John Moore Heritage Services (JMHS) is committed to protecting your personal data when you are using our services. Personal data is any information relating to an identifiable living person who can be directly or indirectly identified in particular by reference to an identifier such as a name, postal, email and ISP addresses and cookies.

This privacy notice relates to our use of any personal data that we collect from you in the course of supplying our services, as set out in our Data Protection policy.

We will comply with the General Data Protection Regulations 2018 ("the GDPR") which requires that personal data we hold about you is:

  • Used lawfully, fairly and in a transparent way;

  • Collected only for valid purposes that we have clearly explained to you and not used in any way incompatible with those purposes;

  • Relevant to the purposes we have told you about and limited only to those purposes;

  • Accurate and kept up to date;

  • Kept only as long as necessary for the purposes we have told you about;

  • Kept securely.

Who is collecting the data?

John Moore Heritage Services Ltd (JMHS) is a Company registered in England and Wales with company number 10019494 and has its registered office at

Unit 13, Wheatley Business Centre, Old London Road, Wheatley, Oxon, England

OX33 1XW

JMHS is an independent heritage consultancy and archaeological practice providing consultancy, assessment, mitigation, heritage and archaeological services.  JMHS acts as Data Controller.

Why is data being collected?

Personal data collection, storage and processing will be used by JMHS to:

  • respond to an enquiry;

  • provide you with information on services you specifically request from JMHS;

  • provide you with a quote or estimate;

  • carry out our obligations arising from any contracts between you and JMHS, including performance of services, invoicing and reporting.

JMHS will not process personal data for purposes other than our lawful basis of performing our obligations under our contract with you, respond to your enquiry, or provide you with a quote.

How is data collected?

JMHS can collect data from a number of sources:

Directly from you

  • when you make an enquiry by letter, email or phone

  • when you request a quotation by letter, email or phone

  • when you provide details by visiting our website and filling out our Contact Form


  • From publicly available resources such as Companies House, your Company’s website, LinkedIn, etc.

  • From publicly available search engines

  • From third party providers, such as contractors and consultants

 When we obtain your personal data indirectly, we will inform you within one month of obtaining the data.

 What data is being collected?

JMHS will only collect personal data:

  • Name

  • Address

  • Contact details, including but not limited to:

    • Company details

    • Contact names

    • Telephone numbers

    • Email addresses

  • Bank and payment details

  • Telephone call recordings

  • Electronic and hardcopy correspondence

  • IP addresses and cookies

  • Other documentation, including but not limited to:

    • Invoices

    • Contracts

    • Tenders

 What is the legal basis for processing the data?

JMHS will collect personal data in order to respond to an enquiry, provide a quote, or supply our services, which is our lawful basis for processing data. 

However, GDPR lists six legal basis for data processing; at least one of these must apply whenever we process your personal data:          

  1. Consent: the individual has given clear consent to process their personal data for a specific purpose

  2. Contract: the processing is necessary for a contract you have with JMHS, or because you have asked to take specific steps before entering into a contract (i.e. requesting a quote)

  3. Legal obligation: the processing is necessary to comply with the law (not including contractual obligations)

  4. Vital interests: the processing is necessary to protect someone’s life

  5. Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law

  6. Legitimate interests: the processing is necessary for the Company’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests (This cannot apply if you are a public authority processing data to perform your official tasks.)

 Will the data be shared with any third parties?

JMHS may share your personal data with:

  • Regulatory authorities, Government departments (such as HMRC) or the police in order to comply with any legal obligations or to assist in fraud prevention and detection

  • Third party suppliers where we have subcontracted to them the performance of any or all of our obligations under our contract with you

  • Other third parties where we reasonably believe that such action is necessary to comply with a legal obligation, or to protect our rights and property, or act in urgent circumstances to protect the personal safety of our staff or members of the public.

How long will the data be stored for?

Your personal data will be retained by us for as long as there remains a valid lawful basis for retaining it.  We will keep data retention under regular review. If any of the information that you have provided to JMHS changes while we are working for you, for example if you change your name or email address, please let us know the correct details by sending us an email.

Accounting information (such as invoices) will be retained for at least 6 years, in line with current tax legislation. Contractual documentation will be held for at least 6 years. After this period, all paperwork and digital records will be destroyed, unless specifically noted for longer storage.

How do we protect your data?

JMHS has put in place secutiry procedures to protect your data, including:

  • installing firewall and antivirus to our computer system

  • restricting staff access to personal data

  • undertaking GDPR training

  • encrypting files

  • password protecting our computer system

What rights does the data subject have?

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint to the Information Commissioners’ Office ( if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.

How can the data subject make an enquiry or raise a complaint?

JMHS can be contacted about the storage and processing of personal data, or to make a data subject access request (DSAR) on the details below:

John Moore (Director)

Address: Pasture Farmhouse, Boarstall, Aylesbury HP18 9UR

Telephone: 01865 358 300



JMHS will reply to any subject access request within one month of receipt. 


Last revised 03/04/2019