Tel: 0115 979 9228 / 07775 930388

GDPR Privacy Policy

Effective: 5 February 2026

 

Compliant with UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025

 

Introduction

Castle Rock Geotech is committed to protecting the privacy of our clients, prospective clients, suppliers, and staff. This Data Privacy Notice explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

 

This Notice is issued under UK GDPR and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025. It replaces any previous version of our Privacy Notice.

 

Who Controls Your Personal Data?

Studio Tech Consulting Limited is the Data Controller responsible for your personal data.

 

• Data Controller: Castle Rock Geotech

• Data Protection Representative: Legal Director

• Contact Email: enquiry@crgeo.co.uk

• You can contact us at any time regarding this notice or your data.

 

 

What Is Personal Data?

Personal data is any information that can identify you as a living individual, either directly or indirectly.

 

We do not intentionally collect or process special category data (such as health, biometric, or ethnicity data) as part of our normal business activities.

 

What Personal Data We Collect

We may collect and process:

 

• Full name

• Business and/or home address

• Telephone numbers

• Email address

• Communication and correspondence records

• Website usage data (e.g. IP address, browser type, interactions)

 

 

How We Collect Your Data

We collect personal data when:

 

• You contact us directly

• You engage our services

• You complete forms on our website

• You subscribe to receive insights, guides, or communications

• We obtain publicly available business contact details relevant to our services

 

 

Our Lawful Bases for Processing

We rely on the following lawful bases:

 

Contract (Article 6(1)(b))

To provide services and manage our relationship with you

 

Legal Obligation (Article 6(1)(c))

To comply with legal and regulatory requirements

 

Legitimate Interests (Article 6(1)(f))

To operate and improve our business, maintain records, ensure security, and communicate with clients and relevant business contacts

 

Consent (Article 6(1)(a))

Where you have actively opted in to receive marketing or specific communications

Where applicable, we may rely on recognised legitimate interests under UK law.

 

How We Use Your Personal Data

We use your data to:

 

• Provide and deliver our services

• Communicate with you

• Respond to enquiries

• Manage contracts and client relationships

• Improve our website, content, and services

• Maintain internal records and system backups

• Comply with legal obligations

• Handle complaints and enquiries

 

Marketing Communications

We may send you marketing communications where:

 

• You have given consent, or

• You are an existing client and the communication relates to similar services

 

 

You can opt out of marketing at any time by:

 

• Clicking the unsubscribe link in emails, or

• Contacting us directly

 

We do not sell or rent your personal data to third parties for marketing purposes.

 

Automated Decision-Making and Profiling

We may use tools and systems (including analytics and marketing platforms) to:

 

• Analyse website usage

• Understand engagement

• Improve the relevance of our communications

 

This may involve basic profiling or segmentation.

 

We do not carry out solely automated decisions that have legal or similarly significant effects.

 

You have the right to object to this processing and to request human review where applicable.

 

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

 

• Ensure the website functions correctly

• Analyse usage and performance

• Improve user experience

 

Some cookies may be used without consent where permitted by applicable law (for example, strictly necessary cookies or limited analytics).

 

For non-essential cookies, we will request your consent before use.

 

You can manage or withdraw your cookie preferences at any time via your browser settings or cookie controls on our website.

 

Data Sharing

We may share your data with trusted third parties, including:

 

• Website hosting providers

• Email and communication platforms

• IT and system providers

• Professional advisers

• Regulatory authorities where required

 

We ensure appropriate safeguards are in place to protect your data.

 

International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place so that your data is protected to a standard not materially lower than UK requirements.

 

This may include:

 

• Countries with adequacy regulations

• UK International Data Transfer Agreements (IDTAs)

 

Data Security and Confidentiality

We implement appropriate technical and organisational measures to protect your personal data.

In the event of a data breach that poses a risk to your rights, we will notify the relevant authorities and affected individuals where required.

 

How Long We Retain Your Data

We retain personal data only as long as necessary.

Typically, data is retained for up to 6 years to:

 

• Meet legal obligations

• Resolve disputes

• Maintain business records

 

Where no longer required, data will be securely deleted or anonymised.

 

Your Rights

You have the right to:

 

• Access your data

• Correct inaccurate data

• Request deletion

• Restrict processing

• Object to processing (including marketing)

• Data portability

• Withdraw consent

 

We will respond within one month, subject to reasonable and proportionate requirements.

 

How to Make a Complaint

If you have concerns about how we handle your data, please contact us first:

Email: enquiry@crgeo.co.uk

 

We will investigate and respond as soon as reasonably practicable.

You also have the right to contact the Information Commissioner’s Office https://ico.org.uk.

 

We may update this Notice from time to time. The effective date will be updated accordingly.

 

Contact

If you have any questions about this Notice or your data:

 

Data Protection Representative: Legal Director, Castle Rock Geotech. Tel: 01233 646237.  Email: enquiry@crgeo.co.uk.

 

 

© Copyright 2026 Castle Rock Geotech. All Rights Reserved.

Castle Rock Geotech are committed to protecting the privacy of our clients. We will ensure that the information you submit to us is only used for the purposes set out in this Data Privacy Notice.

 

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25 May 2018. The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK left the EU on March 2019, the GDPR became applicable in the UK from 25th May 2018.

 

 

Who controls your personal data?

 

Castle Rock Geotech is the Data Controller. The Data Controller’s data protection representative is the Legal Director.  You can contact them at: enquiry@crgeo.co.uk

 

 

What is personal data?

 

Personal data is data that can identify you as a living individual. General personal data is information such as name and address. There is also sensitive personal data however we do not store or process this category of data within our business practice.

 

 

Who we are, what we do and how we get your data

 

In order to provide our services, we collect the personal data from the following types of people to allow us to undertake our business;

 

 

• Clients

 

 

• Supplier contacts to support our services

 

 

• Employees, consultants, and contractors

 

 

You may have enquired directly to us or we may have been procured your details from internet searches.

 

 

 

The data we collect and how we use it

 

Personal data we collect or receive includes the following as applicable:

 

 

• Name

 

 

• Address

 

 

• telephone contact numbers

 

 

• Email and other contact details

 

 

 

 

How we will use your personal data

 

 

Processing of your personal information may include:

 

• For the purposes of backing up information on our computer systems and stored on a personal encrypted server

 

 

Entering into a contract with you

 

In order to provide our services, we may enter into a contract with you. In order to enter into a contract, we will need certain information, for example your name and address.

 

 

Compliance with legal obligations (regulatory and statutory obligations)

 

We are required to comply with statutory and regulatory obligations relating to business generally, for example complying with tax, bribery, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities such as HMRC or the Information Commissioner’s Office.

 

 

Consent to our processing of your data

 

You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legal or contractual obligation to do so. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.

 

 

Data Security and Confidentiality

 

It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.

 

 

Retaining your data

 

In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests.

 

 

Changes to this Privacy Notice

 

This Privacy Notice is regularly reviewed and may be updated from time to time to reflect changes in our business, or legal or commercial practice.

 

 

Your Rights

 

We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:

 

 

• Request a copy of the personal data that we hold about you.

 

 

• Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain your personal information thereafter where we have a legal or contractual obligation to do so.

 

 

• Request inaccurate or incomplete data is rectified.  We will respond to such a request within 1 month.

 

 

• Make a complaint to the Information Commissioner’s Office:  https://ico.org.uk

 

 

Contact

 

Castle Rock Geotech. Unit 2, Meadow Grove, Nottingham, NG2 3HF. Tel: 07775 930388. Tel: 0115 9799228. enquiry@crgeo.co.uk.