ARB Privacy and Data Protection Policy
1.2 By using our Sites or any services we offer (including making an online registration application or paying to purchase a copy of the UK Register of Architects), you are agreeing to be bound by this policy in respect of the information collected about you by us.
1.3 If you have any queries about the policy, please get in touch with us at email@example.com and we will do our best to answer your questions.
1.4 For the purpose of the Data Protection Act 1998 the data controller (“the Controller”) is the Architects Registration Board of 8 Weymouth Street, London W1W 5BU
1.5 For the purpose of the General Data Protection Regulations (“GDPR”) the Data Protection Officer of the Controller is the Head of Professional Standards, ARB, 8 Weymouth Street, London W1W 5BU. Email firstname.lastname@example.org. Any enquiries relating to data protection or the use of information by ARB may contact the Data Protection Officer.
1.6 The Architects Registration Board is a body formed pursuant to and subject to the powers contained in the Architects Act 1997.
Personal information collected
2.1 We may collect and process the following personal information or data about you:
2.1.1 Certain information required to register with our Websites or to access other services provided by us, including your name, address and date of birth;
2.1.2 Your e-mail address and password;
2.1.3 Other information that you provide by:
- filling in forms on our Websites and/or uploading documents;
- sending hard copy forms and documents to us;
This includes any information provided in order to register for or use our Websites (including for the purposes of downloading or receiving a copy of the UK Register of Architects), and any information which you provide in any application to be entered onto the UK Register of Architects;
2.1.4 A record of any correspondence between you and us;
2.1.5 Your replies to any surveys or questionnaires that we may use for research purposes;
2.1.6 Details of accounting or financial transactions including transactions carried out through our Websites or otherwise (such as payment required in order to purchase a copy of the Register of Architects or to make an application to be added to the Register.) This may include information such as your credit card, debit card or bank account details;
2.1.7 Details of your visits to our Sites and the resources that you access;
2.1.8 Information we may require from you when you report a problem with any of our Websites;
2.1.9 Information you provide in respect of an allegation of unacceptable professional conduct or serious professional incompetence against a registered architect;
2.1.10 Information you provide in respect of an alleged breach of section 20 Architects Act 1997;
2.1.11 Information you provide in applying for employment or an appointment at ARB;
2.1.12 Information you provide in applying for having your name included in the Register of Architects.
2.2 Although it will not be compulsory to provide us any of the information described above, the nature of our regulatory function requires that we obtain certain personal information from you in order to provide certain services (such as considering an application to be included in the UK Register of Architects).
Use of this information
3.1 The following is a broad description of the way on which we process personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, or request a description from the Data Protection Officer. We process personal information to fulfil our statutory obligations in the delivery of the Architects Act 1997, to maintain our own accounts and records, and to manage our employees and service providers.
We will use this information to:
3.1.1 ensure that content of our Websites is presented in the most effective manner for you and for your computer;
3.1.2 consider applications for entry onto the UK Register of Architects and add successful applicants to the UK Register of Architects;
3.1.3 provide information services (such as the provision of copies of the UK Register of Architects);
3.1.4 carry out and administer our statutory powers and obligations including:
- “Prescribing” or recognising the qualifications needed to become an architect;
- keeping the UK Register of Architects;
- ensuring that architects meet our standards for conduct and practice;
- investigating complaints about an architect’s conduct or competence;
- making sure that only people on our Register offer their services as an architect.
3.1.5 carry out and administer any obligations arising from any agreements entered into between you and us;
3.1.6 allow you to participate in features of our Websites and other services;
3.1.7 notify you about changes to our Websites or the services we offer;
3.1.8 administer your orders with us;
3.1.9collect payments from you;
3.1.10 assist in making general improvements to our Websites;
3.1.11 analyse how users are making use of our Websites;
3.1.12 seek feedback on our services;
3.1.13 recruit staff and service providers;
3.1.14 communicate with you.
Legal basis for processing data
4.1 The legal basis for processing shall be where:
4.1.1 you have given consent to the processing of your personal data for one or more specific purposes;
4.1.2 processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
4.1.3 processing is necessary for compliance with a legal obligation to which we are subject;
4.1.4 processing is necessary in order to protect your vital interests or those of another natural person;
4.1.5 processing is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority;
4.1.6 processing is necessary in our legitimate interests, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child.
5.1 GDPR affords you with rights, which are summarised below. In order to assert any of these rights, you may contact the Data Protection Officer.
5.1.1 Right of confirmation – you have the right for confirmation as to whether your personal data is being processed
5.1.2 Right of access – you have the right to obtain free information about any of your personal data we hold, or have transferred to a third country, and a copy of that information.
5.1.3 Right to rectification – you have the right to have any inaccurate information held about you corrected. You have the right to add information to remedy any incomplete information we hold.
5.1.4 Right to erasure – you have the right to have your personal data erased where one of the statutory grounds applies, so long as the processing of that data is no longer necessary
5.1.5 Right to restrict processing – you have the right to restrict our processing of your personal data where a statutory reason applies
5.1.6 Right to data portability – you have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format
5.1.7 Right to object – you have the right to object to our processing of your personal data
5.1.8 Automated decision making – you have the right not to be subject to a decision based on automated processing, including profiling
5.1.9 Right to withdraw consent – where the basis of our processing your data is based on consent, you have the right to withdraw that consent
5.1.10 Right to complain – you have the right to complain to the Information Commissioner’s Office about our processing of your data. The contact details for the ICO are available at www.ico.org.uk
6.1 Where necessary or required we share personal data with third parties. Examples of this include:
6.1.1 Credit or debit card payments which will be collected by our payment processor;
6.1.2 A third-party or successor organisation as part of a reconstruction or transfer of our statutory powers;
6.1.3 Third parties to whom we have delegated some of our functions including communicating with you others for the purposes of providing news updates and statutory notifications (amongst other things).
6.1.4 Third party companies for the purpose of outsourcing essential communications;
6.1.5 Where we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
6.1.6 With third-party organisations to allow them to maintain accurate records in respect of the title ‘architect’, where we consider it would be in the public interest to do so;
6.1.7 To protect the rights, property, or safety of ARB, our Site’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
6.1.8 With contracted service providers who are employed to assist us in the delivery of our statutory obligations;
6.1.9 With third-party IT companies employed to provide processing and storage services;
6.1.10 With current, past or prospective employers
6.2 Where information is shared with a processor, that information will be securely transferred, and the data processor contractually and legally obliged to maintain it security, and only use it for the purposes intended
Retention of data
7.1 Personal data will only be held for a period where there remains a legitimate purpose for its retention, as defined by ARB’s retention and destruction policy (available upon request). After the expiration of that period, the data will be securely deleted.
Information automatically collected from your computer
Log files/IP addresses
8.1 When you visit our Sites our web servers automatically record your IP address. This IP address is not linked to any of your personal information.
8.2 We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.
8.3 When you visit the Site we may store some information (commonly known as a “cookie”) on your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords and credit card numbers are not stored in cookies generated by or accessed by any of our of Sites. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service.
8.4.1 Estimate the usage pattern and usage levels of our Sites;
8.4.2 Store information about your preferences;
8.4.3 Speed up your searches;
8.4.4 Recognise you when you return to our Sites;.
9.1 We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via a site operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
9.2 In addition, if you browsed to this website from a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
10.2 If you use any of our Websites while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
10.3 By submitting your personal information to us you agree to the transfer, storing or processing of your information outside the EU in the manner described above.
11.1 You may not transfer any of your rights under this privacy notice to another person. We may transfer our rights under this privacy notice where we reasonably believe that your rights will not be affected.
11.2 If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that part or provision will, to the extent required, be deemed to be deleted, and that validity and enforceability of the other provisions of this privacy notice will not be affected.