top of page

gdpr policy

Privacy Policy (GDPR Compliant)

Last updated: 20 August 2025

This Privacy Policy explains how Heathland STUDIO (“we”, “our”, “us”) collects, uses, stores, and protects your personal data when you use our website, make an enquiry, or engage our professional services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

  • Heathland STUDIO Landscape Architects

  • The Oaks, Martlesham Heath, IP53UN, Suffolk, United Kingdom

  • heathkandSTUDIO@gmail.com

As the Data Controller, we are responsible for how your personal data is collected, used, and protected.

2. What Data We Collect

We may collect and process the following types of personal data:

  • Identity Data: name, title, organisation.

  • Contact Data: address, email, phone number.

  • Project Data: information relating to your site or property (e.g. location, design requirements, planning information).

  • Financial Data: invoicing details, bank/payment details (if relevant).

  • Communication Data: records of correspondence, emails, and notes of meetings or calls.

  • Website Data: technical information (e.g. IP address, browser type, cookies).

We do not collect sensitive personal data unless directly relevant to a project (e.g. accessibility needs for inclusive design) and only with your explicit consent.

3. How We Collect Data

We collect personal data in the following ways:

  • Through website enquiry forms.

  • By email, phone, or post when you contact us.

  • During the course of providing professional services.

  • From publicly available sources (e.g. planning applications, Land Registry) where relevant to a project.

4. How We Use Your Data

We use your personal data to:

  • Respond to enquiries and provide quotes.

  • Deliver landscape architecture and design services.

  • Manage client accounts, billing, and payments.

  • Comply with legal or regulatory obligations.

  • Maintain records for insurance and professional standards.

  • Improve our services and website functionality.

We will only use your personal data where the law allows. Common lawful bases include:

  • Contract: to perform a contract with you or take steps before entering into one.

  • Legal obligation: to comply with applicable law.

  • Legitimate interests: where necessary for running our business (e.g. client communication).

  • Consent: where you have given explicit permission (e.g. mailing list).

5. Data Sharing

We do not sell or trade your data. We may share personal data with:

  • Professional consultants, sub-consultants, or contractors where required for your project.

  • Service providers (e.g. IT support, cloud storage, accounting software).

  • Legal, regulatory, or insurance bodies where required by law or contract.

All third parties are required to respect the security of your data and comply with GDPR.

6. Data Storage and Security

We take appropriate technical and organisational measures to protect your data, including:

  • Secure electronic storage (password-protected devices, encrypted cloud storage).

  • Restricted access — only authorised staff/consultants may access client files.

  • Regular data backups.

  • Secure email communication wherever possible.

7. Data Retention

We keep personal data only for as long as necessary:

  • Client project files: normally retained for 7 years after project completion (to comply with professional indemnity insurance requirements).

  • Enquiry correspondence: up to 2 years if no contract follows.

  • Financial records: 6 years minimum to comply with HMRC requirements.

After this period, data will be securely deleted or anonymised.

8. Your Rights Under GDPR

You have the right to:

  • Access the personal data we hold about you.

  • Request correction of inaccurate data.

  • Request erasure (“right to be forgotten”), subject to legal obligations.

  • Restrict or object to processing of your data.

  • Request transfer of your data to another provider.

  • Withdraw consent at any time (where consent is the legal basis).

To exercise these rights, contact us at [insert email].

9. Cookies

Our website uses cookies to improve functionality and user experience.

  • Essential cookies are necessary for the website to function.

  • Analytics cookies (e.g. Google Analytics) help us understand visitor behaviour.

You can control or disable cookies via your browser settings. For details, see our Cookie Policy.

10. Complaints

If you are unhappy with how we handle your data, please contact us first at [insert email] so we can resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our business practices. Any updates will be posted on this page with a revised “Last updated” date.

bottom of page