Mitchell Evans

This policy explains how Mitchell Evans LLP uses the personal information collected from you for the operation of daily business processes. It also describes how long that information is kept for and the limited circumstances in which we might disclose it to third parties.

1. Personal details we hold

Mitchell Evans LLP typically hold the following types of personal information which allow us to carry out our regular business processes:

  1. Identity Data such as customer provided information which includes customers’ contact details, i.e. addressees’ names, telephone numbers, postal, and email addresses.
  2. Contact Data such as customer contact records which includes records of calls, incoming letters, emails and personal information provided via the form on our website are maintained for auditing, training and service improvement purposes.
  3. Financial Data which includes bank account and payment card details.
  4. Transaction Data which includes details about payments to and from customers and other details of products and services customers have purchased from us.
  5. Technical Data which includes internet protocol (IP) address, customers’ login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices customers use to access our website.
  6. Profile Data which includes customers’ username and password, purchases or orders made by customers, customers’ interests, preferences, feedback and survey responses.
  7. Usage Data which includes information about how customers interact with and use our website, products and services.
  8. Marketing and Communications Data which includes customers’ preferences in receiving marketing from us and our third parties and customers’ communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal customers’ identity.

2. How is personal data collected?

We use different methods to collect data from and about customers including through:

  1. Customers’ interactions with us
    You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

    • apply for our services;
    • request marketing to be sent to you;
    • enter a competition, promotion or survey; or
    • give us feedback or contact us.
  2. Automated technologies or interactions
    As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy at mitchellevans.co.uk/cookies for further details.
  3. Third parties or publicly available sources
    We will receive personal data about you from various third parties as set out below:

    • Technical Data is collected from analytics providers such as Google Analytics and HotJar, advertising networks such as Meta Ads and Google Ads, and search information providers such as Google Search Console and Bing Webmaster Tools (these may be based outside the UK).
    • Identity and Contact Data is collected from publicly available sources such as Companies House and the Electoral Register (based inside the UK).

3. Length of time information will be held

In order to comply with the General Data Protection Regulation (“GDPR”), your details will be kept for an appropriate period, which will vary according to the type of data being held and the purpose for which it is held. Details of the appropriate retention periods are set out in Addendum A to this Policy Statement.

4. How to access your personal data

If you wish to see full details of the information which Mitchell Evans LLP hold in connection with you, you will need to make a subject access request under the GDPR. To initiate a subject access request, email: arch@mitchellevans.co.uk or call us on 01483 453453.

5. Keeping your details secure

We store all of your information in servers at our offices, with back-up copies of the information kept in highly secure UK data centres managed by our IT consultants, where data is protected by the latest encryption and firewall technology. Your data will not be sent overseas as part of the normal day-to-day business activities of Mitchell Evans LLP.

6. How we use your personal data

6.1 Legal basis for processing personal data

We will only use your personal information when the law allows us to and for the purposes for which it was collected. Most commonly, we will use your personal information in the following circumstances:

  1. Performance of a contract with you
  2. Legal obligation
  3. Legitimate interests — for example to prevent fraud and enable us to give you the best and most secure customer experience. We balance any potential impact on you and your rights before processing.
  4. Consent — where we have obtained your active agreement to use your personal data for a specified purpose (for example subscribing to an email newsletter).

We retain personal data provided by prospective customers for 12 months where we have a legitimate interest, because typically there may be up to 12 months between first approach and contract conclusion.

6.2 Sharing personal information

Personal data may be shared with third-party organisations only in limited circumstances, for example where a customer requests project-related information be provided to a third party (a planning consultant or structural engineer), or where disclosure is necessary to comply with a legal requirement or to pursue or defend claims.

7. Mitchell Evans LLP Privacy Notice

Mitchell Evans LLP has fully committed to comply with the GDPR following its implementation on 25 May 2018. In relation to our collection and processing of personal data, please see the information below:

7.1 Section 1 – Collection of Data

Mitchell Evans LLP will be the data controller. Data Protection Officer: Debbie Ridd — debbie@mitchellevans.co.uk.

7.2 Section 2 – Processing of Data

  1. Purposes for which we will use your personal data: Personal data will be stored for a period appropriate to the type of data and the purpose, including payments, account management and enquiries. Retention timescales are quoted in Addendum A.
  2. Direct marketing: You may receive marketing communications if you have requested information or purchased services and have not opted out. We may also analyse data to inform relevant marketing communications.
  3. Third-party marketing: We will get your express consent before sharing your personal data with any third party for their own direct marketing purposes.

8. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access is limited to employees, agents, contractors and third parties who have a business need to know and who are subject to confidentiality obligations.

We have procedures to deal with suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

9. Your legal rights

Under the GDPR you have the following rights:

  1. Right of access (Subject Access Request).
  2. Right to rectification of errors.
  3. Right to erasure (subject to legal exceptions).
  4. Right to restrict or object to processing.
  5. Right to data portability.
  6. Right to object at any time to processing for direct marketing purposes.

You also have the right to lodge a complaint with a supervisory authority (in the UK this is the Information Commissioner’s Office).

10. No fee usually required

You will not normally have to pay a fee to access your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply in those circumstances.

11. What we may need from you

We may need specific information from you to confirm your identity and ensure your right to access personal data. This is a security measure. We may also contact you for further information to speed up our response.

12. Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take longer for complex requests; if so, we will notify you and keep you updated.

13. Complaints

You have the right to make a complaint to the ICO (www.ico.org.uk). We would appreciate the chance to deal with concerns first, so please contact us in the first instance.

14. Changes to this Privacy Policy and your duty to inform us of changes

We keep our Privacy Policy under regular review. Please keep us informed if your personal data changes (for example a new address or email).

15. Third-party links

This website may include links to third-party websites, plug-ins and applications. We do not control these third-party websites and are not responsible for their privacy statements.

ADDENDUM A – TIMESCALES

Retention periods and legal bases for processing by purpose/use are set out below.

Purpose / UseType of dataLegal basis and retention period
To register you as a new customer(a) Identity
(b) Contact
Information collected from
prospective clients when we are
first approached, either by
email, post or telephone.		Performance of a contract with you.
We will retain this data for such period of time we consider necessary following completion of the project.
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) Delivering your project		(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
Client information, including all drawings, emails, account information and correspondence.Supplier information, including all order and account information.		(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)We will retain this data for such period of time we consider necessary following completion of the project.
To manage our relationship with you which will include:(a) Notifying you about changes to our terms or Privacy Policy
(b) Dealing with your requests, complaints and queries		(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications		(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you)We will retain this data for such period of time we consider necessary following completion of the project.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity
(b) Contact
(c) Technical		(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent
fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligationWe will retain this data for such period of time we consider necessary following completion of the project.
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing(a) Technical
(b) Usage		Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).We will retain this data for such period of time we consider necessary following completion of project.