ARB Privacy Notice
- Introduction
- The Architects Registration Board (“we” or “us“) take the privacy of your information very seriously. This policy explains how and for what purposes we use the information collected about you, whether we collect this information via this website (referred to below as “our Website” or “the Site“) or via any other websites we operate (“our Websites” or “our Sites“) or otherwise. Please read this privacy policy carefully.
- If you have any queries about the policy, please get in touch with us at info@arb.org.uk and we will do our best to answer your questions.
- For the purpose of the Data Protection Act 2018 the data controller (the “Controller“) is the Architects Registration Board of 5th floor, 70 Gray’s Inn Road, London, WC1X 8NH.
- For the purpose of the General Data Protection Regulations (“GDPR“) the Data Protection Officer of the Controller is the Governance Manager, ARB, 5th floor, 70 Gray’s Inn Road, London, WC1X 8NH.
- Email info@arb.org.uk. Any enquiries relating to data protection or the use of information by ARB may contact the Data Protection Officer.
- The Architects Registration Board is a body formed pursuant to and subject to the powers contained in the Architects Act 1997.
- Personal information collected
- We may collect and process the following personal information or data about you:
- Certain information required to register with our Websites or to access other services provided by us, including your name, address and date of birth;
- Your e-mail address and password;
- Other information that you provide by:
- filling in forms on our Websites and/or uploading documents;
- sending hard copy forms and documents to us;
- This includes any information provided in order to register for or use our Websites (including for the purposes of downloading or receiving a copy of the UK Register of Architects), and any information which you provide in any application to be entered onto the UK Register of Architects;
- A record of any correspondence between you and us;
- Your replies to any surveys or questionnaires that we may use for research purposes in respect of delivering our statutory duties under the Architects Act 1997;
- Details of accounting or financial transactions including transactions carried out through our Websites or otherwise (such as payment required in order to purchase a copy of the Register of Architects or to make an application to be added to the Register.) This may include information such as your credit card, debit card or bank account details;
- Details of your visits to our Sites and the resources that you access;
- Information we may require from you when you report a problem with any of our Websites;
- Information you provide in respect of an allegation of unacceptable professional conduct or serious professional incompetence against a registered architect;
- Information you provide in respect of an alleged breach of section 20 Architects Act 1997;
- Information you provide in applying for employment or an appointment at ARB;
- Information you provide in applying for having your name included in the Register of Architects.
- Although it will not be compulsory to provide us any of the information described above, the nature of our regulatory function requires that we obtain certain personal information from you in order to provide certain services (such as considering an application to be included in the UK Register of Architects).
- We may collect and process the following personal information or data about you:
- Use of this information
- The following describes the way in which we process personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, or request a description from the Data Protection Officer. We process personal information to fulfil our statutory obligations in the delivery of the Architects Act 1997, to maintain our own accounts and records, and to manage our employees and service providers.
- We will use this information to:
- ensure that content of our Websites is presented in the most effective manner for you and for your computer;
- consider applications for entry onto the UK Register of Architects and add successful applicants to the UK Register of Architects;
- provide information services (such as the provision of copies of the UK Register of Architects);
- carry out and administer our statutory powers and obligations including:
- “Prescribing” or accrediting the qualifications needed to become an architect;
- maintaining the UK Register of Architects;
- recording CPD activities carried out by architects;
- ensuring that architects meet our standards for conduct and practice;
- investigating complaints about an architect’s conduct or competence;
- making sure that only people on our Register offer their services as an architect.
- carry out and administer any obligations arising from any agreements entered into between you and us;
- allow you to participate in features of our Websites and other services;
- notify you about changes to our Websites or the services we offer;
- administer your orders with us;
- collect payments from you;
- assist in making general improvements to our Websites;
- analyse how users are making use of our Websites;
- seek feedback on our services;
- recruit staff and service providers;
- communicate with you.
- Legal basis for processing data
- The legal basis for processing shall be where:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary in order to protect your vital interests or those of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of our official authority to deliver the provisions of the Architects Act 1997;
- processing is necessary in our legitimate interests, except where those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child.
- The legal basis for processing shall be where:
- Your rights
- GDPR affords you with rights, which are summarised below. In order to assert any of these rights, you may contact the Data Protection Officer.
- Right of confirmation– you have the right for confirmation as to whether your personal data is being processed
- Right of access– you have the right to obtain free information about any of your personal data we hold, or have transferred to a third country, and a copy of that information.
- Right to rectification– you have the right to have any inaccurate information held about you corrected. You have the right to add information to remedy any incomplete information we hold.
- Right to erasure– you have the right to have your personal data erased where one of the statutory grounds applies, so long as the processing of that data is no longer necessary
- Right to restrict processing– you have the right to restrict our processing of your personal data where a statutory reason applies
- Right to data portability– you have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format
- Right to object– you have the right to object to our processing of your personal data
- Right to withdraw consent– where the basis of our processing your data is based on consent, you have the right to withdraw that consent
- Right to complain– you have the right to complain to the Information Commissioner’s Office about our processing of your data. The contact details for the ICO are available at ico.org.uk
- GDPR affords you with rights, which are summarised below. In order to assert any of these rights, you may contact the Data Protection Officer.
- Sharing data
- Where necessary or required we share personal data with third parties. Examples of this include:
- Credit or debit card payments which will be collected by our payment processor;
- A third-party or successor organisation as part of a reconstruction or transfer of our statutory powers;
- Third parties to whom we have delegated some of our functions including communicating with you others for the purposes of providing news updates and statutory notifications (amongst other things).
- Third party companies for the purpose of outsourcing essential communications;
- Where we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
- With third-party organisations to allow them to maintain accurate records in respect of the title ‘architect’, where we consider it would be in the public interest to do so;
- To protect the rights, property, or safety of ARB, our Site’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- With contracted service providers who are employed to assist us in the delivery of our statutory obligations under the Architects Act 1997, including legal firms;
- With third-party IT companies employed to provide data storage services;
- With current, past or prospective employers
- Where information is shared with a processor, that information will be securely transferred, and the data processor contractually and legally obliged to maintain it securely, and only use it for the purposes intended
- Where necessary or required we share personal data with third parties. Examples of this include:
- Retention of data
- Personal data will only be held for a period where there remains a legitimate purpose for its retention, as defined by ARB’s retention and destruction policy (available upon request). After the expiration of that period, the data will be securely deleted.
- Information automatically collected from your computer
- Log files/IP addresses
- When you visit our Sites our web servers automatically record your IP address.
- We may also gather other non-personal information (from which we cannot identify you) such as the type of your internet browser which we use to provide you with a more effective service.
- Cookies
- When you visit the Site we may store some information (commonly known as a “cookie“) on your computer. Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords and credit card numbers are not stored in cookies generated by or accessed by any of our of Sites. A cookie helps you get the best out of the Site and helps us to provide you with a more customised service.
- We use cookies to:
- Estimate the usage pattern and usage levels of our Sites;
- Store information about your preferences;
- Speed up your searches;
- Recognise you when you return to our Sites;.
- Allow you to use our Sites in a way that makes your browsing experience more convenient. If you register with us or complete our online forms, we may use cookies to remember your details during your current visit and any future visits, provided the cookie was not deleted in the interim.
- You can block or erase cookies from your computer if you want to (your browser’s help screen or manual should tell you how to do this), but certain parts of our Websites are reliant on the use of cookies to operate correctly and may not work correctly if you set your browser not to accept cookies. Unless you have adjusted your browser setting so that it will refuse cookies, any one of our Sites may issue cookies as soon as you visit it.
- Other websites
- We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via a site operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
- In addition, if you browsed to this website from a third party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
- Transferring your information outside of Europe
- As part of the services offered to you through our Websites, the information you provide to us may be transferred to, and stored at, countries outside of the UK. By way of example, this may happen if any of our servers are from time to time located in a country outside of the UK or one of our service providers is located in a country outside of the UK. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the UK in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy.
- If you use any of our Websites while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.
- General
- You may not transfer any of your rights under this privacy notice to another person. We may transfer our rights under this privacy notice where we reasonably believe that your rights will not be affected.
- If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that part or provision will, to the extent required, be deemed to be deleted, and that validity and enforceability of the other provisions of this privacy notice will not be affected.
- Changes to our privacy policy
- Any changes we may make to our privacy policy in the future will be posted on our Websites and, where appropriate, notified to you by e-mail.