Legal
Data Protection & Privacy Policy
EPD Engineering Solutions Limited · Revision A · Effective 1 April 2025 · Approved by Matthew Millward, Director
01Purpose
EPD Engineering Solutions Limited ("the Company") is committed to protecting the privacy, confidentiality, and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy explains:
- How we collect, use, and store personal data.
- How we protect personal data and ensure compliance with data protection laws.
- Your rights as a data subject and how to exercise them.
02Scope
This policy applies to:
- All clients, employees, contractors, suppliers, and website visitors.
- All personal data processed by EPD Engineering Solutions Limited, whether in electronic, paper, or other forms.
03Definitions
- Personal Data: Any information relating to an identifiable individual.
- Processing: Any action performed on personal data, including storage, sharing, and analysis.
- Data Controller: EPD Engineering Solutions Limited, responsible for deciding how personal data is used.
- Data Subject: Any individual whose data we process.
04Our Data Protection Commitment
We adhere to the seven UK GDPR principles:
- Lawfulness, fairness & transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity & confidentiality
- Accountability
05Types of Data We Collect
5.1 Client & Project Data
- Contact details, company information, and project specifications.
- Engineering reports, feasibility studies, CAD models, and FEA results.
5.2 Employee & Contractor Data
- Payroll and HR records.
- Emergency contacts, qualifications, and training records.
5.3 Supplier & Third-Party Partner Data
- Contact details, contracts, and service agreements.
5.4 Website Visitors
- IP addresses, browsing activity, and cookie preferences (via analytics tools).
06How We Use Personal Data
We only process personal data when we have a lawful basis to do so:
| Purpose | Examples | Lawful Basis |
|---|---|---|
| Delivering engineering services | Project management, analysis, reporting | Contract |
| Supplier & contractor management | Agreements, service coordination | Legitimate interest |
| HR & payroll processing | Employee records, pensions, and payments | Legal obligation |
| Marketing & updates | Email communications, newsletters | Consent |
| Legal & compliance | Tax, invoicing, insurance, and audits | Legal obligation |
07Cookies & Website Tracking
Our website may use cookies to improve user experience and monitor performance:
- Necessary cookies: Enable core site functionality.
- Analytics cookies: Help us understand how the site is used (e.g., Google Analytics).
You can manage or disable cookies via your browser settings.
08Data Security
We implement strict technical and organisational measures to protect personal data:
- Secure, encrypted cloud storage for engineering reports and client files.
- Access controls and strong password policies for internal systems.
- Multi-factor authentication where appropriate.
- Regular security audits and off-site data backups.
09Sharing Personal Data
We only share personal data when necessary:
- With trusted contractors and suppliers directly supporting your project.
- With professional advisors (e.g. accountants, insurers) when required.
- With regulatory authorities where legally obligated.
All third parties must comply with strict data protection standards.
10International Data Transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards, including:
- UK-approved Standard Contractual Clauses (SCCs).
- Transfers to countries deemed adequate by the ICO.
11Data Retention
| Data Type | Retention Period |
|---|---|
| Client project files | 7 years after completion |
| Engineering reports | 7 years after completion |
| Employee HR records | 6 years after employment |
| Supplier contracts | 6 years after expiry |
| Marketing data | Until consent withdrawn |
12Your Data Rights
Under UK GDPR, you have the right to:
- Access your personal data.
- Request corrections to inaccurate data.
- Request deletion ("right to be forgotten").
- Restrict or object to processing.
- Request data portability.
- Withdraw marketing consent at any time.
To exercise these rights, email us at [email protected].
13Data Breach Procedure
In the event of a suspected data breach, we will:
- Contain and investigate immediately.
- Notify the Data Protection Lead.
- Assess potential impact and risks.
- Report to the ICO within 72 hours if required.
- Inform affected individuals where necessary.
14Third-Party Platforms
We carefully select and review third-party platforms used to store or process data (e.g., Microsoft 365, Dropbox, cloud-based project systems) to ensure they comply with UK GDPR.
15Contact Information
Data Protection Lead
EPD Engineering Solutions Limited
Email: [email protected]
Phone: +44 (0) 7554 592744
If you believe we have mishandled your data, you can also contact the Information Commissioner's Office (ICO): ico.org.uk
16Policy Review
This policy will be reviewed annually or sooner if there are significant changes to:
- Legislation
- Company operations
- Data processing practices