To protect our clients and third party service providers (contractors, sub-contractors, suppliers, local authorities, agents etc.) from breach of privacy or misuse of personal data in an increasingly data-driven environment. To ensure the Company’s compliance with the General Data Protection Regulations (GDPR) 2018.


Rock Townsend, as a business, is a “Data Controller” and is required to retain and process information about its clients and third party service providers for business and contractual purposes. The objective of this Privacy Policy is to ensure all clients and third party service providers are aware of:

  • How the Company collects, stores and processes private data, as set out in the Data Inventory                    (available on request);
  • The Company’s obligations under GDPR;
  • Their obligations under GDPR.


Clients and third party service providers: available on the Company website or hard copy available on request.

Data Inventory

Please refer to the Data Inventory (available on request; please e-mail studio@rocktownsend.co.uk) for comprehensive details on:

  • What personal data the Company holds;
  • Why the Company holds it and how it is used;
  • How and where the Company stores it and for how long;
  • Who has access to the data. 

Rock Townsend's Obligations under GDPR

Rock Townsend will collect and process personal data only if it falls within the six Lawful Bases for doing so, namely:

  • Consent – data you have agreed to provide, i.e. photographs or CVs;
  • Contract – data necessary for the Company to fulfil its duties under contract, i.e. Terms & Conditions, Appointment Documents;
  • Legal Obligation - data necessary for the Company to fulfil its legal obligations, i.e. tax / payment details, fraud prevention, Health & Safety;
  • Vital Interest – data required to protect life;
  • Public Task – data necessary to perform a task in the public interest;
  • Legitimate Interest – data necessary to carry out the business of the Company, i.e. policy documents / PI insurance.

Rock Townsend will collect, process, store and destroy your personal data as set out in the Data Inventory.

The Company will only collect data relevant to each individual contractual relationship; for example financial information will only be collected when a payment transaction is required.

We will not share your personal information to third parties unless we have your permission or are required to do so by law.

Your Obligations under GDPR

All personal data held by you relating to Rock Townsend, either collected verbally from staff, via e-mail, via marketing literature of from our website, must be held securely and not be shared with any third-parties, or used by you for any purpose other than that agreed within our contractual relationship, or unless you are required to do so by law.

If you believe the information we hold on you is incorrect or incomplete, please contact us at studio@rocktownsend.co.uk.

You may request details of personal information which we hold about you under GDPR. If you would like a copy of the information held on you please write to Rock Townsend, The Old School, Exton Street, London, SE1 8UE.

This Notice has been endorsed by, and has the full support of, the Partners and the Management Team.  The Notice was approved in May 2018, following consultation with senior managers and staff.  Overall responsibility for the Notice lies with: Martin Howlett, Partner, Rock Townsend Architects LLP.


Martin Howlett


Date:  23rd May 2018