Introduction

This Client Privacy Policy explains how Hoxton Workplace Partners Limited and Hoxton Workplace Environments Limited (together "Hoxton", "we", "us", or "our") collect, use, store, and protect personal data in the course of delivering services to our clients. Services may be provided by either entity depending on the nature of the engagement. The data controller for your personal data will be the Hoxton entity delivering the services to you. If you are unsure which entity is handling your data, please contact us and we will confirm.

It should be read alongside our main Privacy Policy. If you have any questions, please contact our privacy team.

Who this policy applies to

This policy applies to individuals at client organisations whose personal data Hoxton processes in connection with the delivery of our services. This includes named contacts, project team members, employees whose data is shared with us as part of a workplace strategy or real estate engagement, and any other individuals whose personal data we receive from or on behalf of a client.

What we collect

Depending on the nature of the engagement, we may collect and process the following personal data:

·       Names, job titles, and contact details of client contacts and project stakeholders
·       Workplace utilisation and occupancy data, which may include information about individual employees' working patterns
·       Survey responses and interview notes gathered as part of workplace strategy or research work
·       Data shared by clients to support the delivery of services, including HR, organisational, or operational data
·       Meeting notes and correspondence

We collect only the data necessary to deliver the services agreed with the client.

How we use it

We use client data to:

·       Deliver the services described in our engagement agreement
·       Communicate with client contacts throughout the engagement
·       Analyse workplace usage, occupancy, or experience as part of a strategy or research engagement
·       Produce reports, recommendations, and other deliverables
·       Comply with our legal and contractual obligations

Our legal basis for processing is the performance of a contract with the client organisation and, where applicable, our legitimate interests in delivering high-quality services.

Data shared by clients

Where a client shares personal data with us as part of an engagement, Hoxton acts as a data processor in relation to that data, processing it only in accordance with the client's instructions and the terms of our engagement agreement.

In relation to client contact data — such as names, email addresses, and job titles of individuals we deal with directly — Hoxton acts as a data controller, processing that data for the purposes of managing the client relationship and delivering our services.

Clients are responsible for ensuring they have the appropriate legal basis to share personal data with Hoxton and for informing their employees or other affected individuals as required by applicable data protection law.

Where required by the nature or scale of an engagement, Hoxton is willing to enter into a formal Data Processing Addendum (DPA) with the client, setting out the specific terms under which personal data is processed. Clients wishing to discuss or request a DPA should contact our privacy team at the outset of the engagement.

Retention

We retain client personal data in accordance with the following schedule: