Privacy Policy

GDPR: Data Privacy Policy and Notice

Introduction

Meridian Project Management Ltd (“We”) are committed to protecting and respecting your privacy.

This policy (together with our terms and conditions of business and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

1. Definitions

  • Data controller – A controller determines the purposes and means of processing personal data.
  • Data processor – A processor is responsible for processing personal data on behalf of a controller.
  • Data subject – Natural person

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2. Who are we?

Our website address is: https://meridianpm.co.uk .

Meridian Project Management Ltd is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: 5th Floor, 9/10 Market Place, London W1W 8AQ. For all data matters contact Jennie Webb on [email protected].

3. The purpose(s) of processing your personal data

We do not use your personal information for unsolicited marketing correspondence. We will use your personal data for the following purposes:

  • For the purposes of managing and administering Meridian Project Management’s business and maintaining business contact information for clients and suppliers and potential clients and suppliers.
  • For the purposes of delivering Meridian Project Management’s professional appointments as Project Manager and/or Building surveyor and maintaining business contact information for Client’s suppliers and potential suppliers.
  • For the purposes of making payments for any services provided through your business relationship with Meridian Project Management Ltd.
  • Third parties – We use service providers (i.e. IT infrastructure providers, companies, agents or contractors) to perform services or assist us with the provision of services to you (including the companies detailed below). During provision of such services, these providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
    o Microsoft
    o Apple
    o Google
    o Dropbox
    o Exclaimer
    o ExpanDrive
    o Go Daddy – in connection with management of our web-site only.

4. The personal data we collect

We process the following types of personal data:

  • Personal details, name, telephone numbers, email address.
  • Company details, including name, address, telephone numbers, email addresses
  • Company bank details, including name, account number, sort code.
  • Company or business documentation. This includes:
    o Registrations.
    o Company certificates.
    o Insurance details, Contracts, Tenders, Quotations and Invoices.
    o General communications between you Meridian Project Management Ltd and or between a Client and you.
  • As a visitor to our website we collect the following data:
    o Comments: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval of your comment, your profile picture is visible to the public in the context of your comment.
    o Media: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
    o Contact forms: Cookies we use various cookies with different retention and expiry policies please see the details in section 7.
    o Embedded content from other websites: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

5. What is our legal basis for processing your personal data?

Our lawful basis for processing your general personal data:

5.1  Consent of the data subject

  • Not applicable.

5.2  Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract.

  • For contracts or contemplation of contracts required for the purposes of managing and administering Meridian Project Management’s business.
  • For administration of Client’s contracts or contemplation of administration Client’s Contracts when Meridian Project Management are acting under a professional appointment as Project Manager and/or Building surveyor.

5.3  Processing necessary for compliance with a legal obligation.

  • Retention of information concerning Contracts between you and Meridian Project Management or information Concerning contracts between you and our clients for the relevant period until expiry of liability further to the Limitation Act and the Latent Damage Act.

5.4  Processing necessary to protect the vital interests of a data subject or another person.

  • For emergency contact information arising in connection with health and safety matters.

5.5  Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  • Not applicable.

5.6  Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject.

  • Maintaining contact information for potential clients and suppliers or potential suppliers to our Client’s.

6. Sharing your personal data

Your personal data will be treated as strictly confidential. We will not share your data with third parties, except as described in section 3 and otherwise required by our insurers or by law.

7. How long do we keep your personal data?

  • We keep your personal data for no longer than reasonably necessary and we only retain your data for the purposes set out above. We use the following criteria to determine how long to retain your personal data.
  • For contact information for potential clients, and suppliers or potential suppliers to our Client’s, data will be retained for no longer than 5 years following out last point of regular contact.
  • In connection with our Web-site:
    o If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
    o For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
    o Contact forms: Cookies – If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies, which will last for one year.
    o If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies, this cookie contains no personal data and is discarded when you close your browser.
    o When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
    o If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
  • For information retained in respect of contracts and legal duties we will retain information for no longer than 15 years following the date of the contract for the following reasons:
    o Statutory limitation periods for breach of contract and tort claims: The Limitation Act, passed in 1980, specifies the limitation periods which apply in relation to what it terms ‘simple contracts’ and deeds. The Limitation Act allows actions for breach of contract and tort, such as negligence, to be brought within a period of six years under a simple contract and twelve years if the contract is executed as a more formal deed. Under English law, a ‘simple’ contract is one which is executed with one signature only. A deed is a contract or document executed with higher formalities than a single signature – for example, a contract that must be signed by two directors on behalf of a company.
    o Unless otherwise stipulated, these time periods begin either on the date on which the breach of contract occurred, or the date the negligent act or omission occurred. This is known as the date of accrual. The limitation period does not run from the date of the contract itself. It is common to refer to actions which fall outside of these statutory time limits as being ‘time barred’.
    o Statutory limitation period for negligent latent defects claims: In 1986, the Latent Damage Act introduced an extension to the ordinary six-year statutory limitation period. This extension is available for negligence claims for latent defects – a defect in a property, caused by a fault in design, materials or workmanship, that existed at the time construction was completed but was not apparent at the time of completion. It does not apply to personal injury claims.
    o Where there is a latent defect, the time limit is the later of six years from the date of accrual of the cause of action being raised; and three years from the earliest date on which the potential claimant knew, or reasonably ought to have known, material facts necessary to bring an action alleging negligence subject to an overall limit of fifteen years from the accrual of damage.

8. Providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data in connection with the matters discussed in 5.4 and 5.6, but failure to do so may have the following consequences:

  • Limitation of our ability to Contract with you or recommend to Client’s that they contract with you.
  • Limitation of our ability to raise alarm or liaise with your designated contacts in event of emergency.

We require your personal data in respect of matters discussed on 5.2 and 5.3 above as it is a contractual requirement or a requirement necessary to enter into a contract or for the administration of a contract.

9. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you.
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date.
  • The right to request your personal data is erased where it is no longer necessary to retain such data.
  • The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing the data.
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

10. Transfer of Data Abroad

We do not transfer personal data outside the EEA.

11. Automated Decision Making

We do not use any form of automated decision making in our business.

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

13. Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

14. How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact Jennie Webb on [email protected].

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

15. Download

A copy of the policy can be downloaded from GDPR Data Privacy Policy and Notice – V4

V4 – 20th May 2018