Privacy Policy

Last updated: June 2026

1 – Who we are

This policy sets Carter Fleming Architects’ commitment to protecting your privacy and personal data. This notice explains how we collect, use, store and protect personal information in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This privacy notice applies to clients, prospective clients, employees, job applicants, contractors, consultants, suppliers, and website visitors. Carter Fleming Ltd is the data controller responsible for your personal data.

2 - Information we collect

Depending on your relationship with us, we may collect and process the following categories of personal data:

2.1 - Clients and Prospective Clients

Contact details including name, address, email, phone number
Project information and property details
Communication records and correspondence
Financial information including invoicing and payment details
All records associated with the provision of architectural services as set out in the RIBA Plan of Work

2.2 - Website Visitors

Technical information including IP address, browser type, and device information
Website usage data, navigation patterns,behavioural metrics, heatmaps, and session replay
Contact form submissions and enquiries

We do not intentionally collect sensitive personal data.

3 - How We Use Your Information

We process personal data for the following purposes:

Providing architectural design services and project management
Preparing planning applications and building control submissions
Contract administration and project coordination
Communicating with you about your project
Invoicing and payment processing
Complying with professional and regulatory requirements including ARB standards
Managing building safety information under the Building Safety Act 2022

We process personal data based on the following legal grounds:

Contract performance: to fulfil our contractual obligations to clients and employees
Legal obligation: to comply with employment law, tax obligations, professional regulations, and building safety requirements
Legitimate interests: for business administration, improving our services, and protecting our legal rights
Consent: where explicitly provided for specific purposes

4 - How We Store and Protect Your Information

We maintain appropriate technical and organisational security measures to protect your personal data.

Microsoft 365 and Outlook for email communications and file storage
Secure local and cloud-based backup systems

5 - Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this notice and to comply with legal and professional obligations. Typical retention periods:

· Client project data: 7 years from project completion (Building Safety Act 2022 requirements)

Financial records: 6 years from the end of the financial year (HMRC requirements)
Employment records: 6 years from end of employment
Right to work documentation: 2 years from end of employment
Unsuccessful job applications: 6 months
Website enquiries: 2 years unless a client relationship develops
After retention periods expire, personal data is securely deleted or anonymised.

6 - Sharing Your Information

We may share your personal data with:

Project consultants and contractors (structural engineers, planning consultants, building control)
Local planning authorities and building control bodies
Professional advisers including lawyers and accountants
HMRC and pension providers for employment-related matters
IT service providers including Microsoft and our IT support company
The Architects Registration Board (ARB) where required by professional regulations

All third parties are required to maintain appropriate security measures and process personal data only as instructed by us and in accordance with UK data protection law.

We do not sell or rent your personal data.

7 - Your Rights

Under UK data protection law, you have the following rights:

Right of access: to obtain a copy of your personal data
Right to rectification: to have inaccurate personal data corrected
Right to erasure: to have your personal data deleted in certain circumstances
Right to restrict processing: to limit how we use your personal data
Right to data portability: to receive your personal data in a structured format
Right to object: to object to processing based on legitimate interests
Right to withdraw consent: where processing is based on consent

To exercise any of these rights, please contact us using the details in section 9 below. We will respond within one month. You will not normally be charged for exercising your rights, although we may charge a reasonable fee if your request is deemed to be unfounded or excessive.

8 - Website Cookies and Analytics

Our website (www.carter-fleming.com) uses essential cookies to ensure basic functionality. We may also use analytics cookies to understand how visitors use our website and improve user experience. You can control cookie preferences through your browser settings. Blocking cookies may affect website functionality.

9 - Contact Information & Complaints

If you have questions about this privacy notice, wish to exercise your rights, or have concerns about how we handle your personal data, please contact:

Jennifer Fleming
Carter Fleming Ltd
89 Fleet Street
London
EC4Y 1DH

Or email: jenny@carter-fleming.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection at: www.ico.org.uk

10 - Changes to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The current version will always be available on our website (www.carter-fleming.com/privacy) and updates will be dated in the Document Control section below.

Significant changes will be communicated to affected individuals where appropriate.