top of page

GDPR & Privacy - Our commitment to your privacy

1. Private Statement - Professional Clients, Suppliers, Contractors

Smith & Kennedy Architects Limited is committed to protecting and respecting your privacy. Smith & Kennedy Architects Limited takes seriously its responsibilities in relation to the processing of personal data. Smith & Kennedy Architects Limited does not collect or process personal data unnecessarily.

This policy (in combination with standard terms and conditions and any other referenced documents) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, in compliance with the rules on processing of personal data as set out in the General Data Protection Regulation (the “GDPR”). It also set out the measures we take to protect the security of the information and how you can contact us about our privacy practices.


2. Who we are

Smith & Kennedy Architects Limited is a private limited company incorporated in Ireland with company number 315244. The registered office address is:

9 Clarinda Park North
Dún Laoghaire
A96 A3W7

Any queries regarding this policy may be directed to  


3. Definitions

Data controller - A controller determines the purposes and means of processing personal data.
Smith & Kennedy Architects Limited is the data controller. This means we decide how your personal data is processed and for what purposes.

Data processor - A processor is responsible for processing personal data on behalf of a controller.

Data subject - Natural person.

Categories of data - Personal data and special categories of personal data.

Personal data - The GDPR applies to ‘personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier (as explained in Article 6 of GDPR). For example, name, address, or email address. Online identifiers include IP addresses and cookies.

Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data' (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs. Smith & Kennedy Architects Limited strictly does not collect this type of data.

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Smith & Kennedy Architects Limited structures provided contact data digitally for ‘legitimate purposes' only.

Third party - means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data. Smith & Kennedy Architects Limited does not share personal data with third parties.


4. The relevant categories of personal data

With reference to the categories of personal data described in the definitions section, we process the following categories of your data:

Information you give us:

Your Data: This is information about you that you give us by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our website, or our services, or report a problem with our website.

The information you give us may include:

Identity Data: your full name, address, e-mail address, phone number, age, title, and personal description.

Financial Data: your financial details, including bank account details, billing contact e-mail address and VAT number.

Information we collect about you:

Automatically Collected Information. Regarding each of your visits to our website, we may automatically collect the following information:

  • Usage Data: Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), publications, services, or other products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page.

  • Technical Data: Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser and type and version, time zone setting, browser plug-in types and versions and operating system and platform.


5. The purpose(s) of processing your personal data

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data for the following purposes:

6. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via e-mail at

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this policy, where this is required or permitted by law.


7. Sharing your personal data

Generally, Smith & Kennedy Architects Limited will not share/distribute your details to any third party. However, as Smith Kennedy is part of the RSK group we will share the necessary data with our parent company RSK for legitimate business purposes. These purposes will be inline with our own standards and practices as listed above.

We also may disclose information to third parties if you consent to us doing so as well as in the following circumstances:

You agree that we have the right to share your personal information with the following recipients or categories of recipients:

  • Any department or authorised person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014.

  • Selected third parties including business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you in relation to our services and analytics and search engine providers that assist us in the improvement and optimisation of our website.

  • We will disclose your personal information to third party recipients:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets.

  • If all or substantially all our business or assets are acquired by or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation, or other winding up or any other similar circumstances, in which case personal data held by us will be one of the transferred assets.

  • If we are under a duty to disclose or share your personal data to comply with any law, legal obligation, or court order, or to enforce rights under the GDPR or under an agreement.

  • To protect our rights, property, or safety of those of our customers or others. This includes exchanging information with other companies and organisations for the maintenance and security of the website.


8. Retention of your personal data

We do not keep your personal data on file for longer than reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. This means that the period for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we may hold personal data as needed for our accounting and tax compliance purposes for a period of 6 years. For more information about our data retention policies please contact us at


9. Consequence of not providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data, but failure to do so will reduce or prevent communication with you during the contract and delay or prevent payment for goods and services.


10. Your rights to access, rectify and object to your personal data

You are entitled to the following rights with respect to your personal data. The right to request:

  • A copy of the personal data which we hold about you.

  • That we correct any personal data if it is found to be inaccurate or out of date.

  • That your personal data is erased where it is no longer necessary to retain such data.

  • Where there is a dispute in relation to the accuracy or processing of your personal data, that you have a right to request a restriction is placed on further processing.

  • That you can withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.


11. Data Portability

Where we process your personal data by automated means and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.


12. Profiling

Profiling is an automated form of processing of personal data often used to analyse or predict personal aspects about an individual person. This could relate to a person's performance at work, economic situation, health, personal preferences, reliability, behaviour, location, or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.

You have the right to be informed if your personal data will be subject to automated decision making, including profiling. You also have the right not to be subject to a decision based solely on automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary in connection with the performance of a contract between us, is authorised by law or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.


13. Personal Rights

The rights described in this policy are personal rights and are exercisable only by the individual person (or data subject) concerned.


14. Cookies

The website may use cookies from time to time. “Cookies” are small text files which are stored by your browser on your computer and are normally used to gather statistical information and to analyse trends of use or access to a website. Cookies cannot be used to run programs or deliver viruses to your computer.

To see more information on the exact cookie we use please click here.


15. Transfer of Data Abroad

We do not transfer personal data outside the European Economic Area (the “EEA”), unless on a project-by-project basis where the client or main supplier is a company based outside the EEA, in which case project team contact details may be shared with them for communication purposes only. There are special requirements set out under Chapter V of the GDPR, with which we would comply, to regulate such data transfers and ensure that adequate security measures are in place to safeguard your data.

However, we do share necessary personal data with our parent company RSK they are located within the UK. RSK have undertaken to adhere to the same standards and practices of GDPR as Smith and Kennedy. The information shared will be limited and only that which is necessary to effectually complete performance of a contract. You can access RSK’s privacy policy here.


16. Updates to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where relevant to or impacts on you or your personal data, notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g. to withdraw consent or to object to the processing) as you see fit.


17. Safeguarding your Personal Information

SKA is focused on protecting the confidentiality, security and integrity of your personal information, and has appropriate security measures in place aimed at protecting personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


18. Marketing Communications

General: We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you, unless we have your permission to do so.


19. Third Party Material

We always endeavour to deal with vendors and other third parties who are GDPR compliant or, in the case of the third parties located outside of the EEA, who are certified as compliant or who have adequate security measures in place to safeguard the security of personal data. That said, we, our employees, agents, holding company and subsidiaries, accept no liability howsoever arising for the content or reliability of any third-party materials or websites referenced by hyperlink or other means on the website or for the data collection and use practices or security measures used by such third parties. If you submit personal data to any of those sites, your personal data is governed by their privacy policy. We encourage you to carefully read their privacy policies.


20. Questions or Complaints

To exercise all relevant rights, queries or complaints of if you have any questions about this policy, how we run the website or your dealings with us, please in the first instance contact details: 01 2807189 or email:


bottom of page