Privacy Policy
A LEGAL DISCLAIMER
Last updated: 01/12/2025
Evoke Architecture Limited is committed to protecting the privacy, confidentiality and security of all individuals whose personal data we process. This Privacy Policy explains in detail how we collect, use, store, share and protect personal information in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018 and all other applicable laws concerning the processing of personal data in the United Kingdom. It applies to visitors and users of www.evokearchitecture.com, to clients and prospective clients, to suppliers and professional contacts, to employees, and to job applicants. By engaging with our services or using our website, you acknowledge and accept the practices described in this policy.
Evoke Architecture Limited acts as the data controller for all personal data described in this policy. We are registered and located at 16 Bridge Street Row West, Chester, CH1 1NN. For any questions relating to this policy or the way we handle personal data, we may be contacted at info@evokearchitecture.com or by telephone on 0151 315 1112.
Personal data we collect
We collect personal data in several categories depending on your relationship with us. When you engage us as a client, we may collect your name, postal address, email address, telephone number, organisational details, project address, and any information required for the execution of architectural services. This may include property information, project briefs, drawings, surveys, planning documentation, correspondence, and any other material required to deliver our services effectively. We may collect financial information when processing payments or invoices, including bank details, transaction history and information required for accounting or compliance.
When you visit or interact with our website, we may collect technical data such as your internet protocol address, browser type, geographical location, device type, operating system, pages visited, time spent on site and information obtained through cookies and tracking technologies. Because our website is hosted on the Wix platform, technical information processed by Wix may also include device identifiers, behavioural patterns, session logs and interactions. If you consent to analytics or tracking cookies, we may also receive aggregated information from Google Analytics, Facebook, Instagram, LinkedIn and Wix analytics tools.
If you are an employee or job applicant, we may collect your name, contact details, employment history, qualifications, right-to-work documents, identification records, driving licence information, references, interview notes and other information required for recruitment, employment administration and legal compliance. For the purposes of verifying employment eligibility, we may request and process documentation as required by UK law.
We do not routinely collect special category data such as health information, racial or ethnic origin, or other sensitive data. However, should such information be voluntarily provided to us, for example to support accessibility arrangements during meetings or employment, we will only process it where strictly necessary and with an appropriate lawful basis.
How personal data is collected
Personal information may be collected directly from you when you contact us, request a quotation, engage us to provide architectural services, complete forms, communicate with our team, supply documentation, enter into a contract or make a payment. We may also collect information automatically through the use of cookies or analytics tools on our website. In relation to projects, we may obtain personal data from third parties such as planning authorities, consultants, surveyors, engineers, legal advisers and other professional partners. For employees and applicants, we may obtain data from referees, previous employers, recruitment platforms and official government sources for right-to-work checks.
How and why we use personal data
We process personal data to deliver architectural and professional services, respond to enquiries, prepare proposals, manage communications, produce design work, submit planning applications, oversee project administration and ensure compliance with applicable legislation. When you instruct us, we use the information you provide to fulfil our contractual obligations and to manage the relationship with you throughout the lifecycle of the project.
We process personal data to comply with legal and regulatory obligations, including obligations under tax law, employment law, anti-money-laundering requirements, right-to-work checks and other statutory duties. We may also process personal data to protect our legitimate interests, such as maintaining business records, managing risk, defending legal claims, ensuring the security of our premises and systems, improving our services, undertaking due diligence for large clients and preserving professional indemnity compliance.
When you visit our website, we may process personal data to understand website performance, diagnose technical issues, and improve user experience. Analytics and tracking tools operate only with your consent. These tools may collect behavioural data and transmit it to service providers such as Google Analytics, Meta (Facebook and Instagram), LinkedIn and Wix. In such cases, data may be transferred outside the United Kingdom. These transfers occur only where permitted by law and subject to appropriate safeguards.
If you are an employee, we may use your personal data for payroll, human resources administration, performance management, training, right-to-work compliance, identity verification, security monitoring and fulfilment of statutory employment obligations. If you are an applicant, we may use your personal data to evaluate your suitability for a role and to conduct the recruitment process.
We do not send marketing communications and do not use personal data for promotional mailing lists.
Sharing of personal data
We may share personal data with professional consultants and third parties where this is necessary for the performance of a project, such as structural engineers, planning consultants, surveyors, contractors, building control bodies, local authorities, and other specialists engaged in project delivery. We may also share personal data with legal advisers, insurers, accountants, auditors, software providers, cloud service providers, IT hosting partners and other service providers who support our operations. For large clients, we may undertake due diligence checks and therefore share data with verification or compliance partners.
We use Microsoft 365, SharePoint, OneDrive and Fresh Projects as part of our internal data processing and project management. These platforms may process or store data outside the United Kingdom. International transfers are carried out only in accordance with lawful mechanisms such as adequacy decisions, standard contractual clauses or equivalent protections. When sharing personal data with third parties, we ensure that appropriate data protection agreements are in place and that these parties process personal data only for authorised purposes.
We do not sell personal data and do not permit third parties to use personal data for their own marketing purposes.
Retention of personal data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory and professional obligations. Project-related information, including drawings, documents, correspondence and related materials, is typically retained for a minimum of twelve years after project completion in order to comply with professional indemnity insurance requirements and statutory limitation periods. In practice, we endeavour to retain project records for longer where possible, as an additional safeguard for clients.
Financial records must be retained for at least six years to comply with HMRC obligations. Email correspondence and project archives may be retained beyond statutory minimum periods where they are relevant to ongoing obligations, future reference or professional liability. Information relating to job applicants who are not hired may be retained for a reasonable period to respond to employment queries or legal obligations. Employee records may be retained beyond the period of employment where legally required.
Data stored on third-party platforms and cloud services is backed up securely using cloud-to-cloud backup solutions to ensure resilience and continuity.
Security of personal data
We implement technical and organisational measures to protect personal data from loss, misuse, unauthorised access, disclosure, alteration or destruction. These measures may include encrypted communications, secure servers, password protection, multi-factor authentication, restricted access controls, regular system updates, secure cloud architecture, physical security measures including CCTV at our premises, staff training in data protection responsibilities, secure document disposal and incident response procedures. If a data breach occurs that may result in a risk to your rights or freedoms, we will notify you and the Information Commissioner’s Office in accordance with legal requirements.
CCTV and security monitoring
Our premises are monitored by CCTV for security and crime prevention purposes. The system records at the entrance intercom and within internal areas and operates continuously. Images are stored for a limited period and may be shared with law enforcement if required. CCTV footage may contain images of visitors, clients, employees and members of the public. The lawful basis for this processing is our legitimate interest in ensuring the safety and security of our premises, people and property.
Cookies and tracking technologies
Our website uses cookies and tracking technologies to ensure its proper functioning and to improve performance. Essential cookies are required to enable the website to operate. Non-essential cookies, including analytics, performance and behavioural tracking cookies, operate only with your consent. Because our website is hosted on Wix, cookies may be placed by Wix or associated service providers. Where you consent to analytics or tracking cookies, information may be shared with Google Analytics, Facebook, Instagram, LinkedIn and related platforms. You can withdraw cookie consent at any time through your browser settings or through any cookie controls provided on our website.
Your rights under UK GDPR
You have several rights relating to your personal data. You have the right to request access to the personal information we hold about you and to receive an explanation of how it is used. If any of the information we hold is inaccurate or incomplete, you have the right to request correction. In certain circumstances, you may request the deletion of your personal data or request that the processing of your data be restricted. You have the right to object to processing based on legitimate interests and the right to request the transfer of your personal data to another organisation. Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time. If you wish to exercise any of these rights, you may contact us at the details provided above. We may request identification to verify your identity before responding. We will respond to all valid requests within one month, unless the request is particularly complex, in which case the period may be extended in accordance with the law.
If you are dissatisfied with how we handle your personal data, we encourage you to contact us so that we may address your concerns. You also have the right to lodge a complaint with the Information Commissioner’s Office. The ICO may be contacted at www.ico.org.uk or by telephone on 0303 123 1113.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the way we process personal data. The most recent version will always be available on our website. We recommend reviewing this policy periodically to stay informed about how we protect your personal data.