1.0 Introduction

Stroma Building Control is committed to safeguarding the privacy of our clients, website visitors and other service users. Your information is very important to us and we handle all of this in line with the current Data Protection laws and regulation. Stroma Building Control works to a quality management system recognised by international standards which facilitates our operational activity in working to the required policies and procedures.

This Privacy Policy explains what data Stroma Building Control collects from you, through our interactions with you and through our various services and how we use that data.

We encourage you to read this policy in full to understand how we are using your information. We also draw your attention to the Divisional-specific details in this Privacy Policy, which provide additional information about the services offered by each division of the Stroma Building Control. This statement applies to all of Stroma Building Control's interactions with you, the services listed below and other Stroma Building Control products and services which are displayed this statement. Should Stroma Building Control be made aware of any breaches to your personal data under any of the services listed below and other Stroma Building Control products and services displayed in this statement, Stroma Building Control will implement appropriate procedures immediately to mitigate the risks to your personal data.

2.0 Legal Basis

Stroma Building Control have reviewed the lawful basis for processing personal data under the General Data Protection Regulation. Stroma Building Control have determined that the following lawful bases are applicable for the processing of personal data:

  1. Consent.
  2. Contract.
  3. Legal Obligation.
  4. Legitimate Interests.

These have been selected based on the purpose and relationship with the individual in accordance with the Stroma Building Control business activities. It has been agreed that these 4 are the most suitable, and the justifications
for selecting these are detailed below. Stroma Building Control have also documented our lawful basis for processing as well as the purposes of the processing within our Privacy Policy. Where Stroma Building Control needs to amend these, we may be able to continue processing under the original lawful basis if our new purpose is compatible with your initial purpose.

2.1 Consent

Stroma Building Control use consent as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used when we have received a positive ‘opt-in’ action within our
marketing and customer facing business documents.

We have made the request for consent prominent and separate from our terms and conditions, adding a Permissions to Contact section for the customer to complete at the point of joining entering into an agreement with Stroma Building Control Clients or Contacts of Stroma Building Control are able to update these permissions at any time, and by deciding to ‘opt-out’ this will not be detrimental to the agreement with Stroma Building Control. It is not a precondition of working with Stroma Building Control that a customer has to ‘opt-in’ to anything; however, where the agreement in place requires updates to be made relating to that agreement, Stroma Building Control will have to contact the customer.

2.2 Contract

Stroma Building Control use contract as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. This will be used based on an agreement being in place between ourselves and someone enquiring about our services or where a formal agreement has been signed and is active. The requirement to process data will be detailed within the contract.

2.3 Legal Obligation

Stroma Building Control use legal obligation as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used for the retention and use of personal information, this for example can include employment records, accident reports for health and safety, DBS checks etc.

2.4 Legitimate Interests

Stroma Building Control uses legitimate interests as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. In processing personal data under legitimate interests, Stroma Building Control will:

  • Identify the legitimate interest for which the data is being processed under.
  • Show that the processing is necessary to achieve it; and
  • Balance its use against the individual’s, rights and freedoms.

The legitimate interests can be our own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits; however, we will ensure that that evidence can be provided as the necessity of using the personal data. Stroma Building Control will balance our interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests will override your legitimate interests of using their personal data, and therefore it will not be used.

3.0 What Data We Collect from You

Stroma Building Control collects data to operate effectively and provide the best services for our clients. You provide some of this data directly, such as when you request a quote for a Stroma Building Control service, purchase a Stroma Building Control Warranty product or contact us for technical support. We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third party sources vary over time, but have included:

  • Social networks when you grant permission to a Stroma Building Control profile to access your data on one or more networks;
  • Partners with which we offer co-branded services or engage in joint marketing activities; and
  • Publicly-available sources such as open government databases or other data in the public domain.

You have control about the data we collect and if asked to provide personal data you have the option to decline. However, if certain data is required to provide a specific Stroma Building Control service or product, you may not be able to access that service or product. The data we collect depends on the context of your interactions with Stroma Building Control and the products and services you use. The data we collect can include the following:

3.1 Account Data

Stroma Building Control may process ‘Account Data’ when you apply or request a quote for one of our services. We collect your first and last name, email address, postal address, phone number and other similar contact data via you or your employer. The account data collected will be in accordance with the business relationship between Stroma Building Control and the individual or company in order to fulfil contractual requirements.

3.2 Demographic Data

We collect data about you such as your age, gender, country and preferred language.

3.3 Transaction Data

We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.

3.4 Usage Data

We may process data about your use of our website and services, referred to as ‘usage data’. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

3.5 Client Feedback Data

We also collect information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for technical support. When you contact us, such as for technical support, phone conversations with our representatives may be monitored and recorded.

Product-specific sections below describe data collection practices applicable to the use of those products.

4.0 How We Use Personal Data

Stroma Building Control have detailed in this section the following key elements of how we will use personal data:

  • The categories of personal data that we may process through our levels of interaction.
  • The source and categories of personal data that we did not obtain directly from you.
  • The purposes of how we may process personal data.
  • The legal requirement for processing personal data.

The purpose for using the data we collect is either to operate our business and provide the services we offer; to send communications (including promotional communications) or to exercise the terms of a specific contract made.

4.1 Account Data

Each client of the Stroma Building Control has an account created within our internal CRM system. We use your Account Data to provide the services we offer and perform essential business operations. This includes quoting for our services, providing those services, conducting research and providing technical support:

  • Providing our Services: We use data to deliver service estimates, quotations and to provide our services to you.
  • Technical Support: We use data to diagnose problems in our software, resolve lodgement enquiries and provide other client care and support services.
  • Service/Product Improvement: We use data to continually improve our services and products. For example, we use errors reported in our software to perform bug fixes and software updates.
  • Complaint and Dispute Resolution: We use data to protect the security and safety of our clients to resolve disputes and settle complaints.

The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

4.2 Transactions

Stroma Building Control may process information relating to transactions, including purchases of software products and services, that you enter into with us and/or through our website, and is referred to as ‘transaction data’. The transaction data may include your contact details, your credit/debit card details and the transaction details. The transaction data may be processed for supplying the purchased products and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps-at your request-to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

4.3 Communications

We use data we collect to communicate with you. For example, we may contact you by phone or email or other means to offer a quotation for relevant services within the Stroma Building Control, advertise forthcoming training courses, send industry news and newsletters, inform you of regulatory changes, update you or enquire about a service request, invite you to participate in a survey, or request information relating to the status of an
ongoing project. Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from Stroma Building Control by email, post and telephone.

4.4 Website Usage

We process your data to analyse the use of our website and for business intelligence. This is done via Google Analytics to monitor and improve our website for all visitors and to report on the performance of our website. Further information can be found in our Cookies section. The legal basis for this processing is our legitimate interests.

4.5 Personal Data

Stroma Building Control may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. Please do not supply any other person's personal data to us, unless we prompt you to do so.

5.0 Reasons We Share Personal Data

We share your personal data with your consent or as necessary to provide any service you have requested or authorised. For example, we share your data with third parties when you tell us to do so, such as when you request a quotation for Stroma Building Control Insurance or Stroma Building Control Warranty. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services and for fraud prevention and credit risk reduction. Please note that some of our websites include links to the websites of third parties whose privacy practices differ from Stroma's. If you provide personal data to any of those products, your data is governed by their privacy statements.

6.0 How to Access and Control Your Personal Data

You can request access to your personal data by completing the online form or by downloading and completing the paper based form under Section 1.2 Right of Access on the following webpage: /data-protection.

You can make a request to rectify your personal data by completing the relevant form under Section 1.3 Right to Rectification on the following webpage: /data-protection.

You can make a request to erase your personal data by completing the relevant form under Section 1.4 Right to Erasure on the following webpage: /data-protection.

You can choose whether you wish to receive promotional communications from Stroma Building Control by email, postal mail and telephone. If you receive promotional email messages from us and would like to opt-out, you can do so by following the directions in those messages. These choices do not apply to mandatory service communications that are part of certain Stroma Building Control services, or to surveys or other informational communications that have their own unsubscribe method.

Stroma Building Control ensures that data is managed in line with the latest Data Protection legislation and the General Data Protection Regulation (GDPR) to deliver the following rights. Further details on the remaining 8 individual rights are published on the Stroma Building Control website.

6.1 Right of Access

Upon receipt of a written request, we will provide stakeholders and employees with a report showing what data is held on them. This will be provided within 30 days of the request’s receipt.

6.2 Right to Rectification

Upon receipt of a written request, we will amend any inaccurate information held on stakeholders and employees within 30 days of the request’s receipt.

6.3 Right to Erasure

Upon receipt of a written request, Stroma Building Control will delete the information held on stakeholders and employees within 30 days of receipt. Where there is a clear reason for this data to remain on Stroma Building Control records this reason will be given to the individual in writing.

6.4 Cookies

By using the Stroma Building Control website, www.stromabc.com (including all online portals) and agreeing to this Privacy Policy, you consent to our use of cookies in accordance with the terms of this policy. Our website incorporates privacy controls that affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications. You can also limit the publication of your information; however, this is may be subject to specific terms and conditions based on the agreement held with Stroma Building Control.

7.0 Policy Amendments

Stroma Building Control may make amendments to this Privacy Policy to improve our privacy control measures. The latest copy of the Privacy Policy can be accessed here.

8.0 Contact Details

If you have any questions concerning the Stroma Building Control Privacy Policy you can contact us using one of the following methods:

This policy statement has been endorsed and approved by:
Mr Ian O'Connor

Managing Director

5th January 2023