Studio Grieveson
Studio Grieveson

Last updated: 17 June 2026

1. Who we are

This privacy notice explains how Studio Grieveson Limited ("we", "us", "our"), a RIBA Chartered architecture practice, collects and uses personal information when you visit our website, subscribe to our newsletter, make an enquiry, or engage us for architectural services.

We are the data controller for the purposes of UK data protection law and, where we collect personal information in New Zealand, the agency responsible for it under the Privacy Act 2020.

  • Legal entity: Studio Grieveson Limited, a company registered in England and Wales

  • Company number: 15077927

  • Registered office: Suite Ra01 195-197 Wood Street, London, United Kingdom, E17 3NU

  • Contact for privacy matters: hello@studiogrieveson.com

We operate as a UK company serving clients in both the United Kingdom and New Zealand.

2. Scope of this notice

This single notice covers both jurisdictions in which we operate:

  • United Kingdom, under UK data protection law (principally the UK GDPR and the Data Protection Act 2018, as amended from time to time) and the rules on electronic marketing and cookies.

  • New Zealand, under the Privacy Act 2020 and its Information Privacy Principles.

Where our duties or your rights depend on where you are based, the relevant section says so.

3. The personal information we collect

We collect and use the following categories of personal information:

  • Newsletter subscribers: your email address, and your name if you provide it.

  • Clients and prospective clients: your name, email address, postal address, telephone number, and information about your property and project that you choose to share with us.

  • Website enquiries: the contact details and message content you submit through our contact form or by emailing us.

  • Website analytics: information about how you use our website, such as pages visited, approximate location, device and browser type, and referring source, collected in aggregate through analytics tools. See section 7.

We do not seek to collect special category data (such as health information) through our website. Please do not send us sensitive personal information unless we have specifically asked for it.

4. How we collect your information

We collect information:

  • directly from you, when you subscribe, enquire, or engage us;

  • automatically, when you use our website, through cookies and similar technologies; and

  • occasionally from third parties or public sources, for example referrals, the Land Registry, or planning portals, where relevant to a project.

Where we collect personal information about you from someone other than you, we take reasonable steps to make you aware of that collection as soon as practicable.

5. Why we use your information, and our lawful bases (UK)

Under UK GDPR we must have a lawful basis for each use of your personal information. Our bases are set out below.

  • Newsletter and marketing updates: to keep subscribers informed about our work and services. Lawful basis: consent (Article 6(1)(a)), with PECR consent for marketing emails.

  • Responding to enquiries: to deal with your questions and decide whether to work together. Lawful basis: legitimate interests (Article 6(1)(f)).

  • Providing architectural services and managing projects: to deliver our services under our standard client appointment. Lawful basis: contract (Article 6(1)(b)).

  • Promoting our work: to publish photographs and information about our projects on our website and social media, in our portfolio, and in award, exhibition, and press submissions. Lawful basis: legitimate interests (Article 6(1)(f)), and consent (Article 6(1)(a)) where the material identifies an individual.

  • Keeping accounting and tax records, and managing liability: to meet our legal duties and defend potential claims. Lawful basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).

  • Measuring and improving our website: to understand how the site is used and make it better. We rely on legitimate interests (Article 6(1)(f)) and, where required by applicable cookie laws, consent. See section 7 for further information.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object, and we will stop unless we have compelling grounds to continue.

Where we need personal information in order to enter into or perform a contract with you, and you do not provide that information, we may be unable to provide our services or fulfil our contractual obligations.

6. How we comply in New Zealand

For personal information we collect in New Zealand, we handle it in line with the Privacy Act 2020 and its Information Privacy Principles. In practice this means we only collect information we genuinely need and by fair means, we tell you why we are collecting it and who will receive it, we keep it secure, we use and share it only for the purpose it was collected or a directly related purpose, and we take reasonable steps to protect it when it is shared overseas (see section 10).

You can ask to see the personal information we hold about you and ask us to correct it. Studio Grieveson Limited has appointed a Privacy Officer for the purposes of the Privacy Act 2020. Privacy enquiries, access requests, and correction requests should be sent to hello@studiogrieveson.com.

7. Cookies and website analytics

Our website uses cookies and similar technologies. We use:

  • Strictly necessary cookies, which are required for the website to work and do not need your consent.

  • Analytics cookies, provided through a third-party analytics service, to help us understand in aggregate how visitors use our website so that we can improve it. Where consent is required under applicable law, these cookies will be used only after consent has been provided. Where an exemption applies, we may use analytics cookies without prior consent but will continue to provide information and appropriate controls.

We do not use analytics information for behavioural advertising, profiling, or cross-site marketing purposes.

New Zealand does not have a specific cookie consent law, but we apply the same transparency here so that all visitors understand how the website works.

You can control cookies through our cookie settings and through your browser. Turning off analytics cookies will not affect your ability to use the site.

8. Marketing, our newsletter, and promoting our work

We send our newsletter only to people who have asked to receive it. Every newsletter includes an unsubscribe link, and you can opt out at any time by clicking it or by emailing hello@studiogrieveson.com. We use a third-party email marketing platform to manage our mailing list and send emails. If you unsubscribe, we keep a minimal record of your request so that we do not contact you again.

Promoting our work. As an architecture practice, we like to showcase the projects we design. Under our standard client appointment, we may publish photographs and information about a project, including for a period after the project is completed. We may use this material on our website and social media, in our portfolio, and in award, exhibition, and press submissions. We rely on our legitimate interests in promoting our work, and we ask for your consent where images or materials identify you or another individual. You can ask us not to use material relating to your project, or to stop further use, by emailing hello@studiogrieveson.com, and we will respect reasonable requests, subject to our contractual rights and any use already published.

9. Who we share your information with

We do not sell your personal information. We share it only where necessary, with:

  • Service providers acting on our behalf (processors), such as our website hosting provider, email marketing platform, website analytics provider, and cloud productivity and client relationship management tools, under contracts that require them to protect your information.

  • Professional collaborators on your project, such as structural engineers, contractors, planning consultants, and local authorities, where needed to deliver our services and with your knowledge.

  • Our professional advisers, such as accountants, insurers, and lawyers, where necessary.

  • Authorities or regulators, where we are required to do so by law.

10. International data transfers

Because we operate in the United Kingdom and New Zealand and use international service providers, personal information may be transferred to and processed in countries other than the country in which it was collected, including the United States.

Where personal information is transferred outside the United Kingdom, we rely on lawful transfer mechanisms recognised under UK data protection law, including adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the European Commission's Standard Contractual Clauses, or other approved safeguards as appropriate.

Where personal information originating in New Zealand is disclosed overseas, we take reasonable steps to ensure that the recipient is subject to privacy protections that are comparable to those required under the Privacy Act 2020, or otherwise that the disclosure is permitted by that Act.

Further information about the safeguards we use may be requested by contacting us.

11. How long we keep your information

We keep personal information only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, insurance, and professional obligations.

Typical retention periods include:

  • Newsletter subscription records: until you unsubscribe or ask us to remove them.

  • Enquiry records: typically up to 2 years after our last substantive communication.

  • Client and project records: typically up to 15 years after completion of the project, reflecting professional liability, insurance, and record-keeping requirements.

  • Financial and accounting records: for at least 6 years, or longer where required by law.

When we no longer need personal information, we securely delete or anonymise it.

12. How we keep your information secure

We use appropriate technical and organisational measures to protect personal information, including access controls, reputable cloud services, and staff awareness. No system is completely secure, but we take reasonable steps to reduce the risk of loss, misuse, or unauthorised access, and we will notify you and the relevant regulator of a serious data breach where the law requires.

13. Your rights

United Kingdom

Under UK GDPR you have the right to:

  • be informed about how we use your information;

  • access the personal data we hold about you;

  • have inaccurate data corrected;

  • have your data erased in certain circumstances;

  • restrict or object to our processing;

  • data portability; and

  • withdraw consent at any time, where we rely on consent.

We do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

New Zealand

Under the Privacy Act 2020 you have the right to:

  • ask whether we hold personal information about you and to access it (IPP 6); and

  • ask us to correct it, or to attach a statement of correction if we do not agree (IPP 7).

To exercise any of these rights, email hello@studiogrieveson.com. We will respond within the timeframes set by the applicable law and will not normally charge a fee.

14. How to complain

Please contact us first at hello@studiogrieveson.com so we can try to put things right.

You also have the right to complain to the relevant regulator:

  • United Kingdom: the Information Commissioner's Office (ICO), at ico.org.uk.

  • New Zealand: the Office of the Privacy Commissioner (OPC), at privacy.org.nz.

15. Children

Our website and services are intended for adults. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

16. Changes to this notice

We may update this notice from time to time. We will publish the current version on our website and update the date at the top. Significant changes will be highlighted where appropriate.

17. Contact us

For any questions about this notice or your personal information, email hello@studiogrieveson.com.

Last updated: 17 June 2026

1. Who we are

This privacy notice explains how Studio Grieveson Limited ("we", "us", "our"), a RIBA Chartered architecture practice, collects and uses personal information when you visit our website, subscribe to our newsletter, make an enquiry, or engage us for architectural services.

We are the data controller for the purposes of UK data protection law and, where we collect personal information in New Zealand, the agency responsible for it under the Privacy Act 2020.

  • Legal entity: Studio Grieveson Limited, a company registered in England and Wales

  • Company number: 15077927

  • Registered office: Suite Ra01 195-197 Wood Street, London, United Kingdom, E17 3NU

  • Contact for privacy matters: hello@studiogrieveson.com

We operate as a UK company serving clients in both the United Kingdom and New Zealand.

2. Scope of this notice

This single notice covers both jurisdictions in which we operate:

  • United Kingdom, under UK data protection law (principally the UK GDPR and the Data Protection Act 2018, as amended from time to time) and the rules on electronic marketing and cookies.

  • New Zealand, under the Privacy Act 2020 and its Information Privacy Principles.

Where our duties or your rights depend on where you are based, the relevant section says so.

3. The personal information we collect

We collect and use the following categories of personal information:

  • Newsletter subscribers: your email address, and your name if you provide it.

  • Clients and prospective clients: your name, email address, postal address, telephone number, and information about your property and project that you choose to share with us.

  • Website enquiries: the contact details and message content you submit through our contact form or by emailing us.

  • Website analytics: information about how you use our website, such as pages visited, approximate location, device and browser type, and referring source, collected in aggregate through analytics tools. See section 7.

We do not seek to collect special category data (such as health information) through our website. Please do not send us sensitive personal information unless we have specifically asked for it.

4. How we collect your information

We collect information:

  • directly from you, when you subscribe, enquire, or engage us;

  • automatically, when you use our website, through cookies and similar technologies; and

  • occasionally from third parties or public sources, for example referrals, the Land Registry, or planning portals, where relevant to a project.

Where we collect personal information about you from someone other than you, we take reasonable steps to make you aware of that collection as soon as practicable.

5. Why we use your information, and our lawful bases (UK)

Under UK GDPR we must have a lawful basis for each use of your personal information. Our bases are set out below.

  • Newsletter and marketing updates: to keep subscribers informed about our work and services. Lawful basis: consent (Article 6(1)(a)), with PECR consent for marketing emails.

  • Responding to enquiries: to deal with your questions and decide whether to work together. Lawful basis: legitimate interests (Article 6(1)(f)).

  • Providing architectural services and managing projects: to deliver our services under our standard client appointment. Lawful basis: contract (Article 6(1)(b)).

  • Promoting our work: to publish photographs and information about our projects on our website and social media, in our portfolio, and in award, exhibition, and press submissions. Lawful basis: legitimate interests (Article 6(1)(f)), and consent (Article 6(1)(a)) where the material identifies an individual.

  • Keeping accounting and tax records, and managing liability: to meet our legal duties and defend potential claims. Lawful basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).

  • Measuring and improving our website: to understand how the site is used and make it better. We rely on legitimate interests (Article 6(1)(f)) and, where required by applicable cookie laws, consent. See section 7 for further information.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object, and we will stop unless we have compelling grounds to continue.

Where we need personal information in order to enter into or perform a contract with you, and you do not provide that information, we may be unable to provide our services or fulfil our contractual obligations.

6. How we comply in New Zealand

For personal information we collect in New Zealand, we handle it in line with the Privacy Act 2020 and its Information Privacy Principles. In practice this means we only collect information we genuinely need and by fair means, we tell you why we are collecting it and who will receive it, we keep it secure, we use and share it only for the purpose it was collected or a directly related purpose, and we take reasonable steps to protect it when it is shared overseas (see section 10).

You can ask to see the personal information we hold about you and ask us to correct it. Studio Grieveson Limited has appointed a Privacy Officer for the purposes of the Privacy Act 2020. Privacy enquiries, access requests, and correction requests should be sent to hello@studiogrieveson.com.

7. Cookies and website analytics

Our website uses cookies and similar technologies. We use:

  • Strictly necessary cookies, which are required for the website to work and do not need your consent.

  • Analytics cookies, provided through a third-party analytics service, to help us understand in aggregate how visitors use our website so that we can improve it. Where consent is required under applicable law, these cookies will be used only after consent has been provided. Where an exemption applies, we may use analytics cookies without prior consent but will continue to provide information and appropriate controls.

We do not use analytics information for behavioural advertising, profiling, or cross-site marketing purposes.

New Zealand does not have a specific cookie consent law, but we apply the same transparency here so that all visitors understand how the website works.

You can control cookies through our cookie settings and through your browser. Turning off analytics cookies will not affect your ability to use the site.

8. Marketing, our newsletter, and promoting our work

We send our newsletter only to people who have asked to receive it. Every newsletter includes an unsubscribe link, and you can opt out at any time by clicking it or by emailing hello@studiogrieveson.com. We use a third-party email marketing platform to manage our mailing list and send emails. If you unsubscribe, we keep a minimal record of your request so that we do not contact you again.

Promoting our work. As an architecture practice, we like to showcase the projects we design. Under our standard client appointment, we may publish photographs and information about a project, including for a period after the project is completed. We may use this material on our website and social media, in our portfolio, and in award, exhibition, and press submissions. We rely on our legitimate interests in promoting our work, and we ask for your consent where images or materials identify you or another individual. You can ask us not to use material relating to your project, or to stop further use, by emailing hello@studiogrieveson.com, and we will respect reasonable requests, subject to our contractual rights and any use already published.

9. Who we share your information with

We do not sell your personal information. We share it only where necessary, with:

  • Service providers acting on our behalf (processors), such as our website hosting provider, email marketing platform, website analytics provider, and cloud productivity and client relationship management tools, under contracts that require them to protect your information.

  • Professional collaborators on your project, such as structural engineers, contractors, planning consultants, and local authorities, where needed to deliver our services and with your knowledge.

  • Our professional advisers, such as accountants, insurers, and lawyers, where necessary.

  • Authorities or regulators, where we are required to do so by law.

10. International data transfers

Because we operate in the United Kingdom and New Zealand and use international service providers, personal information may be transferred to and processed in countries other than the country in which it was collected, including the United States.

Where personal information is transferred outside the United Kingdom, we rely on lawful transfer mechanisms recognised under UK data protection law, including adequacy regulations, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the European Commission's Standard Contractual Clauses, or other approved safeguards as appropriate.

Where personal information originating in New Zealand is disclosed overseas, we take reasonable steps to ensure that the recipient is subject to privacy protections that are comparable to those required under the Privacy Act 2020, or otherwise that the disclosure is permitted by that Act.

Further information about the safeguards we use may be requested by contacting us.

11. How long we keep your information

We keep personal information only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, insurance, and professional obligations.

Typical retention periods include:

  • Newsletter subscription records: until you unsubscribe or ask us to remove them.

  • Enquiry records: typically up to 2 years after our last substantive communication.

  • Client and project records: typically up to 15 years after completion of the project, reflecting professional liability, insurance, and record-keeping requirements.

  • Financial and accounting records: for at least 6 years, or longer where required by law.

When we no longer need personal information, we securely delete or anonymise it.

12. How we keep your information secure

We use appropriate technical and organisational measures to protect personal information, including access controls, reputable cloud services, and staff awareness. No system is completely secure, but we take reasonable steps to reduce the risk of loss, misuse, or unauthorised access, and we will notify you and the relevant regulator of a serious data breach where the law requires.

13. Your rights

United Kingdom

Under UK GDPR you have the right to:

  • be informed about how we use your information;

  • access the personal data we hold about you;

  • have inaccurate data corrected;

  • have your data erased in certain circumstances;

  • restrict or object to our processing;

  • data portability; and

  • withdraw consent at any time, where we rely on consent.

We do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

New Zealand

Under the Privacy Act 2020 you have the right to:

  • ask whether we hold personal information about you and to access it (IPP 6); and

  • ask us to correct it, or to attach a statement of correction if we do not agree (IPP 7).

To exercise any of these rights, email hello@studiogrieveson.com. We will respond within the timeframes set by the applicable law and will not normally charge a fee.

14. How to complain

Please contact us first at hello@studiogrieveson.com so we can try to put things right.

You also have the right to complain to the relevant regulator:

  • United Kingdom: the Information Commissioner's Office (ICO), at ico.org.uk.

  • New Zealand: the Office of the Privacy Commissioner (OPC), at privacy.org.nz.

15. Children

Our website and services are intended for adults. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

16. Changes to this notice

We may update this notice from time to time. We will publish the current version on our website and update the date at the top. Significant changes will be highlighted where appropriate.

17. Contact us

For any questions about this notice or your personal information, email hello@studiogrieveson.com.