Concertus Design and Property Consultants Limited (“We” or “Concertus”) are committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.concertus.co.uk you are accepting and consenting to the practices described in this policy.
We are Concertus Design and Property Consultants Limited, a company registered in England and Wales under company number 08366439 and have our registered office at 2 Friars Bridge Road, Ipswich, Suffolk IP1 1RR. You can contact us in writing at this address, email us at [email protected] or telephone our head office on 01473 316600.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
Information you give us. This is information about you that you give us by filling in forms on our site www.concertus.co.uk (our site) or by corresponding with us by phone, email or otherwise. It includes information you provide when you register to use our site, subscribe to our services, request property details, and when you report a problem with our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and photograph.
Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information: technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, and browser type and version. information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time),products and services you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
Most browser software can be set up to deal with cookies. You may modify your browser preference to provide you with choices relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain of the functions and conveniences of our web site may not work properly, and you may be unable to use those of the Operators’ services that require registration in order to participate, or you will have to re-register each time you visit our site. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for
marketing purposes, please tick the relevant box situated on the form on which we collect
• to notify you about changes to our service; and
• to ensure that content from our site is presented in the most effective manner for you and for your computer.
• to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure; and
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive). Special categories of personal data. We may also be provided with personal information which falls under the definition of “special categories of personal data” within Article 9 of the General Data Protection Regulation. Information which falls within the scope of Article 9 includes personal data which reveals:
• racial or ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• trade union membership;
• any genetic or biometric data for the purpose of uniquely identifying an individual; or
• details concerning a person’s health, sex life or sexual orientation. The processing of special categories of personal data is generally prohibited. Therefore, we will only use this type of information in the following extenuating circumstances:
• where you have given us explicit consent to do so;
• where such processing is authorised by European Union or national data protection law;
• where such processing is necessary to protect your vital interests or the vital interests of another person where you are physically or legally incapable of giving consent;
• where you have made such personal data public;
• to comply with the establishment, exercise or defence of legal claims as required by a court acting in their judicial capacity; or
• where such processing is necessary for reasons of substantial public interest, public interest in the area of public health or public interest in the area of scientific, historical or statistical
research (all on the basis of European Union or national law).
WHEN WE NEED YOUR CONSENT TO USE YOUR PERSONAL DATA
Whilst we always want you to be aware of how we are using your personal data, this does not necessarily mean that we are required to ask for your consent before we can use it. In the day to day running of our business we may use your personal data without asking for your consent because:
• we are entering into and carrying out our obligations under a contract with you; or
• we need to use your personal data for our own legitimate purposes (such as the administration and management of our business and the improvement of our products and services) and our doing so will not interfere with your privacy rights. In exceptional circumstances we may wish to use your personal data for a different purpose which does require your consent. In these circumstances we will contact you to explain how we wish to use your data and to ask for your consent. You are not required to give consent just because we ask for it. If you do give consent you can change your mind and withdraw it at a later date.
You are not under a legal obligation to provide us with any of your personal data but please note that if you elect not to provide us with your personal data we may be unable to provide our products and services to you.
DISCLOSURE OF YOUR INFORMATION
Whilst we always want you to be aware of how we are using your personal data, this does not necessarily mean that we are required to ask for your consent before we can use it. You agree that we have the right to share your personal information with:
• Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
• Selected third parties including: business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
• advertisers and advertising networks;
• analytics and search engine providers that assist us in the improvement and optimisation of our site;
• credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
• If Concertus or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
• If we are under a duty to disclose or share your personal data in order to comply with any
WHEN WE WILL SEND YOUR PERSONAL DATA TO OTHER COUNTRIES
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
NOTIFICATIONS OF DATA BREACHES
In the unfortunate event that a data breach occurs within Concertus Group, our formal procedure for notification of data breaches is as follows;
• The Security Officer/People Team is made aware of a data breach.
• The Security Officer/People Team request the individual providing notification to complete the Data Breach Notification Form immediately by return. The Group Director-Finance and Resource is given notification of the incident.
• The data breach is reviewed, and any remedial/corrective actions are identified. The Security
Officer updates the 4049-WF- Data breach and breach notification register accordingly.
• Corrective actions are followed up as necessary and all relevant parties notified.
THIRD PARTY WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates (including, but not limited to, websites on which our products and services are advertised), as well as links to our social media platforms such as LinkedIn, Twitter and YouTube.
If you follow a link to any of these websites, please note that these websites, platforms and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
YOUR RIGHTS AND ACCESS TO YOUR PERSONAL DATA
You have a legal right to know what personal data we hold about you – this is called the right of subject access. You can exercise this right by sending us a written request at any time. Please mark your letter “Subject Access Request” and send it to us by post or email using the details in the [email protected] section above.
You also have rights to:
• prevent your personal data being used for marketing purposes;
• have inaccurate personal data corrected, blocked or erased;
• object to decisions being made about you by automated means;
• object to our using your personal data in ways that are likely to cause you damage or distress;
• restrict our use of your personal data;
• require that we delete your personal data; or
• require that we provide you, or anyone that you nominate, with a copy of any personal data you have given us in a structured electronic form such as a CSV file.You can find full details of your personal data rights on the Information Commissioner’s Office website at www.ico.org.uk. We do not make use of automated decision making or profiling.
HOW YOU CAN MAKE A COMPLAINT
If you are unhappy with the way we have used your personal data please contact us to discuss this using the contact details set out in the [email protected] section above.You are also entitled to make a complaint to the Information Commissioner’s Office. Whilst you are not required to do so, we encourage you to contact us directly to discuss any concerns that you may have and to allow us an opportunity to address these before you contact the Information Commissioner’s Office.