PRIVACY POLICY – CLIENTS, WEBSITE USERS & THIRD PARTIES

Sphion Ltd

Last updated: 1 January 2026

​

1. Who We Are

Sphion Ltd is a UK-registered architectural design, building surveying, and technical consultancy.

Data Controller:
Sphion Ltd
Collingwood Buildings, 38 Collingwood Street,
Newcastle upon Tyne, NE1 1JF
Email: info@sphion.co.uk

Sphion Ltd is registered in England and Wales.

 

2. What Personal Data We Collect

We may collect and process the following personal data:

• Name

• Company name

• Email address

• Telephone number

• Postal address

• Project and enquiry details

• Correspondence with us

• Technical data (IP address, browser type, analytics information)

 

3. How We Collect Personal Data

We collect personal data when you:

• Submit an enquiry or contact form via our website

• Contact us by email or telephone

• Engage us as a client, consultant, or supplier

• Visit our website (via cookies and analytics)

 

4. Lawful Bases for Processing

We process personal data under the following lawful bases:

• Contract – where processing is necessary to provide professional services or prepare proposals

• Legitimate interests – responding to enquiries, managing business relationships, improving services

• Legal obligation – compliance with statutory and regulatory requirements

• Consent – where required, including for non-essential cookies or optional communications

 

5. How We Use Personal Data

We use personal data to:

• Respond to enquiries and communications

• Provide architectural, surveying, and consultancy services

• Prepare quotations and proposals

• Administer projects and appointments

• Meet legal, regulatory, and insurance obligations

• Improve website performance and user experience

We do not use personal data for automated decision-making.

 

6. Data Retention

We retain personal data only for as long as necessary:

• General enquiries: up to 24 months

• Client and project records: up to 6 years following project completion

• Accounting and tax records: 7 years

• Marketing data (where applicable): until consent is withdrawn

 

7. Sharing Personal Data

We do not sell personal data.

Personal data may be shared only with:

• Professional advisers (e.g. insurers, accountants)

• IT and website service providers

• Statutory or regulatory authorities where legally required

All third parties are required to maintain appropriate confidentiality and security.

 

8. International Transfers

We do not routinely transfer personal data outside the UK.
Where this is unavoidable (e.g. cloud hosting), appropriate safeguards are in place.

 

9. Your Rights

You have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Request erasure (where applicable)

• Restrict processing

• Object to processing

• Data portability

• Withdraw consent at any time (where consent is relied upon)

Requests should be sent to info@sphion.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

 

10. Cookies

Our website uses cookies.

• Strictly necessary cookies are required for website functionality

• Analytics cookies are used to understand website usage

Non-essential cookies are used only with your consent, which can be managed via our cookie banner and browser settings.

Please see our Cookie Policy for full details.

 

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

Access to personal data is restricted to those who need it to perform their duties.

 

12. Children’s Data

We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent.

 

13. Data Breaches

In the event of a personal data breach, we will assess the risk and notify the ICO and affected individuals where legally required.

 

14. Updates to This Policy

This Privacy Policy may be updated periodically.
The latest version will always be available on our website.