iDEA may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This policy is effective from 25/05/18 and complies with the EU General Data Protection Regulation (GDPR) as from May 25th 2018.
Where you have been asked to respond to a survey, we will collect your responses to questions about the way you use your workplace, which may include any additional information you provide us in forms and summary pages that appear from time to time. Additionally, when you visit both the survey and the communications portal, we may collect information about your visit such as your IP address, your browser and device, the page you have viewed and when.
Any survey responses you provide us will be aggregated in order to provide a snapshot of how your organisation currently uses its space. This data will be presented in reports as part of the work your organisation has contracted us to provide.
Where you have been given a unique access token to the communication portal, this will provide you with individual access to the website.
Where article comments and discussion topics are enabled and you contribute to these, your responses will be associated with your access token in order to attribute them to you.
The data we collect will be solely used for the purpose of the work your organisation has appointed us to carry out and the analysis of results will not refer to individuals. Only anonymous and summarised results will be shared with management. The information we will produce and share with our corporate and research partners will only relate to aggregated analysis and not individual responses. No individual data will be shared with any other third parties.
We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015, and the General Data Protection Regulation (GDPR) which comes into force from 25th May, 2018.
We will keep your personal information only where it is necessary to provide you with access to the surveys you have been asked to complete, and to provide you with support if required. Once your survey is complete, and we no longer need to contact you for support or project communications, it will be anonymised to retain the confidentiality of your responses.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data we collect.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.
Information we may collect from you is processed in the UK and European Economic Area (EEA). Where information is processed by suppliers outside the EEA, ensure that these suppliers have accreditations sufficient to acknowledge the safe handling and storage of data from the EEA.
We have a number of lawful reasons that we can use to process your personal information.
These include processing personal information where it is necessary to fulfil a contract with your organisation, where we are required to as a legal obligation and where we have a legitimate interest to do so.
Broadly speaking, legitimate interests means that we can process your personal information if:
We process personal information in order to record your responses to our surveys, to provide support should you need help in order to complete the survey, and to provide access for to the communications portal. If you choose not to provide us with this information, or do not wish us to collect and use this information in these ways, it may mean we will be unable to provide you with support, record your responses to our survey or grant access to the communications portal.
Cookies are small text files that are sent by web servers to web browsers and can be used by web servers to identity and track users as they view different pages on a website or return to a website. They may be either persistent cookies or session cookies and may contain unique identifiers.
A persistent cookie will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before this date). A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.
For more information on the cookies we use and how to manage your cookies, please view our cookies policy.
If you'd like to learn more about cookies in general and how to manage them, visit aboutcookies.org
You have several rights in relation to how iDEA uses your information. They are:
You have the right of access to your personal information.
If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request at no expense by contacting us at [email protected]
If your personal information is inaccurate or incomplete, you can request that it is corrected. If the request concerns sensitive data, we will update the necessary databases and store your request as a hard copy in a locked filing cabinet as well as a soft copy on our protected server.
You can ask for your information to be deleted or removed if there is not a compelling reason for iDEA to continue to hold it.
We will supply a request form for the erasure of personal data that doesn’t need to be maintained for legal obligations or exercise of official authority. In order to erase this data, we will delete all soft copies off of our server and hard copies will be shredded and disposed of safely.
You can ask that we limit the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
You can object to iDEA processing your personal information where:
A loss of personal data does not result in a data breach unless the breach results in a risk to the rights and freedoms of an individual, a detrimental effect on their reputation, financial loss, loss of confidentiality, discrimination or any significant economic or social disadvantage.
Should a data breach occur, we will:
If the breach occurs or is discovered outside normal working hours, it must be reported as soon as is practicable. The DPO or response team lead will act as a point of contact in order to coordinate a response team in carrying out the following procedure:
If you are still unhappy, you can complain to our Supervisory Authority. You can find their contact details on the ICO website
If you have any other questions about your personal information, please contact us.
+44 (0)1743 719070
+44 (0)20 7613 0273