Skip to content

GDC Projects |Privacy Policy

Privacy Policy

Version 1.0 · Last reviewed 15 July 2026

Who We Are

GDC Projects (UK) Ltd (“GDC Projects”, “we”, “us” or “our”) is the data controller responsible for the personal data described in this policy.

Registered office:

71-75 Shelton StreetCovent GardenLondonUnited KingdomWC2H 9JQ

Company number: 16458381, registered in England and Wales.

For questions about this policy or how we handle your personal data, please contact us through the Contact page on our website. You can also write to us at our registered office.

What Personal Data We Collect

The personal data we collect depends on how you interact with us.

Website Visitors and Enquiries

When you contact us through the website or by another method, we may collect:

  • Your name and surname
  • Your company or organisation
  • Your email address
  • Your telephone number
  • Information included in your enquiry
  • Subsequent correspondence with you

We may also collect limited technical information when you visit the website, including:

  • Your IP address
  • Browser and device information
  • Pages visited
  • Website access, security and error information
  • Cookie preferences and related information

Clients, Suppliers, Partners and Business Contacts

We may process:

  • Your name and job title
  • Your business contact details
  • Business communications
  • Project, proposal, contract and service-related information
  • Records relating to our professional relationship

Please do not provide sensitive personal information or highly confidential project information through the public website contact form.

How We Collect Personal Data

We may collect personal data:

  • Directly from you
  • From your employer or organisation
  • From project partners, advisers or business contacts
  • Through professional referrals
  • From publicly available business sources, such as company websites, professional directories and LinkedIn

Why We Use Your Personal Data

Responding to Enquiries and Developing Opportunities

We use personal data to:

  • Respond to enquiries
  • Understand project requirements
  • Arrange meetings and discussions
  • Assess potential projects and business opportunities
  • Prepare proposals or related information

Lawful basis: Legitimate interests or taking steps before entering into a contract.

Providing Services and Managing Relationships

We may use personal data to:

  • Provide and coordinate our services
  • Manage projects, contracts and professional relationships
  • Communicate with clients, suppliers, consultants and project partners
  • Maintain appropriate business records

Lawful basis: Contract or legitimate interests.

Operating and Protecting Our Website

We may use technical information to:

  • Operate and maintain the website
  • Identify and resolve technical problems
  • Protect our website, systems and information
  • Prevent misuse, fraud and security threats

Lawful basis: Legitimate interests.

Legal and Regulatory Requirements

We may process personal data to:

  • Comply with legal, financial and regulatory obligations
  • Respond to lawful requests from authorities
  • Establish, exercise or defend legal rights
  • Investigate and respond to complaints

Lawful basis: Legal obligation or legitimate interests.

Business Communications

Where permitted by law, we may contact relevant business contacts about GDC Projects and services that may be of interest to their organisation.

Lawful basis: Legitimate interests or consent where consent is required.

You may ask us to stop sending marketing communications at any time.

Our Legitimate Interests

Where we rely on legitimate interests, these include:

  • Responding to business enquiries
  • Identifying and developing appropriate project opportunities
  • Managing professional relationships
  • Operating and protecting our business and website
  • Maintaining appropriate business records
  • Communicating relevant information about our services

We consider the impact of this processing on your rights and interests before relying on this lawful basis.

Who We Share Personal Data With

Where necessary, we may share personal data with:

  • Companies within our corporate group
  • Employees, directors and authorised contractors
  • Website, email, cloud, IT and security providers
  • Professional advisers, including legal, accounting and insurance advisers
  • Consultants, contractors, funders and project partners
  • Regulators, courts, law enforcement bodies or public authorities where required

We only share personal data where there is an appropriate reason to do so.

Organisations processing personal data on our behalf must protect it and use it only for the agreed purpose.

We do not sell personal data.

International Transfers

GDC Projects works on international infrastructure opportunities. Personal data may therefore be accessed from or shared with organisations outside the United Kingdom.

Where the destination is not recognised as providing an adequate level of protection, we use an appropriate lawful safeguard where required. This may include contractual protections approved for international data transfers under UK data protection law.

How Long We Keep Personal Data

We retain personal data only for as long as it is reasonably required.

Our usual retention periods are:

  • Enquiries that do not progress: Up to 24 months after our last substantive communication
  • Client, supplier, partner and project records: Normally for the duration of the relationship and for six years afterwards
  • Website security, access and error records: Normally for up to 12 months
  • Data protection requests and complaints: Normally for six years after the matter is closed

We may retain information for longer where required by law or where it is needed in relation to a dispute, investigation or legal claim.

Personal data that is no longer required will be deleted, anonymised or securely disposed of.

Security of Your Personal Data

We use appropriate technical and organisational measures to protect personal data. These include access controls, system security, appropriate staff and supplier arrangements and secure storage.

No website or electronic communication system can be guaranteed to be completely secure. You should not submit sensitive or highly confidential information through the public contact form.

Automated Decision-Making

We do not use personal data collected through this website to make decisions based solely on automated processing that have legal or similarly significant effects.

Your Data Protection Rights

Under UK data protection law, you may have the right to:

  • Request access to your personal data
  • Ask us to correct inaccurate or incomplete information
  • Ask us to delete personal data in certain circumstances
  • Ask us to restrict how personal data is used
  • Object to processing based on legitimate interests
  • Object to direct marketing
  • Request the transfer of certain personal data
  • Withdraw consent where we rely on consent

These rights are subject to legal conditions and exemptions.

You will not normally have to pay a fee to exercise your rights. We may ask for information to confirm your identity before responding.

We normally respond to information rights requests within one month.

How to Complain

If you are concerned about how we have handled your personal data, please contact us through the Contact page on our website. We will acknowledge data protection complaints within 30 days and respond without undue delay.

You also have the right to complain to the Information Commissioner’s Office.

Website: www.ico.org.uk

Helpline: 0303 123 1113

Updates to This Policy

We keep this Privacy Policy under review and may update it when our website, services or data-processing activities change.

The version and review date at the beginning of the policy show when it was most recently updated.