Medical Architecture

Privacy Policy

1. Commitment

Medical Architecture and Arts Projects Ltd (trading as “Medical Architecture”) are committed to protecting your privacy. This Privacy Policy has been updated in accordance with the new guidelines of The General Data Protection Regulation (“GDPR”) 25 May 2018.

The GDPR is a law that imposes additional obligations on organisations and gives you extra rights around how your data is used. The following document tells you what personal information we hold and why, and what your rights are. If you have any enquires relating to this, please contact us.

2. Who we are

Our website address is: Find out more about us here.


Medical Architecture is committed to ensuring your privacy is protected.  This policy explains how we collect information about you and how we process this information. Medical Architecture takes its obligations with regard to your personal information seriously.

Your personal data will be collected by Medical Architecture who will act as the “Data Controller”. A Data Controller determines the purposes and means of processing personal data.

4. The types of information Medical Architecture processes

Types of personal data which can be collected include:

  • Name
  • Address
  • National Identity (Passport Numbers)
  • Telephone Numbers
  • Email
  • Online Identifiers (e.g., Facebook IDs.)
  • 3rd Party Cookie Identifiers
  • BACs Details
  • Website pages viewed and emails opened and clicked.

Types of special categories of data collected include:

  • Biometrics for identification (e.g., photographs, CCTV images)
  • Medical Information
  • Gender

The purpose and legal basis of processing personal data

Medical Architecture will collect your personal information for specific purposes under a number of lawful methods of processing.

Medical Architecture will process personal information:


  • for the purposes of direct marketing under opt-in consent, e.g., mail outs
  • gathering visitor data to our website under opt-in consent.
  • for the purposes of research and surveys based upon opt-in consent.
  • to provide internet services to you around the facilities under contract.
  • for the purpose of purchasing Medical Architecture products or services under contract and associated information required in the fulfilment of that transaction and for communications regarding future similar transactions with the business.
  • for the purpose of purchases of third-party services under contract.
  • to offer related information on products and services you have taken under soft-opt-in legitimate interest of the business.
  • to enable request for information, making enquiries, reports, or complaints under the legitimate interest of the business.
  • In addition, when you are at the premises of Medical Architecture there may be further processing of personal information including, but not limited to:
  • your image may be captured on CCTV, both interior and exterior to buildings for security monitoring purposes under the legitimate interest of the business.
  • Where your consent has been sought, you have the right to withdraw your consent at any time.

5. Your personal data rights

Medical Architecture will respect all of your data subject rights.  If we do hold information about you, we will:

  • authenticate you as the data subject.
  • determine if a right can be administered.
  • complete your request within 30 days: and
  • communicate to you in clear and intelligible language.

These rights include, but are not limited to:

  • The Right of Access: At any time, you can ask for a copy of your personal information.  Medical Architecture will respond with whether data is held or not. If data is held then a copy of the information and the required supplement notice will be offered to you.
  • Right of Rectification: This allows you to submit changes to your records and once changes are verified, they will be amended on Medical Architecture records. Similarly, Medical Architecture will periodically request you to check your data is held accurately.
  • Right of Erasure: If you request your data to be erased, and there is no other lawful basis to keep your data, then it will be removed.

If you would like to exercise your data subject rights including your right of access, rectification, erasure, restriction, or objection to processing, please contact the Data Protection Officer – contact details are contained within this notice.

6. Retention Periods

All personal data collected under contract or legitimate interest will be held for a period of 3 years from your last interaction with the business, or it will be removed if no other lawful method of holding your data can be determined, for example UK finance law.

Data collected under consent will be used until consent is withdrawn or if it is no longer useful for the purpose for which it was collected.  Some data may not be removed if it involves a disproportionate effort e.g., a website image of you is held by the Google search engine.

This does not affect your rights as a data subject.

Please note, after this retention period has expired, Medical Architecture will be unable to reinstate the original data, assuming the data was held in the first instance.

7. Failing to provide necessary personal data

Failing to provide some or all the necessary personal data may result in:


  • being unable send or receive a product or service.
  • not being able to access data services.
  • not receiving related news, updates, offers or notices of events.

8. Sharing personal data

Medical Architecture will share your personal data with other organisations in order to supply products or services to you.

If Medical Architecture shares your data on a regular basis, it will perform due-diligence and hold written contracts and agreements with these organisations to legally safeguard your data.

If you have consented for us to share your data with other organisations for the purposes of direct marketing, we will keep your consent on record until it is withdrawn or the purpose of holding your data is no longer valid.  On deletion of your data, Medical Architecture will endeavor to contact you to confirm that your information has been removed.

9. Transfer to international countries

Your data may be transferred internationally.  If your data is transferred, Medical Architecture will legally safeguard your personal data by:

  • transferring to the EEA countries (Members of the European Economic Area).
  • transferring to an EU Adequate country, which are defined as countries outside the EU that offer adequate levels of data protection.
  • transferring under “EU Model Clauses” agreement with the importing party. These are standardised contractual clauses that make specific guarantees around the transfer of personal data from EEA countries to the rest of the world.

Owing to the global nature of the internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area that do not have similar protections in place regarding the protection of your personal data.  Where this is the case, end-to-end encryption will be employed to transmit the data securely, for example using industry standard data encryption (SSL or TLS) to connect to websites or using email encryption technologies.

Where Medical Architecture is unable to utilize legal safeguards when transferring data to a third-country, Medical Architecture will seek consent from you to facilitate the data transfer.

10. Information security


Where personal data is electronically transmitted from one computing device to another over a public network an encrypted path will be used e.g., SSL.  If your data is transmitted in a hard-copy format from one place to another a secure or locked method of transport will be used, suitable to the nature of the personal data.


Personal electronic records are located on servers in secure premises.  If your data is required to be stored outside of the secure premises, the data will be in an encrypted format.  Personal paper-based records will be stored in a locked filing cabinet in secure offices to prevent inadvertent access by unauthorised 3rd parties.


Only personnel authorised by Medical Architecture will have access to your personal data records on a need-to-know basis.

Disclosure of personal data

We do not disclose personal data unless we are required to do so to comply with the law, under contract, have your consent, or if it is in your vital interest.

11. Privacy and cookies

What are cookies?

Cookies are small text files which are stored on your computer when you visit certain web pages. At Medical Architecture, we use cookies to understand how our sites are used which helps us to improve your overall online experience. Some of the cookies we use are necessary for some of our sites to work. The cookies we place on your computer do not collect personally identifiable information like your name, address or payment details. To find out more about cookies, visit

The privacy of your information is important to us and we want to keep you well informed about cookies. We shall continue to work on initiatives in relation to recent cookie legislation to ensure you have the best experience when visiting our website.

The different types of cookies we use

Medical Architecture use the following categories of cookies on our websites:

  • Strictly necessary: These cookies are essential for certain features of our websites to work. These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
  • Performance: These cookies are used to collect anonymous information about how you use our websites. This information is used to help us improve our websites and understand how effective our adverts are. In some cases, we use trusted third parties to collect this information for us, but they only use the information for the purposes explained. By using our websites, you agree that we can place these types of cookies on your device.
  • Functionality: These cookies are used to provide services or remember settings to enhance your visit e.g., text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites. By using our websites, you agree that we can place these types of cookies on your device.

Managing cookies

If you would prefer to restrict, block or delete cookies from Medical Architecture or any other website, you can use your browser to do this. Each browser is different so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies, we cannot guarantee the performance of our websites and some features may not work as expected.

Automated decision making and profiling

The information you provided to Medical Architecture will be provisioned on to the Medical Architecture database.  Medical Architecture systems may from time to time rely on automated decisions and perform online profiling.  This does not affect your rights as a data subject.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

12. Changes to this privacy notice

We keep our privacy notice under regular review, and we will place any updates on this webpage. At the start of this privacy notice, we will tell you when it was last updated.

This privacy notice does not provide exhaustive detail of all aspects of Medical Architecture’s collection and use of personal information, however, please contact us if you require further detail and we will be happy to provide any additional information or explanation needed.

13. Complaints and queries

Medical Architecture tries to meet the highest standards when collecting and using personal information.  For this reason, we take any complaints we receive about this seriously.  We encourage people to bring it to our attention if they think our collection or use of personal information is unfair, misleading, or inappropriate.

To make a request to Medical Architecture, for any personal information we may hold, you need to put a request in writing using the address below:

Bob Wills
Data Protection Officer
Medical Architecture
4 Northington Street

You have the right of redress and you are welcome to contact the Information Commissioners Office, please see: or call the ICO on 0303 123 1113.

14. Website specific personal data we collect and why we collect it


When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

15. Contact forms


If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

16. Embedded content from other websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

17. Analytics

Who we share your data with?

We share your data for functionality of this website only.

How long we retain your data.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

18. Related policies, procedures and forms

This policy can be read in conjunction with Medical Architecture’s other policies. These include but are not restricted to:

  • Wellbeing Policy
  • Ethical Policy
  • Anti Corruption & Bribery Policy
  • Anti Slavery and Human Trafficking Statement
  • Communication Policy
  • Complaints Procedure
  • Data Processing Agreement

Related forms include:


  • GDPR Supplier Questionnaire
  • Data Retention Schedule
  • Induction Policy & Checklist
  • Lone Worker Risk Assessment
  • Maternity Risk Assessment
  • Workstation Self Assessment
  • Return to Work Interview – Maternity
  • Return to Work Interview – Extended Leave
  • Health Work & Wellbeing Checklist

19. Authorised by:

Signed on behalf of Medical Architecture:

Bob Wills (Director)