Legal

Privacy Notice

What to expect us to do with your personal information.

Registered name: Engineered Analytics Ltd

We are the controller of your personal data.

This notice covers personal data we handle as a controller - mainly our own business, client and supplier contacts. When we handle personal data on behalf of a client while delivering our services, we act as a processor under a separate contract with that client, and this notice does not cover that data.

This privacy notice tells you what to expect us to do with your personal information.

Cookies and tracking

This website does not use cookies and does not store anything on your device. We do not use analytics, advertising, or visitor-tracking technologies. Our hosting provider may keep standard server logs (including IP addresses) for security and to operate the site.

Contact details

Post: 2 The Mount, Redhill, Nottingham, NG5 8LU, United Kingdom

Email: privacy@engineeredanalytics.co.uk

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details
  • Addresses
  • Payment details (including card or bank information for transfers and direct debits)
  • Call recordings
  • Records of meetings and decisions

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

  • Name
  • Contact information
  • Financial transaction information

We collect or use the following information for dealing with queries, complaints or claims:

  • Names and contact details
  • Call recordings
  • Customer or client accounts and records
  • Correspondence

We collect or use the following information to manage supplier relationships, and to find and arrange work assignments (including through recruitment agencies):

  • Names and contact details
  • Payment details (including card or bank information for transfers and direct debits)
  • Call recordings
  • Records of meetings and decisions
  • Customer or client accounts and records

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights, which are set out in brief below:

  • Your right of access - you have the right to ask us for copies of your personal information.
  • Your right to rectification - you have the right to ask us to correct information you think is inaccurate or incomplete.
  • Your right to erasure - you have the right to ask us to delete your personal information.
  • Your right to restriction of processing - you have the right to ask us to limit how we use your personal information.
  • Your right to object to processing - you have the right to object to the processing of your personal data.
  • Your right to data portability - you have the right to ask us to transfer the information you gave us to another organisation, or to you.
  • Your right to withdraw consent - where we rely on consent, you have the right to withdraw it at any time.

If you make a request, we must respond without undue delay and within one month. To make a request, please contact us using the details above.

Our lawful bases for the collection and use of your data

To provide services and goods, our lawful bases are:

  • Contract - we have to collect or use the information so we can enter into or carry out a contract with you.
  • Legitimate interests - we use limited business contact information (such as names, job titles, email addresses and phone numbers) of our clients and their staff to deliver the consultancy and engineering services they have engaged us for, and to manage the working relationship. This benefits both parties by allowing the services to be provided efficiently and communications to be handled properly. The information used is limited to business contact details, the impact on individuals is minimal, and we do not use it for any unrelated purpose. We consider our interest in delivering contracted services does not override the rights and interests of the individuals concerned.

For service updates or marketing purposes, our lawful basis is:

  • Legitimate interests - we use business contact details to send occasional, relevant updates about our availability and services to professional contacts and recruitment agencies who would reasonably expect to hear from us. This benefits our business by helping us find work, and benefits recipients by keeping them informed of relevant services. We only contact business recipients, we keep messages relevant and infrequent, we always identify ourselves, and we provide an easy way to opt out at any time. Given these safeguards, we consider this does not override the interests of the individuals concerned.

To comply with legal requirements, our lawful basis is:

  • Legal obligation - we have to collect or use your information so we can comply with the law.

For dealing with queries, complaints or claims, our lawful basis is:

  • Legitimate interests - we use relevant contact details, correspondence and records of our dealings to investigate and respond to questions, complaints or claims, and to defend or pursue legal claims where necessary. This benefits the individual by allowing their query to be resolved, and benefits our business by allowing us to manage and resolve disputes fairly. We only use information relevant to the matter, and we consider this does not cause undue risk to, or override the interests of, the people involved.

To manage supplier relationships and arrange work assignments, our lawful bases are:

  • Contract - we have to collect or use the information so we can enter into or carry out a contract with you.
  • Legitimate interests - we use business contact details and related records to manage our relationships with suppliers and recruitment agencies, and to find and arrange work assignments. This benefits our business by enabling it to operate and secure work, and benefits suppliers and agencies by supporting an effective working relationship. The information is limited to business contacts and dealings, the impact on individuals is minimal, and we consider our interest does not override their rights and interests.

Where we get personal information from

  • Directly from you
  • Publicly available sources (for example LinkedIn and company websites)
  • Recruitment agencies and client organisations

How long we keep information

We keep personal information only for as long as we need it. Our standard retention periods are:

  • Client, supplier and contact records, and correspondence: 6 years after our last contact with you.
  • Booking and scheduling information: the meeting date plus 12 months.
  • Financial and company records: 6 years, to meet HMRC requirements.
  • Call recordings and transcripts: deleted once the related note or action has been captured, and in any event within 12 months.

For more information on how long we keep your personal information, or the criteria we use to determine this, please contact us using the details above.

Who we share information with

We share personal information with the following categories of recipient who handle it on our behalf (our data processors):

  • IT and cloud hosting services (email, collaboration, file storage and data processing)
  • Scheduling tools
  • AI transcription services
  • Accountancy and bookkeeping services

We may also share personal information with:

  • Professional or legal advisors
  • Relevant regulatory authorities (such as the ICO and HMRC)
  • Organisations we are legally obliged to share personal information with (such as Companies House)

Sharing information outside the UK

Where necessary, our data processors may process personal information outside the UK. When doing so, they comply with UK data protection law and make sure appropriate safeguards are in place. The relevant transfers are:

FreeAgent

  • Category of recipient: accountancy and bookkeeping software
  • Country: Ireland
  • How the transfer complies: the country has been assessed as providing adequate protection (Adequacy Regulations / UK data bridge).

CalendarBridge

  • Category of recipient: scheduling software (transient proxy)
  • Country: United States
  • How the transfer complies: Addendum to the EU Standard Contractual Clauses (SCCs).

Plaud (EU)

  • Category of recipient: AI transcription software
  • Country: Germany
  • How the transfer complies: the country has been assessed as providing adequate protection (Adequacy Regulations / UK data bridge).

Plaud (US)

  • Category of recipient: AI transcription software
  • Country: United States
  • How the transfer complies: Addendum to the EU Standard Contractual Clauses (SCCs).

Microsoft

  • Category of recipient: cloud and productivity services (core data is stored in the UK; some processing or support may occur outside the UK)
  • Country: United States
  • How the transfer complies: Addendum to the EU Standard Contractual Clauses (SCCs).

How to complain

If you have any concerns about our use of your personal information, you can make a data protection complaint to us by email: privacy@engineeredanalytics.co.uk.

If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s contact details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113. Website: https://ico.org.uk/make-a-complaint

Last updated: 23 June 2026