PRIVACY POLICY

STRIVE ENGINEERING SERVICES LTD

Effective Date: January 2025

Last Updated: January 2025

Version: 1.0

1. INTRODUCTION

1.1 Who We Are

Company Name: Strive Engineering Services Ltd

Address: [Insert Address], Plymouth, Devon, United Kingdom

Company Registration: [Insert Number]

Contact Email: info@strive-engineering.co.uk

Phone: [Insert Phone]

Website: www.strive-engineering.co.uk

1.2 Our Commitment

Strive Engineering Services Ltd ("we," "us," "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)

1.3 Data Controller

Strive Engineering Services Ltd is the data controller responsible for your personal data.

Data Protection Contact:

Email: info@strive-engineering.co.uk

Address: [Insert Address]

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

When you request services, we collect:

Contact Details: Name, address, email, phone number
Site/Property Details: Address where services performed, access information
Business Information: Company name, VAT number (if applicable), position/role
Payment Information: Billing address, payment card details (processed securely by payment provider)
Communication Records: Emails, phone calls, messages, quotes requested

When you use our website/customer portal, we collect:

Account Information: Username, password (encrypted), email
Usage Data: Pages visited, time spent, interactions
Technical Data: IP address, browser type, device information

When you communicate with us:

Correspondence: Content of emails, letters, phone call notes
Feedback: Reviews, complaints, suggestions, testimonials

2.2 Information We Collect Automatically

When you visit our website:

Cookies: See Section 9 for cookie policy
Analytics Data: Page views, time on site, navigation paths
Technical Data: IP address, browser, operating system, referring website

When we provide services:

Service Records: Work performed, materials used, time spent
Site Information: Photos of equipment/work area, access notes, hazard information
Equipment Data: Make, model, serial numbers, condition, test results
Maintenance History: Service dates, work completed, recommendations

2.3 Information from Third Parties

We may receive information from:

Payment Processors: Transaction confirmations, payment status
Suppliers: Parts ordered, delivery information
Subcontractors: Work performed, site information
Emergency Contacts: Information you've designated us to contact
Public Sources: Companies House, professional registers, online reviews

2.4 Special Category Data

We generally do NOT collect sensitive personal data (health, ethnicity, religion, etc.).

Exceptions:

If you disclose health conditions that affect service provision (e.g., allergies, mobility issues for access)
We will only process this with your explicit consent and only as necessary for safe service provision

3. HOW WE USE YOUR INFORMATION

3.1 Legal Basis for Processing

We process your data under the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR):

Providing services you've requested
Processing payments
Communicating about your job/contract
Fulfilling contractual obligations

Legitimate Interests (Art. 6(1)(f) GDPR):

Managing our business efficiently
Marketing to existing customers
Improving our services
Preventing fraud
Network and information security

Legal Obligations (Art. 6(1)(c) GDPR):

Compliance with tax laws (7-year record retention)
Health & safety regulations
Accounting and reporting requirements
Responding to legal requests

Consent (Art. 6(1)(a) GDPR):

Marketing to non-customers (you can withdraw anytime)
Non-essential cookies
Photography for marketing (with identifiable people)
Optional services or features

3.2 Purposes of Data Processing

Service Delivery:

Schedule and perform maintenance, repairs, installations
Contact you about appointments
Access your property safely
Provide quotations and invoices
Issue certificates and compliance documentation
Maintain service history
Honor warranties

Business Operations:

Process payments and manage accounts
Maintain customer records
Manage subcontractors and suppliers
Quality assurance and training
Insurance and liability management
Legal compliance

Communication:

Send service confirmations and reminders
Provide maintenance alerts and recommendations
Respond to enquiries and complaints
Request feedback and reviews
Send invoices and receipts

Marketing (with appropriate basis):

Send newsletters and service updates
Inform about new services or offers
Seasonal maintenance reminders
Request testimonials or case studies

Improvement:

Analyze service performance
Improve website and customer portal
Develop new services
Training and quality improvement

Legal and Safety:

Comply with legal obligations
Establish, exercise, or defend legal claims
Protect health and safety
Prevent fraud or crime
Respond to regulatory requests

4. DATA SHARING AND DISCLOSURE

4.1 Who We Share Data With

We may share your information with:

Service Providers:

Payment Processors: Stripe, PayPal, bank (for payment processing)
IT Services: Website hosting, email, customer portal, cloud storage
Accounting Software: Xero, QuickBooks (for invoicing and bookkeeping)
Communication Tools: Email services, SMS providers
Analytics: Google Analytics (anonymized where possible)

Subcontractors and Partners:

Specialist engineers (if your job requires specific expertise)
Parts suppliers (for ordering and delivery)
Equipment manufacturers (for warranty claims)
Waste disposal services

Professional Advisers:

Accountants
Solicitors
Insurance providers
Business consultants

Legal and Regulatory:

HMRC (tax compliance)
Health & Safety Executive (if required)
Courts or tribunals (if legally required)
Police or law enforcement (if legally required)
Professional bodies (NICEIC, Gas Safe, etc.)

Business Transfers:

If we sell or merge our business, your data may transfer to new owners (with notification)

4.2 How We Share Data

Minimum Necessary: We only share what's needed for the specific purpose
Contractual Protection: Third parties bound by confidentiality agreements
Security Standards: Third parties must meet our security requirements
UK/EEA Preference: We use UK/EEA providers where possible

4.3 International Transfers

We primarily use UK-based service providers
Some IT services (e.g., cloud storage) may involve data transfers outside UK/EEA
Where transfers occur, we ensure adequate safeguards (Standard Contractual Clauses, adequacy decisions)
We will notify you if your data will be transferred internationally

4.4 We Do NOT:

❌ Sell your data to third parties
❌ Share your data for others' marketing (unless you explicitly consent)
❌ Use your data for automated decision-making without human involvement
❌ Share more than necessary for the purpose

5. DATA RETENTION

5.1 How Long We Keep Data

Customer Records:

Active Customers: Duration of relationship + 7 years
Inactive Customers: 7 years from last service (tax requirement)
Quotations (not accepted): 2 years

Financial Records:

Invoices and Receipts: 7 years (legal requirement)
Payment Records: 7 years
Tax Records: 7 years

Contractual Records:

Contracts: Duration + 7 years
Warranties: Warranty period + 2 years
Compliance Certificates: Lifetime of equipment or 10 years minimum

Service Records:

Maintenance History: 10 years (safety-critical equipment)
Job Photos: 5 years or warranty period + 2 years
Test Results: 10 years (regulatory requirement for some equipment)

Communication:

General Correspondence: 3 years
Complaints: 7 years
Marketing Consent: Until withdrawn + 1 year proof of withdrawal

Website/Portal Data:

Account Data: Until account closed + 1 year
Analytics Data: 26 months (Google Analytics default)
Cookies: See cookie policy (typically 1 year)

5.2 Retention Criteria

We determine retention periods based on:

Legal and regulatory requirements
Limitation periods for legal claims (typically 6 years)
Need for business operations and records
Industry best practices
Your preferences (where appropriate)

5.3 Secure Disposal

After retention period:

Digital Data: Securely deleted using industry-standard methods
Physical Records: Shredded or securely destroyed
Backups: Removed from backup systems within 6 months

6. YOUR RIGHTS

6.1 Under UK GDPR, You Have the Right To:

1. Right to Be Informed

Know how we use your data (this policy)
Understand our processing activities

2. Right of Access (Subject Access Request)

Request a copy of your personal data
Receive information about how we process it
Free of charge (usually)
Response time: Within 1 month

3. Right to Rectification

Correct inaccurate or incomplete data
Response time: Within 1 month
We will notify third parties where feasible

4. Right to Erasure ("Right to be Forgotten")

Request deletion of your data in certain circumstances:
No longer necessary for original purpose
You withdraw consent (where that was the basis)
You object and we have no overriding grounds
Data processed unlawfully
Limitations: We may refuse if we have legal obligation to retain (e.g., tax records)

5. Right to Restrict Processing

Request we limit how we use your data while:
Verifying accuracy
Assessing legality of processing
We no longer need it but you need it for legal claim
Pending objection resolution

6. Right to Data Portability

Receive your data in structured, commonly-used format
Transfer your data to another provider
Applies to: Data you provided, processed by automated means, based on consent or contract

7. Right to Object

Object to processing based on legitimate interests (including marketing)
We will stop unless we have compelling legitimate grounds
Direct marketing: Absolute right (we must stop immediately)

8. Rights Related to Automated Decision-Making

Not to be subject to purely automated decisions with significant effects
We do not currently use automated decision-making

6.2 How to Exercise Your Rights

Contact us:

Email: info@strive-engineering.co.uk
Post: [Insert Address]
Subject: "Data Protection Request" or "Subject Access Request"

Include:

Your name and contact details
Specific right you're exercising
Details of what you want (e.g., specific data, specific deletion)
Proof of identity (to prevent fraud)

Our Response:

Timeframe: Within 1 month (may extend to 3 months for complex requests)
Confirmation: We'll confirm receipt within 3 business days
Free: Usually no charge (we may charge for manifestly unfounded or excessive requests)
Refusal: If we refuse, we'll explain why and inform you of complaint rights

7. DATA SECURITY

7.1 How We Protect Your Data

Technical Measures:

Encryption: Data encrypted in transit (SSL/TLS) and at rest
Passwords: Strong password policies, hashed and salted storage
Access Controls: Role-based access, least privilege principle
Firewalls: Network security and intrusion detection
Backups: Regular encrypted backups, tested recovery
Updates: Systems kept up-to-date with security patches
Antivirus: Comprehensive malware protection

Organizational Measures:

Staff Training: Regular data protection training
Access Limitation: Only authorized personnel access data
Confidentiality: All staff bound by confidentiality obligations
Clean Desk: Physical security policies
Incident Response: Data breach procedures in place
Vendor Management: Third-party security assessments

Physical Measures:

Secure Premises: Locked offices, alarm systems
Device Security: Laptops encrypted, mobile devices protected
Document Security: Locked filing cabinets, shredding
Visitor Controls: Sign-in procedures, supervised access

7.2 Data Breach Procedures

If a breach occurs:

1. Detection & Assessment: Immediate investigation

2. Containment: Stop the breach, secure systems

3. Notification:

ICO within 72 hours (if high risk)
Affected individuals without undue delay (if high risk to rights)

4. Remediation: Fix vulnerabilities, prevent recurrence

5. Documentation: Record breach and response

Your Safety:

We will notify you if breach affects you
Advise on protective steps you can take
Provide support and assistance

8. CHILDREN'S PRIVACY

Age Restriction: Our services are for ages 18+
We do not knowingly collect data from children under 18
If you're under 18, please have a parent/guardian contact us
If we discover we have child data, we will delete it promptly

Exception: We may hold property address data where services provided to family homes with children, but we don't target or knowingly collect children's personal data.

9. COOKIES AND TRACKING

9.1 What Are Cookies?

Small text files stored on your device when you visit our website.

9.2 Cookies We Use

Essential Cookies (no consent required):

Session management
Security
Load balancing
Remember your cookie preferences

Analytics Cookies (consent required):

Google Analytics: Track website usage, page views, traffic sources
Anonymized where possible

Functional Cookies (consent required):

Remember your preferences
Customer portal login
Language/region settings

Marketing Cookies (consent required):

Google Ads: Track conversion from ads
Facebook Pixel: Retargeting (if we use social media ads)

9.3 Managing Cookies

You can:

Accept all, reject non-essential, or customize via our cookie banner
Change preferences anytime via cookie settings on our website
Delete cookies via browser settings
Block cookies via browser settings (may affect functionality)

Browser Settings:

Chrome: Settings > Privacy > Cookies
Firefox: Options > Privacy > Cookies
Safari: Preferences > Privacy
Edge: Settings > Privacy > Cookies

9.4 Third-Party Cookies

Some cookies set by third parties (Google Analytics, payment processors). See their privacy policies:

Google: https://policies.google.com/privacy
[Add others as applicable]

10. MARKETING COMMUNICATIONS

10.1 What We Send

With Appropriate Basis:

Service updates and news
Seasonal maintenance reminders
New service announcements
Special offers or promotions
Safety alerts or recalls
Tips and advice

10.2 Legal Basis

Existing Customers (Soft Opt-In):

We may send marketing about similar services
Based on legitimate interest
Easy opt-out always provided

Non-Customers:

Only with explicit consent
Opt-in required before sending

10.3 How to Opt-Out

Unsubscribe anytime:

Click "unsubscribe" link in any marketing email
Email: [Insert email] with subject "Unsubscribe"
Call: [Insert phone]
Login to customer portal and update preferences

We will:

Process within 48 hours
Confirm your opt-out
Stop sending within 5 business days
Keep suppression record (to ensure we don't accidentally re-add you)

Note: We'll still send essential communications (appointment confirmations, invoices, safety alerts).

11. CUSTOMER PORTAL AND ONLINE SERVICES

11.1 Account Security

Your Responsibilities:

Keep login credentials confidential
Use strong, unique password
Log out after use (especially shared devices)
Notify us immediately if account compromised

Our Measures:

Encrypted passwords (never stored in plain text)
Secure HTTPS connection
Session timeouts
Login attempt limits

11.2 Portal Data

What's stored in your portal:

Your contracts and quotes
Invoices and payment history
Service history and certificates
Uploaded documents
Communication history

Access:

Only you and authorized Strive Engineering staff
Encrypted transmission and storage
Regular security audits

12. LINKS TO OTHER WEBSITES

Our website may contain links to third-party websites
We are NOT responsible for their privacy practices
This policy applies only to Strive Engineering
Please review their privacy policies before providing data

13. CHANGES TO THIS POLICY

13.1 Updates

We may update this policy to reflect legal changes or business practices
We will notify you of significant changes
Continued use of services after changes constitutes acceptance

13.2 How We Notify

Email to registered customers (at least 30 days notice for significant changes)
Prominent notice on website
Notice in customer portal
Update "Last Updated" date at top of policy

13.3 Version History

You can request previous versions of this policy by contacting us.

14. COMPLAINTS AND CONCERNS

14.1 Contact Us First

If you have concerns about how we handle your data:

1. Contact our Data Protection team:

Email: info@strive-engineering.co.uk
Post: [Insert Address]

2. We will investigate and respond within 30 days

3. We aim to resolve all concerns amicably

14.2 Right to Complain to ICO

If unsatisfied with our response, you can complain to:

Information Commissioner's Office (ICO)

Website: https://ico.org.uk/make-a-complaint/

Phone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Before complaining to ICO:

Try to resolve with us first (ICO may refer you back to us)
Prepare details of your concern
Include copies of correspondence with us

15. CONTACT INFORMATION

15.1 Data Protection Enquiries

Data Protection Officer (or contact):

Email: info@strive-engineering.co.uk

Phone: [Insert Phone]

Post: Strive Engineering Services Ltd, [Insert Address]

15.2 General Enquiries

Main Office:

Email: [Insert general email]

Phone: [Insert phone]

Website: www.strive-engineering.co.uk

Office Hours: Monday-Friday, 9am-5pm

Emergency Line: [Insert 24/7 number] (service-related emergencies only)

16. LEGAL INFORMATION

16.1 Data Controller Details

Legal Entity: Strive Engineering Services Ltd

Registration: [Insert Companies House Number]

VAT Number: [Insert VAT Number]

Registered Address: [Insert Registered Address]

16.2 Regulatory Registration

ICO Registration Number: [Insert ICO Number - register at https://ico.org.uk]
Registration renewal date: [Insert date]

16.3 Governing Law

This policy governed by laws of England and Wales
Any disputes subject to jurisdiction of English courts

APPENDIX A: GLOSSARY

Personal Data: Information relating to an identified or identifiable individual.

Data Controller: Organization determining purposes and means of processing personal data.

Data Processor: Organization processing data on behalf of the controller.

Data Subject: Individual whose personal data is being processed.

Processing: Any operation on personal data (collection, storage, use, disclosure, deletion).

Consent: Freely given, specific, informed, unambiguous indication of wishes.

Legitimate Interest: Lawful basis for processing when necessary for legitimate purposes.

Special Category Data: Sensitive data (health, race, religion, etc.) requiring extra protection.

UK GDPR: UK General Data Protection Regulation (retained EU law post-Brexit).

ICO: Information Commissioner's Office (UK data protection regulator).

Subject Access Request (SAR): Request to access your personal data.

APPENDIX B: DATA PROCESSING SUMMARY

|-------------------|-----------------|-------------|---------------|

Document Version: 1.0

Effective Date: January 2025

Next Review: January 2026 or upon significant legal/business changes

This Privacy Policy was prepared for Strive Engineering Services Ltd in accordance with UK GDPR and Data Protection Act 2018. It should be reviewed by a qualified data protection professional or solicitor before publication.

Don't forget to register with ICO as a data controller (£40/year): https://ico.org.uk/registration/

Back to Home