Part I

LIGWE is a trademark of INCASUD GROUP LTD.

This Data and Cyber Security Policy is designed to tell you about our practices regarding collection, use, and disclosure of information that you may provide via our Website or other routes. Please be sure to read this entire Data and Cyber Security Policy before using or submitting information to us.

Why GDPR: This data protection legislation came into force in May 2018, which aims to protect people’s privacy further. The law applies to all public bodies, businesses and other organisations that process personal data. The legislation comprises the General Data Protection Regulation (GDPR) which came into force on 25 May 2018 and the Data Protection Act (DPA) 2018, which went into effect around the same time. These two provide a single regulation across the European Union (EU) and place obligations on organisations that operate outside of the EU but offer goods or services to EU citizens.

We are committed to protecting your personal information and ensuring its privacy, accuracy and security. We responsibly handle your personal information following the Privacy Act 1988 (the Act).

By using any of our products or services, visiting our Website or giving us your personal information, you agree to your information being collected, stored, used and disclosed as set out in this Data and Cyber Security Policy.

What is personal information: Means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form. Our staff records include country of birth, medical records and similar confidential information routinely held by an employer.

What is sensitive information: A type of personal information which means information or an opinion about an individual’s race or ethnic origins (other than the country of birth), political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, union membership, criminal record or genetic information or biometric information.  We do not collect or retain sensitive information on any party.

What is commercially sensitive information: The disclosure of certain information which would be, or would be likely to be, prejudicial to the commercial activities of a person (an individual, a company, the public authority itself or any other legal entity). This can include information provided during a tendering process, quotation or estimation of fees and also details of a contract or transaction with a third party. 

In compliance with Competition Act 1998 and the Enterprise Act 2002 and Data Protection Act 1998, our price list, services, CVs and other intellectual property are commercially sensitive information. See our Intellectual Property Policy.

Our commitment to protecting your privacy: This Data and Cyber Security Policy applies to the collection, storage, use and disclosure of personal information by or on behalf of INCASUD GROUP Ltd (referred to in this Policy as “INCASUD GROUP Ltd”, “INCASUD”, “our”, “we” or “us”).  Please read it carefully.

It’s part of your fundamental right to privacy and your right to have control over your own identity. The GDPR provides the following rights for you, as an individual:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights concerning automated decision making and profiling

Part II

We protect your data in alignment with the seven fundamental GDPR principles:

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability and governance

1.Lawfulness, fairness and transparency

We regularly review the purposes of our processing activities at least annually or earlier in light of legal changes or lawful purpose requirements. Where necessary, we update our documentation and our privacy information for individuals. If we plan to use personal data for a new purpose other than a legal obligation or function set out in the law, we check that this is compatible with our original purpose or we get specific consent for the new purpose.

We have concluded that the processing of information is necessary and are satisfied that there is no other reasonable and less-intrusive way to achieve it. We have a lawful basis for collecting and using personal data since at least, one of the below conditions apply (or when a new purpose is still compatible with the original purpose consented for):

• Consent: you have given us explicit consent for us to process your data for a specific purpose.
• Contract: the processing is necessary for an agreement we have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
• Vital interests:  the processing is necessary to protect someone’s life.
• Public task: the processing is necessary for us to perform a job in the public interest, and the task or function has a clear basis in law.
• Legitimate interests: the processing is necessary to satisfy your legitimate interests or the legitimate interests of a third party.

1.1 Personal information we collect and store: Processing will benefit the following personas by collecting the minimum relevant information, for example:

1. a) Data from “Prospects”

• Data collected: first name and email address
• Platforms: Mailchimp; Hubspot; LinkedIn; Twitter
• Lawful basis: consent and or legitimate interests
• Purpose for the processing: direct marketing and associated market analysis
• Data Retention: Retention based on subscriber preferences. Unsubscribe at any time.

1. b) Data from “Leads, Clients and Suppliers”

• Data collected: company name; email address; first name; surname; phone number, payment details, occupation and other information to assist us in conducting our business, providing and marketing our products and services. Information about current and previous suppliers, project teams and clients with whom we do or did conduct business; and cookies, traffic and conversion data etc.
• Platforms: Microsoft 365 Business Premium; Mailchimp; Hubspot; LinkedIn; Twitter
• Lawful basis: consent; legitimate interests; contract; legal obligation; vital interests and or public task
• Purpose for the processing: direct marketing; newsletters; marketing lists; telephone or text; pre-contract queries; contract delivery; post-contract queries
• Data Retention: Retention depending on the contract, insurance,  legal requirements and professional guidelines about keeping certain kinds of records such as information needed for income tax and audit purposes, or information on aspects of health and safety.

1. c) Data from “Employees”

• Information about staff and directors, as required in the ordinary course of human resource management and the operation of a business.

1.2 Sources of information we use: We may collect your personal information from a range of sources, including from you, recruitment agencies, contractors, business partners and government agencies.  For example, we may collect your personal information when you:

• Request or acquire a product or service from us online or in-person (including when we provide consultancy services);
• Provide a service or product to us;
• Apply for employment with us or communicate with us via our Website, by e-mail, telephone or in writing;
• Share information on trade expos, networking and other events.

Wherever reasonable and practicable, we collect personal information from the individual to whom the information relates.  If you provide personal information about someone other than yourself, you agree that you have that person’s consent to provide the information for the purpose for which you provide it to us.  You also agree that you have told the person about this Data and Cyber Security Policy and where to find it.

1.3 How we collect personal information: We only collect personal information by lawful and fair means.  We usually collect personal information from:

• Face-to-face meetings, interviews and telephone calls;
• Business cards, networking events, expos, conferences, industry websites and other events;
• Reports – for example, reports commissioned by you prepared by clients, designers, contractors (including principal designers and principal contractors) or consultants;
• Electronic communications – for example, e-mails and attachments; webinars, newsletters, forms filled out by people, including as part of acquiring a product or service from us;
• Third parties – for example, from referrals, recruitment agencies and your representatives or agents;
• Fee proposals, tenders and supply chain databases;
• Social media websites – for example, LinkedIn, Twitter, Instagram, YouTube, Hubspot, mail-chimp and
• Our Website, including if you use it to contact us, recommend us or share our posts with others.

1.4 Confidentiality (Leads, Clients, Suppliers and Employees)

All confidential information supplied by Leads, Clients and Suppliers to INCASUD GROUP Ltd will be treated as private and confidential and will not be disclosed to any other parties without Leads, Clients and Suppliers consent.

Confidential Information means, with respect to a Party, all information disclosed by, on behalf of, or at the direction of such Party to the other Party in connection with or related to such Party’s responsibilities under this Agreement, in any form or medium, and regardless of whether marked or otherwise identified as confidential, including, but not limited to, Client Data.

Confidential Information includes without limitation the lists or details of customers, information relating to the working of any process or invention carried on or used by the Client, information relating to research, projects, secret formulae, processes, inventions, designs, know-how, discoveries, technical specifications and other technical information, accounts or financial dealings of the Client and/or price sensitive information. 

Confidential Information does not include information that the Receiving Party can establish:

• Has become generally available to the public or commonly known in either Party’s business other than as a result of a breach by the Receiving Party of any obligation to the Disclosing Party;
• Was known to the Receiving Party prior to disclosure to the Receiving Party by the Disclosing Party by reason other than having been previously disclosed in confidence to the Receiving Party;
• Was disclosed to the Receiving Party on a non-confidential basis by a third party who did not owe an obligation of confidence to the Disclosing Party with respect to the disclosed information;
• Was independently developed by the Receiving Party without any reference to, or use of, any part of the Confidential Information; or
• Is required to be disclosed by law, regulation, or court order (provided that the Party subject to such law, regulation or court order shall, where possible to do so without breaching applicable law, notify the other Party of any such use or requirement prior to disclosure in order to afford such other Party an opportunity to seek a protective order to prevent or limit disclosure of the information to third parties).

We may use and disclose confidential information provided by Leads, Clients and Suppliers in obtaining Fee Proposals and arranging and administering your Service. When we take instructions from Leads, Clients and Suppliers, we may be obliged, under money laundering regulations, to ask for evidence of identity.

We may also be required, in some cases, to disclose confidential information to governmental or other regulatory authorities. For example, money laundering regulations require us to notify the Serious Organised Crime Agency if we suspect or have reasonable grounds for suspecting that our Leads, Clients and Suppliers or another person is using the proceeds of crime. In that event, we may be precluded from seeking our Client’s consent to notify and/or from informing our Client that notification has been made.

Confidential information about our Leads, Clients and Suppliers that we learn in the course of acting for you may be shared internally within INCASUD GROUP Ltd for the purposes of fulfilling your instructions, notifying you of matters that we consider might be of interest to you and for similar promotional reasons. We reserve the right to pass Leads, Clients and Suppliers details onto other businesses within the group. This does not affect your statutory rights under the data protection legislation.

We use business advisers, banks, accountants, solicitors, and other professional services. We use data back-up, and other backroom office services. In the provision of their service to us they may have access to some data depending on the service they provide.

Each party shall comply with all appropriate data protection legislation and principles, including but not limited to the Data Protection Act 1998 (as amended) in relation to personal data controlled or processed by it.

You warrant that where you have provided us with information about another person, that you have sought and obtained all necessary authorisation from that person or their representative for us to use their information as described.

Directors of our business travel overseas on business. If they need to give personal attention to a task there and then, we may have to send them data when they are outside the United Kingdom. You agree that we may transfer your data and any information you provide outside of the United Kingdom. E-mails travel through the internet and we have no control over what route they take.

2.Purpose limitation

We only use your data for the purpose for which it was provided to us, for related purposes or as required or permitted by law.  We only handle people’s data in ways they would reasonably expect. Such purposes include:

• In the ordinary course of conducting our business. For example, supplying or acquiring products and services, including consultancy and quantity surveying services, preparing proposals for new projects, responding to your enquiries and feedback, and providing information about our events, news, publications and products and services that may be of interest to you;
• Direct marketing and the promotion of aims and ideals as well as the sale of products and services;
• Market research and product and service development, so that we can better understand our customers’ needs and tailor our future products and services accordingly;
• Performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers;
• Employment-related purposes, such as recruiting and providing services to staff;
• Other purposes related to or in connection with our business, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes.

3.Data minimisation

We only collect personal data we need for the specified purposes.

• Data Review: We periodically review the information we hold and archive or remove anything we don’t need.
• Opting-out: When we use your personal information (other than sensitive information) to provide you with information about our products and services that we consider may be of interest to you, you may opt-out at any time if you do not, or no longer, wish to receive marketing and promotional material.  You may do this by contacting us via e-mail or in writing at the address below and requesting that we no longer send you marketing or promotional material; or where applicable, clicking the “Unsubscribe” button.
• How we deal with unsolicited personal information: If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under this Data and Cyber Security Policy then we will destroy it or de-identify such information (if it is lawful and reasonable to do so.

4.Accuracy

We will take all reasonable steps to ensure the personal data we hold is correct and not misleading as to any matter of fact, and to ensure that your personal information is accurate, complete and up-to-date.  However, we rely on you to advise us of any changes or corrections to the information we hold about you. If you consider that the information we hold about you is not accurate, complete or up-to-date, or if your information has changed, please let us know as soon as possible.

• Access: You may request access to the personal information we hold about you by contacting us.  We will respond to your request within a reasonable time.  We will provide you with access to the information we hold about you unless otherwise permitted or required by law. If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies.  Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to the information we hold about you.  However, we reserve the right to charge a reasonable fee where we do provide access.
• Correction: If you believe that personal information we hold about you is incorrect, incomplete or not current, you may request that we update or correct your information by contacting us.  We will deal with your request within a reasonable time.  If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up‑to‑date, complete, relevant and not misleading), we are not required to make the corrections.  However, where we refuse to do so, we will give you a written notice setting out the reasons.
• Identifiers: We do not adopt, use or disclose government related identifiers except as required or permitted by law.

5.Storage limitation

We have a policy setting standard retention periods wherever possible, to comply with documentation requirements. The data we hold will be regularly reviewed and erased or anonymised when you no longer needed.

We may keep personal data for longer only for public interest archiving, scientific or historical research, or statistical purposes.

The word ‘deletion’ can mean different things concerning electronic data, and we recognise it is not always possible to delete or erase all traces of the data. The critical issue is to ensure you put the data beyond use. If it is appropriate to remove personal data from a live system, we will also delete it from any back-up of the information on that system.

6.Integrity and confidentiality (security)

We aim to be transparent, open and honest with people from the start about how you use your data. Data will be processed fairly, and that is not detrimental, unexpected or misleading to you.

We have appropriate security measures in place to protect the personal data we hold. For more information, see our Cybersecurity and other policies.

6.1 Cookies: Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

• How do we use cookies? As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
• The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
• What types of cookies do we use? Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket and checkout securely.
• Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyze how well the website performs and where it needs improvement.
• Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.
  The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.
• Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing contents on the website on social media platforms.
• Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.
• How can I control the cookie preferences? Should you decide to change your preferences later through your browsing session, you can click on the “Privacy & Cookie Policy” tab on your screen. This will display the consent notice again, enabling you to change your preferences or withdraw your consent entirely.
• In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find more out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.

6.2 Passive information collection: As you navigate through a website, certain information can be passively collected (that is, gathered without your actively providing the information) using various technologies and means, such as Internet Protocol addresses, cookies, Internet tags, and navigational data collection.
The Website may use Internet Protocol (IP) addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personally identifiable information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer).

We use your IP address to diagnose problems with our server, report aggregate information, determine the fastest route for your computer to use in connecting to our site, and administer and improve the Website.

Except as otherwise stated, we may use your information to:

• Improve the content of the Website;
• Customise the Website to your preferences;
• Communicate information to you (if you have requested it);
• For our marketing and research purposes, and the purposes specified in this Data and Cyber Security Policy.

If you provide personally identifiable information to the Website, we may combine such information with other actively collected information unless we specify otherwise at the point of collection. We will take reasonable measures to prevent personally identifiable information from being combined with passively collected information unless you consent otherwise. Besides, we will make full use of all information acquired through the Website that is not in personally identifiable form.

7.Accountability and governance

We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure.  Security includes:

1. Data control and processing
2. Data physical security:
3. Data cyber security
4. Third-Party linked sites
5. Governance

Our organisation adopted data protection by design and default. This approach means we have embedded data protection into everything we do throughout all our processing operations.

The data protection by design and default approach ensures that data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

7.1 Data control and processing

Who is a controller: A controller is a person or the organisation that decides how and why to collect and use the data. Therefore, as controllers, we do assess our high-level compliance with data protection legislation. Includes the rights of individuals, handling requests for personal data, consent, data breaches, and data protection impact assessments under the General Data Protection Regulations.

We may disclose, and you consent to us disclosing, your personal information to third-party processors:

• Engaged by us to provide products or services, or to undertake functions or activities, on our behalf. For example, processing payment information, managing databases, marketing, research and advertising;
• That is authorised by you to receive information we hold. For example, any architect, engineers or other consultants engaged by you as part of a building project, or your external advisers (such as your accountant or lawyer) or if you ask us to provide a credit reference for you;
• Such as consultants, when we refer you to consultants who provide other services;
• Our business partners, joint venturers, partners or agents;
• External advisers and government agencies. For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity or serious misconduct; or
• As may be required or permitted by law.

We may disclose, and you consent to us disclosing, your personal information to any of our related bodies corporate, whether located in the United Kingdom or overseas.  If we disclose your personal information to a relevant body corporate, your information will be collected, stored, used and disclosed in accordance with their Privacy Policy.

Our third-party processors: Almost anything we do with data counts as processing; including collecting, recording, storing, using, analysing, combining, disclosing or deleting it. Therefore, as processors, we do:

• Assess our compliance with data protection in the specific areas of information and cybersecurity policy and risk, mobile and home working, removable media, access controls and malware protection.
• Assess our records management procedures and risks regularly to people’s personal information. The assessment includes the creation of records, storage and disposal, access, tracking and off-site storage and the use of CCTV.
• Assess our data sharing policies and agreements, compliance monitoring, maintaining sharing records, registration and our process for how to deal with a request for personal data.
• A processor is also a separate person or organisation (not an employee) who processes data on behalf of the controller (or under the controller instructions). Processors have some direct legal obligations, but these are more limited than the controller’s duties.

We are constantly improving our security measures to keep the information we hold safe and whenever we work with third parties (sub-processors) to help us provide our service, we ensure that their security processes are as robust as our own. We use the following external processors:

• Microsoft: Learn about Online Services Data Protection Addendum.
• FreeAgent: Learn about Freeagent GDPR.
• Hubspot: Learn about Hubspot Data Processing Agreement.
• Mailchimp: Learn about Data Processing Addendum.
• LinkedIn: Learn about LinkedIn Data Processing Agreement.
• Twitter: Learn about Twitter Data Processing Addendum.
• YouTube: Learn about Terms of Service (EMEA).
• Google Analytics: Learn about Data Processing Terms.
• GoDaddy: Learn about Data Processing Addendum.

Disclosure of personal information overseas: We do not disclose personal information to third parties outside the United Kingdom unless required or permitted by law. However, our staff may be necessary from time to time to travel overseas for business purposes with company electronic devices, and they may be liaising with UK based project teams by email, phone or software from abroad.

We aim to process your information in a way that does not:

• Breach a duty of confidence;
• Exercise any powers improperly;
• Infringe copyrights;
• Breach an enforceable contractual agreement;
• Breach industry-specific legislation or regulations; or
• Breach any of the Human Rights Act 1998.

Entering into a contract with us: The Client shall ensure that all necessary consents are obtained in respect of any personal information that is supplied to us under the service agreement or for the purpose of delivering our services.

• The Client agrees that we shall act as a controller in relation to the processing of our Own Data.
• We agree that the Client (as controller) appoints us as a processor to process the Client’s Data and data supplied by the Client to the extent necessary for the purpose of providing the Service (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”).

7.2- Data physical security: When considering the physical security of your data, we look at factors such as:

• Clear desk and less-paper policy
• Quality of doors and locks, and the protection of your premises by such means as alarms, security lighting or CCTV;
• How we control access to your premises, and how visitors are supervised;
• How we dispose of any paper and electronic waste; and
• How we keep IT equipment, particularly mobile devices, secure.

7.3- Cyber-Security: When considering cybersecurity, we look at factors such as:

• Security of our network and information systems, including those which process the personal data;
• Security of the data we hold within our systems, e.g. ensuring appropriate access controls are in place. That data is held securely, encrypted and cloud-based and free of virus and malware or other cyber threats where applicable.
• Security of your Website and any other online service or application that we use; and
• Device security, including policies on Bring-your-own-Device (BYOD).
• We choose a data processor that provides sufficient guarantees about its security measures;
• Our written contract with the processor stipulates that the processor takes all measures required to undertake the same security measures that we would have to consider if we were doing the processing yourself; and
• We ensure that our contract includes a requirement that the processor makes available all information necessary to demonstrate compliance. This requirement includes allowing us to audit and inspect the processor, either ourselves or an authorised third party.
• Staff responsibilities for protecting personal data – including the possibility that they may commit criminal offences if they deliberately try to access or disclose these data without authority.

7.4- Third-party linked sites: Our Website contains links to sites owned and operated by third parties. They have their privacy policies, and we urge you to review them before browsing those sites. We do not accept any responsibility or liability for the privacy practices of such third-party Website, and your use of such Website is at your own risk.

7.5- Governance: As part of our record of processing activities we document, or link to documentation, on:

• Information required for privacy notices;
• Records of consent;
• Controller-processor contracts;
• Location of personal data;
• Data Protection Impact Assessment reports; and
• Records of personal data breaches.
• We document our processing activities in electronic form so we can add, remove and amend information quickly.

To ensure we take full ownership and data-control, we do:

• Audit the information to find out what personal data our organisation holds;
• Review our policies, procedures, contracts and agreements to address areas such as retention, security and data sharing.

Part III

Complaints: If you have a complaint about the collection, storage, use or disclosure of your personal information, please contact our Privacy Officer using the details below.  You will need to provide us with details of your complaint, as well as any supporting evidence and information.  We will review all complaints received, and our Data Protection Officer will respond to you.  If you are not satisfied with our response, you may discuss your concerns with or complain to the Information Commissioner’s Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals https://ico.org.uk/

How to contact us: If you have any questions about this Data and Cyber Security Policy, please contact our Data Protection Officer Cristina Vanella:

• By email to incasud.group@gmail.com
• By writing to 35A, Albert Road, Chatham, Kent, ME4-5QA, England
• By telephone: 0044 (0)77 15 22 16 43

Your complaint will be acknowledged within seven (7) working days advising of who is dealing with the complaint and indicating when you may expect an answer. We will provide a formal written response within thirty (30) working days from acknowledgement of the original complaint. If a complaint cannot be resolved within this timescale, we will write to you with an explanation and the likely timescale involved. Should you believe the matter has not been resolved to its satisfaction, we will advise of any further redress available to you.

Changes to this Data and Cyber Security Policy: We reserve the right to revise This Data and Cyber Security Policy or any part of it from time to time. Please review this Policy periodically for changes.  Any revised policy will be placed on our Website.  Your continued use of our website, products or services, requesting our assistance, or the provision of further personal information to us after this Data and Cyber Security Policy has been revised, constitutes your acceptance of the revised Policy.

Our corporate culture is developed so that all team members on the project(s) take responsibility for protecting and enhancing everyone’s privacy.  This requires an enthusiastic determination to identify and meet the different needs of diverse clients and end-users within our projects.

Our Managing Director is ultimately responsible for the management of data at the corporate level and all projects and for setting the objectives.  She will execute the Privacy and Cookies Policy through adequate provision of resources and through regular consultation with employees to exchange current, relevant information.

Employees and the supply chain working directly or indirectly within our project(s) will work collaboratively to support this Policy Statement.

This Policy will be reviewed annually or more frequently in response to legislative changes or other significant triggers. The Policy will be communicated to our staff and all organisations working directly for our project(s).

The Managing Director
01.07.2023