0. Definitions

In this Privacy Policy:

• “Personal data” means information that relates to an identified or identifiable individual.
• “Processing” means anything we do with personal data (for example, collecting, storing, using, sharing or deleting).
• “Controller” means the organisation that decides why and how personal data is processed.
• “Processor” means a third party that processes personal data on behalf of a controller.
• “UK GDPR” means the UK General Data Protection Regulation; “EU GDPR” means Regulation (EU) 2016/679.

Nothing in this policy is intended to override your statutory rights.

1. Who we are

This Privacy Policy explains how MUSE ARCHITECTS LTD (trading as “Muse Architects”, “we”, “us”, “our”) collects and uses personal data. We are an architectural practice based in the United Kingdom. We provide architecture and related professional services, including feasibility, planning, technical design and delivery support, subject to appointment and agreed scope.

For data protection purposes, we are the “controller” of personal data processed in connection with this website and our business relationship with you.

Contact details

MUSE ARCHITECTS LTD
Company number: 12131252
Address: 455 Chester Road, Old Trafford, Stretford, Manchester, M16 9HA, United Kingdom
Email: mail@musearchitects.co.uk
Telephone: 0161 524 8992

Data protection lead: Managing Director (contact via the details above).

2. The law we follow

We follow applicable data protection law, including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (“PECR”). Where EU/EEA data protection law applies to a particular interaction, we aim to meet the equivalent requirements of the EU GDPR as well.

3. Scope of this Privacy Policy

This policy applies to:

• Visitors to our website (including users of our contact or newsletter forms).
• Individuals who contact us about services; prospective clients.
• Clients, their representatives, and other members of a project team (consultants, contractors and suppliers).
• People featured incidentally in project correspondence or site records (for example, in photographs taken on site).

This policy does not cover third-party websites we link to; those websites have their own privacy notices.

4. The personal data we collect

We may collect and process the following categories of personal data (not all will apply in every case):

• Identity data: name; job title; company/organisation; role.
• Contact data: email address; telephone number; postal address.
• Enquiry and correspondence data: messages you send to us; notes of calls/meetings; information you provide when requesting a consultation, quote, or advice.
• Client and project data: information needed to deliver our services (for example, site addresses, project teams, consultant and contractor contact details, and communications).
• Website and technical data: IP address, device/browser information, time zone setting, and information about how you use our website (via cookies and similar technologies where enabled).
• Marketing and preference data: your preferences in receiving marketing from us; records of consents/opt-outs.
• Transaction and billing data (where applicable): invoices, purchase history (e.g., if you purchase a product or service), and payment status; we do not intentionally collect or store full card details.

Special category data: In limited circumstances we may process special category data (for example, health or accessibility information) where you choose to provide it or where it is necessary for the services. We will only process special category data where a lawful basis applies and appropriate safeguards are in place.

Children: our services and website are not directed at children. We do not knowingly collect personal data from children.

5. How we collect personal data

We collect personal data in the following ways:

• Directly from you when you contact us (email, phone, website forms, social media or in person).
• Automatically from your device when you use our website (through cookies and similar technologies, subject to your cookie choices).
• From third parties where relevant to a project or engagement (for example, your agent, landlord, consultant team, contractor, or professional advisers) or from public sources (for example, Companies House) where needed for due diligence.

If you provide personal data about other individuals (for example, a colleague or consultant), you confirm that you have the right to share it and that you have provided them with appropriate privacy information.

6. Whether you need to provide personal data

In some cases, we need personal data to respond to an enquiry, issue a fee proposal, enter into a contract, or provide services. If you do not provide requested information, we may be unable to progress your enquiry or deliver the services.

7. How we use your personal data; purposes and lawful bases

UK GDPR requires us to have a lawful basis for processing. The lawful bases we most commonly rely on are:

• Performance of a contract: where processing is necessary to provide services to you or to take steps at your request before entering a contract.
• Legitimate interests: where processing is necessary for our legitimate business interests (provided these are not overridden by your rights).
• Legal obligation: where we must process data to comply with law (for example, tax and accounting rules, regulatory requirements, or responding to lawful requests).
• Consent: mainly for marketing communications and certain non-essential cookies (you can withdraw consent at any time).

The summary table is provided for transparency; the exact activity depends on what you ask us to do and the services we provide.

Summary of processing activities

8. Marketing

We may send you marketing communications (including our newsletter) if you have opted in, or where permitted by law and you have not opted out. You can unsubscribe at any time by using the unsubscribe link in emails (where provided) or by contacting us.

We do not share your personal data with third parties for their own direct marketing purposes. If we ever intended to do so, we would obtain your explicit consent first.

9. Cookies and similar technologies

Our website uses cookies and similar technologies to operate the site, remember preferences, measure performance and (where enabled) support marketing and analytics. Your browser may also store local storage or similar identifiers.

We use essential cookies for core website functions. We use non-essential cookies (such as analytics or marketing cookies) only where you have provided consent via our cookie banner/tool (where available).

You can manage your cookie preferences through our cookie banner/tool (where available) and through your browser settings. Blocking some cookies may impact website functionality.

For more information, please refer to our separate Cookie Policy on our website.

10. Who we share your personal data with

We may share personal data with trusted third parties where necessary to run our business or provide services. These typically include:

• IT and hosting providers (website hosting, cloud storage, backups).
• CRM and communications platforms (for example, HubSpot for enquiry capture and newsletter management).
• Professional advisers (legal, accounting, insurers).
• Project stakeholders and supply chain (clients, consultants, contractors, local authorities and statutory bodies) where required for the project and with appropriate safeguards.
• Regulators and professional bodies (for example, the Architects Registration Board (ARB) or RIBA) if required or appropriate in connection with professional obligations, complaints or investigations.
• Payment and e-commerce providers (where you purchase goods or services); payment card details are handled by the payment provider, not by us.

We require service providers to process personal data only on our instructions and to keep it secure and confidential.

11. International transfers

Some of our service providers may store or process personal data outside the United Kingdom and/or European Economic Area (EEA). Where this happens, we use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), or an adequacy mechanism where applicable. You can contact us for more information about the safeguards used for a specific transfer.

12. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. Access to personal data is limited to people who need it for business purposes; they are subject to confidentiality obligations.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant regulator and affected individuals where legally required.

13. Data retention

We keep personal data only for as long as necessary for the purpose it was collected for, including any legal, accounting or reporting requirements. Retention periods vary depending on the nature of the data and our relationship with you. Typical retention periods include:

• General enquiries and marketing contacts: up to 24 months after last meaningful contact (unless you become a client, opt-in to marketing, or ask us to delete earlier).
• Client and project records: typically up to 12 years after project completion/closure (or longer where required by law, contract, or for safety, insurance or dispute management purposes).
• Accounting and tax records: at least 6 years from the end of the relevant financial year (and longer in specific circumstances).

Where possible, we may anonymise data for statistical or business planning purposes; anonymised data is not personal data.

14. Your rights

Under the UK GDPR (and, where applicable, EU GDPR), you have rights including:

• Right of access (request a copy of your personal data).
• Right to rectification (correct inaccurate or incomplete data).
• Right to erasure (delete your personal data in certain circumstances).
• Right to restrict processing (limit how we use your data).
• Right to data portability (receive your data in a usable format in certain cases).
• Right to object (including to direct marketing and, in some cases, to processing based on legitimate interests).
• Right to withdraw consent at any time (where consent is the lawful basis).
• Rights in relation to automated decision-making and profiling (we do not ordinarily make decisions about you solely by automated means).

To exercise your rights, please contact us. We may need to verify your identity before responding.

15. Complaints

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk. If you are located in the EEA, you may also have the right to complain to your local supervisory authority.

16. Third-party links

Our website may include links to third-party websites, plug-ins or applications. If you follow those links, third parties may collect or share data about you. We do not control those third-party websites and are not responsible for their privacy notices.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, services or legal requirements. We will publish the updated version on our website and update the effective date above.