RIBA Enterprises Limited (“we” or “us”) respects your privacy and will do its best to safeguard your personal information.
Who we are
NBS is leading the built environment with powerfully connected knowledge, products and services around the world. Please see “How to contact us” below.
What information we collect
When you use any of our services, products or online content, we may receive personal information about you. The kind of information we collect and hold includes, but isn’t restricted to, your name, email address, telephone number and company name. We also keep information about your use, and payment for, our services, products and online content.
Information about other people
Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How we use your personal information
We use the information we hold about you in the following ways:
- To provide you with our services and products and online content.
- To deal with your requests and enquiries.
- To provide you with information about our services, activities or online content.
- To personalise the way our content is presented to you.
- To assess trends and statistics regarding the use of our services and products and online content.
- To help us improve our services and products and online content by analysing how they are used.
- To block malicious users and prevent software piracy and fraud by ensuring our products and websites are used in compliance with our terms and conditions and to protect customers, manufacturers and end users.
- To provide advertisers with information about how our services, products or online content are being used.
- Sending questionnaires and surveys to gather customer feedback in order to provide better products and experiences to our customers and end users.
- For insurance purposes.
- To exercise or defend our legal rights.
- Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies including external audits.
Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- to comply with our legal and regulatory obligations;
- because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms; or
- where you have given consent.
Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
How we protect your personal information
We take appropriate and reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction.
We provide services to you from data centres with 24/7 physical security. Our data centres have international security accreditation including ISO 27001:2013 and ISO 9001:2015. We secure your connections to our services with TLS encryption.
Your personal information is logically separated from other’s to ensure data segregation.
NBS ID accounts need a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. NBS ID passwords are hashed, which means we cannot see your password. We cannot resend forgotten passwords; we will only provide instructions on how to reset them.
We restrict our access to your personal information by job role and limit staff access to your personal data to those individuals who have a genuine business need to access it. All employees receive regular security training and sign our information security policy annually. We have an ongoing programme to raise security awareness.
Although we make all reasonable efforts to prevent the loss or misuse of your personal information, we cannot guarantee your personal information will not be intercepted while being transmitted over the internet. Therefore, you acknowledge and agree that we assume no liability regarding the theft, loss, alteration, or misuse of your personal information during transmission.
Why we will get in touch with you
We may get in touch with you:
- About any service, product or online content you use, to make sure we do it well.
- About any communication or correspondence you have with us.
- About the fulfilment of any contractual agreement you have with us.
- For marketing purposes (we will never get in touch with you if you have asked us not to and we will never pass your details to third parties for marketing purposes unless you have consented).
- To invite you to take part in surveys or other research.
When we might share your information with other people
We may share your personal data with:
- Companies within our group (i.e. subsidiary and parent companies).
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Third parties we use to help deliver our products and services to you, e.g. payment service providers, IT providers, goods delivery providers, website hosts.
- Our advertisers, including product manufacturers.
- Third parties for relevant marketing activity, but only where you have consented to your personal data being shared with named entities for such purposes.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Transferring your personal data out of the EEA
To provide goods and services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:
- with service providers or advisers located outside the EEA;
- if you are based outside the EEA; or
- where there is an international dimension to the matter in which we are providing goods or services to you.
These transfers are subject to special rules under European and UK data protection law.
Generally, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure.
We will only transfer personal information to non-EEA countries where one of the following conditions applies under the GDPR:
- the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the data subjects' rights and freedoms;
- appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism;
- you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
- the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and you, the performance of a contract concluded in your interests between us and another natural or legal person , reasons of public interest, or to establish, exercise or defend legal claims.
About sensitive personal information
Sometimes, you may provide us with additional sensitive personal information. We will never share sensitive personal information with businesses or people outside RIBA Enterprises without your consent.
How long your personal information will be kept
We will keep your personal information while you have an account with us or we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly; and
- to keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
When it is no longer necessary to retain your personal information, we will securely delete or anonymise it.
You have the following rights, which you can usually exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal information|
|To be forgotten||The right to require us to delete your personal information - in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal information - in certain circumstances|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations|
|To object|| The right to object:
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
If you would like to exercise any of those rights, please:
- email or write to us - see below: ‘How to contact us’;
- let us have enough information to identify you (e.g. your full name, address and subscriber or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
Right to withdraw consent
If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact our Data Protection Manager (contact details provided below) or “unsubscribe” to any marketing e-mail we send to you, where relevant.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our services.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How to contact us
If you or have any questions about how we may use your personal information data, have any concerns or wish to make a complaint about our handling of your personal information, please contact us by post at RIBA Enterprises Limited, The Old Post Office, St Nicholas Street, Newcastle upon Tyne, NE1 1RH, or by email to privacy@RIBAEnterprises.com. We will investigate any complaints you notify to us and we will aim to ensure that any complaint and any queries you submit to us are resolved in a timely and appropriate manner.