Privacy Policy

Privacy Policy

RIBA Enterprises Limited (“we” or “us”) respects your privacy and will do its best to safeguard your personal information.

We sometimes need to collect and hold personal information so that we can deliver our services to you. If we do not collect such personal information, then we may be unable to provide you with the services and products you have requested. This privacy policy tells you about our use of any personal information you give to us including via phone, by email, in letters or by using our services, products or online content.

By visiting our sites you are accepting and consenting to the practices described in this policy. Any changes we may make to our privacy policy in the future will be posted on this page (and, where appropriate, notified to you by email). Please check back frequently to see any updates or changes to our privacy policy.

Who we are

NBS is leading the built environment with powerfully connected knowledge, products and services around the world. Please see “How to contact us” below.

What information we collect

When you use any of our services, products or online content, we may receive personal information about you. The kind of information we collect and hold includes, but isn’t restricted to, your name, email address, telephone number and company name. We also keep information about your use, and payment for, our services, products and online content.

Information about other people

Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

How we use your personal information

We use the information we hold about you in the following ways:

Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:

Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

How we protect your personal information

We take appropriate and reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction.

We provide services to you from data centres with 24/7 physical security. Our data centres have international security accreditation including ISO 27001:2013 and ISO 9001:2015. We secure your connections to our services with TLS encryption.

Your personal information is logically separated from other’s to ensure data segregation.

NBS ID accounts need a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. NBS ID passwords are hashed, which means we cannot see your password. We cannot resend forgotten passwords; we will only provide instructions on how to reset them.

We restrict our access to your personal information by job role and limit staff access to your personal data to those individuals who have a genuine business need to access it. All employees receive regular security training and sign our information security policy annually. We have an ongoing programme to raise security awareness.

Although we make all reasonable efforts to prevent the loss or misuse of your personal information, we cannot guarantee your personal information will not be intercepted while being transmitted over the internet. Therefore, you acknowledge and agree that we assume no liability regarding the theft, loss, alteration, or misuse of your personal information during transmission.

Why we will get in touch with you

We may get in touch with you:

When we might share your information with other people

We may share your personal data with:

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Transferring your personal data out of the EEA

To provide goods and services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:

These transfers are subject to special rules under European and UK data protection law.

Generally, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure.

We will only transfer personal information to non-EEA countries where one of the following conditions applies under the GDPR:


By using the RIBAE website, you are consenting to the use of cookies. We use cookies on our websites and we collect IP addresses from visitors to our websites. Cookies are small amounts of information that we store on your computer. Our system issues these cookies to your computer when you log on to the site. Cookies make it easier for you to log on to and use the site during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up your computer to reject cookies although, in that case, you may not be able to use certain features on our sites.

To view the RIBAE cookie policy

About sensitive personal information

Sometimes, you may provide us with additional sensitive personal information. We will never share sensitive personal information with businesses or people outside RIBA Enterprises without your consent.

How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

When it is no longer necessary to retain your personal information, we will securely delete or anonymise it.

Your rights

You have the following rights, which you can usually exercise free of charge:

Access The right to be provided with a copy of your personal information (the right of access)
Rectification The right to require us to correct any mistakes in your personal information
To be forgotten The right to require us to delete your personal information - in certain situations
Restriction of processing The right to require us to restrict processing of your personal information - in certain circumstances
Data portability The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations
To object The right to object:
  • at any time to your personal information being processed for direct marketing
  • in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests
Not to be subject to automated individual decision-making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of those rights, please:

Right to withdraw consent

If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact our Data Protection Manager (contact details provided below) or “unsubscribe” to any marketing e-mail we send to you, where relevant.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our services.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.

How to contact us

If you or have any questions about how we may use your personal information data, have any concerns or wish to make a complaint about our handling of your personal information, please contact us by post at RIBA Enterprises Limited, The Old Post Office, St Nicholas Street, Newcastle upon Tyne, NE1 1RH, or by email to We will investigate any complaints you notify to us and we will aim to ensure that any complaint and any queries you submit to us are resolved in a timely and appropriate manner.