AMP Structures GDPR Policy

1. Introduction

AMP Structures (“we”, “us”, “our”) is committed to protecting the personal data of our clients, suppliers, partners, and staff. This policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all personal data we process in the course of delivering structural engineering consultancy services. It applies to all staff, contractors, and third-party service providers handling personal data on our behalf.

3. Data We Collect

We may collect and process the following types of personal data:

Client contact details: name, email address, phone number, job title
Business details: company name, address, VAT number, billing information
Project-related data: documents, drawings, specifications that may include identifiable information
Communication records: emails, meeting notes, call logs
Website data: IP addresses and browsing information via cookies (where applicable)

We do not collect or process special category data unless explicitly required and with consent.

4. Purpose of Data Processing

We collect and use personal data for the following purposes:

To provide structural engineering consultancy services
To communicate with clients and stakeholders
To manage contracts, quotations, and invoicing
To comply with legal and regulatory obligations
To improve our services and manage our client relationships

5. Legal Basis for Processing

We rely on one or more of the following lawful bases:

Contractual necessity: to fulfill our obligations under a contract
Legal obligation: for compliance with legal duties
Legitimate interests: to operate and grow our business in a balanced way
Consent: where required (e.g., marketing communications)

6. Data Sharing and Third Parties

We do not sell or trade personal data. We may share personal data with:

Subconsultants or contractors involved in a project (on a need-to-know basis)
Cloud service providers (e.g., for storage, email)
Professional advisors (e.g., accountants, legal counsel)
Regulatory bodies or law enforcement (where legally required)

All third parties must adhere to appropriate data protection standards and enter into data processing agreements as required.

7. Data Retention

We retain personal data only as long as necessary for the purposes described above, including:

Project data: up to 15 years (for potential legal liability)
Financial records: 6 years (as required by HMRC)
General inquiries: typically no longer than 5 years

Data is securely deleted or anonymised once no longer needed.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

Password-protected systems and encrypted storage
Limited access to data on a need-to-know basis
Regular data backups
Secure email and file-sharing practices

9. Data Subject Rights

Under the UK GDPR, individuals have the following rights:

Right to be informed
Right of access (Subject Access Request)
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Rights relating to automated decision-making and profiling (not applicable)

Requests should be made in writing to the contact provided in section 11. We aim to respond within one month.

10. Data Breach Procedure

In the event of a data breach, we will:

Assess the nature and scope of the breach
Notify affected individuals where required
Report to the Information Commissioner’s Office (ICO) within 72 hours if necessary
Take corrective actions to prevent recurrence

11. Contact Information

For any queries, complaints, or to exercise your rights, please contact:

Data Protection Officer: Henry Appleby
Email: henry@ampstructures.com

12. Policy Review

This policy will be reviewed annually or in response to changes in legislation or business practices.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.