JSA Architects Ltd is committed to ensuring that your privacy is protected and will treat all information held about you in accordance with this policy which is in line with current UK legislation. For these purposes JSA Architects Ltd is a ‘data controller’ meaning that we decide how and why the personal data that we collect is used.   This Privacy Policy explains:

  • How we collect personal information.
  • How we use the information we collect.
  • Your rights and how you can manage the use of your personal information.
  • Procedures that we have in place to safeguard your privacy.
  • How you can make a complaint or contact us.

The information we collect

We only gather the personal information we need for business purposes in order to provide you with the services you have requested or to comply with our regulatory obligations, as well as appropriate news and information.

The personal data we collect will be the information that you provide and may include your name, address, phone numbers and email address and may also include information about you from the e-mails, letters and other communications you send and documents you provide to us.

We may also collect information about your usage of our website (please refer to our Cookies Policy).

JSA Architects Ltd collects this information in a variety of ways. We obtain personal data about you, for example, when:

  • You request a proposal from us in respect of the services we provide;
  • You or your employer or our clients engage us to provide our services and also during the provision of those services;
  • You contact us by email, telephone, post etc (for example when you have a query about our services or wish to apply for a job);
  • We meet with you.

We also collect personal data about you from third parties and/or publicly available resources, (for example, internet searches).  Data is stored in a range of different places, including in relevant files, and within email and IT systems.

16 or Under

Occasionally we will coordinate with local schools to facilitate work experience at JSA Architects Ltd for children in Year 11, aged between 15 and 16 years old. As the third party contracted to provide this service to the school or organisation, we will never collect any child’s personal data. Our policies and controls are designed to make reasonable efforts to verify that the school or other coordinating body takes full responsibility for processing the child’s personal data and the consent of the parent or guardian for children under 16 and from the child for those aged between 16 and 18.


Basis for processing and use of your data

JSA Architects Ltd needs to process data for purposes necessary for the performance of our contract with you, your employer or our clients and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
Where you enquire about becoming or where you become a client of JSA Architects Ltd, for example, the basis for our processing of your personal data will be to enter into and perform the contract between you and us.

We may process your personal data for the purpose of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for business development, marketing, recruitment and management purposes. Therefore, from time to time we may send you information about company news and events we are holding or other matters that we believe will be of interest to you. This could involve us seeking your thoughts and opinions on the services we provide and us notifying you of any changes.

On similar grounds, where JSA Architects Ltd is provided with unsolicited personal data such as from CVs submitted on a speculative basis, the company will process your personal data for the recruitment purposes for which it has been submitted. Candidate information will be retained so that you can be informed of future recruitment vacancies that are relevant to your original application.

The basis for our processing of your personal data in these ways will be legitimate interest and you will be free to withdraw from these communications at any time.

Other information processed by JSA Architects Ltd as part of its legitimate interests include: network and information security, cloud storage, updating customer details, due diligence involving risk assessment and fraud prevention.

Some information is processed in accordance with public interest such as public consultations. This is a regulatory process where we need the public’s input on planning matters affecting them.  It is the individual’s choice whether they wish to provide their personal (contact) information to JSA Architects Ltd in these circumstances, which will be processed on the grounds of legitimate interest.  As with all JSA Architects Ltd communications, you will be free to unsubscribe from them at any time.

We may also process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required we will seek your clear and unambiguous consent prior to processing your data and you have the right to withdraw your consent to processing for such specific purposes at any time.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

Do any third parties have access to my data?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

We will share your personal information within JSA Architects Ltd in the context of system maintenance support and hosting of data.

“Third parties” includes third-party service providers (including architectural design contractors and designated agents). These “third parties” are other companies employed to provide services for us who will have access to the personal information needed to perform their functions and not for any other purpose. The following activities are carried out by third-party service providers: IT (and cloud services), professional advisory and support services, administration services, recruitment services, marketing services and banking services.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Your personal data is stored on servers which are in the European Economic Area. If we share your personal data with any third party service provider in the course of providing you with our services, those third parties are required to process your data in accordance with contracts which comply with data protection legislation.

How secure is my information with third-party service providers?

All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

How does JSA Architects Ltd protect data?

JSA Architects Ltd takes the security of your data seriously. We have internal policies and controls in place in respect of security that are regularly reviewed to ensure that they are commercially reasonable and appropriate, to prevent data from being accidentally lost or destroyed, used or accessed in an unauthorised way, altered or disclosed. Our policies and controls are designed to limit access to those employees, agents, contractors and other third parties who have a business need to know.

Where JSA Architects Ltd engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate measures to ensure the security of data.

All employees, agents, contractors and other third parties are subject to a duty of confidentiality.

How long does JSA Architects Ltd keep data?

We employ appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

We will only retain your personal data for as long as the law requires or as long as it is necessary to fulfil the purposes for which it is collected, taking into account the nature of the information and purpose for which it has been obtained and is used or held.  For example, the CVs of all successful and unsuccessful job applicants are retained securely on JSA Architects Ltd systems following the recruitment process so that unsuccessful candidates can be notified of future opportunities of relevance to them and also for the purpose of responding to potential employment tribunal claims arising out of the recruitment process.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided;
  • any statutory or legal obligations;
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

Your rights

Under certain circumstances individuals have certain rights over their personal data. These include:

  • requesting access to and thereby receiving details of personal data held;
  • requesting correction of personal data, where appropriate;
  • requesting erasure of personal data, where appropriate;
  • objecting to the processing of your personal data where JSA Architects Ltd is relying on its legitimate interests as the legal ground for processing; and
  • requesting the restriction of processing of your personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override JSA Architects Ltd’s legitimate grounds for processing;
  • Requesting the transfer or your personal data where processing is based on consent, is carried out by automated means and is technically feasible.

If you want to request to review, verify, correct, erase, transfer a copy of your personal data to a third party or object to the processing of your personal data, please contact us in writing at our registered office or by emailing hello@jsaarchitects.com.

Please note that where you ask us to erase, correct, object to process or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request then we will notify you of this refusal and you will have the right to appeal.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current.  Please keep us informed if your personal information changes during your working relationship with us.

What if you do not provide personal data?

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively we may be unable to comply with our legal or regulatory obligations.

Changes to how we protect your privacy

We will update this Privacy Policy from time to time to reflect how we are processing your data. Any changes we may make to it will be provided on our website.

Where we undergo substantial changes to our privacy statement we will endeavour to inform you directly about them.


We use cookies on our website to collect statistical data about your browsing actions and patterns but that do not identify you as an individual. This helps us to improve our website and deliver a better service.  For more information about cookies, please see our Cookie Policy.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other sites even if you access them using links to or from our website. You should exercise caution and look at the privacy statement applicable to the website in question.


JSA Architects Ltd tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention and welcome any suggestions for improving our procedures.

If you believe that JSA Architects Ltd has not complied with your data protection rights please contact us accordingly. We will look into any complaint carefully and promptly and do all we can to explain the position to you.

You also have the right to complain to the Information Commissioner’s office (https://ico.org.uk/)

How to contact us

We always want to hear from our customers. If you:

  • Have any questions or feedback
  • Would like us to stop using your information
  • Want to exercise any of your rights as set out above, or have a complaint

Please don’t hesitate to contact us and we will be happy to answer any questions you may have.
You can contact us at email address: hello@jsaarchitects.com or else through  the JSA Architects Ltd website. Or if you’d like to, you can write to us at: JSA Architects Ltd, Tavistock House, Waltham Road, Maidenhead SL6 3NH.

Registered in England – Company Registration No. 6297445.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated on 28 August 2018.