Privacy Policy
Encon Associates Ltd respects your privacy and does not sell or redistribute your personally identifiable information to third parties. The company values the trust our customers and partners place in us when give access to their personal data.
The majority of data stored is ‘non-personal’, but where personal data is received from our customers we want to ensure we work to maintain trust and protect any information we receive, in line with GDPR and the interests of our customers.
What is personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Encon Associates Website
- You do not need to provide us with any personal information when you browse this site.
- Our Website is hosted by Catalyst2, which has London based servers. In the case of back-ups, Catalyst2 have redundancy across 2 separate London Data Centres and Offsite back-ups based in London. Their policy can be found here: https://www.catalyst2.com/privacy/
- Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.
- You can contact us via a contact form, email direct to our enquiries email address or via our Live Chat form powered by Tawk.com. If you decided to contact us, we expect that you are contacting us regarding our services for advice or to receive a service proposal. We will only use that data to pursue the enquires and offer additional professional services at a later date. Our legal basis for using your data in this context is ‘consent’.
Cookies Policy
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more effectively, as well as to provide information to the owners of the website.
Our website only uses third party cookies as outlined below.
Third party cookies
Google Analytics is used by nearly every website in the world and helps us to view and analyse visitor information; such as browser versions, visitor numbers, and response to marketing activity. This information enables us to improve the website and your visiting experience.
Conversion tracking is also used so that we can see what happens after you have visited our website such as signing up for a newsletter.
The information stored by these cookies is secure, never contains any confidential information and can only be accessed by us and Google.
Live chat by Tawk.to
Encon Associates utilises a Live Chat add-on to offer support to customers browsing the website, offering customers a chat service or a contact form (when no administrator online). This stores a cookie which identifies if the users have been on the site before. This information is not used for anything else. Any personal data provided via this app, is deleted once contacted or enquiry resolved.
The supplier of the add-on is a www.tawk.to. Their privacy policy can be viewed at https://www.tawk.to/data-protection/gdpr/.
Managing Cookies
The majority of web browsers have cookies enabled by default. You can configure your web browser to refuse cookies, or to be informed if a cookie is set.
In Practice
With your consent, we will normally collect the following data from you:
- Name, email address, job title, telephone no. and physical address;
- Service preferences, project locations, company info;
- Invoicing info, project contracts, quote letters;
- Geo location information including drawn and photographic details of your property;
- Any documents related to services requires, i.e. planning documents, site plans.
This data is retained by us to respond to your enquiry or to manage your subsequent project. By contacting us or commissioning us for work, you are consenting to our contact on current and upcoming projects. Our retention policy applies.
In order to execute your project, you will need to consent to us sharing this data with other consultants, suppliers and contractors servicing your project. We may also need to share your project data with our insurers or for compliance with a legal obligation. We will not use your personal data for marketing purposes without your explicit consent.
Retention of Data
We keep information in line with our retention policy. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your project (including future projects) and handle any insurance claims or request for assistance made by our Professional Indemnity insurers. They may also take into account our need to meet any legal, statutory and regulatory obligations. In all cases, our need to use your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of.
- Current and previous customers – Where data is held for work purposes, we hold this data for up to 4 years, prior to any inactivity.
- Potential customers – if we speak about potential requirements of our services, but nothing amounts from it, we will only keep your info up to 2 years of inactivity.
Security of Data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold.
Your Rights
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
Responsibilities
All employees and subcontractors associated with the company have a responsibility for ensuring any data collected is stored and handled appropriately.
The only people that can access the data require it for us to carry out their work. This data will not be shared informally. Employees will receive ongoing training to help them understand the importance of GDPR and handling data.
Data Storage
All data stored in secure servers follows strict guidelines, including:
- Strong passwords that are not to be shared
- No personal data will be disclosed to unauthorised people, internally or externally to the company
- Data will be regularly reviewed and updated. If it is found to be out of date or no longer required, it should be deleted and disposed of securely
Data Storage
- Where data is stored on paper, it should be kept in a secure location where unauthorised people cannot access it
- When no longer required, data printed out should be shredded and disposed of securely
Most data are stored electronically, therefore must be protected from unauthorised persons, accidental deletion and also malicious hacking attempts.
- Data is stored should be password protected with a strong password, and not shared amongst employees
- Any stored data on removable devices, when not used, should be stored away securely in a locked location
- Data should only be stored on designated servers, and not stored locally on work computer hard drives
- Data should be back up securely and regularly
- Servers and computers should be protected by security software and a firewall
Our data is mainly gained via enquiries made for our services, by working on joint projects with other consultants, and also via Barbour ABI (Construction Industry Data). Data for Barbour ABI is only collected if the company comes back to Encon Associates with a requirement, current or future.
Customer Relationship Management CRM
Encon Associates utilise a cloud-based CRM to monitor enquiries and relationships with existing and previous customers, as well as pending and current workload via an online system called PipeDrive. The company follows a procedure of retention to ensure data is not held unnecessarily.
PipeDrive is a data processor only, and as stated in their privacy policy (see here https://www.pipedrive.com/en/privacy) they do not collect or determine the use of data contained within our system. PipeDrive store EU customers data in Frankfurt, Germany. They comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to the U.S., where they may transfer, process and store in centralised databases in the U.S.
Data Access requests
In compliance with GDPR, individuals who are the subject of personal data being help by the company are entitled to:
- Request what information is being stored about them and why
- Be informed how to keep it up to date
- Be informed how the company is meeting GDPR obligations
CCTV Policy
CCTV at Encon Associates Head office in Nottingham is used for security purposes only. Data is retained on a 30-day cycle and then automatically deleted. The data is stored remotely on a secure server.
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
Data Security Breaches procedure - ICO
Serious breaches or losses of personal data should be reported to the ICO (information Commissioner’s Office) using the DPA security breach helpline on 0303 123 1113 (Open Monday to Friday, 9am to 5pm). Selecting option 3 will allow you to speak to staff, who will record the breach and offer advice on what to do next.
Encon Associates registration number with ICO is pending. Application number is A8333791
Please refer to The Information Commissioner’s Office for information on individual rights: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/
Changes to this Privacy Policy
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. We will endeavour to continue to adapt our compliance with GDPR where required.
Contact Us
You can contact us by post, telephone or email to discuss our retention and use of your personal data or to withdraw consent.
Encon Associates Limited, 10 Chapel Lane, Arnold, Nottingham NG7 5DR. 0115 987 55 99. enquiries@enconassociates.com
© January 201