Privacy Policy

1. Introduction

At Jeffrey Jordan Architects, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website (www.jeffreyjordanarchitects.co.uk) or engaging with our services, you consent to the collection and use of your information as described in this policy.

2. Data Controller & Contact Information

Jeffrey Jordan Architects is the Data Controller of your personal data. If you have any questions about this Privacy Policy or wish to exercise your rights, you can contact us using the details on the Contact page.

3. Legal Basis for Processing Personal Data

We collect and use your personal data under the following legal bases:

Contractual Obligation – When processing is necessary to fulfill a contract with you (e.g., providing architectural services).
Legitimate Interests – When processing is necessary for our business operations, provided it does not override your rights.
Legal Compliance – When we are required to process your data to comply with legal obligations.
Consent – When you have given us explicit permission (e.g., for marketing communications). You can withdraw consent at any time by contacting us.

4. Data We Collect

We may collect the following types of personal data:

Identity & Contact Information (Name, email, phone number, address)
Business Information (Company details, project requirements)
Financial Information (For invoicing and payments)
Technical Information (IP address, browser type, device information)
Marketing Preferences (Your opt-in choices for receiving updates)

5. How We Use Your Data

We use your personal data to:

Provide and manage our architectural services
Communicate with you regarding projects or inquiries
Improve our website and services
Comply with legal obligations
Send marketing communications (only with your consent)

6. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy. Typically:

Client records – Retained for up to 12 years after the completion of a project (to meet legal and professional obligations).
Marketing data – Retained until you opt out.
Technical data – Retained for 12 months for website analytics.

When data is no longer required, we securely delete or anonymise it.

7. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

The right to access – Request copies of your personal data.
The right to rectification – Correct inaccurate or incomplete data.
The right to erasure – Request deletion of your data (subject to legal exceptions).
The right to restrict processing – Ask us to limit how we use your data.
The right to object – Withdraw consent or object to processing based on legitimate interests.
The right to data portability – Request a copy of your data in a structured format.

To exercise your rights, please contact us.

8. Third-Party Data Sharing

We do not sell your personal data. However, we may share your data with:

Service providers (e.g., IT support, payment processors) who help deliver our services.
Legal or regulatory bodies if required by law.

We ensure any third parties handling your data comply with UK GDPR regulations.

9. Data Security

We implement strong security measures to protect your data, including encryption, firewalls, and secure access controls. However, no system is 100% secure, so we recommend using strong passwords and avoiding sharing sensitive information via email.

10. Children's Privacy

Our services are not intended for children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with their data, please contact us immediately.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website with a revised "Last Updated" date.