP will provide any member with a copy of the Data held by KDP in respect of that client. Application should be made in writing by the member to the DPO and a response will be sent to the member within 10 working days.

The DPO will always verify the identity of the person making the request before handing over the information requested.

Privacy Statement

KDP will provide a Privacy Statement, in the form shown at Appendix B, to be made available to all data providers and to be widely circulated via email, and on the KDP website.

APPENDIX B.

Privacy Statement under the General Data Protection Regulations

Keith Douglas Partnership (KDP) are Chartered Building Surveyors specialising in Party Wall Act administration and practice. We communicate on client’s behalf with Building Professionals, Contractors etc. We comply with the Data Protection Act 1998, and electronic communications will be made in accordance with the General Data Protection Regulations (GDPR) 2018.

As detailed below KDP collects personal information from clients etc. in the form of basic contact details to communicate about work which they require.

 We do not hold any Sensitive or intrusive data within the meaning of the Act. We do hold the following information:

  • full name and title of each client, business professional, contractor etc.
  • postal address, email address and phone number

Electronic Data is kept on our database software and is password protected. Any paper data is kept under lock and key. Access to the data is limited to principals and employees.

Clients etc. are entitled to inspect their own data if they so wish. They should contact the KDP Data Protection Officer by email or in writing if they wish to do so.

For compliance reasons we keep your data for a minimum of 6 years after the last occurrence. After 6 years you may instruct us at any time to remove your data.

We understand that clients, personal information and privacy are important to them. We make every effort to ensure that the information they share with us is recorded accurately, retained securely and used only according with the details set out above. We protect client’s personal information and adhere to all current data protection act legislation with respect to protecting privacy. We do not give out, sell or trade our mailing list data with third parties except for the above mentioned relevant bodies.

 

Main Menu