Privacy Policy & Cookie Policy

Updated: September 29, 2020

FDP financial retail environments is a trading name of LOM architecture and design Ltd. This privacy policy explains how LOM architecture and design Ltd uses personal information we collect about you when you use this website. It also outlines how we use your personal information, should you choose to work with us.

We are a controller of personal data and are regulated by the Data Protection Act 2018. This means we are responsible for deciding how and why we use personal data, and for keeping it safe. We are registered as a data controller with the Information Commissioner’s Office (ICO) with registration number ZA704024.

If you have questions about this policy or your personal data, please contact our Data Protection Team by writing to our office address or by emailing with the subject line “Data Protection”.

1. What information do we collect?

We collect information about you when you fill in forms on our website or contact us by phone, email or otherwise. We also collect information should you choose to work with us.

The information we collect may include:

  • Contact data and personal details: your name, address, email address, phone number, job title, organisation
  • Correspondence and project information: information provided to us in the course of a project, such as that contained within enquiries and correspondence
  • Payment information: payment information, such as bank details and VAT registration number

If you apply to work with us (whether as a consultant or an employee), then we will collect recruitment-related information such as employment history, references and other CV data.

We do not generally collect or process sensitive personal data (such as information relating to someone’s health, ethnicity, beliefs, sexuality, political opinions or trade union membership). In the unlikely event we do collect any such data, it will be protected to the high standards explained in this policy.

2. How we use your information

We use information in the following ways, and for the purposes and on the lawful bases set out below:

Use of personal data Purpose Lawful basis
Contact data used to maintain contact and communication with you during the course of a potential, new or existing project, together with other data about individuals involved in a project. In order to provide services and perform a contract. (Where our client is an individual) in order to perform a contract.
(Where our client is a corporate) for our legitimate interests and those of our clients in providing and receiving services.
Contact data used to send newsletters or other information which we think you may find interesting. Direct marketing. The individual has provided their consent via our sign-up page.
Information relating to the purchase of goods, materials and services from individuals. In order to receive goods or services and maintain records. Performance of a contract. Records are kept because we have a legitimate interest in maintaining such records.
Information relating to individual clients (such as payment details). In order to provide services and maintain records. Performance of a contract. Records are kept because we have a legitimate interest in maintaining such records.
Use of website cookies. In order to understand and improve our website. Cookies (other than essential cookies) are used on the basis of consent.

3. Information for job applicants

We collect, store and use personal data about individuals who apply to join LOM. This may include information:

  • provided to us by applicants (such as in CVs, application forms, and through correspondence);
  • provided during an interview;
  • obtained from previous employers and referees; and
  • provided to us by recruitment agencies.

We use the personal data collected about job applicants to:

  • assess an applicant’s skills, qualifications, and suitability for a role;
  • carry out background and reference checks;
  • communicate with an applicant about the recruitment process;
  • keep records relating to our hiring process; and
  • comply with legal or regulatory requirements.

We do all of this either because it is necessary in order for us to enter into a contract of employment or because we have a legitimate interest in ensuring an applicant is suitable for a particular role. Without this personal data, we will not be able to process an application successfully.

If we need to process sensitive personal data about a job applicant, for example disability information in order to consider whether we need to provide appropriate adjustments during the recruitment process, we will ask for explicit consent to do this at the time at which we request the data.

Retention of applicant information

We normally retain personal data about unsuccessful applicants for between three and six months from the time we inform them of our hiring decision. We retain personal data for this period so we can demonstrate, in the event of a legal claim, that we have not discriminated against an applicant and that the recruitment process was fair and transparent. After this period, we will securely destroy the applicant’s personal data. If we wish to retain personal data on file in case future opportunities arise, we will contact the applicant and ask for his or her consent to do so.

If an applicant is successful, some of the personal data provided in the application process will be stored as part of the staff member’s personnel file, and any unnecessary information will be securely destroyed.

4. How we keep your information secure

Your personal data will be treated as strictly confidential and will be shared only with directors, HR, administrative staff and finance staff where necessary, and contact details with members of the design team for project contacts.

We have also put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed.

We have been certified as meeting the requirements of the Cyber Essentials Scheme and our security includes physical security measures (such as keeping paper files in secure premises), electronic security technology (such as encrypted digital back-ups, multi-factor authentication and sophisticated anti-virus protection) and organisational measures (such as internal training, policies and procedures relating to information security, data breaches and disaster recovery).

We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.

5. Where do we store your information?

The information we collect from you is stored on our server, in the United Kingdom, and on the servers of the cloud-based database management services LOM engages, located in the United Kingdom, and, if in the United States, with suppliers who have entered into standard contract clauses requiring them to protect personal data.

We do not generally transfer personal data outside the EEA, unless on a project by project basis the client or main supplier is a company based outside the EEA, in which case project team contact details may be shared with them for communication purposes only.

6. Direct marketing

On occasion, we would like to contact you about other recommendations and services we think may be of interest or value to you. We normally only do this with your consent (which is provided when you sign up to our newsletter). If you are a corporate subscriber (such as an employee or representative of a company) who we know or work with, we may contact you on the basis of our legitimate interests in building relationships and keeping you informed.

We do not share any of your information with any third parties for marketing purposes.

You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted with marketing, please email or use the unsubscribe link in any marketing email.

7. Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. We will only use cookies where it is essential to do so or where you have consented to their use.

For further information visit or You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

Cookies used on this site

The following are names of the cookies we currently use on this website. Each cookie includes a short description of what the cookie does and its expiry time.

Cookie Name Description Expiry
__utmb, __utmc, __utmc, ga, gat, gid, NID, CONSENT
These cookies are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Read Google’s overview of privacy and safeguarding data
fdp_analytics This cookie is used to remember a user’s choice about cookies on Where users have previously indicated a preference, that user’s preference will be stored in this cookie. 180 Days
wordfence_verifiedHuman This cookie is used by Wordfence – this manages site security preventing hacking and blocking access from suspicious IP addresses. 24 hours
wfvt_469931293 This cookie is used by Wordfence – this manages site security preventing hacking and blocking access from suspicious IP addresses. 30 mins

If you would like to update your cookie preferences, click the button below

8. How long do we retain your information for?

Information collected via this website

We ensure personal information collected via our website is kept for no longer than is necessary. To find out more about Cookie retention, see section 8 (Cookies).

Information collected for commissioned projects

We keep your personal data for no longer than is reasonably necessary. This is usually for a period of 12 years beyond the end of the contract with you (which is in line with accounting requirements, legal limitation periods for contracts under seal and our business needs).

9. Access to your information and correction

Data Protection Laws provide you with certain rights in relation to your personal data. These are as follows:

  • The right to access your personal data. This gives you the right to receive a copy of the personal data we hold about you subject to certain exemptions.
  • The right to request correction or completion of personal data. This gives you the right to have any incomplete or inaccurate personal data corrected.
  • The right to request erasure of your personal data. This allows you to request us to delete or remove personal data. You also have the right to request us to delete or remove your personal data where you have exercised your right to object to processing (see below). In certain circumstances this right may not apply, such as where we have a good, lawful reason to continue using the information in question and, if so, we shall inform you of such reasons at the relevant time.
  • The right to object to processing of your personal data. You can object to us processing your personal data for legitimate interests purposes or for direct marketing. We must then stop processing your data unless we have a strong reason to continue which overrides your objection. If your objection is to direct marketing, we must always stop.
  • The right to restrict how your personal data is used. You can limit how we use your personal data in certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
  • The right to have a portable copy or transfer your personal data. You can request that we provide you, or (where technically feasible) a third party, with a copy of your personal data in a structured, commonly used, machine-readable format. Note this only applies to personal data which we obtain from you and, using automated means, process on the basis of your consent or in order to perform a contract.
  • The right to withdraw consent. If we are relying on consent to process your personal data then you have the right to withdraw that consent at any time.

If you would like to make a data subject request, please email or write to us at the following address:

LOM architecture and design Ltd.
5 Sclater Street
E1 6JY

We usually act on such requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on such request.

10. Updates to this policy

We will update this policy from time to time. The current version will always be posted on our website. This policy was last updated on 29 September 2020.

© FDP financial retail environments Ltd | Site design by Union 10 Design