Privacy Policy


Cano y Escario UK is committed to protecting the privacy and security of any Personal Data it handles.

This Privacy Notice describes how we collect and use Personal Data about visitors to our website, clients and potential clients, third party consultants and any other individuals whom we may collect Personal Data on in accordance with the European General Data Protection Regulation (GDPR) came into effect across the EU on May 25, 2018.

As a “data controller”, we are required under data protection legislation to notify you of the information contained in this Privacy Notice. We may update this Notice at any time.

Data Protection Principles

We comply with the GDPR. This says that the Personal Data we hold must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.


The kind of information we hold about you

Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

• Identity Data includes first name, last name, country of residence, company, and job title.

• Contact Data includes address, email address and telephone numbers.

• Professional Data includes CVs, and documents related to your qualifications, experience, and role, current salary, eligibility to work in the UK.

• Usage Data includes information about how you use our website.

• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.


How is your Personal Data collected?

Personal Data may be collected in the following ways:

1. Through information collected by cookies when you use our website.
When you visit we may send a ‘cookie’ to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. For details of the cookies employed by us see Section 12 below.

2. Through information automatically recorded when you use our IT systems, so that the systems can run effectively and we can ensure they are not being misused.

3. Direct interactions – where you provide information by filling in forms or corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:

Complete an online form to subscribe to our mailing list;

Make business enquiries via email or telephone; and

Enter into a working relationship with us.

4. Third parties or publicly available sources. For example, consultants working with us whose CVs might be sent by their employer for bid documents or so we can assess their suitability for a project.


How we will use information about you

We will only use your Personal Data when the law allows us to, such as:
1. Where it is necessary to perform a contract with you or in order to take steps at your request prior to entering into a contract.
2. Where we need to for compliance with a legal obligation.
3. Where it is necessary for the purposes of our legitimate business interests to run a successful international design studio, and your interests and fundamental rights do not override those interests.

We may also use your Personal Data in the following situations, which are likely to be rare:
1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest.


More specific details of how we may use your Personal Data

We have set out in the table below details of the type of data we may collect (by reference to the groups described in Section 3 above), the ways we may use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To deliver relevant website content to you and to use data analytics to improve our website (a) Identity
(b) Contact
(c) Usage
(d) Marketing and Communications
(e) Technical
Necessary for our legitimate interests (to keep our website updated and relevant and to develop our business)
To send marketing newsletters to you (a) Identity
(b) Contact
(c) Marketing and Communications
Necessary for our legitimate interests (to develop our business)
To invite you to events (a) Identity
(b) Contact
(c) Marketing and Communications
(a) Necessary for our legitimate interests for business development – to strengthen business relations and to market our services
To administer and protect this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, and network security)
To respond to your new business enquiry as a potential client. (a) Identity
(b) Contact
(a) Necessary for our legitimate interests (for winning and providing design services)
To administer our working relationship with you and your employer (as applicable), such as providing and administering architectural and engineering services to you, and/or collaborating with you to bid for a design project or to provide design services. (a) Identity
(b) Contact
(c) Professional DataIn limited circumstances we might require documents to prove your identification such as a copy
of your passport or Special Categories of sensitive Personal Data. In these circumstances we will notify you and where necessary obtain your consent.
(a) Performance of a contract with you
(b) Necessary for our legitimate interests for winning and administering projects and running our business)
For marketing campaigns and to win new business. This may include taking photographs or filming of our day-to-day design activities, projects events, and interviews. (a) Identity
(b) Professional Data
(a) Necessary for our legitimate interests for promoting our business, winning work and recruiting talented designers.


Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Occasionally we may use Personal Data to send you updates about our business or invites to events. If you prefer not to receive promotional material from Cano y Escario email us at and put “unsubscribe” in the subject line together with the name of the publication you wish to unsubscribe from.

Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.

Data Sharing

We may share your Personal Data with third parties, including third-party service providers and other entities in Cano y Escario where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest for the purpose of running a successful international design practice in doing so.

For example, we may share your Personal Data with:

professional advisors such as lawyers and accountants;

processors such as providers of cloud hosting solutions or translation companies;

to an auditor, regulator or to otherwise comply with the law.

We may share Personal Data, such as CVs of collaborating design consultants, to clients, potential clients or collaborating designers where this was the purpose of collection.

As we are an international design practice, we may share your Personal Data with other entities in our group. In particular, we share your Personal Data for the following purposes:

Where required to facilitate your travel to meetings in one of our international offices or in respect of a project abroad;

Where we are inviting you to an event held in one of our offices abroad.

• How secure is your information with third-party service providers and other entities in our group? 
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Data in line with our policies and the law. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.



All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.



Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at:

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.


Use of cookies by Cano y Escario

Within this website cookies are used to facilitate features and functions
which improve your browsing experience. They are also used to measure the performance of the site and the ways in which visitors navigate their way around. The below information details the cookies we use, how to prevent these being written and the impact of doing so on your browsing experience.


Disabling/Enabling all cookies

You can accept or decline cookies by modifying the settings in your browser. However, you will not be able to use all the interactive features of the site if cookies are disabled.
Most recent web browsers allow control over the cookies saved through
the browser settings. To find out more about cookies, including how to see
what cookies have been set and how to manage and delete them, visit


More information about cookies

There are four main types of cookies used by websites. These categories are described below, based on the information published in the International Chamber of Commerce Cookie Guide.

Strictly Necessary Cookies – Enable services you have specifically asked for.

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies the services you have asked for, like shopping baskets or e-billing, cannot be provided.

Performance Cookies – Collect anonymous information on the pages visited.

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Functionality Cookies – Remember choices you make to improve your experience.

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.

Targeting/Advertising Cookies – Collect information about your browsing habits in order to make advertising relevant to you and your interests.

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organization.
The tables below explain the cookies we use and why. The information is updated regularly but if a discrepancy is found then please contact us.

Strictly Necessary Cookies
Cookie Name Purpose Duration / Expires
1P _JAR Google Analytics cookie 1 Month
ANID Google Analytics cookie 6 Months
APISID Google Analytics cookie Session
CONSENT Google Analytics cookie 20 Years
DV Google Analytics cookie 24 Hours
HSID Google Analytics cookie 2 Years
NID Google Analytics cookie 6 Months
OGPC Google Analytics cookie 5 Days
OTZ Google Analytics cookie 1 Month
SAPISID Google Analytics cookie  2 Years
SEARCH_SAMESITE Google Analytics cookie 6 Months
SID Google Analytics cookie 2 Years
SIDCC Google Analytics cookie 3 Months
SSID Google Analytics cookie 2 Years
UULE Google Analytics cookie 24 Hours
_ga Google Analytics cookie 2 Years
_gid Google Analytics cookie 24 Hours
redux_blast visual Appearance of the web Session
redux_current_tab_get visual Appearance of the web Session
wordpress_test_cookie WordPress. Check if the browser has cookies enabled. Session
wp-settings-time-1 Used by WordPress to customize the User Interface Session

Targeting/Advertising Cookies

N/A – None used.


We want to make sure that your Personal Data is accurate and up to date. Please contact us if any information we are using is not accurate or up to date.



We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it or for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.


Your Rights in Connection with Personal Data

Under certain circumstances, by law you have the right to:

Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request the erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your Personal Data to another party.

If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact the Data Protection Manager in writing.


No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.


What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.


Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager or use any unsubscribe link in any email newsletter that you receive. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.


Data Protection Manager

We have appointed a Data Protection Manager to oversee compliance with this Privacy Notice. This role is held by Inigo de la Rocha, Senior Partner, who may be contacted on
If you have any questions about this Privacy Notice or how we handle your Personal Data, please contact the Data Protection Manager. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.


Changes to this Privacy policy

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.
If you have any questions about this Privacy Notice, please contact the Data Protection Manager.

Changes to this Privacy Notice
Requests for further information about this Privacy Notice or about how we process Personal Data can be sent by email to:

Or in writing to:

Inigo de la Rocha
Data Protection Manager
Cano y Escario UK
20-22 Wenlock Road

London – N1 7 GU