Our privacy and data protection policy
1.2 By using our sites or any services we offer (including making an online registration application or buying a copy of the UK Register of Architects), you are agreeing to be bound by this policy in relation to the information we collect about you.
1.3 If you have any questions about the policy, please get in touch with us at email@example.com and we will do our best to help.
1.4 For the purpose of the Data Protection Act 1998, the data controller (‘the controller’) is us, the Architects Registration Board of 8 Weymouth Street, London, W1W 5BU.
1.5 For the purpose of the General Data Protection Regulations (‘GDPR’), the data protection officer of the controller is the Head of Professional Standards, ARB, 8 Weymouth Street, London, W1W 5BU. Email firstname.lastname@example.org. If you have any questions about data protection or how we use your information, please contact the data protection officer.
1.6 We were formed under the Architects Act 1997 and must keep to the terms of that act.
Your personal information
2.1 We may collect and process the following personal information about you.
2.1.1 Information you need to give us to register with our websites or to access other services we provide. This information includes your name, address and date of birth.
2.1.2 Your email address and password.
2.1.3 Other information that you provide by:
- filling in forms on our websites or uploading documents; and
- sending paper forms and documents to us.
This includes any information you provide to register for or use our websites (including for the purposes of downloading or receiving a copy of the UK Register of Architects), and any information which you give us in any application to be entered onto the UK Register of Architects.
2.1.4 A record of any correspondence between you and us.
2.1.5 Your replies to any surveys or questionnaires that we may use for research purposes.
2.1.6 Details of accounting or financial transactions, including transactions carried out through our websites or by other methods (such as payment for copies of the UK Register of Architects or applications to be added to the Register). This may include information such as your credit-card, debit-card or bank-account details.
2.1.7 Details of your visits to our sites and the resources that you access.
2.1.8 Information we may need from you when you report a problem with any of our websites.
2.1.9 Information you give us relating to an allegation of unacceptable professional conduct or serious professional incompetence against a registered architect.
2.1.10 Information you provide about an allegation of someone breaking section 20 of the Architects Act 1997.
2.1.11 Information you provide when applying for employment or an appointment with us.
2.1.12 Information you provide when applying to have your name included on the Register of Architects.
2.2 Although it is not compulsory to give us any of the information described above, the regulatory part of our work means that we have to get certain personal information from you to provide certain services (such as considering an application to be included on the UK Register of Architects).
How we use your information
3.1 The following is a broad description of the way in which we process personal information. To understand how we handle your personal information, you may need to read any communications you have received from us, or ask the data protection officer. We process personal information to meet our duties under the Architects Act 1997, to maintain our own accounts and records, and to manage our employees and service providers.
We will use your information to do the following.
3.1.1 Make sure that we present the content of our websites in the most effective way for you and for your computer.
3.1.2 Consider applications for entry onto the UK Register of Architects and add successful applicants to the UK Register of Architects.
3.1.3 Provide information services (such as copies of the UK Register of Architects).
3.1.4 Carry out our legal duties, including:
- prescribing or recognising the qualifications needed to become an architect;
- keeping the UK Register of Architects;
- making sure that architects meet our standards for conduct and practice;
- investigating complaints about an architect’s conduct or competence; and
- making sure that only people on the Register offer their services as an architect.
3.1.5 Carry out any duties arising from any agreements we and you enter into.
3.1.6 Allow you to take part in features on our websites and other services.
3.1.7 Tell you about changes to our websites or the services we offer.
3.1.8 Manage your orders with us.
3.1.9 Collect payments from you.
3.1.10 Help make general improvements to our websites.
3.1.11 Analyse how people are using our websites.
3.1.12 Ask for feedback on our services.
3.1.13 Recruit staff and service providers.
3.1.14 Communicate with you.
Legal basis for processing information
4.1 We can lawfully process your information in the following circumstances.
4.1.1 If you have given us permission to do so for one or more specific purposes.
4.1.2 To allow us to perform a contract between you and us.
4.1.3 To keep to one of our legal obligations.
4.1.4 To protect your vital interests or those of another person.
4.1.5 To carry out a task in the public interest or when using our official authority.
4.1.6 If it is necessary in our legitimate interests, except if those interests are overridden by your interests or basic rights and freedoms which mean your personal information must be protected (particularly in the case of children).
5.1 You have certain rights under GDPR, which we have summarised below. You should contact the data protection officer if you want to apply any of these rights.
5.1.1 Right of confirmation – you have the right to ask us to confirm whether your personal information is being processed.
5.1.2 Right of access – you have the right to free information about any of your personal information we hold or have transferred to a third country (a country outside the EU), and a copy of that information.
5.1.3 Right to correction – you have the right to ask us to correct any inaccurate information we hold about you and to add information to any incomplete information we hold.
5.1.4 Right to deletion – you have the right to ask us to remove your personal information in certain circumstances, as long as processing that information is no longer necessary.
5.1.5 Right to restrict processing – you have the right to restrict how we process your personal information in certain circumstances.
5.1.6 Right to data portability – you have the right to receive a copy of your personal information in a structured, commonly used format that can be read by computer, so that you can transfer it if necessary.
5.1.7 Right to object – you have the right to object to us processing your personal information.
5.1.8 Automated decision-making – you have the right not to have a decision made about you based on automated processing, including profiling.
5.1.9 Right to withdraw consent – if we need your permission to process your information, you have the right to withdraw that .
5.1.10 Right to complain – you have the right to complain to the Information Commissioner’s Office about how we process your information. Their contact details are available at www.ico.org.uk .
6.1 If necessary, we can share your personal information with third parties. Examples of third parties include the following.
6.1.1 Those who process credit- or debit-card payments.
6.1.2 Another organisation or any organisation who replaces us as part of a reconstruction or transfer of our legal powers.
6.1.3 Anyone we have delegated some of our functions to, including communicating with you or others for the purposes of providing news updates and legal notices (among other things).
6.1.4 Companies who we outsource essential communications to.
As well as sharing your information with the third parties above, we can also share it in the following circumstances.
6.1.5 If we have a duty to share your personal information in order to meet a legal obligation (for example, if required to do so by a court order or for the purposes of preventing fraud or other crime).
6.1.6 With other organisations to allow them to keep accurate records in respect of the title ‘architect’, where we consider it would be in the public interest to do so.
6.1.7 To protect our rights, property or safety, our website users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of preventing fraud and reducing credit risk.
6.1.8 With contracted service providers who are employed to help us carry out our legal duties.
6.1.9 With third-party IT companies employed to provide processing and storage services.
6.1.10 With current, past or prospective employers.
6.2 If we share information with another data processor, we will transfer that information securely and the data processor must keep it secure and use it only for the purposes intended.
Keeping your information
7.1 We will only hold your personal information for a certain period if we have a legitimate reason to do so, as set out in our retention and destruction policy (please ask us if you would like a copy). At the end of that period, we will securely delete your information.
Information automatically collected from your computer
8.2 We may also collect other non-personal information (from which we cannot identify you), such as the type of internet browser you have, which we use to provide you with a more effective service.
8.3 When you visit our site, we may store some information (commonly known as a ‘cookie’) on your computer. Cookies are pieces of information that a website transfers to your hard drive to store and which sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords and credit-card numbers are not stored in cookies generated by or accessed by any of our sites. A cookie helps you get the best out of the site and helps us to provide you with a more personal service.
8.4.1 estimate patterns and levels of use on our sites;
8.4.2 store information about your preferences;
8.4.3 speed up your searches; and
8.4.4 recognise you when you return to our sites.
8.5 As a professional regulator, most of the personal data we process is data relating to our regulatory functions, powers and duties. The legal basis for using cookies is that it is necessary for the performance of a task carried out in the public interest and/or in the exercise of our statutory functions.
8.7 If you register with us or continue to use our sites, you agree to us using cookies.
9.1 We cannot be responsible for the privacy policies and practices of websites that we do not run, even if you access them from one of our sites. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.
9.2 Also, if you came to this website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that site. We recommend that you check the policy of that site and contact its owner or operator if you have any concerns or questions.
Transferring your information outside of Europe
10.2 If you use any of our websites while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
10.3 By giving us your personal information, you agree to us transferring, storing or processing your information outside the EU in the way described above.