Privacy policy

Privacy policy

WCEC Group Ltd (trading as Whittam Cox Architects)
Last updated: June 2026

This privacy policy explains how WCEC Group Ltd, trading as Whittam Cox Architects, collects, uses, stores and protects personal data when you use our website, contact us by email, telephone or social media, or engage with us in connection with our architectural and related professional services.

We are committed to protecting personal data and handling it lawfully, fairly and transparently. This privacy policy has been prepared with reference to the UK General Data Protection Regulation, the Data Protection Act 2018, guidance issued by the Information Commissioner’s Office and relevant requirements introduced by the Data (Use and Access) Act 2025, including the requirement to have a process for handling data protection complaints.

As an architectural practice, we usually process limited personal data relating to clients, prospective clients, consultants, contractors, suppliers, statutory bodies and other business contacts. This will typically include names, business email addresses, telephone numbers, job titles, organisation details and project-related correspondence.

We do not routinely collect or process special category personal data about clients or business contacts. Where such information is provided to us, we will only process it where necessary and where a lawful basis and any additional legal condition applies.

We may update this policy from time to time to reflect changes in law, regulatory guidance or our business practices. The latest version will always be available on our website.

 

1. Who We Are

WCEC Group Ltd is registered in England and Wales (Company No. 08979575).

Registered Office:
Carrwood Court
Carrwood Road
Sheepbridge
Chesterfield
S41 9QB

Email: datacontroller@whittamcox.com

Telephone: +44 (0)1246 260 261

If you have any questions about this Privacy Policy or how we use your data, please contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

  • Name
  • Job title
  • Employer or organisation
  • Business email address
  • Business telephone number
  • Postal address
  • Information provided in correspondence
  • Technical data including IP address, browser type and usage data
  • Cookie data (see Section 13)

We do not knowingly collect personal data from children under the age of 16.

3. How We Collect Your Data

We collect personal data:

  • When you contact us by email, telephone or through our website
  • When you provide a business card
  • During meetings or professional interactions
  • Through publicly available sources such as LinkedIn
  • Undertake a project (performance of contract), because you are involved with one of our projects as a member of the external team
  • We need it to comply with a legal obligation (Legal Obligation), e.g. If you are involved with one of our projects as a member of the external team we are required to retain your details for a minimum period of the duration of the contract i.e. for 6 years for a signed contract or 12 years for a contract signed under deed or under seal.
  • Through cookies and analytics tools (with consent where required)

4. Lawful Bases for Processing

We process personal data under the following lawful bases:

Contract
Where processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.

Legal Obligation
Where we must comply with legal or regulatory requirements.

Legitimate Interest
For business development, maintaining professional relationships, responding to enquiries, and improving our website and services. We conduct legitimate interest assessments where required.

Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and most secure experience.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.

We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Where personal data is required to enter or perform a contract, failure to provide such data may prevent us from providing our services.

Consent
Where required by law (e.g. for non-essential cookies or certain marketing communications).

5. How We Use Your Data

We use personal data to:

  • Respond to enquiries
  • Manage and deliver projects
  • Maintain professional contact records
  • Send relevant business updates (where lawful)
  • Improve our website and services
  • Comply with legal obligations

We do not sell personal data.

6. Direct Marketing

We may send business-related updates about our projects, services and events where lawful to do so and in accordance with UK GDPR and the Privacy and Electronic Communications Regulations.

You may unsubscribe at any time by:

  • Clicking the unsubscribe link in emails; or
  • Contacting us at datacontroller@whittamcox.com

We will always respect your marketing preferences.

7. Recruitment

If you apply for a role with us, your personal data will be processed in accordance with our Job Applicant Privacy Notice, which will be provided during the recruitment process.

8. Sharing Your Data

We may share personal data with:

  • Professional advisers (legal, financial, insurance)
  • IT service providers
  • Website hosting providers
  • Email marketing providers (e.g. Mailchimp or similar)
  • Analytics providers (e.g. Google)

Where we use service providers or processors to process personal data on our behalf, we require them to process personal data in accordance with UK data protection law and appropriate contractual obligations. Some recipients, such as professional advisers, may act as independent controllers.

9. International Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • The UK International Data Transfer Agreement (IDTA);
  • The UK Addendum to the European Commission’s Standard Contractual Clauses; or
  • Transfers to countries subject to UK adequacy regulations.

10. Data Retention

We retain personal data only for as long as necessary.

Typical retention periods:

  • Project-related business contact details and correspondence: 6 years, or 12 years where relevant to contracts executed as deeds, and longer where necessary for legal, regulatory, insurance or professional claims purposes
  • Recruitment data: in accordance with our Job Applicant Privacy Notice.
  • Marketing contact data: reviewed periodically and deleted where no longer relevant.

We may retain data longer where required for legal claims or regulatory reasons.

11. Your Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data;
  • Request correction of inaccurate data;
  • Request erasure of your data;
  • Request restriction of processing;
  • Object to processing based on legitimate interests;
  • Request data portability (where applicable);
  • Withdraw consent at any time;
  • Lodge a complaint with the Information Commissioner’s Office.

 

12. Data Protect Complaints

If you have a concern or complaint about how we collect, use, store or protect your personal data, please contact us in the first instance using the details below:

Email: datacontroller@whittamcox.com
Telephone: +44 (0)1246 260 261
Post: WCEC Group Ltd, Carrwood Court, Carrwood Road, Sheepbridge, Chesterfield, S41 9QB

We will acknowledge receipt of your data protection complaint within 30 days of receiving it. We will take appropriate steps to investigate the complaint without undue delay, keep you informed and tell you the outcome of our investigation.

You also have the right to complain to the Information Commissioner’s Office if you are unhappy with how we have handled your personal data or your complaint.

ICO contact details:
www.ico.org.uk
Tel: 0303 123 1113

You can exercise your rights by contacting datacontroller@whittamcox.com

13. Cookies

What Are Cookies?

Cookies are small text files placed on your device when you visit a website.

Types of Cookies We Use

Essential Cookies
Necessary for website functionality. These do not require consent.

Analytics Cookies (e.g. Google Analytics)
Used to analyse website usage and improve performance.
These cookies are only set with your consent.

We use IP anonymisation where available.

You may withdraw consent at any time via our cookie management tool.

You can also manage cookies via your browser settings.

For more information about Google’s privacy practices, see:
https://policies.google.com/privacy

 

14. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.