Privacy notice

Foster + Partners Privacy Notice for Third Parties

Contents

  • SECTION 1: Purpose
  • SECTION 2: Data Protection Principles
  • SECTION 3: The kind of information we hold about you
  • SECTION 4: How is your Personal Data collected?
  • SECTION 5: How Is This Information Used?
  • SECTION 6: Special Category Personal Data
  • SECTION 7: More specific details of how we may use your Personal Data
  • SECTION 8: Change of purpose
  • SECTION 9: Data Sharing
    • 9.1 How secure is your information with third-party service providers and other entities in our group? 
    • 9.2 Transferring information outside the EU
  • SECTION 10: Security
  • SECTION 11: Cookies
    • 11.1 Use of cookies by Foster + Partners
    • 11.2 Disabling/Enabling all cookies
    • 11.3 More information about cookies
      •  Strictly Necessary Cookies
      • Performance Cookies
      • Functionality Cookies
      • Targeting/Advertising Cookies
  • SECTION 12: Accuracy
  • SECTION 13: Retention
  • SECTION 14: Your rights in connection with Personal Data
    • 14.1 No fee usually required
    • 14.2 What we may need from you
    • 14.3 Right to withdraw consent
  • SECTION 15: Data Protection Manager
  • SECTION 16: Changes to this Privacy Notice
  • SECTION 17: Contact information


SECTION 1: Purpose
Foster + Partners is committed to protecting the privacy and security of any Personal Data (defined in Section 3 below) it handles.

Foster + Partners means Foster + Partners Group Limited or any of its subsidiaries, so when we mention “Foster + Partners”, “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in the Foster + Partners group which you have had dealings with.

This Privacy Notice describes how we collect and use Personal Data about visitors to our website, clients and potential clients, third party consultants and any other individuals whom we may collect Personal Data on in accordance with the General Data Protection Regulation (GDPR). Past, present and prospective employees, workers, and contractors should refer to our Privacy Notice for Employees and our Privacy Policy (found on our intranet and our recruitment webpage).

Foster + Partners is a “data controller”. This means that we are responsible for deciding how we hold and use Personal Data. We are required under data protection legislation to notify you of the information contained in this Privacy Notice. We may update this Notice at any time.


SECTION 2: Data Protection Principles

We comply with the GDPR. This says that the Personal Data we hold must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.


SECTION 3: The kind of information we hold about you
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, country of residence, company, and job title.
  • Contact Data includes address, email address and telephone numbers.
  • Professional Data includes CVs, and documents related to your qualifications, experience, and role, current salary, eligibility to work in the UK.
  • Usage Data includes information about how you use our website.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.


In limited circumstances, we may also collect, store and use documents to prove your identification such as a copy of your passport or address, and/or the following “special categories” of more sensitive Personal Data:

  • Information about your race or ethnicity, and religious beliefs.
  • Information about your health, including any medical condition.
  • Information about criminal convictions and offences.

The Personal Data we may collect varies depending upon how it is collected and for what purpose. More specific details are set out below. 


SECTION 4: How is your Personal Data collected?
Personal Data may be collected in the following ways:

1. Through information collected by cookies when you use our website.
When you visit www.fosterandpartners.com we may send a ‘cookie’ to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. For details of the cookies employed by us see Section 12 below.

; or

2. Through information automatically recorded when you use our IT systems, so that the systems can run effectively and we can ensure they are not being misused.

3. Direct interactions – where you provide information by filling in forms or corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:

  • Complete an online form to subscribe to our mailing list;
  • Make business enquiries via email or telephone; and
  • Enter into a working relationship with us.

; or

4. Third parties or publicly available sources. For example, consultants working with us whose CVs might be sent by their employer for bid documents or so we can assess their suitability for a project.


SECTION 5: How we will use information about you
We will only use your Personal Data when the law allows us to, such as:
1. Where it is necessary to perform a contract with you or in order to take steps at your request prior to entering into a contract.
2. Where we need to for compliance with a legal obligation.
3. Where it is necessary for the purposes of our legitimate business interests to run a successful international design studio, and your interests and fundamental rights do not override those interests.

We may also use your Personal Data in the following situations, which are likely to be rare:
1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest.


SECTION 6: Special Category Personal Data
Special Categories of sensitive Personal Data require higher levels of protection and we will need to have further justification for collecting, storing and using this type of Personal Data, such as:
1. In limited circumstances, with your explicit written consent.
2. Where it is necessary for us to meet legal obligations.
3. Where it is necessary for reasons of public interest.
4. Where it is needed on health grounds, subject to appropriate confidentiality safeguards. 
5. Where it is needed for legal claims.
6. Where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

It is unlikely that we will need to collect or process Special Categories of sensitive Personal Data. Where we do need to, we will notify you and (where required) obtain your consent to the processing.


SECTION 7: More specific details of how we may use your Personal Data
We have set out in the table below details of the type of data we may collect (by reference to the groups described in Section 3 above), the ways we may use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To deliver relevant website content to you and to use data analytics to improve our website  (a) Identity
(b) Contact
(c) Usage
(d) Marketing and Communications
(e) Technical
Necessary for our legitimate interests (to keep our website updated and relevant and to develop our business)
To send marketing newsletters to you (a) Identity
(b) Contact
(c) Marketing and Communications
Necessary for our legitimate interests (to develop our business)
To invite you to events (a) Identity
(b) Contact
(c) Marketing and Communications
(a) Necessary for our legitimate interests for business development - to strengthen business relations and to market our services
To administer and protect this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, and network security)
To respond to your new business enquiry as a potential client. (a) Identity
(b) Contact
(a) Necessary for our legitimate interests (for winning and providing design services)
To administer our working relationship with you and your employer (as applicable), such as providing and administering architectural and engineering services to you, and/or collaborating with you to bid for a design project or to provide design services.

(a) Identity
(b) Contact
(c) Professional Data

In limited circumstances we might require documents to prove your identification such as a copy
of your passport or Special Categories of sensitive Personal Data. In these circumstances we will notify you and where necessary obtain your consent.

(a) Performance of a contract with you
(b) Necessary for our legitimate interests for winning and administering projects and running our business)
For marketing campaigns and to win new business. This may include taking photographs or filming of our day-to-day design activities, projects events, and interviews. (a) Identity
(b) Professional Data
(a) Necessary for our legitimate interests for promoting our business, winning work and recruiting talented designers.

 

SECTION 8: Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Occasionally we may use Personal Data to send you updates about our business or invites to events. If you prefer not to receive promotional material from Foster + Partners email us at fosterenquiries@fosterandpartners.com and put “unsubscribe” in the subject line together with the name of the publication you wish to unsubscribe from.

Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.


SECTION 9: Data Sharing

We may share your Personal Data with third parties, including third-party service providers and other entities in the Foster + Partners Group where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest for the purpose of running a successful international design practice in doing so.

For example, we may share your Personal Data with:

  • professional advisors such as lawyers and accountants;
  • processors such as providers of cloud hosting solutions or translation companies;
  • to an auditor, regulator or to otherwise comply with the law.

We may share Personal Data, such as CVs of collaborating design consultants, to clients, potential clients or collaborating designers where this was the purpose of collection.

As we are an international design practice, we may share your Personal Data with other entities in our group. In particular, we share your Personal Data for the following purposes:

  • Where required to facilitate your travel to meetings in one of our international offices or in respect of a project abroad;
  • Where we are inviting you to an event held in one of our offices abroad. 
     
    • 9.1 How secure is your information with third-party service providers and other entities in our group? 
      All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Data in line with our policies and the law. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
    • 9.2 Transferring information outside the EU 
      We are an international design practice and as such may transfer the Personal Data we collect about you to countries outside Europe. Where we do so, we will ensure that those transfers take place in accordance with the data protection laws, including by entering into data transfer agreements with recipients or obtaining your explicit consent. If you require further information about these protective measures, you can request it from the Data Protection Manager via the contact details set out below. 


SECTION 10: Security
All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.


SECTION 11: Cookies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

11.1 Use of cookies by Foster + Partners
Within this website cookies are used to facilitate features and functions
which improve your browsing experience. They are also used to measure the performance of the site and the ways in which visitors navigate their way around. The below information details the cookies we use, how to prevent these being written and the impact of doing so on your browsing experience.
11.2 Disabling/Enabling all cookies
You can accept or decline cookies by modifying the settings in your browser. However, you will not be able to use all the interactive features of the site if cookies are disabled.
Most recent web browsers allow control over the cookies saved through
the browser settings. To find out more about cookies, including how to see
what cookies have been set and how to manage and delete them, visit
www.allaboutcookies.org.
11.3 More information about cookies
There are four main types of cookies used by websites. These categories are described below, based on the information published in the International Chamber of Commerce Cookie Guide.

Strictly Necessary Cookies – Enable services you have specifically asked for.

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies the services you have asked for, like shopping baskets or e-billing, cannot be provided.

Performance Cookies – Collect anonymous information on the pages visited.

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Functionality Cookies – Remember choices you make to improve your experience.

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.

Targeting/Advertising Cookies – Collect information about your browsing habits in order to make advertising relevant to you and your interests.

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization.
The tables below explain the cookies we use and why. The information is updated regularly but if a discrepancy is found then please contact us.

Strictly Necessary Cookies

fosterandpartners.com
Cookie Name Purpose Duration / Expires
ARRAffinity This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. Session
UaaSSecurity CMS specific security token Session
WAWebSiteSID This cookie is set by websites run on the Windows Azure cloud platform. It is a site identifier used to make sure the visitor is routed to the correct website on the server. Session
fosterandpartners.com
ASPSESSIONID
{RANDOM NUMBER}
Session cookie to remember the current user between page reloads and facilitate site functionality and remembering logged in states. Session


Functionality Cookies

fosterandpartners.com
Cookie Name Purpose Duration / Expires
cookieAccepted Stored when you dismiss the cookie policy banner, so that it does not display on every page. 1 year
fosterandpartnerscareers.com CMS specific security token Session
cookieAccept Stored when you dismiss the cookie policy banner, so that it does not display on every page. 1 year


Targeting/Advertising Cookies

N/A - None used. 


SECTION 12: Accuracy
We want to make sure that your Personal Data is accurate and up to date. Please contact us if any information we are using is not accurate or up to date.


SECTION 13: Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it or for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.


SECTION 14: Your Rights in Connection with Personal Data
Under certain circumstances, by law you have the right to:

  • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request the erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party.

If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact the Data Protection Manager in writing.

14.1 No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
14.2 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
14.3 Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager or use any unsubscribe link in any email newsletter that you receive. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.


SECTION 15: Data Protection Manager
We have appointed a Data Protection Manager to oversee compliance with this Privacy Notice. This role is held by Nadeem Mir, Senior Partner, who may be contacted on dataprotection@fosterandpartners.com; 0207 738 0455.
If you have any questions about this Privacy Notice or how we handle your Personal Data, please contact the Data Protection Manager. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.


SECTION 16: Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.
If you have any questions about this Privacy Notice, please contact the Data Protection Manager.


SECTION 17: Changes to this Privacy Notice
Requests for further information about this Privacy Notice or about how we process Personal Data can be sent by email to: dataprotection@fosterandpartners.com

Or in writing to:

Nadeem Mir
Data Protection Manager
Foster + Partners Limited
22 Hester Road
London SW11 4AN