Who We Are
GDC Projects (UK) Ltd (“GDC Projects”, “we”, “us” or “our”) is the data controller responsible for the personal data described in this policy.
Registered office:
71-75 Shelton StreetCovent GardenLondonUnited KingdomWC2H 9JQCompany number: 16458381, registered in England and Wales.
For questions about this policy or how we handle your personal data, please contact us through the Contact page on our website. You can also write to us at our registered office.
What Personal Data We Collect
The personal data we collect depends on how you interact with us.
Website Visitors and Enquiries
When you contact us through the website or by another method, we may collect:
- Your name and surname
- Your company or organisation
- Your email address
- Your telephone number
- Information included in your enquiry
- Subsequent correspondence with you
We may also collect limited technical information when you visit the website, including:
- Your IP address
- Browser and device information
- Pages visited
- Website access, security and error information
- Cookie preferences and related information
Clients, Suppliers, Partners and Business Contacts
We may process:
- Your name and job title
- Your business contact details
- Business communications
- Project, proposal, contract and service-related information
- Records relating to our professional relationship
Please do not provide sensitive personal information or highly confidential project information through the public website contact form.
How We Collect Personal Data
We may collect personal data:
- Directly from you
- From your employer or organisation
- From project partners, advisers or business contacts
- Through professional referrals
- From publicly available business sources, such as company websites, professional directories and LinkedIn
Why We Use Your Personal Data
Responding to Enquiries and Developing Opportunities
We use personal data to:
- Respond to enquiries
- Understand project requirements
- Arrange meetings and discussions
- Assess potential projects and business opportunities
- Prepare proposals or related information
Lawful basis: Legitimate interests or taking steps before entering into a contract.
Providing Services and Managing Relationships
We may use personal data to:
- Provide and coordinate our services
- Manage projects, contracts and professional relationships
- Communicate with clients, suppliers, consultants and project partners
- Maintain appropriate business records
Lawful basis: Contract or legitimate interests.
Operating and Protecting Our Website
We may use technical information to:
- Operate and maintain the website
- Identify and resolve technical problems
- Protect our website, systems and information
- Prevent misuse, fraud and security threats
Lawful basis: Legitimate interests.
Legal and Regulatory Requirements
We may process personal data to:
- Comply with legal, financial and regulatory obligations
- Respond to lawful requests from authorities
- Establish, exercise or defend legal rights
- Investigate and respond to complaints
Lawful basis: Legal obligation or legitimate interests.
Business Communications
Where permitted by law, we may contact relevant business contacts about GDC Projects and services that may be of interest to their organisation.
Lawful basis: Legitimate interests or consent where consent is required.
You may ask us to stop sending marketing communications at any time.
Our Legitimate Interests
Where we rely on legitimate interests, these include:
- Responding to business enquiries
- Identifying and developing appropriate project opportunities
- Managing professional relationships
- Operating and protecting our business and website
- Maintaining appropriate business records
- Communicating relevant information about our services
We consider the impact of this processing on your rights and interests before relying on this lawful basis.
Who We Share Personal Data With
Where necessary, we may share personal data with:
- Companies within our corporate group
- Employees, directors and authorised contractors
- Website, email, cloud, IT and security providers
- Professional advisers, including legal, accounting and insurance advisers
- Consultants, contractors, funders and project partners
- Regulators, courts, law enforcement bodies or public authorities where required
We only share personal data where there is an appropriate reason to do so.
Organisations processing personal data on our behalf must protect it and use it only for the agreed purpose.
We do not sell personal data.
International Transfers
GDC Projects works on international infrastructure opportunities. Personal data may therefore be accessed from or shared with organisations outside the United Kingdom.
Where the destination is not recognised as providing an adequate level of protection, we use an appropriate lawful safeguard where required. This may include contractual protections approved for international data transfers under UK data protection law.
How Long We Keep Personal Data
We retain personal data only for as long as it is reasonably required.
Our usual retention periods are:
- Enquiries that do not progress: Up to 24 months after our last substantive communication
- Client, supplier, partner and project records: Normally for the duration of the relationship and for six years afterwards
- Website security, access and error records: Normally for up to 12 months
- Data protection requests and complaints: Normally for six years after the matter is closed
We may retain information for longer where required by law or where it is needed in relation to a dispute, investigation or legal claim.
Personal data that is no longer required will be deleted, anonymised or securely disposed of.
Security of Your Personal Data
We use appropriate technical and organisational measures to protect personal data. These include access controls, system security, appropriate staff and supplier arrangements and secure storage.
No website or electronic communication system can be guaranteed to be completely secure. You should not submit sensitive or highly confidential information through the public contact form.
Automated Decision-Making
We do not use personal data collected through this website to make decisions based solely on automated processing that have legal or similarly significant effects.
Your Data Protection Rights
Under UK data protection law, you may have the right to:
- Request access to your personal data
- Ask us to correct inaccurate or incomplete information
- Ask us to delete personal data in certain circumstances
- Ask us to restrict how personal data is used
- Object to processing based on legitimate interests
- Object to direct marketing
- Request the transfer of certain personal data
- Withdraw consent where we rely on consent
These rights are subject to legal conditions and exemptions.
You will not normally have to pay a fee to exercise your rights. We may ask for information to confirm your identity before responding.
We normally respond to information rights requests within one month.
How to Complain
If you are concerned about how we have handled your personal data, please contact us through the Contact page on our website. We will acknowledge data protection complaints within 30 days and respond without undue delay.
You also have the right to complain to the Information Commissioner’s Office.
Website: www.ico.org.uk
Helpline: 0303 123 1113
Updates to This Policy
We keep this Privacy Policy under review and may update it when our website, services or data-processing activities change.
The version and review date at the beginning of the policy show when it was most recently updated.
