Privacy Notice (Aedis Regulatory Services Ltd)
The Aedis Regulatory Services Ltd Privacy Notice provides information on how Aedis Regulatory Services Ltd (we and us) collect, use, secure, transfer and share your data.
We are committed to protecting and respecting your personal and sensitive data.
This policy sets out the basis on which any personal data we collect, be that provided by you or a third-party, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the General Data Protection Regulation (GDPR), the data controller in respect of your personal data that we collect and process as further described in this Privacy Notice is Aedis Regulatory Services Ltd. We are listed on the Information Commissioner's Office (ICO) Register of Data Controllers under registration number ZA039369. Please note that we may share your information with third-parties (as described below) who each may process that information as a data controller or data processor in their own right.
2.1. Method of collection
In the general conduct of business, Aedis Regulatory Services Ltd collect information relevant to the services being sought from:
Such data will generally be collected directly via the use of any of our standard forms, via email or via telephone conversation at the point of requesting or subscribing to any service or becoming a registered user/member with us.
In addition, you may choose to submit information/data directly to us via several methods, including:
You may also agree to third-parties disclosing information about you to us that those third-parties have collected.
We may also collect data using cookies on our website (www.aedis.com). Please see 3 Cookies for more details.
If you provide us with personal data about another person, you must ensure that before you provide us with their data, they are aware of the ways in which we use personal data as set out in this Privacy Notice and they agree to their information being provided to us for these purposes.
2.2. Purpose of collection
We may collect and process information about you in order to provide the service/s sought by you. This information is referred to in this Privacy Notice as personal data. In particular, we may collect and process the following information:
The above list is not exhaustive and Aedis Regulatory Services Ltd reserves the right to collect and process further personal and sensitive data which we feel is relevant to providing the services sought.
Generally, we collect, use and hold your information for reasons including, but not limited to, the below:
You can set your browser settings not to accept cookies. However, if you do not consent to cookies being placed on your device or you set your browser not to accept cookies, some of our website features may not function or you may not be able to access parts of our website.
The 'Help' menu of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie or how to disable cookies altogether.
We process your information under the following:
We use personal information held about you in the following ways:
We do not sell or otherwise disclose personal or sensitive data which we collect about you, except as described in this Privacy Notice or as indicated at the time the data is collected.
We may share the data we collect with other companies, organisations and regulatory bodies, including, but not limited to:
Where required, we contractually agree that our service providers safeguard the privacy and security of personal data they process on our behalf and authorise them to use or disclose the data only as necessary to perform services on our behalf or comply with legal requirements.
Services include, but are not limited to: providing, administering, processing, and satisfying a quotation, contract or service.
These third-parties have access to personal information needed to perform their functions but may not use it for other purposes.
We may also disclose your personal information to third-parties in the following circumstances:
If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions, other agreements; or to protect our rights, property, or safety or those of our customers or other third-parties. This includes exchanging data with other companies and organisations (including credit reference agencies and the police) for the purposes of fraud protection, credit risk reduction and the prevention and detection of crime or the prosecution and apprehension of offenders.
In relation to the above uses of your personal data and the above sharing arrangements, your personal data may be transferred to, stored and processed in, one or more countries outside the European Economic Area (EEA), including in countries which do not provide equivalent protection for personal data as the GDPR. In these circumstances, we will take reasonable steps to ensure that your personal data is adequately protected in accordance with the requirements of the regulation.
The security of your personal data is very important and Aedis Regulatory Services Ltd is committed to protecting the data we collect. We maintain administrative, technical and physical safeguards designed to protect the personal data provided to us. We also safeguard against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use of personal data.
Despite our efforts regarding security, it is important to bear in mind that the internet is not a secure means of communication. Personal data shared/communicated through the internet may be intercepted by other people. We cannot guarantee the security of personal information sent to us through this website. You accept that you use this website at your own risk. Once we have received your data, we will use strict procedures and security features in order to prevent unauthorised access.
Aedis Regulatory Services Ltd reserves the right to transfer your data in the event of a sale or transfer (wholly or partially) of our business or assets, with reasonable efforts for the acquirer to protect/use your information consistent with the GDPR. You can exercise your rights to contact the acquiring entity with questions concerning the protection and processing of your information.
9.1. Data retention
We will keep information for a reasonable amount of time in order to perform the service/s agreed.
We only keep your information for as long as necessary. We generally keep personal data in line with the Building Control Performance Standards, meaning that we are currently required by the Government to keep records for a minimum of 15 years.
However, Aedis Regulatory Services Ltd reserves the right to keep information for longer if we feel that this is in the legitimate interests of Aedis Regulatory Services Ltd.
Aedis Regulatory Services Ltd stores personal data only for as long as it is necessary for the fulfilment of the purpose for which the personal information was collected, unless otherwise required or authorised by applicable law. We take measures to destroy or permanently de-identify personal information if required by law or if the personal data is no longer required for the purpose for which we collected it.
For the purposes of business conduct, enhancement, identification of fraud, money laundering and other potential unauthorised activities, Aedis Regulatory Services Ltd may engage in profiling activities via direct use or anonymisation of sensitive personal information.
9.2.2. Direct profiling
Direct profiling may be engaged for the fair and lawful purposes, to provide Aedis Regulatory Services Ltd with the ability to enforce Aedis Regulatory Services Ltd Terms and Conditions, legal reporting as may be required by applicable laws, regulations, policies/standards or requested by any judicial process or governmental agency having or claiming jurisdiction over Aedis Regulatory Services Ltd, which may include, but is not limited to:
9.2.3. Indirect profiling
Indirect profiling via anonymisation of personal data may also be used for preparing and furnishing aggregated data reports showing anonymised information, including, but not limited to: analyses, analytical and predictive models and rules, and other aggregated reports.
9.3. Your rights and choices
Your rights regarding the sensitive/personal data we maintain about you enable you to exercise choices about what personal data we collect from you, how we use that information, and how we communicate with you.
9.3.2. Access and correction
You may have the right to:
The right to access personal data may be limited in some circumstances by local law requirements.
9.3.3. Update and correct inaccuracies in your personal data
If you feel the data we hold about you is incorrect or inaccurate, you can contact us outlining the information you feel is incorrect or inaccurate.
If we refuse to correct your personal data, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint.
9.3.4. Object to the processing of your personal data
If you would like to object to any processing of your data by Aedis Regulatory Services Ltd, you can contact us outlining what processing of data you would like to object to.
If you would like us to delete, block or anonymise data we hold about you, you can contact us outlining what data you would like deleted, blocked or anonymised.
9.3.5. Opting out of processing
You have the right to ask us not to process your personal data for marketing purposes. Please contact us by either telephone, email or post. Our contact details can be found in the ‘How to contact us’ section below. Aedis Regulatory Services Ltd and/or Aedis Warranties Ltd may market to you by telephone, email or post. We will only contact you in relation to comparable products and services and will not share your information with any third-party companies for the purposes of marketing.
9.3.6. Withdrawal of consent
If we obtain your data by consent, you have the right to withdraw any consent you previously provided to us.
If we process your data under legitimate interest, you can object at any time, on legitimate grounds, to the processing of your personal information.
Aedis Regulatory Services Ltd will apply your preferences going forward.
Doing so will mean that you cannot take advantage of certain Aedis Regulatory Services Ltd and Aedis Warranties Ltd products, services and promotions.
The right to consent removal may be limited in some circumstances by local law requirements and you will be informed appropriately.
9.4. Identification and verification
Any person submitting a request regarding their data may be subject to identity and verification procedures at the discretion of Aedis Regulatory Services Ltd.
To update your preferences, ask us to remove your information from our mailing lists or submit a request to access, update, correct or delete your personal data, please contact us as specified in the ‘How to contact us’ section below.
In addition to helping you with the service requested, we must comply with certain regulations, for example: The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (referred to as ‘the Regulations’).
Aedis Regulatory Services Ltd are required to obtain certain information from you to comply with the Regulations. The information provided will only be used by Aedis Regulatory Services Ltd in relation to complying with the Regulations and will not be shared with any other party outside of those stated within this Privacy Notice unless we are required to do so under law.
If you decide to enter in to a business relationship with Aedis Regulatory Services Ltd, you are required to comply with certain regulations.
We may require two separate Identification documents; one primary and one secondary document. The information may be required at various stages of the process but, ideally, will be limited to one occasion.
Please contact us by:
Telephone: 0800 622 6903
Post: Aedis Regulatory Services Ltd, Aedis House, 3 Pioneer Court, Morton Palms Business Park, Darlington, DL1 4WD
If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please contact us.
To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.
If we cannot, for lawful reasons, complete your request, we will explain this to you to the extent that we lawfully can.
If you have any questions, comments or requests regarding this Privacy Notice, please feel free to notify us using any of the above contact details.
Aedis Regulatory Services Ltd reserves the right to change this Privacy Notice from time to time where necessary. Previous versions of our Privacy Notices will be kept within Aedis Regulatory Services Ltd. The version found at www.aedis.com/services/building-control/privacy-notice-aedis-regulatory-services-ltd will remain the most recent and current version.