epd Landscape Architects - The Stables, Duxbury Hall Road, Duxbury Park, Chorley PR7 4AT 01257 460 461
We are committed to ensuring the privacy of all individuals whose personal data we collect, hold and process. Such individuals may be the end users of our services, employees of our clients and users of our services, other visitors to our website, and employees of our suppliers and contractors. In this policy, we explain how we hold, process and retain your personal data. Please note, the use of services provided by our Group companies will be subject to their privacy policies with full details available on their websites.
This privacy policy relates to customer data processed and stored by epd landscape. It includes data captured on our website:
1. HOW WE USE YOUR PERSONAL DATA
1.1 This section provides you with information about:
a) What personal data we hold and process;
b) In respect of personal data that we did not collect from you directly, where we obtained that data from, and what types of data we have collected;
c) The purposes for which we may process your personal data; and
d) The legal grounds on which we process your data.
End Users of Our Services
1.2 Contact data. We may process the information you provide to us (“ contact data ”). This contact data may include your name, address, telephone number, email address, date of birth, and may be provided to us in person or through our website. We may use this contact data during the course of providing our services, in conjunction with our partners, suppliers and client, to you. The legal basis for this processing is for the purposes of performing our contract with you, or in taking steps at your request prior to entering into a contract. Completed contact form enquiries will be retained for a maximum of two years after the last correspondence with you after which time they will be destroyed.
Where you have provided your consent for us to do so, we may contact you regarding the latest promotions and offers regarding our products and services, and those of our partner organisation, and to send you newsletters.
Our Suppliers and Contractors
1.3 Supplier data. If you are a sole trader, partnership or self-employed we collect personal data about you such as your name, address, telephone number, email address and employment details (“ supplier data ”). We will process this information to ensure efficient managing of our contract and relationship with you (this could include for the purposes of auditing and debt recovery) and the accurate processing of any related correspondence with you. The legal basis for this processing is for the purpose of performing our contract with you, or in taking steps at your request prior to entering into a contract.
We also use your supplier data to understand your service performance and financial stability for the purposes of supplier monitoring. The legal basis for this processing is our legitimate interest in managing our relationship with you and ensuring that we are able to maintain the quality levels of our service.
The supplier data may also include your card or bank details, and the details of any transaction we enter into with you. The supplier data may be processed for the purposes of administering the payment, for the supply of the purchased goods and services from you and keeping proper records of those payments. The legal basis for this processing is the performance of a contract between you and us, and/or taking steps, at your request, to enter into such a contract, and our legitimate interests – namely our interest in the proper administration of our business.
1.4 Point of contact data. If you are employed by a supplier of goods, services or consultancy which has a contractual arrangement with epd for the provision of such services (the “main contractor”), we may use your information such as your name, email address, telephone number and employment details (the “point of contact data”) to enable us to:
a) Provide supplier contact details for our multi-site operations;
b) Create and maintain project management stakeholder lists;
c) Create and maintain contact lists as required; and
d) Create and maintain a list of past, current and potential suppliers to enable us to contact you for business purposes.
We will treat the main contractor as the controller of any point of contact data that we are provided with. We may receive personal data in respect of such points of contact directly from the main contractor.
We will process any such personal data referred to in this paragraph strictly in accordance with the instructions of the main contractor, not the individual point of contact, including sharing all such data with the main contractor.
1.5 Shared data. Your data may be shared with the authorities who epd or its subsidiary companies and partners are working in partnership with, in order to operate and administer our relationship and contract with you, develop our products and services, systems and relationships with you, understand your requirements, and demonstrate legislative compliance. The legal basis for this processing is our legitimate interests in ensuring that we receive high levels of service from our suppliers and contractors.
Our Business Clients
1.6 Point of contact data. If you are employed by one of our corporate clients, which has a contractual arrangement with epd for the provision of services (the “ main contractor ”), we may use your information, such as your name, email address, telephone number and employment details (the “ point of contact data ”) to enable us to:
a) Provide services to you in accordance with the contract that we have with the main contractor;
b) Communicate with you regarding the provision of services;
c) Improve the services that we provide and to ensure that we maintain our levels of client care;
d) Market appropriate products, services, promotions and offers to the main contractor; and
e) Create contact lists/stakeholder lists for specific projects or activities.
We will treat the main contractor as the controller of any point of contact data that we are provided with. We may receive personal data in respect of such points of contact directly from the main contractor.
We will process any such personal data referred to in this paragraph strictly in accordance with the instructions of the main contractor, not the individual point of contact, including sharing all such data with the main contractor.
The legal basis for this processing is our legitimate interests in supplying products or services from the main contractor, in managing and administering our relationship and contract with the main contractor, and in marketing our relevant products and services to the main contractor.
1.7 Shared data. Your data may be shared with the authorities to whom epd or its subsidiary companies and partners are working in partnership with, in order to operate and administer services to you, develop our products and services, systems and relationships with you, understand your requirements, and demonstrate legislative compliance. The legal basis for this processing is our legitimate interests in ensuring that we maintain high levels of service to our members, clients, and other end users of our services.
Complaints
1.8 Complaint data. When we receive a complaint from a person, we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint (the “ complaint data ”).
1.9 We will only use the complaint data to process the complaint and check on the level of service we provide, or how contracts are performing. We compile and publish statistics from this data, such as the number of complaints we receive, but not in a form that identifies any of the data subjects. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him/her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
1.10 Similarly, where enquiries are submitted to us, we will only use the information supplied to deal with the enquiry and any subsequent issues and to check on the level of service we provide. When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report, or elsewhere. Usually, we do not identify any complainants unless their details have already been made public.
1.11 We will keep complaint data contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two-years from closure. It will be retained in a secure environment and access will be restricted to the ‘need to know’ people.
1.12 The legal basis for this processing is our legitimate interests in dealing with the complaint appropriately and transparently.
Other Processing that We May Carry Out
1.13 Website data. We may process data about your use of our website and services (“ website data ”). The website data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the website data is our analytics tracking system, Google Analytics. The data collected is kept anonymous. We do not make or allow Google to make, any attempt to find out the identities of those visiting our website. You can view Google Analytics’ privacy policy here.
This website data may be processed for the purposes of analysing the use of the website and services. The legal basis for processing is our legitimate interests, namely monitoring and improving our website and services.
1.14 Enquiry data. We may process information contained in any enquiry you submit to us regarding our products or services (“ enquiry data ”) either via the website, email or telephone. The enquiry data may be processed for the purpose of offering, marketing and selling relevant products and/or services to you.
The legal basis for this processing is our legitimate interests in responding to your enquiry appropriately.
We will keep complaint data contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two-years from the last correspondence with you. It will be retained in a secure environment and access will be restricted to the ‘need to know’ people.
1.15 Newsletter data. We may process information that you provide for the purpose of subscribing to our blog and press releases (“ newsletter data ”). The notification may be processed for the purposes of sending you a newsletter.
Where you are a point of contact at one of our corporate customers, the legal basis for this processing is our legitimate interests, namely the marketing of relevant products and services to you.
Where you are a member or end user of our services, the legal basis for this processing is consent.
1.16 Correspondence data. We may process information contained in, or relating to any communication that you send to us (“ correspondence data ”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communication made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communication with users.
1.17 Payment data. We may process payment information relating to products and services that you purchase from us (“payment data”). The payment data may include your contact details, your card details and the transaction details. The payment data may be processed for the purposes of administering the payment, for the supply of the purchased goods and services, and keeping proper records of those payments. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract, and our legitimate interests, namely our interest in the proper administration of our website and business.
1.18 Other processing activities. In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2. PROVIDING YOUR PERSONAL DATA TO OTHERS
2.1 Sharing your data with our partners. Your data may be shared with the authorities who epd or its subsidiary companies and partners are working in partnership with, in order to operate our business and administer and develop our services and demonstrate legislative compliance. The legal basis for this processing is our legitimate interests in ensuring that we maintain high levels of service to our members, clients, and other end users of our services.
2.2 Social media platforms. If you join one of our social media accounts, please note that the provider of each social media platform has its own privacy policy and we do not accept any responsibility or liability for these policies.
2.3 To our service providers. We may also disclose your personal data to certain reputable third party service providers, such as cloud and IT service providers and other contractors whose services are required to enable epd to provide its services to its clients.
2.4 Our insurers/professional advisors. We may disclose your personal data to our insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
2.5 Where we provide your personal data to any third party. Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data-processing agreement with that third party.
2.6 Main contractors. We may share personal data with main contractors as set out in paragraphs 1.5 and 1.7 above.
2.7 To comply with legal obligations. In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interest of another individual.
2.8 MailChimp. epd utilises MailChimp as its email marketing host. If you choose to register for our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing, or until you specifically request removal from this list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you, or by requesting removal via the email address published on our website. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
You can view MailChimp’s privacy policy here for further information.
3. TRANSFERS OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an “adequacy decision” with respect of the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, data transferred outside of the EEA will be protected by appropriate safeguards.
4. RETAINING AND DELETING PERSONAL DATA
4.1 Personal data that we process for any purpose, or purposes, shall not be kept for longer than is necessary for that purpose, or for those purposes.
4.2 Unless we contact you and obtain your consent for us to retain your personal data for a longer period, we will retain and delete your personal data in accordance with our retention period.
4.3 We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. AMENDMENTS
5.1 We may update this policy from time-to-time, by publishing a new version on our website.
5.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
5.3 We may notify you of changes to this policy by email.
5.4 This privacy policy was last updated on 11th April 2018.
6. YOUR RIGHTS
6.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
a) Your request being found to be unfounded or excessive, in which case a charge may apply; and
b) The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank, plus an original copy of a utility bill showing your current address).
6.2 We may withhold personal information that you request to the extent permitted by law.
6.3 You may instruct us at any time not to process your personal information for marketing purposes.
6.4 In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal data for marketing purposes.
6.5 Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to that personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
6.6 Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purpose of processing, you also have the right to have any incomplete personal data about you completed.
6.7 Your right to erasure. In certain circumstances, you have the right to have the personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold the personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; the personal data has been unlawfully processed. However, there are certain general exclusions to the right to erasure, including where processing is necessary: for exercising the right to freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
6.8 Your right to restrict processing. In certain circumstances, you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; or you have objected to processing and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for the reasons of important public interest.
6.9 Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.
6.10 Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only so far as our legal basis for processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
6.11 Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation unless the processing is necessary for performing a task carried out for reasons of public interest.
6.12 Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used, and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
6.13 Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with the supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
6.14 Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
6.15 Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
6.16 Point of contact data. Paragraphs 6.1 – 6.14 shall not apply to data obtained or processed by epd in respect of points of contact in connection with the main contractor (as defined in paragraphs 1.9 and 1.11 above). In respect of such data:
a) epd is acting as a processor of that data and the main contractor is the controller;
b) Points of contact should contact the main contractor to exercise the rights set out in paragraph 6.
7. IP ADDRESSES AND COOKIES
Cookies are very small text files that are stored on your computer when you visit some websites. We use cookies to help identify your computer, including where available, your IP address, operating system and browser type, for system administration so we can keep your activity secure, tailor your experience and remember your preferences. This is statistical data and does not identify any individual. You can disable cookies already stored on your computer or clear your browser storage, but this may result in losing preferences that you have already set. For more information, please refer to the cookies policy hosted on our website.
8. OUR DETAILS
8.1 This website and software are owned and operated by epd landscape.
8.3 You can contact us:
a) By post using the postal address given below;
b) Using our website contact form;
c) By telephone, or the contact number published on our website;
d) By email, using the email address published on our website.