Pozzoni Architecture Limited (Pozzoni, we, us, our) is committed to protecting the privacy and security of personal data.
Whether you are a client, prospective client, contact, supplier or prospective supplier of ours, we treat all your personal data in the same manner and we are committed to protecting the privacy and security of personal data.
This Privacy Statement describes how we collect, use and look after your personal data, the lawful basis for processing it and your rights.
Personal information we collect about you
Depending on the nature of our relationship or potential relationship with you, we may collect, store and use the following types of information you have provided to us:
• Company contact details such as name, title, email address, company address and telephone numbers;
• Records of your attendance at any events hosted by us and your marketing preferences so that we know whether and how we should contact you.
How we collect your personal data
We collect personal data in a variety of ways including the following:
• Directly from you as a client or prospective client when you call or attend our office, make an enquiry with us, or otherwise correspond with us;
• Directly from you as a client when corresponding with you regarding a project commission;
• Directly from you as a supplier or prospective supplier when you call or attend our office, make an enquiry with us, or otherwise correspond with us.
How we use your personal data
We will only use your personal data when we believe that there is a legitimate interest for contacting you. We have set out below how we use your personal data, what personal data we use and the lawful basis for doing so.
Purpose / Activity
Type of data
Lawful basis for processing
To respond to your enquiry
Your contact details and the information you provided when making the initial enquiry / contact.
• To respond to your enquiry and, if appropriate, enter into a contract with you.
To set you or the third party you represent up as our client or supplier
Contact details and identification data
• To take steps to enter into a contract with you;
• To comply with our legal obligations
To provide architectural services to you or the third party you represent and manage our relationship with you
Your contact details, client / supplier records, financial and transactional data and any marketing preferences
• To perform our contract with you;
• As necessary to comply with our legal obligations;
• As necessary for our legitimate interests in keeping our records updated and analysing how our clients use our services.
To manage payments, fees and debt recovery
Your contact details and financial records
• To perform our contract with you;
• As necessary for our legitimate interest in recovering debts due to us and / or making payments to you.
To provide you with information about our services, mailshots and to invite you to our client events
Identity and contact details
• In our legitimate interest to develop and grow our business and service offerings
We may process your personal data for more than one lawful ground depending on the specific
purpose for which we are using your information.
We will only send marketing communications (whether by post or email) to you where you have
either instructed us to provide architectural services and you have not opted out of receiving such
communications or given your consent otherwise. We may also send you invitations to our
events. Please let us know if you do not wish to be included in our mailing lists. You can withdraw
your consent at any time by contacting us at email@example.com to confirm this or, where
included, clicking the unsubscribe button on an email.
We will not share your personal data with any third parties for their marketing purposes.
Change of purpose
We will only use your personal data for the purpose that we originally collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with
the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to use your personal data in this manner.
We may process your personal data (without your knowledge or consent) where this is required
or permitted by law.
Sharing your personal data
We may need to share your personal data with third parties in order to provide our services to
you, to receive goods or services from you or as necessary for our legitimate interests. Such third
• Any Consultants or other suppliers who may need to be involved with any projects we are
commissioned to you on;
• Our service providers acting as processors, including IT (hardware and software) and
Telecommunication, support service providers in order to operate and maintain our IT and
Telecommunications systems and software.
Where we engage third parties to process data on our behalf, we will ensure wherever possible
by entering into appropriate agreements with such third parties, that they take such measures to
respect the security of your personal data and to treat it in accordance with the law. We do not
allow our third-party service providers to use your personal data for their own purposes and only
allow them to process your personal data for specified purposes and in accordance with our
Should any of our external third-party providers be based outside the European Economic Area
(EEA), we would only transfer your data where we have your explicit consent.
If it were necessary for us to transfer your personal data out of the EEA, we would ensure a similar
degree of protection is afforded to it by ensuring they are of reputable standing and committed to
protecting your privacy. We would require at least one of the following safeguards to be
• The country has been deemed to provide an adequate level of protection for personal data
by the European Commission;
• Specific contracts approved by the European Commission are in place with the service
provider which give personal data the same protection it has in Europe; or
• The transfer is to a US based service provider under the Privacy Shield.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected
it for, including the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature
and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure
of your personal data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means and the applicable legal requirements. However,
we may be legally required to keep certain information (including contact, identity, financial and
transaction data) for up to six or twelve years depending on the type of contract we have engaged
with you on.
Your legal rights
Under data protection law, you have certain legal rights in certain circumstances. If you wish to
exercise any of your rights, please contact us at firstname.lastname@example.org
We may request specific information from you to help us confirm your identity when you contact
us. This is a security measure to ensure that personal data is not disclosed to any person who
does not have the right to receive it.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer
than a month if your request is particularly complex or you have made a number of requests. In
this case, we will notify you and keep you updated.
You have the following legal rights in relation to your personal data:
• Access your data: You can ask for access to and a copy of the personal data we hold for
you by contacting us at email@example.com
• Correction: You can also ask us to correct any incomplete or inaccurate personal data we
hold about you by contacting us at firstname.lastname@example.org
• Erasure: You can ask us to delete or remove your personal data by contacting us at
(a) There is no good reason for us continuing to process it;
(b) You have successfully exercised your right to object (see below);
(c) We may have processed your information unlawfully;
(d) We are required to erase your personal data to comply with local law.
Please note we may not always be able to comply with your request for specific legal reasons,
which will be notified to you at the time of your request.
• Object: You can object to the processing of your personal data:
(a) Where we are relying on our legitimate interest (or those of a third party) as the basis
for processing your personal data, if you feel it impacts on your fundamental rights and
(b) Where we are processing your personal data for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process
your information which override your rights and freedoms and, in such circumstances, we
can continue to process your personal data for such purposes.
• Restrict processing: You can ask us to suspend or restrict the processing of your personal
(a) You want us to establish the accuracy of your personal data;
(b) Our use of your personal data is unlawful, but you do not want us to erase it;
(c) You need us to hold your personal data (where we no longer require it) as you need
it to establish, exercise or defend legal claims;
(d) You have objected to our use of your personal data, but we need to verify whether
we have overriding legitimate grounds to use it.
• Request a transfer: You can request a transfer of your personal data which is held in an
automated manner and which you provided your consent for us to process such personal
data or which we need to process to perform our contact with you, to you or a third party. We
will provide your personal data in a structured, commonly used, machine-readable format.
• Withdraw your consent: You can withdraw your consent at any time (where we are relying
on consent to process your personal data). This does not affect the lawfulness of any
processing carried out before you withdraw your consent.
Lawful basis for processing and processing activities
The lawful basis upon which we may rely to process your personal data are:
Consent: You have given your express consent for us to process your personal data for a specific
Contract: The processing is necessary for us to perform our contractual obligations with you
under our contract, or because you have asked us to take specific steps before entering into a
contract with you.
Legal Obligation: The processing is necessary for us to comply with legal or regulatory
Legitimate interests: The processing is necessary for our or a third party’s legitimate interest,
e.g. in order for us to provide the best service to you. Before we process your personal data on
this basis, we make sure we consider and balance any potential impact on you and we will not
use your personal data on this basis where such impact outweighs our interest.
Aggregated data: Information such as statistical or demographic data which may be derived
from personal data, but which cannot by itself identify a data subject.
Controller: A body that determines the purpose and means of processing personal data.
Data subject: An individual living person identified by personal data (which will generally be
Personal data: Information identifying a data subject from that data along or with other data we
may hold, but it does not include anonymised or aggregated data.
Processor: A body that is responsible for processing personal data on behalf of a controller.
Special categories of personal data: Information about race, ethnicity, political opinions,
religious or philosophical beliefs, trade union membership, health, genetic, biometric date, sex
life, sexual orientation.
ICO: Information Commissioner’s Office, the UK’s supervisory authority for data protection