Company Privacy Policy

Anderson Orr Architects is committed to protecting your privacy. This statement applies to all information collected or submitted by Anderson Orr Architects Ltd and is designed to provide you with details of how we collect and process your personal data regarding the General Data Protection Regulation, (GDPR) and the UK Data Protection Bill 2017.


Anderson Orr Architects Ltd is the data controller therefore responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice


Our Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use that information.
  • The choices we offer, including how to access and update information.


We’ve tried to keep it as simple as possible, but if you’re not familiar with terms, such as cookies, IP addresses, pixel tags and browsers, then read about these key terms first.


We collect information to provide better services to our customers and in some cases the information is collected specifically to enable us to carry out our services.


We collect information in the following ways:


For example, signing up to use a service or contracting us to act on your behalf. In such instances you may be subscribed to services that will provide you with updates and information which is relevant to this service. We will always tell you when this happens.


Subscribing to our newsletters, blogs and marketing services
requires you to expressly opt to join that mailing list. When you do, we’ll ask for personal information, like your name, email address or telephone number.


Information we get from your use of our services
We sometimes collect information about the services that you use and how you use them, like when you accessed a service such as our website.


Information we need to supply our services
Some of our services require us to store personal information such as name, email, telephone numbers and other contact details. This information is required to identify you and the services that you have purchased.
This information includes:


Log information
When you use our services or websites, we may collect and store certain information in server logs. This includes:

  • Internet protocol address
  • device information, such as browser type, browser language, the date and time of your request and referral URL.
  • Cookies that may uniquely identify your browser


We and our partners use various technologies to collect and store information when you visit a website, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services to improve services, track use of services and customise content.


For more information about how you can access, manage or delete information that is associated with your Account, visit the ‘Your Legal Rights’ section of this policy.


We use the information we collect from all our services to provide, maintain, protect and improve them, to develop new ones and to protect Anderson Orr and our users from fraudulent use. We also use this information to offer you tailored content – like giving you more relevant information relating to your project.


When you contact Anderson Orr, we may keep a record of your communication to help solve any issues you might be facing and ensure our services are appropriately directed. We may use your email address to inform you about our progress in dealing with projects or to inform you about services, such as letting you know about upcoming changes or improvements.


We use information collected from cookies and other technologies to improve your user experience and the overall quality of our services.


We may combine personal information from one service with information, including personal information, from other services – for example, to make it easier to provide support across the different departments.


We will ask for your consent before using information for a purpose other than those set out in this Privacy Policy.


Anderson Orr processes personal information on our servers in EU data centres or with cloud providers providing GDPR compliant EU hosting. We may process your personal information on a server located outside the country where you live.



We do not transfer your personal data outside the European Economic Area unless it is required of us or we have your consent to do so. Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria unless additional safeguards are put in place by us. We will advise you should it require to transfer your data outside the EEA.


Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:


  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or


  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or

  • Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.


If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.


Please email us at data& if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see below for further information.


In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used.


For example, you can:


• Request access to your personal data.


• Request correction of your personal data.


• Request erasure of your personal data.


• Object to processing of your personal data.


• Request restriction of processing your personal data.


• Request transfer of your personal data.


• Right to withdraw consent.


You can see more about these rights at:


If you wish to exercise any of the rights set out above, please email us at data&


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


You may also set your browser to block all cookies, including cookies associated with our services or to indicate when a cookie is being set by us.


To discuss your use of data or report a potential breach you can contact our Data Protection Officer at the contact details provided at the end of this policy.


We do not share personal information with companies, organisations and individuals outside of Anderson Orr unless one of the following circumstances applies:


We will share personal information with companies, organisations or individuals outside Anderson Orr when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information


For External Processing
We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.


For legal reasons
We will share personal information with companies, organisations or individuals outside Anderson Orr if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:


  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of Anderson Orr, our users or the public, as required or permitted by law.


We may share non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.


If Anderson Orr is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.



We work hard to protect Anderson Orr and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We encrypt many of our services using SSL.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
  • We restrict access to personal information to Anderson Orr’s employees, contractors and agents who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.



Our Privacy Policy applies to all the services offered by Anderson Orr and any subsidiary companies but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.


Our Privacy Policy does not apply to services offered by other organisations, or individuals, including products or sites that may be displayed to you in marketing or whom we have reseller only partnerships with or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organisations that advertise our services and that may use cookies, pixel tags and other technologies to serve and offer relevant ads.


We regularly review our compliance with our Privacy Policy.


When we receive formal written complaints, we will contact the person who made the complaint to follow up.


We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.


Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.


Anderson Orr’s Data Protection Officer Neil Perry, can be contacted via email at data&