Privacy Policy
AGORA architecture and design limited, a company registered in Scotland under number 614659 (“we”, “us”, “our” or “AGORA”). The registered address is 18-20 North Street, Glenrothes, Fife, United Kingdom, KY7 5NA. We respect the privacy of each person who provide us with their personal data (“you”, “your”), whether through our website (agora-ad.com) or otherwise interacting with us, as set out below. We are committed to protecting your privacy and recognise your need for appropriate protection and management of any personal information you share with us. We have established this notice so that you can understand the care with which we intend to treat your personal data. This privacy notice applies to the personal data of our Clients, Employees, Potential Clients, Consultants, Contractors, Suppliers and any Potential Employees, as well as to those individuals that use, complete or enter into any database, software, questionnaire, form, survey, services, agreement or other document that hyperlinks to this notice.
‘Personal Data’ is any information that can be used to identify you, including your name, e-mail address, internet protocol (IP) address, or any other data that could reveal your physical, physiological, generic, mental, economic, cultural or social identity. You can find out more about Personal Data from the Information Commissioners Office.
‘Special category data’ means information about you that is sensitive and includes your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any Special Categories of Personal Data about you nor do we collect any information about criminal convictions and offences.
The way we use Personal Data is governed by the UK General Data Protection Regulation and the Data Protection Act 2018 (UK GDPR). For the purpose of the UK GDPR, we are the “Controller” of the Personal Data covered by this privacy notice, because we ultimately determine how your Personal Data will be handled by us or our suppliers and service providers, who would be our “Processors”.
If we handle your Personal Data then you are a “Data Subject”. This means you have certain rights under the UK GDPR in relation to how your Personal Data is processed, which are set out in this privacy notice.
For the purposes of the UK GDPR we confirm that the proprietor and operator of the website at agora-ad.com (the ‘Website’) is AGORA architecture + design Ltd, 10 York Place, EH1 3EP who can be contacted via studio@agora-ad.com
We have structured the Website so that, you can visit and browse the Website without identifying yourself or revealing any personal information. We ensure that any personal information provided by you will be processed in accordance with the principles of the GDPR and the Privacy Policy set out below.
Personal Data that we collect in relation to you
The Personal Data that we collect may include (but is not limited to):
Client Data
We will only ask for details that will assist us in the delivery of our service, such as name, job role, and contact details; including but not limited to: telephone number, email address, first and last name, marital status, title and gender and a work address details. If a private client, then we may also ask for a home address and billing address.
Consultant/Contractors/Supplier Data
We collect a minimum amount of data from our consultants/contractor/suppliers to ensure that we can easily communicate and process transactions. We will collect contact details for the main contact and any associate contacts within the business that we feel will assist us in processing transactions, delivering projects and submitting tenders. Other information such as bank details so that we can pay for the services provided (if this is part of the contractual arrangements between us) will also be obtained.
Potential Employees Data
We collect a minimum amount of data from potential employees to ensure that we can easily communicate and process transactions. We require information such as your name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and your work address details.
If you fail to provide Personal Data
Where we need to collect your Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How do we collect Personal Data?
We collect client data directly from our Clients, Consultants / Contractors / Suppliers and Potential Employees:
If you contact us (by telephone, post, e-mail, instant messenger or voice over IP) we will collect your Personal Data and process it in accordance with the processes outlined in this notice. This may include discussing matters with you in relation to an enquiry about our services or a contract that we may enter into with you.
If we speak with you via one of our preferred video-conferencing platforms such conversations may be recorded and, in such instances, we will store your Personal Data that may be recorded as part of that interaction. This will be retained by us as communication data, in accordance with this privacy notice.
We may collect Personal Data:
from you based on your use of our Website, including forms submitted through the Website, account sign-ups or otherwise through the use of cookies, as set out later in this notice;
that you provide directly to us through questionnaires, forms, surveys or other documents that hyperlink to this notice;
about you from use of CCTV which may be in operation at our office(s), or those offices where we provide our services. Any Personal Data collected from use of CCTV will be used by us for the purposes of ensuring the safety and security of our staff or those people coming onto our premises, or the premises where we provide our services. Such CCTV will be retained for as long as is necessary to ensure there are no issues relating to safety and security that need to be addressed and then only for so long as needed to deal with such issues. If there are no issues to address, then such footage shall be kept for no longer than we believe is reasonably necessary.
How will we use your Personal Data
We will only process your Personal Data if we have a legal basis for doing so, as outlined in this notice or as notified to you at the time we collect your Personal Data, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you prior to commencing that processing and we will explain the legal basis which allows us to do this. Please note that we may process your Personal Data without your knowledge or consent, where this is required or permitted by law. Most commonly, we will use your Personal Data in the following circumstances:
Client Data
The main reasons for retaining our clients’ personal details are to keep them informed of their project, keep them advised on any potential projects and to keep them informed about our business.
Consultant/Contractor/Supplier Data
The main reasons for retaining consultant/contractor/supplier Personal Data is to ensure that we can fulfil any contractual arrangements between parties, keep them advised on any potential projects and to keep them informed about our business.
Potential employees
If a potential employee sends us an application form, a CV or contacts us with personal information for employment purposes, we may store that information for 6 months. We do not share that information with any third parties and would only contact the potential employee within that 6 month period should a suitable post arise. Thereafter the information will be removed from the system.
Your Personal Data may be shared in accordance with our principles on transfers to third parties as set out later in this notice, including (but not limited to) the following:
third parties where we are under a duty to disclose your Personal Data to comply with any legal obligation, or to appropriate regulators or other law enforcement organisations;
third party suppliers to us, including (for example) insurance providers, brokers, auditors and our IT providers.
If your Personal Data is to be shared with any other third parties, we will take steps to protect your Personal Data.
On what basis we process your Personal Data
We are not allowed to process your Personal Data unless we have a legal basis for doing so. There are four main legal bases that we rely on when it comes to processing someone’s Personal Data. These are:
“Legitimate interest” – this is where we need to process your Personal Data, for example, if we need to contact you because you have raised a general query with us or where we are in contact with you about this or similar issues, or, in terms of your IP address and any information gathered via “Cookies”, to aid your use and navigation of our Website. We may also have a legitimate interest to contact you about services that may be of interest to you as part of our marketing campaigns, in accordance with this notice.
“Necessary for performing a contract” – this is where if we are in a contract with you (or about to enter into a contract with you and you have requested certain pre-contract details) and we need to use your personal details to complete this contract – for example, we might need to use your e-mail address to communicate with you, which would count as processing your Personal Data.
“Consent” – this is where we set out specific circumstances where we want to process your Personal Data and request your consent for this. We will make sure that your consent is explicit. We will usually ask you to tick a box (or similar) to confirm that you have provided your consent. For example, unless we have a legitimate interest to contact you about our services that we would like to market to you, then we would obtain your consent to market to you in the alternative. Please note that you can withdraw your consent at any point by contacting us at studio@agora-ad.com.
“Compliance with a legal obligation” – this is where we might need to process your Personal Data in order to comply with a common law or statutory obligation, such as disclosures for compliance with HMRC requirements, requirements relating to money laundering or other such disclosures. We will only process your Personal Data for this reason if it is necessary and we would not otherwise be able to comply with that legal obligation without such processing.
Marketing: As mentioned above, we may market to you on the basis that we have legitimate interests to market our business and we may have identified the organisation that you work for as a business that we would like to market to. We will therefore rely on legitimate interests as our legal basis for processing your Personal Data that may be connected to your organisation’s contact records for this purpose, however we will balance this against your rights as a data subject and will no longer market to you if you wish to unsubscribe from receiving such marketing communications directly to your contact details. Alternatively, where we do not have a legitimate interest to market to you, then we will seek your consent to do so, which will then be our legal basis for contacting you in that way.
How do we safeguard Personal Data
Protecting personal information is important to us which is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
How long do we retain the data
We cannot definitively set out how long we will retain all Personal Data in this notice – this is a general notice that deals with different Personal Data collected for a variety of reasons. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. However, we decide how long we will retain your Personal Data based on the following factors:
If we are performing a contract for you – for the length of that contract and for approximately 15 years afterward to deal with any post-contract issues.
If you are in contact with us – we will retain your Personal Data as long as it is necessary for us to conclude the relevant correspondence with you.
Whether we think there is a likelihood of you contacting us again in the near future or if we think we need to contact you again, provided that the legal basis (see above) for doing so still exists, for no longer than is necessary in respect of that legal basis.
In some circumstances, you can ask us to delete your data: refer to “Your rights as a Data Subject” below for further information.
In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your rights as a Data Subject
Unless subject to an exemption under the data protection laws, you have the following rights in relation to your Personal Data:
The right to be informed – this is information on for what purpose we are processing it and what Personal Data we are processing.
The right of access – you have the right to be provided with copies of the Personal Data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted above for our consideration.
The right to rectification – if you think the Personal Data that we hold on you is inaccurate or incomplete you can tell us and we will fix it.
The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the Personal Data we hold for you then you can ask us to do so.
The right to restrict processing – if you do not like how we are using your Personal Data then you can let us know and we will stop processing it in that way.
The right to data portability – if you want us to pass on your Personal Data to someone else then please let us know. This transfer should not affect the integrity or otherwise damage your Personal Data.
The right to withdraw your consent – you can withdraw your consent for us to process your Personal Data (if we have relied on your consent to process your Personal Data) at any time by contacting us. If we have relied only on your consent as the basis to process your Personal Data then we will stop processing your Personal Data at the point you withdraw your consent. Please note that if we can also rely on other bases to process your Personal Data aside from consent then we may do so even if you have withdrawn your consent for different purposes under that different legal basis.
If you wish to exercise any of your privacy and data protection rights, please contact us. Our contact details are AGORA architecture + design Ltd, 14 Brighton Place, Edinburgh EH15 1LJ. Telephone number: 0131 2585686. Email: studio@agora-ad.com
If you are unhappy with how we have used your personal information you have the right to register a complaint with the Information Commissioners Office on 0303 123 1113 or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.
Where you request your right to request access to the Personal Data we process about you, you will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate access requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Use of cookies by us
We would like to place cookies on your computer to help us make your use of our Website better. Cookies are small text files that are placed on your computer by Websites that you visit. They are widely used in order to make Websites work, or work more efficiently, as well as to provide information to the owners of the site. Just so you know, the main cookies on your site are from Google Analytics (GA) tracking. GA is used for tracking purposes to help us improve our Website and its contents. GA Privacy Policy can we found here. There’s also a session cookie generated by our Website that is essential to the running of the Website but holds no Personal Data.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your details to gain access to certain parts of the Website.
Tracking technologies may record information such as internet domain and host names, internet protocol addresses, browser software and operating system types, clickstream patterns and dates and times that our Website is accessed. Our use of cookies and other tracking technologies allows us to improve our Website and your experience. Please note that under the GDPR, what the tracking technologies record could include your Personal Data if we are, for example, tracking your internet protocol address. If you have any questions on this, please contact us at studio@agora-ad.com. You can also request that we stop processing such Personal Data.
We may also analyse information that does not contain Personal Data for trends and statistics.
Changes to This Notice and Your Duty to Inform Us of Changes
This version was last updated on 11th December 2018. As and when necessary, changes to this notice will be posted on our Website. Where changes are significant, we may also email you and where required by law, we will obtain your consent to these changes.
Please keep us informed if your Personal Data changes during your relationship with us. It is important that the Personal Data we hold about you is accurate and current.