In accordance with our Group Policy on Ethical Conduct, we will implement systems that support our duty of confidentiality and respect privacy in our business relationships.
The firm protects the privacy of individuals (our employees and third parties) when handling any personal information and sees that the firm is compliant, as far as reasonably practicable, with relevant data protection and privacy laws by adhering to the following principles:
- Being transparent about the collection, useand disclosure of personal information;
- Collecting and using personal informationfairly and lawfully;
- Only collecting personal information that isrequired and only keeping it for as long as isnecessary;
- Keeping personal information accurate andup to date;
- Respecting the privacy rights of individualsgranted by privacy laws;
- Keeping personal information secure.
Implementation
We are committed to keeping abreast of all applicable data protection/privacy laws of the jurisdictions in which we operate.
Appropriate training and support is provided to see that all personnel are aware of the obligations set out in this statement, and follow the firm’s data protection procedures when handling the personal information of others.
Relevant security procedures are in place and guidance issued to staff explaining their data protection and security obligations.
When sharing personal information with third parties, we do so only where necessary, in accordance with relevant legal requirements and seek assurances that the third party has adequate security procedures in place to protect such information.
Clear processes are in place for individuals to raise concerns about how the firm processes their personal information and for resolving any such concerns.
Our privacy notices are clear, accessible and give sufficient information about how we use and share personal information and where personal information can be updated or corrected.
Personal information no longer needed for its original business purpose is deleted/destroyed in accordance with our retention and destruction procedures, unless we have a legal obligation to retain personal information for a certain period.
Personal information is only transferred outside jurisdiction to other Group companies in accordance with relevant legal requirements.
Governance
This statement is made on behalf of the Group Board in line with the Policies that it sets and is implemented across all Arup operations through rules, procedures and guidance.
It is reviewed and approved annually, or more frequently where appropriate.