Privacy Policy

Effective date: 20 Oct 2025
Controller: Phoenix Architecture (“we”, “us”, “our”)

We are committed to protecting your privacy. This policy explains what personal data we collect, how we use it, how long we keep it, who we share it with, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1) Who we are & how to contact us

Phoenix Architecture is a UK-based architectural and building engineering practice serving clients across the UK.
Email: office@phoenix-architecture.co.uk
Tel: 07495 524 445
We act as the data controller for the personal data described in this policy.

2) The data we collect

• Identity Data: name, title, (where necessary) date of birth.
• Contact Data: postal address, email address, telephone numbers.
• Project Data: property addresses, surveys, drawings, planning details, design preferences, project correspondence.
• Financial Data: payment details, invoices, billing records.
• Technical/Usage Data: IP address, device/browser type/version, pages viewed, interactions on our site (via cookies/analytics).
• Communications Data: emails, call notes, meeting minutes, feedback.

We do not intentionally collect special category (sensitive) personal data. If it becomes essential (e.g., accessibility needs for site access), we will only process it with your explicit consent or another valid lawful basis.

3) How we collect data

• Directly from you (phone, email, website form, in person).
• During service delivery (surveys, drawings, planning submissions).
• From third parties (e.g., consultants, contractors, planning portals/public records) where relevant and lawful.
• Automatically via our website (cookies/analytics).

4) Purposes & lawful bases for processing

We process your data only where we have a lawful basis. Typical purposes and bases include:

• Providing our services (surveys, design, planning/technical submissions, project management): Contract (UK GDPR Art. 6(1)(b)).
• Client communications & enquiries: Legitimate interests to operate our business efficiently and respond to requests (Art. 6(1)(f)).
• Billing, accounts, record-keeping, insurance/PI matters, regulatory compliance: Legal obligation and legitimate interests (Art. 6(1)(c), (f)).
• Website analytics and service improvement: Legitimate interests (Art. 6(1)(f)); cookies requiring consent will rely on Consent (Art. 6(1)(a)).
• Marketing (occasionally, and only where appropriate): Consent or legitimate interests. You can opt out at any time (see Section 9).

5) Sharing your data

We may share data with trusted third parties where necessary, for example:

• Project team: contractors, consultants, suppliers.
• Authorities/regulators: local planning authorities, building control.
• Professional advisers: accountants, legal advisers, insurers.
• IT/Cloud providers: secure email/hosting/storage and collaboration tools.

We require all third parties to process your data securely, only for the stated purposes, and under a written contract (as processors or independent controllers, as applicable).

6) International transfers

Your data may, on occasion, be processed or stored outside the UK (e.g., cloud services). Where this occurs, we use appropriate safeguards such as UK Addendum/IDTA to the EU Standard Contractual Clauses or an adequacy decision to protect your information.

7) Data retention

We keep personal data only as long as necessary for the purpose collected. Typical periods are:

• Project and contract files: generally 6–12 years (to meet legal, contractual and professional indemnity obligations).
• Financial records: at least 6 years for tax/accounting.
  Where a different period applies, we will retain for the shortest period necessary and then securely delete or anonymise.

8) Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or loss. Measures include access controls, encryption in transit (where applicable), secure backups, least-privilege principles, and staff awareness.

9) Marketing

We may send updates relevant to your project or our services. You can opt out at any time by following unsubscribe instructions in the message or contacting us at office@phoenix-architecture.co.uk.

10) Your rights

You have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase data in certain circumstances (“right to be forgotten”).
• Restrict or object to processing in certain circumstances (including direct marketing).
• Data portability (receive data in a structured, commonly used format).
• Withdraw consent where processing relies on consent (this does not affect processing prior to withdrawal).

To exercise any right, contact office@phoenix-architecture.co.uk. We will respond within one month (or explain if an extension is needed for complex requests).

11) Cookies & analytics

We use cookies and similar technologies to run our site and understand usage. Where required, we will ask for your consent via a cookie banner. For details (types, purposes, durations), please see our Cookie Policy.

12) Children’s data

Our services are not directed at children. We do not knowingly collect children’s personal data.

13) Automated decision-making

We do not carry out decisions based solely on automated processing that produce legal or similarly significant effects.

14) How to complain

If you have concerns, please contact us first and we will do our best to resolve them. You also have the right to complain to the Information Commissioner’s Office (ICO):
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Tel: 0303 123 1113.
ico.org.uk

15) Changes to this policy

We may update this policy to reflect legal or operational changes. The latest version will always be published on our website and will state its effective date.

Phoenix Architecture
Pembrey / Burry Port, Carmarthenshire, Wales
office@phoenix-architecture.co.uk | 07495 524 445