Upload
    0
    Upload

    Privacy Policy and Cookie Policies

    Table of Contents

    Privacy Policy - Website

    Click here to view our Privacy Policy

    Cookie Policy

    Click here to view our Cookie Policy

    Privacy Policy - Our Services (including Recruitment)

    ARCHITECTURE SOCIAL

    Privacy Notice – Candidates and Clients

    Data Controller: Architecture Social Limited (Company No. 10430707) Address: WeWork Moor Place, 1 Fore St Ave, London EC2Y 9DT Data Protection Lead: Stephen Drew, Founder Contact: support@architecturesocial.com ICO Registration: Architecture Social is registered with the ICO Last Updated: May 2026

    1.0 Who We Are and What This Notice Covers

    Architecture Social is a specialist recruitment consultancy serving the architecture, design, and built environment sector. We collect and process personal data about candidates (people looking for roles or who we have identified as potential candidates) and clients (employers who use our services to find talent). This notice explains what data we collect, why, how long we keep it, and what rights you have.

    2.0 What Data We Collect

    2.1 Candidate Data

    • Contact details: name, email, phone number, address.
    • Professional information: CV, employment history, qualifications, skills, portfolio.
    • Recruitment information: role preferences, salary expectations, availability, interview notes, placement history.
    • Right to work documentation (when required for a specific placement).
    • References (with your consent).
    • Call recordings: recordings and transcripts of telephone calls between you and us.

    2.2 Client Data

    • Contact details of client representatives: name, email, phone, job title.
    • Company information: name, address, sector, size.
    • Vacancy information: role descriptions, salary ranges, hiring plans.
    • Commercial terms: fee agreements, terms of business.
    • Call recordings: recordings and transcripts of telephone calls between you and us.

    2.3 How We Collect It

    We collect data directly from you (when you contact us, send a CV, register on our website, or engage us to fill a role). We also collect data from publicly available sources such as LinkedIn profiles, company websites, and professional directories. Where we source your data from a third party or public source, we will tell you at first contact.

    When you speak to us by telephone, we record and transcribe the call so that we keep accurate notes of what was discussed and agreed. You will hear a short announcement before you are connected to a member of our team, and if you would prefer not to be recorded you can tell us at the start of the call. A recording or transcript may include any information you choose to share during the call.

    3.0 Why We Process Your Data and Our Legal Basis

    PurposeLawful BasisApplies To
    Providing recruitment services (matching candidates to roles, arranging interviews, facilitating placements)Legitimate interest / contract (pre-contractual steps at your request)Candidates and clients
    Submitting your CV or details to a clientConsent (we always ask before submitting you)Candidates
    Recording and transcribing telephone calls, so we keep accurate notes of what was discussed and agreedLegitimate interestCandidates and clients
    Retaining your data for future opportunitiesLegitimate interest (see Section 4)Candidates
    Maintaining client relationship and commercial recordsLegitimate interest / contractClients
    Sending you information about roles or market insightsConsent or soft opt-in (PECR)Candidates and clients
    Complying with legal obligationsLegal obligationBoth

    4.0 How Long We Keep Your Data

    We operate in a specialist niche. Architecture careers span decades. A candidate we speak to as a Part I Architectural Assistant may, ten years later, be a Practice Director. A client relationship that goes quiet for years can restart overnight. For these reasons, we retain candidate, client, and placement data on an ongoing basis under the lawful basis of legitimate interest.

    4.1 Why We Retain Data Long-Term

    • To know if we have previously contacted you, so we do not duplicate approaches or send unwanted messages.
    • To track your career progression and match you with appropriate opportunities as they arise.
    • To prove candidate introductions to clients, which is the basis of our fee entitlement.
    • To maintain a complete record of placements, including rebate periods and commercial terms.
    • To provide you with a better, more informed service based on your history with us.

    This retention is supported by a documented Legitimate Interest Assessment (LIA) which we review annually.

    4.2 Retention Summary

    DataRetentionBasis
    Candidate dataOngoingLegitimate interest
    Client records and commercial termsOngoingLegitimate interest
    Placement recordsOngoingLegitimate interest
    Call recordings and transcripts12 months from the date of the callLegitimate interest
    Website analytics (cookies)See cookie policyConsent

    5.0 Your Rights

    Under UK GDPR, you have the following rights:

    • Right of access: You can ask for a copy of the data we hold about you. We will respond within one month.
    • Right to rectification: If your data is inaccurate or incomplete, tell us and we will correct it.
    • Right to erasure: You can ask us to delete your data. This right is not absolute. We may retain data where we have a legitimate and overriding reason, such as fee protection or defence of legal claims. Where we do delete your main record, we will keep a minimal suppression record (name and email) on a Do Not Contact list so our consultants do not unknowingly approach you again.
    • Right to object to marketing: This right is absolute. If you tell us to stop contacting you about opportunities, we will stop immediately. No balancing test. No exceptions.
    • Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
    • Right to data portability: You can ask for your data in a portable, machine-readable format.

    To exercise any of these rights, contact us at support@architecturesocial.com. We will respond within one month.

    6.0 Who We Share Your Data With

    6.1 Candidates

    We share your details with prospective employers (our clients) only with your explicit consent. We will always tell you which client we are submitting you to before we do so. We never share your current employer’s name with anyone.

    6.2 Service Providers

    We use third-party service providers who process data on our behalf, including our CRM/ATS system, our website hosting provider, our email platform, and our telephone call recording and transcription provider. These providers are bound by data processing agreements and can only use your data for the purposes we instruct. We do not sell your data to anyone.

    6.3 International Transfers

    Some of our service providers are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) as required by UK GDPR.

    7.0 Data Security

    We take the security of your data seriously. We use encryption, access controls, secure password management, and multi-factor authentication. Our full security measures are detailed in our internal Information Security and Data Protection Policy. If you suspect a data security issue involving your data, contact us immediately at support@architecturesocial.com.

    8.0 Complaints

    If you are unhappy with how we handle your data, please contact us first at support@architecturesocial.com and we will do our best to resolve the issue. If you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO):

    • Website: ico.org.uk
    • Helpline: 0303 123 1113

    9.0 Changes to This Notice

    We may update this privacy notice from time to time. Any significant changes will be communicated via our website. The date at the top of this document shows when it was last updated.

    Document Control

    VersionDateAuthorChanges
    1.0Jul 2025Architecture SocialOriginal Privacy Policy – Customers (12 pages).
    2.0March 2026Architecture SocialCRITICAL: Corrected retention periods from arbitrary 6-year limits to ongoing retention under legitimate interest (aligned with Information Security Policy and LIA). Removed false DPO reference (Data Protection Lead is the Founder). Added Do Not Contact suppression list for erasure requests. Added absolute marketing opt-out right. Added lawful bases table. Added international transfers. Streamlined from 12 pages.
    2.1May 2026Architecture SocialAdded call recording and transcription disclosure (Sections 2.1, 2.2, 2.3 and 3.0). Added call recording retention period of 12 months (Section 4.2). Added call recording and transcription provider to service providers (Section 6.2). Supported by a separate Legitimate Interest Assessment for call recording.

    Architecture Social Limited | WeWork Moor Place, 1 Fore St Ave, London EC2Y 9DT hello@architecturesocial.com | +44(0)20 7770 9572