This Privacy Notice details how CADMANDO Design & Draughting Solutions Limited Limited applies data protection principles to processing data. CADMANDO Design & Draughting Solutions Limited (“CADmando”, “we”, “us” or “our”) is strongly committed to protecting personal data. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint. Personal data is any information relating to an identified or identifiable living person. CADmando processes personal data for a number of purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. The objective of this Privacy Notice is to be transparent about how and why we process your personal data.

CADmando collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (GDPR) 2018 which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

In the course of performance of our business functions we collect the following personal information when you provide it to us:

We collect personal data concerning our employees as part of the administration, management and promotion of our business activities.

When applying for a role at CADmando, applicants should refer to the information made available when applying for a job for details about why and how personal data is collected and processed.

We collect and process data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our customers. 1 We use personal data for the following purposes:  Receiving services  Providing professional services  Administering, managing and developing our businesses and services  Security, quality and risk management activities  Providing our suppliers with information about us and our services  Complying with relevant law and regulations

CADmando collects only the personal data necessary for agreed purposes and we ask our customers to only share personal data where it is strictly needed for those purposes. Where we process personal data to provide services, we inform our customers to provide the necessary information to the data subjects regarding its use. We use personal data for the following purposes:  Providing professional services  Administering, managing and developing our businesses and services  Security, quality and risk management activities  Providing our customers with information about us and our services  Complying with relevant law and regulations

Visitors to our website are generally in control of the data shared with us. We may collect, store and use the following kinds of data:  Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);  Information that you provide to us for the purposes of making contact with us  Any other information that you choose to send to us Personal data submitted to our website may be used for the following purposes:  Administer the website  Improve your browsing experience by personalising the website  Enable your use of the services available on the website  Respond to your enquiry via our ‘contact us’ page.

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security measures in place to protect the data and to comply with our obligations as data controller. Personal data held by us may be transferred to:  Third party organisations that provide data processing or IT services to us  Third party organisations that assist us in providing goods and services  Auditors and other professional advisors  Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation Your data will not be transferred to countries outside the European Economic Area (EEA).

We review our retention periods for personal information on a regular basis. There may be legal and statutory requirements which govern how long we should retain your personal data (eg financial records). Outside of these, we will keep your personal data for as long as is necessary for the relevant purposes set out above or set out in any relevant contract you hold with us, or until we become aware it is no longer valid or you ask us to delete it.

Under the GDPR you have a number of important rights. In summary, those include rights to: • fair processing of information and transparency over how we use your personal information • access to your personal information • require us to correct any mistakes in your information which we hold • require the erasure of personal information concerning you in certain situations • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations • object at any time to processing of personal information concerning you for direct marketing • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you • object in certain other situations to our continued processing of your personal information • otherwise restrict our processing of your personal information in certain circumstances For further information on each of those rights, including the circumstances in which they apply, see The Information Commissioner’s website. If you would like to exercise any of those rights, please: • write to us • let us have enough information to identify you • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and 1 • let us know the information to which your request relates

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

The data controller is CADmando Design and Draughting Solutions Limited. If you have any questions about this privacy notice or how and why we process data please contact us at: Operations Director CADmando Design and Draughting Solutions Ltd, The Long Barn, The Courtyard, Severn Drive, Tewkesbury Business Park, Tewksbury GL20 8GD

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please contact the Operations Director with the details of your complaint. We will look into and respond to any complaints we receive. You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) who is the UK data protection regulator. For further information on your rights and how to complain to the ICO, please refer to their website www.ico.org.uk

This privacy notice was published on 25 May 2018. We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.