Data Protection & Privacy Policy

This policy explains how we collect, use, and store personal data; how we protect personal data and ensure compliance with data protection laws; and your rights as a data subject and how to exercise them

This policy applies to:

• All clients, employees, contractors, suppliers, and website visitors
• All personal data processed by EPD Engineering Solutions Limited, whether in electronic, paper, or other forms

• Personal Data — Any information relating to an identifiable individual
• Processing — Any action performed on personal data, including storage, sharing, and analysis
• Data Controller — EPD Engineering Solutions Limited, responsible for deciding how personal data is used
• Data Subject — Any individual whose data we process

We adhere to the seven UK GDPR principles:

5.1 client & project data

• Contact details, company information, and project specifications
• Engineering reports, feasibility studies, CAD models, and FEA results

5.2 employee & contractor data

• Payroll and HR records
• Emergency contacts, qualifications, and training records

5.3 Supplier & Third-Party Partner Data

• Contact details, contracts, and service agreements

5.4 Website Visitors

• IP addresses, browsing activity, and cookie preferences (via analytics tools)

We adhere to the seven UK GDPR principles:

Our website may use cookies to improve user experience and monitor performance:

• Necessary cookies — Enable core site functionality
• Analytics cookies — Help us understand how the site is used (e.g., Google Analytics)

You can manage or disable cookies via your browser settings.

We implement strict technical and organisational measures to protect personal data:

• Secure, encrypted cloud storage for engineering reports and client files
• Access controls and strong password policies for internal systems
• Multi-factor authentication where appropriate
• Regular security audits and off-site data backups

We only share personal data when necessary:

• With trusted contractors and suppliers directly supporting your project
• With professional advisors (e.g., accountants, insurers) when required
• With regulatory authorities where legally obligated

All third parties must comply with strict data protection standards.

Where personal data is transferred outside the UK, we ensure appropriate safeguards, including:

• UK-approved Standard Contractual Clauses (SCCs)
• Transfers to countries deemed adequate by the ICO

We adhere to the seven UK GDPR principles:

After these periods, data will be securely deleted or anonymised.

Under UK GDPR, you have the right to:

• Access your personal data
• Request corrections to inaccurate data
• Request deletion (“right to be forgotten”)
• Restrict or object to processing
• Request data portability
• Withdraw marketing consent at any time

To exercise these rights, email us at  matthew@epdengineeringsolutions.com.

In the event of a suspected data breach, we will:

1. Contain and investigate immediately
2. Notify the Data Protection Lead
3. Assess potential impact and risks
4. Report to the ICO within 72 hours if required
5. Inform affected individuals where necessary

We carefully select and review third-party platforms used to store or process data (e.g., Microsoft 365, Dropbox, cloud-based project systems) to ensure they comply with UK GDPR.

data protection lead

EPD Engineering Solutions Limited

Email:  matthew@epdengineeringsolutions.com

Phone:  +44 7554 592744

If you believe we’ve mishandled your data, you can also contact the Information Commissioner’s Office (ICO):  ico.org.uk

This policy will be reviewed annually or sooner if there are significant changes to legislation, company operations, or data processing practices.