Privacy Notice

1.0 Our core beliefs regarding user privacy and data protection

Stace LLP are committed to protecting and respecting your privacy. We will treat personal information lawfully and in a manner which is in accordance with the Principles of the EU General Data Protection Regulations 2018 (GDPR) and all other data protection legislation currently in force.

This Privacy Notice contains information regarding how we collect and use personal data or personal information about you to protect the privacy and security of your personal information.

When processing data we will:

  • process it lawfully, fairly and in a clear, transparent manner.
  • collect for specified, explicit and legitimate purposes and only processed as such.
  • make sure it is adequate, relevant and limited to what is necessary for the purpose of processing.
  • record accurate personal data and take all reasonable steps to ensure inaccurate personal data is rectified or deleted without delay.
  • only keep for the period necessary for processing and in a form which permits identification for data subjects.
  • have appropriate security measures to prevent unauthorised/ unlawful processing, accidental loss, destruction or damage.

We comply with the Principles of GDPR and have implemented appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information. As a Data Controller, we understand it is our responsibility to be transparent and accurate therefore we will have a consistent treatment of data and will continually review all our measures with the aim of ensuring/improving our security features on an on-going basis.

We will not make your personal information available outside of the Partnership without your consent, unless there is a business legitimate reason and/or we are obliged to by law.

2.0 Relevant legislation

Stace LLP will comply with their statutory obligations and where appropriate, amend this policy to meet the demands of future legislation.

This statement is designed to comply with the following legislation with regards to data protection and user privacy:

  • EU General Data Protection Regulation 2018 (GDPR)
  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)

3.0 Our Website

Our website is hosted by Digital Ocean who help to maintain our security and performance. To deliver this service Digital Ocean processes the IP addresses of visitors to the Stace website and they have appropriate security measures in place to secure their infrastructure from unauthorised access.  For further details, please refer to Digital Ocean’s Privacy Policy https://www.digitalocean.com/legal/privacy/.

You should note that our website may contain links to enable you to easily visit other websites of interest.  Should you use the links to leave our site, please note we do not have any control over any other website, therefore we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.  We would advise you to exercise caution when entering personal information online and refer to other websites Privacy Policies and control the use of cookies (refer to our Cookie Policy for more information).

4.0 Clients who use Stace’s services

Stace offer various services including but not limited to Project Management, Cost Management, Building Surveying, Monitoring and Due Diligence and Health and Safety. We may sometimes need to share information with third parties to provide the service you have requested.

We must keep the details of the individuals (and companies) who have requested the service in order to provide it; however, we only use these details to provide the service requested. When you request our services and we perform what is required, we will maintain the information in our systems until the client relationship has ended and no longer required by statue.

5.0 Personal information that the Stace LLP website collects, why we collect it and how we may use it?

You can visit the Stace LLP website without revealing your identity or giving us any personal data about yourself. We may collect personal information from you when submitted voluntarily by yourself, however where required to comply with the principles of GDPR, we will seek consent to retain this information.

We assure you we do not collect more information than we need to fulfil our legitimate purposes and will not retain it for longer than necessary.

5.1 What information do we store?

We may store the following information:

  • Email addresses
  • Online employment applications

We may also use cookies so please see our Cookie Policy for further information.

5.2 Why we store this information?

We will use personal data collected from our website and other sources for the following reasons:

  • To analyse our website and to create the best user experience.
  • To provide you with e-communications and updates on the Partnership.
  • To enable us to supply you with the services and information you have requested or we feel may interest you.
  • To process any employment application that you submit.

Our website uses Google Analytics (GA) to track user interaction; we use this data to determine the number of people using our website, to better understand how they find and use our webpages and to see their journey through the website.

6.0 Who we may share your data with

We may share your personal data with business partners, suppliers, subcontractors, agents’ software providers and other associated organisations for the performance of any contract we enter into with them and/or for the purposes of completing tasks and providing services to you on our behalf or for any statutory reason, for example but not limited to:

  • Sending you mailings.
  • Facilitating our service provision.
  • IT software providers that may support our website and other business systems including backups of our data.
  • Professional and/or legal advisers.

As a Data Controller, any third party we use to process data on our behalf are referred to as a Data Processor.  We will only work with trusted partners who are required to adhere and comply with current data protection legislation to protect your data.

Third party service providers are not permitted to process your personal information unless we have instructed them to do it for specific purposes.  We disclose only the personal information that is necessary and such parties are bound to keep such information secure and retain it for the period we instruct.  They will not share your personal information with any organisation apart from us and will not use it for their own direct marketing purposes.

We do not sell personal data to any organisation.

7.0 Security and how we store your information

7.1 Security

We take information security very seriously and have appropriate security measures in place to prevent personal information being accidentally lost/destroyed, accessed or used in an unauthorised manner. Our security policy is supported by our Quality Management System which is ISO 9001:2015 accredited.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us/from us and therefore any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

When you give us personal information, we take steps to ensure that it’s treated securely and information is protected using 128 Bit encryption on SSL.

When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

7.2 How we store your information?

We store our data securely on protected servers that require strong passwords to access.

Our storage servers are located in the cloud on Microsoft Azure. The connection to our servers is over secure encrypted links and are maintained by Exponential-e. For further details, refer to the privacy policies for both Microsoft https://privacy.microsoft.com/en-gb/privacystatement and Exponential-e https://www.exponential-e.com/terms-policies/privacy-policy

We review our internal retention periods for personal information on a regular basis however we are legally required to hold some types of information to fulfil our statutory obligations. We will not hold your personal information on our systems for longer than is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

8.0 Recruitment

Our recruitment methods may include:

  • Advertising on social network platforms such as our website, LinkedIn etc.
  • Through agencies which we consider as data controllers.
  • Careers Fairs and other networking events.
  • Employee and/or other direct referrals/instructions.

When you apply via an agency they will be the data controller and will be responsible for obtaining your explicit consent to share your personal information with us and they will be responsible for ensuring there is a third party contract in place. We will process any personal information in accordance with the principles of GDPR for the activity of recruitment.

As part of our recruitment process, if we are required to share your personal information with any third party, they will act as a data processor and are required to adhere and comply with current data protection legislation to protect your data. A third party contract will be in place which means they are not permitted to process your personal information unless we have instructed them to do it for specific purposes. They will not share your personal information with any organisation apart from us and they will hold it securely and retain it for the period we instruct.

8.1 How we make decisions about recruitment?

We do not use any automated selection processes to make decisions for us and our final recruitment decisions are made by hiring managers and members of our recruitment team. All the information gathered during the application process with exception of any equal monitoring information is taken into account.

8.2 Application stage

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

If you wish to submit your CV and cover letter using the link to our recruitment email address for a position with Stace LLP, we will only use the information you supply to us to process your application and to monitor recruitment statistics. Where we want to disclose information to a third party, we will not do so without informing you beforehand unless the disclosure is required by law.

Any applicant’s details provided will be reviewed by the HR Team and the relevant Hiring Managers.

8.3 Interview stage

Should you be chosen for an interview you will be required to complete an Application Form and this will be kept on file with your CV and any other relevant information.

You may also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information is provided anonymously to prevent identifying you and such information will not be made available to any staff outside of our HR Department, including hiring managers. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

8.4 If unsuccessful

If you are unsuccessful following assessment for the position you have applied for, for our business legitimate interests and to fulfil any legal obligation we will keep personal information about candidates for a period of 12 months from the end of the recruitment campaign. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data after 12 months.

Should you wish to be considered for future opportunities, we would encourage you to continually review our career page or keep in contact and apply again directly.

8.5 Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks to ensure you are eligible to work in the UK.

You must successfully complete our pre-employment checks for your employment to be confirmed. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek references.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents so we can take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents so we can take copies.
  • We will contact your referees, using the details you provide once a conditional offer has been made, directly to obtain references – it is your responsibility to ensure you have obtained consent from the individuals prior to providing us with their details.

Upon commencement of employment, we will also ask you for other personal information included in our Internal Privacy Notice (a copy of which is included with the offer of employment). In circumstances and where relevant to your role, a criminal record check may be required, known as a Disclosure and Barring Service (DBS) check.

8.6 Upon employment

Upon employment, the information you provide during the application process, including your references, will be retained by us as part of your employee file; which will be kept secure and only used for the performance of our contract for the duration of your employment.

Should your employment end, your personnel file will be retained securely for 6 years from the termination date and then confidentially destroyed.

9.0 Marketing

We consider emailing our newsletters to our clients as a business legitimate reason as part of maintaining our positive client relationships, however you have a choice about whether or not you wish to receive information from us.

If you are not a client and you wish to sign up to receive our newsletters you will be asked to provide your email address.

If at any time you no longer wish to receive marketing communications from us then please email marketing@stace.co.uk . Where we receive an opt out request we are committed to act upon such requests in a timely and efficient manner.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

9.1 Dotmailer

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Dotmailer who provide us with email marketing services. The email address that you submit will not be stored within Stace LLP’s website.

Your email address will remain within Dotmailer’s database with restricted access by our marketing team for as long as we continue to use Dotmailer’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribing links contained in any email newsletters that we send you or by requesting removal via email to marketing@stace.co.uk. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

10.0 People who contact us via email

Stace’s emails are monitored and protected from Malware using Microsoft online protection. Any email sent to us, including any attachments may be monitored and used by us for reasons of security and for monitoring compliance in line with our information security procedures.

11.0 People who contact us via social media

You will note our website has links to our corporate LinkedIn and Twitter page, in line with social media guidelines please see below their Privacy Policies.

  • Twitter – https://twitter.com/en/privacy
  • LinkedIn – https://www.linkedin.com/legal/privacy-policy

Any interaction on social media platforms are governed by the privacy policies of the companies that provide them so we would recommend you review these as any information you submit to Stace via a social media platform is done so at your own risk.

12.0 Access to your information and rectification

Stace are committed to be as open as possible with regards to providing individuals access to their personal information. The accuracy of this information is highly important to us and therefore should you change your email address or believe any of the other information we hold is inaccurate or out of date, you can ask us to rectify or to erase it by emailing us. For marketing and customer data email marketing@stace.co.uk or for recruitment data recruitment@stace.co.uk.

You are entitled to ask for a copy of any data which personally identifies you by making a ‘subject access request’ under GDPR and such requests will need to put in writing addressing it to HR at Stace LLP, 273 High Street, Epping, Essex CM16 4DA. For the protection of your personal information, please ensure any communication sent via post is addressed Private & Confidential.

13.0 Transfers of personal data outside the EU

We are a UK based Limited Liability Partnership and do not process personal data outside of the EU, however should this situation change we will make sure that the transfer is lawful and in line with current legislative requirements and that there are appropriate data security arrangements/safeguards are in place, for example by using contractual agreements compliant with the principles of GDPR.

14.0 Cookies

Cookies are used by websites to generally improve their performance and enhance the user’s experience; however, you should note that certain cookies contain personal information, i.e if you click to “remember me” when logging on to a webpage; therefore, we would recommend when browsing websites, you do review their Cookie Policy.

We use cookies via Google Analytics to collection information in an anonymous form about how visitors use our website. Google Analytics makes use of cookies and you can disable cookies on your internet browser and you can stop Google Analytics from tracking any part of your visit to pages within our website.

For further information, please refer to our Cookie Policy.

15.0 Queries and Complaints

This Privacy Notice does not provide exhaustive detail of all aspects of Stace’s collection and use of personal information; however, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

We take any complaints we receive about this very seriously and encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

For information on your individual rights under GDRP, refer to the guidance from the UK Information Commissioner’s Office (ICO): https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you would like to exercise any of your rights, please:

  • either email j.noble@stace.co.uk or by writing marked Private & Confidential to John Noble, Partner, Stace LLP, 273 High Street, Epping, Essex CM16 4DA.
  • provide proof of identity, address, and the information to which your request relates to, where required

16.0 Data breaches

In the event of any unlawful data breach we will report to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been lost or stolen.

17.0 Data Controller

The Data Controller of this website is: Stace LLP.

Registered in England No: OC312683. Registered office is 273 High Street, Epping, CM16 4DA

Under the Information Commissioners Data Protection Register, our registration number is Z6726739.

18.0 Changes to our Privacy Notice

We may change this Privacy Notice from time to time, however we will not reduce your rights under statutory legislation. We will always update our Privacy Notice on our website, so we would encourage you to read it when you visit our website for more information regarding your privacy.

This Privacy Notice was last updated on 23 May 2018.